Fix service_account_id field validation in service account key (#795)

2024-06-29 06:42:36 +00:00 · 2017-11-28 14:37:46 -08:00 · 2017-11-28 14:37:46 -08:00 · 1ee386b33b
commit 1ee386b33b
parent 3ec37d2864
2 changed files with 14 additions and 2 deletions
--- a/google/resource_google_service_account_key.go
+++ b/google/resource_google_service_account_key.go
@ -20,7 +20,7 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validateRFC1035Name(6, 30),
+				ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
 			},
 			// Optional
 			"key_algorithm": &schema.Schema{
--- a/google/validation.go
+++ b/google/validation.go
@ -16,6 +16,18 @@ const (
 	SubnetworkRegex = "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?"

 	SubnetworkLinkRegex = "projects/(" + ProjectRegex + ")/regions/(" + RegionRegex + ")/subnetworks/(" + SubnetworkRegex + ")$"
+
+	RFC1035NameTemplate = "[a-z](?:[-a-z0-9]{%d,%d}[a-z0-9])"
+)
+
+var (
+	// Service account name must have a length between 6 and 30.
+	// The first and last characters have different restrictions, than
+	// the middle characters. The middle characters length must be between
+	// 4 and 28 since the first and last character are excluded.
+	ServiceAccountNameRegex = fmt.Sprintf(RFC1035NameTemplate, 4, 28)
+
+	ServiceAccountLinkRegex = "projects/" + ProjectRegex + "/serviceAccounts/" + ServiceAccountNameRegex + "@" + ProjectRegex + "\\.iam\\.gserviceaccount\\.com$"
 )

 var rfc1918Networks = []string{
@ -93,5 +105,5 @@ func validateRFC1035Name(min, max int) schema.SchemaValidateFunc {
 		}
 	}

-	return validateRegexp(fmt.Sprintf(`^[a-z]([-a-z0-9]{%d,%d}[a-z0-9])$`, min-2, max-2))
+	return validateRegexp(fmt.Sprintf("^"+RFC1035NameTemplate+"$", min-2, max-2))
 }