Merge pull request #3164 from loivis/mq-broker-validate-password-length

resource/aws_mq_broker: validate user password
hashicorp · Jan 29, 2018 · 77583ea · 77583ea
2 parents 01ca9ae + 88ef005
commit 77583ea
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 4 deletions.
diff --git a/aws/resource_aws_mq_broker.go b/aws/resource_aws_mq_broker.go
@@ -140,9 +140,10 @@ func resourceAwsMqBroker() *schema.Resource {
 							Optional: true,
 						},
 						"password": {
-							Type:      schema.TypeString,
-							Required:  true,
-							Sensitive: true,
+							Type:         schema.TypeString,
+							Required:     true,
+							Sensitive:    true,
+							ValidateFunc: validateMqBrokerPassword,
 						},
 						"username": {
 							Type:     schema.TypeString,
@@ -535,3 +536,28 @@ func diffAwsMqBrokerUsers(bId string, oldUsers, newUsers []interface{}) (
 
 	return
 }
+
+func validateMqBrokerPassword(v interface{}, k string) (ws []string, errors []error) {
+	min := 12
+	max := 250
+	value := v.(string)
+	unique := make(map[string]bool)
+
+	for _, v := range value {
+		if _, ok := unique[string(v)]; ok {
+			continue
+		}
+		if string(v) == "," {
+			errors = append(errors, fmt.Errorf("%q must not contain commas", k))
+		}
+		unique[string(v)] = true
+	}
+	if len(unique) < 4 {
+		errors = append(errors, fmt.Errorf("%q must contain at least 4 unique characters", k))
+	}
+	if len(value) < min || len(value) > max {
+		errors = append(errors, fmt.Errorf(
+			"%q must be %d to %d characters long. provided string length: %d", k, min, max, len(value)))
+	}
+	return
+}
diff --git a/aws/resource_aws_mq_broker_test.go b/aws/resource_aws_mq_broker_test.go
@@ -22,6 +22,54 @@ func init() {
 	})
 }
 
+func TestResourceAWSMqBrokerPasswordValidation(t *testing.T) {
+	cases := []struct {
+		Value    string
+		ErrCount int
+	}{
+		{
+			Value:    "123456789012",
+			ErrCount: 0,
+		},
+		{
+			Value:    "12345678901",
+			ErrCount: 1,
+		},
+		{
+			Value:    "1234567890" + strings.Repeat("#", 240),
+			ErrCount: 0,
+		},
+		{
+			Value:    "1234567890" + strings.Repeat("#", 241),
+			ErrCount: 1,
+		},
+		{
+			Value:    "123" + strings.Repeat("#", 9),
+			ErrCount: 0,
+		},
+		{
+			Value:    "12" + strings.Repeat("#", 10),
+			ErrCount: 1,
+		},
+		{
+			Value:    "12345678901,",
+			ErrCount: 1,
+		},
+		{
+			Value:    "1," + strings.Repeat("#", 9),
+			ErrCount: 3,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := validateMqBrokerPassword(tc.Value, "aws_mq_broker_user_password")
+
+		if len(errors) != tc.ErrCount {
+			t.Fatalf("Expected errors %d for %s while returned errors %d", tc.ErrCount, tc.Value, len(errors))
+		}
+	}
+}
+
 func testSweepMqBrokers(region string) error {
 	client, err := sharedClientForRegion(region)
 	if err != nil {

diff --git a/website/docs/r/mq_broker.html.markdown b/website/docs/r/mq_broker.html.markdown
@@ -81,7 +81,7 @@ The following arguments are supported:
 
 * `console_access` - (Optional) Whether to enable access to the the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user.
 * `groups` - (Optional) The list of groups (20 maximum) to which the ActiveMQ user belongs.
-* `password` - (Required) The password of the user.
+* `password` - (Required) The password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.
 * `username` - (Required) The username of the user.
 
 ## Attributes Reference