Validate crypto key input on gcp init

SimonBarendse · SimonBarendse · commit 0163ea04e392 · 2020-07-07T12:18:15.000+02:00
diff --git a/internals/secrethub/service_gcp_init.go b/internals/secrethub/service_gcp_init.go
@@ -84,7 +84,7 @@ func (cmd *ServiceGCPInitCommand) Run() error {
 		if err != nil {
 			return err
 		}
-		kmsKey, err := ui.ChooseDynamicOptions(cmd.io, "What is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyOptions(keyring), true, "kms key")
+		kmsKey, err := ui.ChooseDynamicOptionsValidate(cmd.io, "What is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyOptions(keyring), "kms key", validateGCPCryptoKey)
 		if err != nil {
 			return err
 		}
@@ -311,6 +311,13 @@ func validateGCPKeyring(keyring string) error {
 	return nil
 }
 
+func validateGCPCryptoKey(cryptoKey string) error {
+	if !regexp.MustCompile("^projects/[a-zA-Z0-9-]*/locations/[a-zA-Z0-9-]*/keyRings/[a-zA-Z0-9-_]*/cryptoKeys/[a-zA-Z0-9-_]*$").MatchString(cryptoKey) {
+		return errors.New("GCP crypto key should be in the form \"projects/<project-id>/locations/<location>/keyRings/<key-ring>/cryptoKeys/<key>\"")
+	}
+	return nil
+}
+
 func (l *gcpKMSKeyOptionLister) KeyOptions(keyring string) func() ([]ui.Option, bool, error) {
 	return func() ([]ui.Option, bool, error) {
 		resp, err := l.kmsService.Projects.Locations.KeyRings.CryptoKeys.List(keyring).PageSize(10).Filter("purpose:ENCRYPT_DECRYPT").PageToken(l.nextPage).Do()
