fix: allow slash

aripalo · aripalo · commit aa420d7cf9fb · 2024-04-30T11:18:16.000+03:00
Fixes #44
diff --git a/internal/assumecfg/validate.go b/internal/assumecfg/validate.go
@@ -46,7 +46,7 @@ User, Role or Role Session Names can be maximum 64 characters.
 Names of users, groups, roles, policies, instance profiles, and server certificates must be alphanumeric, including the following common characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-).
 https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
 */
-var iamResourceNamePatternBase = `[a-zA-Z0-9_+=,.@-]{1,64}`
+var iamResourceNamePatternBase = `[a-zA-Z0-9_+=,./@-]{1,64}`
 var iamResourceNamePAtternFull = fmt.Sprintf("^%s$", iamResourceNamePatternBase)
 var iamResourceNamePattern = regexp.MustCompile(iamResourceNamePAtternFull)
 
diff --git a/internal/assumecfg/validate_test.go b/internal/assumecfg/validate_test.go
@@ -59,7 +59,17 @@ func TestValidate(t *testing.T) {
 				MfaSerial:     "arn:aws:iam::111111111111:mfa/FrankSinatra",
 				RoleArn:       "invalid",
 			},
-			expected: errors.New("Profile \"frank@concerts\" contains invalid vegas_role_arn \"invalid\". Must satisty ^arn:aws:iam:\\d*:\\d{12}:role\\/[a-zA-Z0-9_+=,.@-]{1,64}$"),
+			expected: errors.New("Profile \"frank@concerts\" contains invalid vegas_role_arn \"invalid\". Must satisty ^arn:aws:iam:\\d*:\\d{12}:role\\/[a-zA-Z0-9_+=,./@-]{1,64}$"),
+		},
+		{
+			name: "vegas_role_arn may contain slash",
+			input: AssumeCfg{
+				ProfileName:   "frank@concerts",
+				SourceProfile: "default",
+				MfaSerial:     "arn:aws:iam::111111111111:mfa/FrankSinatra",
+				RoleArn:       "arn:aws:iam::111111111111:role/FrankSinatra/WithASlash",
+			},
+			expected: nil,
 		},
 		{
 			name: "role_session_name invalid",
@@ -68,9 +78,9 @@ func TestValidate(t *testing.T) {
 				SourceProfile:   "default",
 				MfaSerial:       "arn:aws:iam::111111111111:mfa/FrankSinatra",
 				RoleArn:         "arn:aws:iam::222222222222:role/SingerRole",
-				RoleSessionName: "invalid//",
+				RoleSessionName: "invalid€",
 			},
-			expected: errors.New("Profile \"frank@concerts\" contains invalid role_session_name \"invalid//\". Must satisfy ^[a-zA-Z0-9_+=,.@-]{1,64}$"),
+			expected: errors.New("Profile \"frank@concerts\" contains invalid role_session_name \"invalid€\". Must satisfy ^[a-zA-Z0-9_+=,./@-]{1,64}$"),
 		},
 		{
 			name: "external_id invalid",
