diff --git a/aws/resource_aws_cognito_user_group.go b/aws/resource_aws_cognito_user_group.go index 64ef2da3f72..0bad34deb1d 100644 --- a/aws/resource_aws_cognito_user_group.go +++ b/aws/resource_aws_cognito_user_group.go @@ -16,26 +16,30 @@ func resourceAwsCognitoUserGroup() *schema.Resource { Schema: map[string]*schema.Schema{ "description": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateMaxLength(2048), }, "name": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validateCognitoUserGroupName, }, "precedence": { Type: schema.TypeInt, Optional: true, }, "role_arn": { - Type: schema.TypeString, - Optional: true, + Type: schema.TypeString, + Optional: true, + ValidateFunc: validateArn, }, "user_pool_id": { - Type: schema.TypeString, - Required: true, - ForceNew: true, + Type: schema.TypeString, + Required: true, + ForceNew: true, + ValidateFunc: validateCognitoUserPoolId, }, }, } diff --git a/aws/validators.go b/aws/validators.go index 380db338bf7..5b094d1cb3c 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -1468,6 +1468,22 @@ func validateCognitoIdentityProvidersProviderName(v interface{}, k string) (ws [ return } +func validateCognitoUserGroupName(v interface{}, k string) (ws []string, es []error) { + value := v.(string) + if len(value) < 1 { + es = append(es, fmt.Errorf("%q cannot be less than 1 character", k)) + } + + if len(value) > 128 { + es = append(es, fmt.Errorf("%q cannot be longer than 128 character", k)) + } + + if !regexp.MustCompile(`[\p{L}\p{M}\p{S}\p{N}\p{P}]+`).MatchString(value) { + es = append(es, fmt.Errorf("%q must satisfy regular expression pattern: [\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+", k)) + } + return +} + func validateCognitoUserPoolEmailVerificationMessage(v interface{}, k string) (ws []string, es []error) { value := v.(string) if len(value) < 6 { @@ -1500,6 +1516,14 @@ func validateCognitoUserPoolEmailVerificationSubject(v interface{}, k string) (w return } +func validateCognitoUserPoolId(v interface{}, k string) (ws []string, es []error) { + value := v.(string) + if !regexp.MustCompile(`^[\w-]+_[0-9a-zA-Z]+$`).MatchString(value) { + es = append(es, fmt.Errorf("%q must be the region name followed by an underscore and then alphanumeric pattern", k)) + } + return +} + func validateCognitoUserPoolMfaConfiguration(v interface{}, k string) (ws []string, es []error) { value := v.(string) diff --git a/aws/validators_test.go b/aws/validators_test.go index 1a63f7ab8ad..7184f770076 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -2890,3 +2890,63 @@ func TestValidateCognitoUserPoolDomain(t *testing.T) { } } } + +func TestValidateCognitoUserGroupName(t *testing.T) { + validValues := []string{ + "foo", + "7346241598935552", + "foo_bar", + "foo:bar", + "foo/bar", + "foo-bar", + "$foobar", + strings.Repeat("W", 128), + } + + for _, s := range validValues { + _, errors := validateCognitoUserGroupName(s, "name") + if len(errors) > 0 { + t.Fatalf("%q should be a valid Cognito User Pool Group Name: %v", s, errors) + } + } + + invalidValues := []string{ + "", + strings.Repeat("W", 129), // > 128 + } + + for _, s := range invalidValues { + _, errors := validateCognitoUserGroupName(s, "name") + if len(errors) == 0 { + t.Fatalf("%q should not be a valid Cognito User Pool Group Name: %v", s, errors) + } + } +} + +func TestValidateCognitoUserPoolId(t *testing.T) { + validValues := []string{ + "eu-west-1_Foo123", + "ap-southeast-2_BaRBaz987", + } + + for _, s := range validValues { + _, errors := validateCognitoUserPoolId(s, "user_pool_id") + if len(errors) > 0 { + t.Fatalf("%q should be a valid Cognito User Pool Id: %v", s, errors) + } + } + + invalidValues := []string{ + "", + "foo", + "us-east-1-Foo123", + "eu-central-2_Bar+4", + } + + for _, s := range invalidValues { + _, errors := validateCognitoUserPoolId(s, "user_pool_id") + if len(errors) == 0 { + t.Fatalf("%q should not be a valid Cognito User Pool Id: %v", s, errors) + } + } +}