From 6d5931d8d1ccfd34c4a9da5fa992ad7878584995 Mon Sep 17 00:00:00 2001 From: David O'Rourke Date: Fri, 3 Jan 2020 15:42:54 +0000 Subject: [PATCH] provider: Allow aws account ID in validateArn (#11450) --- aws/validators.go | 2 +- aws/validators_test.go | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/aws/validators.go b/aws/validators.go index 4af8da474ff..d17f201a462 100644 --- a/aws/validators.go +++ b/aws/validators.go @@ -689,7 +689,7 @@ func validateArn(v interface{}, k string) (ws []string, errors []error) { } // http://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html - pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(\d{12})?:(.*)$` + pattern := `^arn:[\w-]+:([a-zA-Z0-9\-])+:([a-z]{2}-(gov-)?[a-z]+-\d{1})?:(aws|\d{12})?:(.*)$` if !regexp.MustCompile(pattern).MatchString(value) { errors = append(errors, fmt.Errorf( "%q doesn't look like a valid ARN (%q): %q", diff --git a/aws/validators_test.go b/aws/validators_test.go index 10e3016b025..eca3a81ac78 100644 --- a/aws/validators_test.go +++ b/aws/validators_test.go @@ -321,6 +321,7 @@ func TestValidateArn(t *testing.T) { validNames := []string{ "arn:aws:elasticbeanstalk:us-east-1:123456789012:environment/My App/MyEnvironment", // Beanstalk "arn:aws:iam::123456789012:user/David", // IAM User + "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess", // Managed IAM policy "arn:aws:rds:eu-west-1:123456789012:db:mysql-db", // RDS "arn:aws:s3:::my_corporate_bucket/exampleobject.png", // S3 object "arn:aws:events:us-east-1:319201112229:rule/rule_name", // CloudWatch Rule