Merge pull request #19 from den-rgb/OCM-4513

OCM-4513 | fix: Fixed kms arn regex pattern
openshift-online · Oct 26, 2023 · 5ff0909 · 5ff0909
2 parents 1e92673 + a9be6e5
commit 5ff0909
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 35 deletions.
diff --git a/pkg/resource/validations/kms_arn_regex_validation.go b/pkg/resource/validations/kms_arn_regex_validation.go
@@ -6,7 +6,7 @@ import (
 )
 
 var KmsArnRE = regexp.MustCompile(
-	`^arn:aws[\w-]*:kms:[\w-]+:\d{12}:key\/mrk-[0-9a-f]{32}$|[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$`,
+	`^arn:aws[\w-]*:kms:[\w-]+:\d{12}:key\/(mrk-[0-9a-f]{32}$|[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$)`,
 )
 
 func ValidateKMSKeyARN(kmsKeyARN *string) error {

diff --git a/pkg/resource/validations/kms_arn_regex_validation_test.go b/pkg/resource/validations/kms_arn_regex_validation_test.go
@@ -1,54 +1,52 @@
 package validations
 
 import (
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
 
 var _ = Describe("Validations", func() {
 	Describe("validateKMSKeyARN", func() {
-		var (
-			kmsKeyARN  string
-		)
-
-		BeforeEach(func() {
-			kmsKeyARN = ""
-		})
-
-		Context("when kmsKeyARN is nil", func() {
-            It("should not return an error", func() {
-                err := ValidateKMSKeyARN(nil)
-                Expect(err).ToNot(HaveOccurred())
-            })
-        })
-
-		Context("when kmsKeyARN is empty", func() {
-			It("should not return an error", func() {
-				err := ValidateKMSKeyARN(&kmsKeyARN)
-				Expect(err).ToNot(HaveOccurred())
+		Context("empty kmsKeyARN", func() {
+			When("kmsKeyARN is nil", func() {
+				It("should not return an error", func() {
+					err := ValidateKMSKeyARN(nil)
+					Expect(err).ToNot(HaveOccurred())
+				})
 			})
-		})
 
-		Context("when kmsKeyARN is not empty and matches the regex", func() {
-			BeforeEach(func() {
-				kmsKeyARN = "arn:aws:kms:us-east-1:111111111111:key/mrk-0123456789abcdef0123456789abcdef"
+			When("kmsKeyARN is empty", func() {
+				It("should not return an error", func() {
+					emptyKmsKeyARN := ""
+					err := ValidateKMSKeyARN(&emptyKmsKeyARN)
+					Expect(err).ToNot(HaveOccurred())
+				})
 			})
+		})
 
-			It("should not return an error", func() {
-				err := ValidateKMSKeyARN(&kmsKeyARN)
-				Expect(err).ToNot(HaveOccurred())
+		Context("kmsKeyARN regex", func() {
+			When("kmsKeyARN is not empty and matches the regex", func() {
+				It("should not return an error", func() {
+					validKmsKeyARN := "arn:aws:kms:us-east-1:111111111111:key/mrk-0123456789abcdef0123456789abcdef"
+					err := ValidateKMSKeyARN(&validKmsKeyARN)
+					Expect(err).ToNot(HaveOccurred())
+				})
 			})
-		})
 
-		Context("when kmsKeyARN is not empty and does not match the regex", func() {
-			BeforeEach(func() {
-				kmsKeyARN = "invalid-kms-key-arn"
+			When("kmsKeyARN is not empty but is not prefixed with 'mrk'", func() {
+				It("should return an error", func() {
+					invalidKmsKeyARN := "arn:aws:notkms:us-west-2:301721915996:key/9fdfaf2f-efb7-4db7-a5c3-0d047c52f094"
+					err := ValidateKMSKeyARN(&invalidKmsKeyARN)
+					Expect(err).To(HaveOccurred())
+				})
 			})
 
-			It("should return an error", func() {
-				err := ValidateKMSKeyARN(&kmsKeyARN)
-				Expect(err).To(HaveOccurred())
+			When("when kmsKeyARN is not empty and does not match the regex", func() {
+				It("should return an error", func() {
+					invalidKmsKeyARN := "invalid-kms-key-arn"
+					err := ValidateKMSKeyARN(&invalidKmsKeyARN)
+					Expect(err).To(HaveOccurred())
+				})
 			})
 		})
 	})