github.com/terramate-io/tf@v0.0.0-20230830114523-fce866b4dfcd/backend/remote-state/s3/validate_test.go (about) 1 package s3 2 3 import ( 4 "testing" 5 6 "github.com/google/go-cmp/cmp" 7 "github.com/terramate-io/tf/tfdiags" 8 "github.com/zclconf/go-cty/cty" 9 ) 10 11 func TestValidateKMSKey(t *testing.T) { 12 t.Parallel() 13 14 path := cty.Path{cty.GetAttrStep{Name: "field"}} 15 16 testcases := map[string]struct { 17 in string 18 expected tfdiags.Diagnostics 19 }{ 20 "kms key id": { 21 in: "57ff7a43-341d-46b6-aee3-a450c9de6dc8", 22 }, 23 "kms key arn": { 24 in: "arn:aws:kms:us-west-2:111122223333:key/57ff7a43-341d-46b6-aee3-a450c9de6dc8", 25 }, 26 "kms multi-region key id": { 27 in: "mrk-f827515944fb43f9b902a09d2c8b554f", 28 }, 29 "kms multi-region key arn": { 30 in: "arn:aws:kms:us-west-2:111122223333:key/mrk-a835af0b39c94b86a21a8fc9535df681", 31 }, 32 "kms key alias": { 33 in: "alias/arbitrary-key", 34 expected: tfdiags.Diagnostics{ 35 tfdiags.AttributeValue( 36 tfdiags.Error, 37 "Invalid KMS Key ID", 38 `Value must be a valid KMS Key ID, got "alias/arbitrary-key"`, 39 path, 40 ), 41 }, 42 }, 43 "kms key alias arn": { 44 in: "arn:aws:kms:us-west-2:111122223333:alias/arbitrary-key", 45 expected: tfdiags.Diagnostics{ 46 tfdiags.AttributeValue( 47 tfdiags.Error, 48 "Invalid KMS Key ARN", 49 `Value must be a valid KMS Key ARN, got "arn:aws:kms:us-west-2:111122223333:alias/arbitrary-key"`, 50 path, 51 ), 52 }, 53 }, 54 "invalid key": { 55 in: "$%wrongkey", 56 expected: tfdiags.Diagnostics{ 57 tfdiags.AttributeValue( 58 tfdiags.Error, 59 "Invalid KMS Key ID", 60 `Value must be a valid KMS Key ID, got "$%wrongkey"`, 61 path, 62 ), 63 }, 64 }, 65 "non-kms arn": { 66 in: "arn:aws:lamda:foo:bar:key/xyz", 67 expected: tfdiags.Diagnostics{ 68 tfdiags.AttributeValue( 69 tfdiags.Error, 70 "Invalid KMS Key ARN", 71 `Value must be a valid KMS Key ARN, got "arn:aws:lamda:foo:bar:key/xyz"`, 72 path, 73 ), 74 }, 75 }, 76 } 77 78 for name, testcase := range testcases { 79 testcase := testcase 80 t.Run(name, func(t *testing.T) { 81 t.Parallel() 82 83 diags := validateKMSKey(path, testcase.in) 84 85 if diff := cmp.Diff(diags, testcase.expected, cmp.Comparer(diagnosticComparer)); diff != "" { 86 t.Errorf("unexpected diagnostics difference: %s", diff) 87 } 88 }) 89 } 90 } 91 92 func TestValidateKeyARN(t *testing.T) { 93 t.Parallel() 94 95 path := cty.Path{cty.GetAttrStep{Name: "field"}} 96 97 testcases := map[string]struct { 98 in string 99 expected tfdiags.Diagnostics 100 }{ 101 "kms key id": { 102 in: "arn:aws:kms:us-west-2:123456789012:key/57ff7a43-341d-46b6-aee3-a450c9de6dc8", 103 }, 104 "kms mrk key id": { 105 in: "arn:aws:kms:us-west-2:111122223333:key/mrk-a835af0b39c94b86a21a8fc9535df681", 106 }, 107 "kms non-key id": { 108 in: "arn:aws:kms:us-west-2:123456789012:something/else", 109 expected: tfdiags.Diagnostics{ 110 tfdiags.AttributeValue( 111 tfdiags.Error, 112 "Invalid KMS Key ARN", 113 `Value must be a valid KMS Key ARN, got "arn:aws:kms:us-west-2:123456789012:something/else"`, 114 path, 115 ), 116 }, 117 }, 118 "non-kms arn": { 119 in: "arn:aws:iam::123456789012:user/David", 120 expected: tfdiags.Diagnostics{ 121 tfdiags.AttributeValue( 122 tfdiags.Error, 123 "Invalid KMS Key ARN", 124 `Value must be a valid KMS Key ARN, got "arn:aws:iam::123456789012:user/David"`, 125 path, 126 ), 127 }, 128 }, 129 "not an arn": { 130 in: "not an arn", 131 expected: tfdiags.Diagnostics{ 132 tfdiags.AttributeValue( 133 tfdiags.Error, 134 "Invalid KMS Key ARN", 135 `Value must be a valid KMS Key ARN, got "not an arn"`, 136 path, 137 ), 138 }, 139 }, 140 } 141 142 for name, testcase := range testcases { 143 testcase := testcase 144 t.Run(name, func(t *testing.T) { 145 t.Parallel() 146 147 diags := validateKMSKeyARN(path, testcase.in) 148 149 if diff := cmp.Diff(diags, testcase.expected, cmp.Comparer(diagnosticComparer)); diff != "" { 150 t.Errorf("unexpected diagnostics difference: %s", diff) 151 } 152 }) 153 } 154 }