Skip to content
This repository was archived by the owner on Feb 16, 2023. It is now read-only.

Commit fced7b5

Browse files
SimonBarendseSimonBarendse
authored
Merge pull request #312 from secrethub/feature/gcp-init-validation
Validate keyring and key input on gcp init
2 parents 685c14a + e5600ec commit fced7b5

1 file changed

Lines changed: 18 additions & 2 deletions

File tree

internals/secrethub/service_gcp_init.go

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,9 @@ package secrethub
22

33
import (
44
"context"
5+
"errors"
56
"fmt"
7+
"regexp"
68
"strings"
79
"sync"
810
"time"
@@ -78,11 +80,11 @@ func (cmd *ServiceGCPInitCommand) Run() error {
7880
if err != nil {
7981
return err
8082
}
81-
keyring, err := ui.ChooseDynamicOptions(cmd.io, "In which keyring is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyringOptions, true, "keyring")
83+
keyring, err := ui.ChooseDynamicOptionsValidate(cmd.io, "In which keyring is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyringOptions, "keyring", validateGCPKeyring)
8284
if err != nil {
8385
return err
8486
}
85-
kmsKey, err := ui.ChooseDynamicOptions(cmd.io, "What is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyOptions(keyring), true, "kms key")
87+
kmsKey, err := ui.ChooseDynamicOptionsValidate(cmd.io, "What is the KMS key you want to use for encrypting the service account's key?", kmsKeyLister.KeyOptions(keyring), "kms key", validateGCPCryptoKey)
8688
if err != nil {
8789
return err
8890
}
@@ -302,6 +304,20 @@ func (l *gcpKMSKeyOptionLister) KeyringOptions() ([]ui.Option, bool, error) {
302304
}
303305
}
304306

307+
func validateGCPKeyring(keyring string) error {
308+
if !regexp.MustCompile("^projects/[a-zA-Z0-9-]+/locations/[a-zA-Z0-9-]+/keyRings/[a-zA-Z0-9-_]+$").MatchString(keyring) {
309+
return errors.New("GCP keyring should be in the form \"projects/<project-id>/locations/<location>/keyRings/<key-ring>\"")
310+
}
311+
return nil
312+
}
313+
314+
func validateGCPCryptoKey(cryptoKey string) error {
315+
if !regexp.MustCompile("^projects/[a-zA-Z0-9-]+/locations/[a-zA-Z0-9-]+/keyRings/[a-zA-Z0-9-_]+/cryptoKeys/[a-zA-Z0-9-_]+$").MatchString(cryptoKey) {
316+
return errors.New("GCP crypto key should be in the form \"projects/<project-id>/locations/<location>/keyRings/<key-ring>/cryptoKeys/<key>\"")
317+
}
318+
return nil
319+
}
320+
305321
func (l *gcpKMSKeyOptionLister) KeyOptions(keyring string) func() ([]ui.Option, bool, error) {
306322
return func() ([]ui.Option, bool, error) {
307323
resp, err := l.kmsService.Projects.Locations.KeyRings.CryptoKeys.List(keyring).PageSize(10).Filter("purpose:ENCRYPT_DECRYPT").PageToken(l.nextPage).Do()

0 commit comments

Comments
 (0)