From 1ee386b33bc67ffbdf0b11bfd02f2872c442dadc Mon Sep 17 00:00:00 2001
From: Vincent Roseberry <roseberryv@gmail.com>
Date: Tue, 28 Nov 2017 14:37:46 -0800
Subject: [PATCH] Fix service_account_id field validation in service account
 key (#795)

---
 google/resource_google_service_account_key.go |  2 +-
 google/validation.go                          | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/google/resource_google_service_account_key.go b/google/resource_google_service_account_key.go
index bd3f9689..c723f186 100644
--- a/google/resource_google_service_account_key.go
+++ b/google/resource_google_service_account_key.go
@@ -20,7 +20,7 @@ func resourceGoogleServiceAccountKey() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validateRFC1035Name(6, 30),
+				ValidateFunc: validateRegexp(ServiceAccountLinkRegex),
 			},
 			// Optional
 			"key_algorithm": &schema.Schema{
diff --git a/google/validation.go b/google/validation.go
index 33f509da..eab1cd84 100644
--- a/google/validation.go
+++ b/google/validation.go
@@ -16,6 +16,18 @@ const (
 	SubnetworkRegex = "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?"
 
 	SubnetworkLinkRegex = "projects/(" + ProjectRegex + ")/regions/(" + RegionRegex + ")/subnetworks/(" + SubnetworkRegex + ")$"
+
+	RFC1035NameTemplate = "[a-z](?:[-a-z0-9]{%d,%d}[a-z0-9])"
+)
+
+var (
+	// Service account name must have a length between 6 and 30.
+	// The first and last characters have different restrictions, than
+	// the middle characters. The middle characters length must be between
+	// 4 and 28 since the first and last character are excluded.
+	ServiceAccountNameRegex = fmt.Sprintf(RFC1035NameTemplate, 4, 28)
+
+	ServiceAccountLinkRegex = "projects/" + ProjectRegex + "/serviceAccounts/" + ServiceAccountNameRegex + "@" + ProjectRegex + "\\.iam\\.gserviceaccount\\.com$"
 )
 
 var rfc1918Networks = []string{
@@ -93,5 +105,5 @@ func validateRFC1035Name(min, max int) schema.SchemaValidateFunc {
 		}
 	}
 
-	return validateRegexp(fmt.Sprintf(`^[a-z]([-a-z0-9]{%d,%d}[a-z0-9])$`, min-2, max-2))
+	return validateRegexp(fmt.Sprintf("^"+RFC1035NameTemplate+"$", min-2, max-2))
 }