From 9ddc832aa53650dcdff23924e3eed58e46148229 Mon Sep 17 00:00:00 2001
From: Ninir <gauthier.wallet@gmail.com>
Date: Mon, 11 Sep 2017 22:50:35 +0200
Subject: [PATCH 1/2] Added validation for the SSM document name

---
 aws/resource_aws_ssm_document.go |  5 +++--
 aws/validators.go                | 12 ++++++++++++
 aws/validators_test.go           | 25 +++++++++++++++++++++++++
 3 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/aws/resource_aws_ssm_document.go b/aws/resource_aws_ssm_document.go
index ad266d2bf067..7a4c0c3be165 100644
--- a/aws/resource_aws_ssm_document.go
+++ b/aws/resource_aws_ssm_document.go
@@ -32,8 +32,9 @@ func resourceAwsSsmDocument() *schema.Resource {
 				Computed: true,
 			},
 			"name": {
-				Type:     schema.TypeString,
-				Required: true,
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validateAwsSSMName,
 			},
 			"content": {
 				Type:     schema.TypeString,
diff --git a/aws/validators.go b/aws/validators.go
index d69528f3dc4e..96736f6a6efe 100644
--- a/aws/validators.go
+++ b/aws/validators.go
@@ -1393,6 +1393,18 @@ func validateIamRoleDescription(v interface{}, k string) (ws []string, errors []
 	return
 }
 
+func validateAwsSSMName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+
+	if !regexp.MustCompile(`^[a-zA-Z0-9_\-.]{3,128}$`).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"Only alphanumeric characters, hyphens, dots & underscores allowed in %q: %q (Must satisfy regular expression pattern: ^[a-zA-Z0-9_\\-.]{3,128}$)",
+			k, value))
+	}
+
+	return
+}
+
 func validateSsmParameterType(v interface{}, k string) (ws []string, errors []error) {
 	value := v.(string)
 	types := map[string]bool{
diff --git a/aws/validators_test.go b/aws/validators_test.go
index db806b3e10ff..aced1ffd8017 100644
--- a/aws/validators_test.go
+++ b/aws/validators_test.go
@@ -2375,6 +2375,31 @@ func TestValidateIamRoleDescription(t *testing.T) {
 	}
 }
 
+func TestValidateAwsSSMName(t *testing.T) {
+	validNames := []string{
+		".foo-bar_123",
+		strings.Repeat("W", 128),
+	}
+	for _, v := range validNames {
+		_, errors := validateAwsSSMName(v, "name")
+		if len(errors) != 0 {
+			t.Fatalf("%q should be a valid SSM Name: %q", v, errors)
+		}
+	}
+
+	invalidNames := []string{
+		"foo+bar",
+		"tf",
+		strings.Repeat("W", 129), // > 128
+	}
+	for _, v := range invalidNames {
+		_, errors := validateAwsSSMName(v, "name")
+		if len(errors) == 0 {
+			t.Fatalf("%q should be an invalid SSM Name: %q", v, errors)
+		}
+	}
+}
+
 func TestValidateSsmParameterType(t *testing.T) {
 	validTypes := []string{
 		"String",

From f91a0ee33366626a08bc47e974f791e5414e5edb Mon Sep 17 00:00:00 2001
From: Gauthier Wallet <gauthier.wallet@gmail.com>
Date: Tue, 12 Sep 2017 09:32:25 +0200
Subject: [PATCH 2/2] Update validators.go

---
 aws/validators.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/aws/validators.go b/aws/validators.go
index 96736f6a6efe..daeafad79b6d 100644
--- a/aws/validators.go
+++ b/aws/validators.go
@@ -1394,6 +1394,7 @@ func validateIamRoleDescription(v interface{}, k string) (ws []string, errors []
 }
 
 func validateAwsSSMName(v interface{}, k string) (ws []string, errors []error) {
+	// http://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateDocument.html#EC2-CreateDocument-request-Name
 	value := v.(string)
 
 	if !regexp.MustCompile(`^[a-zA-Z0-9_\-.]{3,128}$`).MatchString(value) {