Merge pull request #19078 from philnichol/e-eks-adding-name-validation

.changelog/19078.txt

@@ -0,0 +1,23 @@
+```release-note:enhancement
+data/source_aws_eks_addon: added validation for `cluster_name`
+```
+
+```release-note:enhancement
+data/source_aws_eks_cluster: added validation for `cluster_name`
+```
+
+```release-note:enhancement
+resource/aws_eks_addon: added validation for `cluster_name`
+```
+
+```release-note:enhancement
+resource/aws_eks_cluster: added validation for `name`
+```
+
+```release-note:enhancement
+resource/aws_eks_fargate_profile: added validation for `cluster_name`
+```
+
+```release-note:enhancement
+resource/aws_eks_node_group: added validation for `cluster_name`
+```

aws/data_source_aws_eks_addon.go

@@ -25,7 +25,7 @@ func dataSourceAwsEksAddon() *schema.Resource {
 			"cluster_name": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"arn": {
 				Type:     schema.TypeString,

aws/data_source_aws_eks_cluster.go

@@ -7,7 +7,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/eks"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/terraform-providers/terraform-provider-aws/aws/internal/keyvaluetags"
 )
 
@@ -81,7 +80,7 @@ func dataSourceAwsEksCluster() *schema.Resource {
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"platform_version": {
 				Type:     schema.TypeString,

aws/resource_aws_eks_addon.go

@@ -42,7 +42,7 @@ func resourceAwsEksAddon() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"arn": {
 				Type:     schema.TypeString,

aws/resource_aws_eks_cluster.go

@@ -143,7 +143,7 @@ func resourceAwsEksCluster() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"platform_version": {
 				Type:     schema.TypeString,

aws/resource_aws_eks_fargate_profile.go

@@ -42,7 +42,7 @@ func resourceAwsEksFargateProfile() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"fargate_profile_name": {
 				Type:         schema.TypeString,

aws/resource_aws_eks_node_group.go

@@ -60,7 +60,7 @@ func resourceAwsEksNodeGroup() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.NoZeroValues,
+				ValidateFunc: validateEKSClusterName,
 			},
 			"disk_size": {
 				Type:     schema.TypeInt,

aws/validators.go

@@ -2351,6 +2351,24 @@ func validateRoute53ResolverName(v interface{}, k string) (ws []string, errors [
 	return
 }
 
+func validateEKSClusterName(v interface{}, k string) (ws []string, errors []error) {
+	value := v.(string)
+	if len(value) < 1 || len(value) > 100 {
+		errors = append(errors, fmt.Errorf(
+			"%q length must be between 1-100 characters: %q", k, value))
+	}
+
+	// https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html#API_CreateCluster_RequestSyntax
+	pattern := `^[0-9A-Za-z][A-Za-z0-9\-_]+$`
+	if !regexp.MustCompile(pattern).MatchString(value) {
+		errors = append(errors, fmt.Errorf(
+			"%q doesn't comply with restrictions (%q): %q",
+			k, pattern, value))
+	}
+
+	return
+}
+
 var validateCloudWatchEventCustomEventBusName = validation.All(
 	validation.StringLenBetween(1, 256),
 	validation.StringMatch(regexp.MustCompile(`^[a-zA-Z0-9._\-]+$`), ""),

aws/validators_test.go

@@ -3246,3 +3246,55 @@ func TestValidateTypeStringIsDateOrInt(t *testing.T) {
 		}
 	}
 }
+
+func TestResourceAWSEKSClusterNameValidation(t *testing.T) {
+	cases := []struct {
+		Value    string
+		ErrCount int
+	}{
+		{
+			Value:    "my-valid-eks-cluster_1_dev",
+			ErrCount: 0,
+		},
+		{
+			Value:    `_invalid`,
+			ErrCount: 1,
+		},
+		{
+			Value:    `-invalid`,
+			ErrCount: 1,
+		},
+		{
+			Value:    `invalid@`,
+			ErrCount: 1,
+		},
+		{
+			Value:    `invalid*`,
+			ErrCount: 1,
+		},
+		{
+			Value:    `invalid:`,
+			ErrCount: 1,
+		},
+		{
+			Value:    `invalid$`,
+			ErrCount: 1,
+		},
+		{
+			Value:    ``,
+			ErrCount: 2,
+		},
+		{
+			Value:    acctest.RandStringFromCharSet(101, acctest.CharSetAlpha),
+			ErrCount: 1,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := validateEKSClusterName(tc.Value, "cluster_name")
+
+		if len(errors) != tc.ErrCount {
+			t.Fatalf("Expected the EKS Cluster Name to trigger a validation error: %s, expected %d, got %d errors", tc.Value, tc.ErrCount, len(errors))
+		}
+	}
+}

website/docs/d/eks_addon.html.markdown

@@ -27,7 +27,7 @@ output "eks_addon_outputs" {
 
 * `addon_name` – (Required) Name of the EKS add-on. The name must match one of
   the names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).
-* `cluster_name` – (Required) Name of the EKS Cluster.
+* `cluster_name` – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 
 ## Attributes Reference
 

website/docs/d/eks_cluster.html.markdown

@@ -33,7 +33,7 @@ output "identity-oidc-issuer" {
 
 ## Argument Reference
 
-* `name` - (Required) The name of the cluster
+* `name` - (Required) The name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 
 ## Attributes Reference
 

website/docs/r/eks_addon.html.markdown

@@ -76,7 +76,7 @@ The following arguments are required:
 
 * `addon_name` – (Required) Name of the EKS add-on. The name must match one of
   the names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).
-* `cluster_name` – (Required) Name of the EKS Cluster.
+* `cluster_name` – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 
 The following arguments are optional:
 

website/docs/r/eks_cluster.html.markdown

@@ -155,7 +155,7 @@ After adding inline IAM Policies (e.g. [`aws_iam_role_policy` resource](/docs/pr
 
 The following arguments are required:
 
-* `name` – (Required) Name of the cluster.
+* `name` – (Required) Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 * `role_arn` - (Required) ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding [`depends_on`](https://www.terraform.io/docs/configuration/meta-arguments/depends_on.html) if using the [`aws_iam_role_policy` resource](/docs/providers/aws/r/iam_role_policy.html) or [`aws_iam_role_policy_attachment` resource](/docs/providers/aws/r/iam_role_policy_attachment.html), otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
 * `vpc_config` - (Required) Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
 

website/docs/r/eks_fargate_profile.html.markdown

@@ -53,7 +53,7 @@ resource "aws_iam_role_policy_attachment" "example-AmazonEKSFargatePodExecutionR
 
 The following arguments are required:
 
-* `cluster_name` – (Required) Name of the EKS Cluster.
+* `cluster_name` – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 * `fargate_profile_name` – (Required) Name of the EKS Fargate Profile.
 * `pod_execution_role_arn` – (Required) Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.
 * `selector` - (Required) Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.

website/docs/r/eks_node_group.html.markdown

@@ -115,7 +115,7 @@ resource "aws_subnet" "example" {
 
 The following arguments are required:
 
-* `cluster_name` – (Required) Name of the EKS Cluster.
+* `cluster_name` – (Required) Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\-_]+$`).
 * `node_group_name` – (Required) Name of the EKS Node Group.
 * `node_role_arn` – (Required) Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
 * `scaling_config` - (Required) Configuration block with scaling settings. Detailed below.