From c3f4f9cedde3aa550057fa08659402aa9ba768dc Mon Sep 17 00:00:00 2001 From: Graham Davison Date: Wed, 5 Jul 2023 17:33:20 -0700 Subject: [PATCH] Fixes region validation --- internal/backend/remote-state/s3/backend.go | 2 +- .../backend/remote-state/s3/backend_test.go | 62 +++++++++++++++++++ 2 files changed, 63 insertions(+), 1 deletion(-) diff --git a/internal/backend/remote-state/s3/backend.go b/internal/backend/remote-state/s3/backend.go index 791576a723..3a50e9705a 100644 --- a/internal/backend/remote-state/s3/backend.go +++ b/internal/backend/remote-state/s3/backend.go @@ -314,7 +314,7 @@ func (b *Backend) Configure(obj cty.Value) tfdiags.Diagnostics { region = v } - if boolAttr(obj, "skip_region_validation") { + if region != "" && !boolAttr(obj, "skip_region_validation") { if err := awsbase.ValidateRegion(region); err != nil { diags = diags.Append(tfdiags.AttributeValue( tfdiags.Error, diff --git a/internal/backend/remote-state/s3/backend_test.go b/internal/backend/remote-state/s3/backend_test.go index 95f97bf21b..fc7995139f 100644 --- a/internal/backend/remote-state/s3/backend_test.go +++ b/internal/backend/remote-state/s3/backend_test.go @@ -16,12 +16,14 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/dynamodb" "github.com/aws/aws-sdk-go/service/s3" + "github.com/google/go-cmp/cmp" awsbase "github.com/hashicorp/aws-sdk-go-base" "github.com/hashicorp/terraform/internal/backend" "github.com/hashicorp/terraform/internal/configs/configschema" "github.com/hashicorp/terraform/internal/configs/hcl2shim" "github.com/hashicorp/terraform/internal/states" "github.com/hashicorp/terraform/internal/states/remote" + "github.com/hashicorp/terraform/internal/tfdiags" "github.com/zclconf/go-cty/cty" ) @@ -95,6 +97,61 @@ func checkClientEndpoint(t *testing.T, config aws.Config, expected string) { } } +func TestBackendConfig_InvalidRegion(t *testing.T) { + testACC(t) + + cases := map[string]struct { + config map[string]any + expectedDiags tfdiags.Diagnostics + }{ + "with region validation": { + config: map[string]interface{}{ + "region": "nonesuch", + "bucket": "tf-test", + "key": "state", + "skip_credentials_validation": true, + }, + expectedDiags: tfdiags.Diagnostics{ + tfdiags.AttributeValue( + tfdiags.Error, + "Invalid region value", + `Invalid AWS Region: nonesuch`, + cty.Path{cty.GetAttrStep{Name: "region"}}, + ), + }, + }, + "skip region validation": { + config: map[string]interface{}{ + "region": "nonesuch", + "bucket": "tf-test", + "key": "state", + "skip_region_validation": true, + "skip_credentials_validation": true, + }, + expectedDiags: nil, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + b := New() + configSchema := populateSchema(t, b.ConfigSchema(), hcl2shim.HCL2ValueFromConfigValue(tc.config)) + + configSchema, diags := b.PrepareConfig(configSchema) + if len(diags) > 0 { + t.Fatal(diags.ErrWithWarnings()) + } + + confDiags := b.Configure(configSchema) + diags = diags.Append(confDiags) + + if diff := cmp.Diff(diags, tc.expectedDiags, cmp.Comparer(diagnosticComparer)); diff != "" { + t.Errorf("unexpected diagnostics difference: %s", diff) + } + }) + } +} + func TestBackendConfig_RegionEnvVar(t *testing.T) { testACC(t) config := map[string]interface{}{ @@ -695,6 +752,7 @@ func TestBackend(t *testing.T) { "bucket": bucketName, "key": keyName, "encrypt": true, + "region": "us-west-1", })).(*Backend) createS3Bucket(t, b.s3Client, bucketName) @@ -714,6 +772,7 @@ func TestBackendLocked(t *testing.T) { "key": keyName, "encrypt": true, "dynamodb_table": bucketName, + "region": "us-west-1", })).(*Backend) b2 := backend.TestBackendConfig(t, New(), backend.TestWrapConfig(map[string]interface{}{ @@ -721,6 +780,7 @@ func TestBackendLocked(t *testing.T) { "key": keyName, "encrypt": true, "dynamodb_table": bucketName, + "region": "us-west-1", })).(*Backend) createS3Bucket(t, b1.s3Client, bucketName) @@ -762,6 +822,7 @@ func TestBackendSSECustomerKeyConfig(t *testing.T) { "encrypt": true, "key": "test-SSE-C", "sse_customer_key": testCase.customerKey, + "region": "us-west-1", } b := New().(*Backend) @@ -822,6 +883,7 @@ func TestBackendSSECustomerKeyEnvVar(t *testing.T) { "bucket": bucketName, "encrypt": true, "key": "test-SSE-C", + "region": "us-west-1", } os.Setenv("AWS_SSE_CUSTOMER_KEY", testCase.customerKey)