diff --git a/cmd/baton-aws/config.go b/cmd/baton-aws/config.go index 57835734..68e7382d 100644 --- a/cmd/baton-aws/config.go +++ b/cmd/baton-aws/config.go @@ -9,6 +9,12 @@ import ( "github.com/spf13/viper" ) +const ( + ExternalIDLengthMaximum = 65 // TODO(marcos): this might be a bug. + ExternalIDLengthMinimum = 32 + RegionDefault = "us-east-1" +) + var ( ExternalIdField = field.StringField( "external-id", @@ -29,7 +35,7 @@ var ( GlobalAwsSsoRegionField = field.StringField( "global-aws-sso-region", field.WithDescription("The region for the sso identities"), - field.WithDefaultValue("us-east-1"), + field.WithDefaultValue(RegionDefault), ) GlobalBindingExternalIdField = field.StringField( "global-binding-external-id", @@ -103,7 +109,7 @@ func ValidateExternalId(input string) error { return fmt.Errorf("external id is missing") } - if fieldLength < 32 || fieldLength > 65 { + if fieldLength < ExternalIDLengthMinimum || fieldLength > ExternalIDLengthMaximum { return fmt.Errorf("aws_external_id must be between 32 and 64 bytes") } return nil diff --git a/cmd/baton-aws/config_test.go b/cmd/baton-aws/config_test.go new file mode 100644 index 00000000..48ab9dce --- /dev/null +++ b/cmd/baton-aws/config_test.go @@ -0,0 +1,73 @@ +package main + +import ( + "context" + "fmt" + "testing" + + "github.com/conductorone/baton-sdk/pkg/test" + "github.com/conductorone/baton-sdk/pkg/ustrings" + "github.com/spf13/viper" +) + +const ( + exampleARN = "arn:aws:iam::123456789012:role/David" + exampleExternalID = "12345678901234567890123456789012" + s3ARN = "arn:aws:s3:::my_corporate_bucket/exampleobject.png" +) + +func TestConfigs(t *testing.T) { + ctx := context.Background() + test.ExerciseTestCasesFromExpressions( + t, + Configuration, + func(viper *viper.Viper) error { return validateConfig(ctx, viper) }, + ustrings.ParseFlags, + []test.TestCaseFromExpression{ + { + "", + true, + "empty", + }, + { + "--use-assume", + false, + "externalID + ARN missing", + }, + { + fmt.Sprintf("--use-assume --external-id %s", exampleExternalID), + false, + "ARN missing", + }, + { + fmt.Sprintf("--use-assume --role-arn %s", exampleARN), + false, + "external ID missing", + }, + { + fmt.Sprintf("--use-assume --external-id 1 --role-arn %s", exampleARN), + false, + "externalID too short", + }, + { + + fmt.Sprintf( + "--use-assume --external-id %s --role-arn %s", + exampleExternalID, + s3ARN, + ), + false, + "ARN is not IAM", + }, + { + fmt.Sprintf( + "--use-assume --external-id %s --role-arn %s", + exampleExternalID, + exampleARN, + ), + true, + "all", + }, + }, + ) +}