Add validation for aws_cognito_user_group

aws/resource_aws_cognito_user_group.go

@@ -16,26 +16,30 @@ func resourceAwsCognitoUserGroup() *schema.Resource {
 
 		Schema: map[string]*schema.Schema{
 			"description": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateMaxLength(2048),
 			},
 			"name": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateCognitoUserGroupName,
 			},
 			"precedence": {
 				Type:     schema.TypeInt,
 				Optional: true,
 			},
 			"role_arn": {
-				Type:     schema.TypeString,
-				Optional: true,
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: validateArn,
 			},
 			"user_pool_id": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ForceNew:     true,
+				ValidateFunc: validateCognitoUserPoolId,
 			},
 		},
 	}

aws/validators.go

@@ -1468,6 +1468,22 @@ func validateCognitoIdentityProvidersProviderName(v interface{}, k string) (ws [
 	return
 }
 
+func validateCognitoUserGroupName(v interface{}, k string) (ws []string, es []error) {
+	value := v.(string)
+	if len(value) < 1 {
+		es = append(es, fmt.Errorf("%q cannot be less than 1 character", k))
+	}
+
+	if len(value) > 128 {
+		es = append(es, fmt.Errorf("%q cannot be longer than 128 character", k))
+	}
+
+	if !regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+`).MatchString(value) {
+		es = append(es, fmt.Errorf("%q must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+", k))
+	}
+	return
+}
+
 func validateCognitoUserPoolEmailVerificationMessage(v interface{}, k string) (ws []string, es []error) {
 	value := v.(string)
 	if len(value) < 6 {
@@ -1500,6 +1516,14 @@ func validateCognitoUserPoolEmailVerificationSubject(v interface{}, k string) (w
 	return
 }
 
+func validateCognitoUserPoolId(v interface{}, k string) (ws []string, es []error) {
+	value := v.(string)
+	if !regexp.MustCompile(`^[\w-]+_[0-9a-zA-Z]+$`).MatchString(value) {
+		es = append(es, fmt.Errorf("%q must be the region name followed by an underscore and then alphanumeric pattern", k))
+	}
+	return
+}
+
 func validateCognitoUserPoolMfaConfiguration(v interface{}, k string) (ws []string, es []error) {
 	value := v.(string)
 

aws/validators_test.go

@@ -2890,3 +2890,63 @@ func TestValidateCognitoUserPoolDomain(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateCognitoUserGroupName(t *testing.T) {
+	validValues := []string{
+		"foo",
+		"7346241598935552",
+		"foo_bar",
+		"foo:bar",
+		"foo/bar",
+		"foo-bar",
+		"$foobar",
+		strings.Repeat("W", 128),
+	}
+
+	for _, s := range validValues {
+		_, errors := validateCognitoUserGroupName(s, "name")
+		if len(errors) > 0 {
+			t.Fatalf("%q should be a valid Cognito User Pool Group Name: %v", s, errors)
+		}
+	}
+
+	invalidValues := []string{
+		"",
+		strings.Repeat("W", 129), // > 128
+	}
+
+	for _, s := range invalidValues {
+		_, errors := validateCognitoUserGroupName(s, "name")
+		if len(errors) == 0 {
+			t.Fatalf("%q should not be a valid Cognito User Pool Group Name: %v", s, errors)
+		}
+	}
+}
+
+func TestValidateCognitoUserPoolId(t *testing.T) {
+	validValues := []string{
+		"eu-west-1_Foo123",
+		"ap-southeast-2_BaRBaz987",
+	}
+
+	for _, s := range validValues {
+		_, errors := validateCognitoUserPoolId(s, "user_pool_id")
+		if len(errors) > 0 {
+			t.Fatalf("%q should be a valid Cognito User Pool Id: %v", s, errors)
+		}
+	}
+
+	invalidValues := []string{
+		"",
+		"foo",
+		"us-east-1-Foo123",
+		"eu-central-2_Bar+4",
+	}
+
+	for _, s := range invalidValues {
+		_, errors := validateCognitoUserPoolId(s, "user_pool_id")
+		if len(errors) == 0 {
+			t.Fatalf("%q should not be a valid Cognito User Pool Id: %v", s, errors)
+		}
+	}
+}