resource/aws_mq_broker: validate user password characters

hashicorp · Jan 29, 2018 · 88ef005 · 88ef005
1 parent 7276aea
commit 88ef005
Show file tree

Hide file tree

Showing 5 changed files with 75 additions and 33 deletions.
diff --git a/aws/resource_aws_mq_broker.go b/aws/resource_aws_mq_broker.go
@@ -143,7 +143,7 @@ func resourceAwsMqBroker() *schema.Resource {
 							Type:         schema.TypeString,
 							Required:     true,
 							Sensitive:    true,
-							ValidateFunc: validateStringLengthRange(12, 250),
+							ValidateFunc: validateMqBrokerPassword,
 						},
 						"username": {
 							Type:     schema.TypeString,
@@ -536,3 +536,28 @@ func diffAwsMqBrokerUsers(bId string, oldUsers, newUsers []interface{}) (
 
 	return
 }
+
+func validateMqBrokerPassword(v interface{}, k string) (ws []string, errors []error) {
+	min := 12
+	max := 250
+	value := v.(string)
+	unique := make(map[string]bool)
+
+	for _, v := range value {
+		if _, ok := unique[string(v)]; ok {
+			continue
+		}
+		if string(v) == "," {
+			errors = append(errors, fmt.Errorf("%q must not contain commas", k))
+		}
+		unique[string(v)] = true
+	}
+	if len(unique) < 4 {
+		errors = append(errors, fmt.Errorf("%q must contain at least 4 unique characters", k))
+	}
+	if len(value) < min || len(value) > max {
+		errors = append(errors, fmt.Errorf(
+			"%q must be %d to %d characters long. provided string length: %d", k, min, max, len(value)))
+	}
+	return
+}
diff --git a/aws/resource_aws_mq_broker_test.go b/aws/resource_aws_mq_broker_test.go
@@ -22,6 +22,54 @@ func init() {
 	})
 }
 
+func TestResourceAWSMqBrokerPasswordValidation(t *testing.T) {
+	cases := []struct {
+		Value    string
+		ErrCount int
+	}{
+		{
+			Value:    "123456789012",
+			ErrCount: 0,
+		},
+		{
+			Value:    "12345678901",
+			ErrCount: 1,
+		},
+		{
+			Value:    "1234567890" + strings.Repeat("#", 240),
+			ErrCount: 0,
+		},
+		{
+			Value:    "1234567890" + strings.Repeat("#", 241),
+			ErrCount: 1,
+		},
+		{
+			Value:    "123" + strings.Repeat("#", 9),
+			ErrCount: 0,
+		},
+		{
+			Value:    "12" + strings.Repeat("#", 10),
+			ErrCount: 1,
+		},
+		{
+			Value:    "12345678901,",
+			ErrCount: 1,
+		},
+		{
+			Value:    "1," + strings.Repeat("#", 9),
+			ErrCount: 3,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := validateMqBrokerPassword(tc.Value, "aws_mq_broker_user_password")
+
+		if len(errors) != tc.ErrCount {
+			t.Fatalf("Expected errors %d for %s while returned errors %d", tc.ErrCount, tc.Value, len(errors))
+		}
+	}
+}
+
 func testSweepMqBrokers(region string) error {
 	client, err := sharedClientForRegion(region)
 	if err != nil {

diff --git a/aws/validators.go b/aws/validators.go
@@ -317,17 +317,6 @@ func validateMaxLength(length int) schema.SchemaValidateFunc {
 	}
 }
 
-func validateStringLengthRange(min, max int) schema.SchemaValidateFunc {
-	return func(v interface{}, k string) (ws []string, errors []error) {
-		value := v.(string)
-		if len(value) < min || len(value) > max {
-			errors = append(errors, fmt.Errorf(
-				"%q must be %d to %d characters long. provided string length: %d", k, min, max, len(value)))
-		}
-		return
-	}
-}
-
 func validateIntegerInRange(min, max int) schema.SchemaValidateFunc {
 	return func(v interface{}, k string) (ws []string, errors []error) {
 		value := v.(int)

diff --git a/aws/validators_test.go b/aws/validators_test.go
@@ -778,26 +778,6 @@ func TestValidateIntegerInRange(t *testing.T) {
 	}
 }
 
-func TestValidateStringLengthRange(t *testing.T) {
-	min := 7
-	max := 11
-	validStrings := []string{"1234567", "1234567890", "12345678901"}
-	for _, v := range validStrings {
-		_, errors := validateStringLengthRange(min, max)(v, "name")
-		if len(errors) != 0 {
-			t.Fatalf("length of %q %d should be in range [%d, %d]: %q", v, len(v), min, max, errors)
-		}
-	}
-
-	invalidStrings := []string{"123456", "123456789012"}
-	for _, v := range invalidStrings {
-		_, errors := validateStringLengthRange(min, max)(v, "name")
-		if len(errors) == 0 {
-			t.Fatalf("length of %q %d should be outside range [%d, %d]", v, len(v), min, max)
-		}
-	}
-}
-
 func TestResourceAWSElastiCacheClusterIdValidation(t *testing.T) {
 	cases := []struct {
 		Value    string

diff --git a/website/docs/r/mq_broker.html.markdown b/website/docs/r/mq_broker.html.markdown
@@ -81,7 +81,7 @@ The following arguments are supported:
 
 * `console_access` - (Optional) Whether to enable access to the the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user.
 * `groups` - (Optional) The list of groups (20 maximum) to which the ActiveMQ user belongs.
-* `password` - (Required) The password of the user, must be 12 to 250 characters long.
+* `password` - (Required) The password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.
 * `username` - (Required) The username of the user.
 
 ## Attributes Reference