Relax prefix validation rules in Parameter Store and Secrets Manager (#364)

padilo · maciejwalkowiak · MatejNedic · web-flow · commit 76992973693b · 2022-05-03T10:33:10.000+02:00
#302 backported to 2.3.x Co-authored-by: Maciej Walkowiak <walkowiak.maciej@yahoo.com> Co-authored-by: MatejNedic <matejnedic1@gmail.com>
diff --git a/spring-cloud-aws-parameter-store-config/src/main/java/io/awspring/cloud/paramstore/AwsParamStoreProperties.java b/spring-cloud-aws-parameter-store-config/src/main/java/io/awspring/cloud/paramstore/AwsParamStoreProperties.java
@@ -42,7 +42,7 @@ public class AwsParamStoreProperties implements InitializingBean {
 	/**
 	 * Pattern used for prefix validation.
 	 */
-	private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\\-]+)(?:/[a-zA-Z0-9]+)*");
+	private static final Pattern PREFIX_PATTERN = Pattern.compile("[a-zA-Z0-9.\\-/]+");
 
 	/**
 	 * Pattern used for profileSeparator validation.
@@ -96,11 +96,11 @@ public void afterPropertiesSet() throws Exception {
 
 		if (StringUtils.hasLength(prefix) && !PREFIX_PATTERN.matcher(prefix).matches()) {
 			throw new ValidationException(CONFIG_PREFIX + ".prefix",
-					"The prefix must have pattern of:  " + PREFIX_PATTERN.toString());
+					"The prefix value: " + prefix + " must have pattern of: " + PREFIX_PATTERN.toString());
 		}
 		if (!PROFILE_SEPARATOR_PATTERN.matcher(profileSeparator).matches()) {
 			throw new ValidationException(CONFIG_PREFIX + ".profileSeparator",
-					"The profileSeparator must have pattern of:  " + PROFILE_SEPARATOR_PATTERN.toString());
+					"The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());
 		}
 	}
 
diff --git a/spring-cloud-aws-parameter-store-config/src/test/java/io/awspring/cloud/paramstore/AwsParamStorePropertiesTest.java b/spring-cloud-aws-parameter-store-config/src/test/java/io/awspring/cloud/paramstore/AwsParamStorePropertiesTest.java
@@ -23,8 +23,10 @@
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests for {@link AwsParamStoreProperties}.
@@ -36,57 +38,51 @@ class AwsParamStorePropertiesTest {
 
 	@ParameterizedTest
 	@MethodSource("invalidProperties")
-	public void validationFails(AwsParamStoreProperties properties, String field, String errorCode) {
-		assertThatThrownBy(properties::afterPropertiesSet).isInstanceOf(ValidationException.class);
-	}
-
-	@Test
-	void validationSucceeds() {
-		AwsParamStoreProperties properties = new AwsParamStorePropertiesBuilder().withPrefix("/con")
-				.withDefaultContext("app").withProfileSeparator("_").build();
-
-		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
-	}
-
-	@Test
-	void validationSucceedsPrefix() {
-		AwsParamStoreProperties properties = new AwsParamStorePropertiesBuilder().withPrefix("/con/test/bla")
-				.withDefaultContext("app").withProfileSeparator("_").build();
-
-		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
+	public void validationFails(AwsParamStoreProperties properties, String field) throws Exception {
+		try {
+			properties.afterPropertiesSet();
+			fail("validation should fail");
+		}
+		catch (ValidationException e) {
+			assertThat(e.getField()).endsWith(field);
+		}
 	}
 
-	@Test
-	void validationSucceedsNoPrefix() {
-		AwsParamStoreProperties properties = new AwsParamStorePropertiesBuilder().withPrefix("")
-				.withDefaultContext("app").withProfileSeparator("_").build();
-
+	@ParameterizedTest
+	@MethodSource("validProperties")
+	void validationSucceeds(AwsParamStoreProperties properties) {
 		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
 	}
 
 	@Test
-	void acceptsForwardSlashAsProfileSeparator() {
-		AwsParamStoreProperties properties = new AwsParamStoreProperties();
-		properties.setProfileSeparator("/");
-		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
+	void checkExceptionLoggingForPrefix() {
+		AwsParamStoreProperties properties = new AwsParamStorePropertiesBuilder().withPrefix("!.").build();
+		assertThatThrownBy(properties::afterPropertiesSet)
+				.hasMessage("The prefix value: !. must have pattern of: [a-zA-Z0-9.\\-/]+");
 	}
 
-	@Test
-	void acceptsBackslashAsProfileSeparator() {
-		AwsParamStoreProperties properties = new AwsParamStoreProperties();
-		properties.setProfileSeparator("\\");
-		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
+	private static Stream<Arguments> validProperties() {
+		return Stream.of(
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("/con").withDefaultContext("app")
+						.withProfileSeparator("_").build()),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("/config/someRandomValue-dev01")
+						.withDefaultContext("app").withProfileSeparator("_").build()),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("/con/test/bla").withDefaultContext("app")
+						.withProfileSeparator("_").build()),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("").withDefaultContext("app")
+						.withProfileSeparator("_").build()),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("/config").withDefaultContext("app")
+						.withProfileSeparator("/").build()),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("/config").withDefaultContext("app")
+						.withProfileSeparator("\\").build()));
 	}
 
 	private static Stream<Arguments> invalidProperties() {
-		return Stream.of(
-				Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("!.").build(), "prefix", "Pattern"),
-				Arguments.of(new AwsParamStorePropertiesBuilder().withDefaultContext("").build(), "defaultContext",
-						"NotEmpty"),
-				Arguments.of(new AwsParamStorePropertiesBuilder().withProfileSeparator("").build(), "profileSeparator",
-						"NotEmpty"),
+		return Stream.of(Arguments.of(new AwsParamStorePropertiesBuilder().withPrefix("!.").build(), "prefix"),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withDefaultContext("").build(), "defaultContext"),
+				Arguments.of(new AwsParamStorePropertiesBuilder().withProfileSeparator("").build(), "profileSeparator"),
 				Arguments.of(new AwsParamStorePropertiesBuilder().withProfileSeparator("!_").build(),
-						"profileSeparator", "Pattern"));
+						"profileSeparator"));
 	}
 
 	private static class AwsParamStorePropertiesBuilder {
diff --git a/spring-cloud-aws-secrets-manager-config/src/main/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerProperties.java b/spring-cloud-aws-secrets-manager-config/src/main/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerProperties.java
@@ -43,7 +43,7 @@ public class AwsSecretsManagerProperties implements InitializingBean {
 	/**
 	 * Pattern used for prefix validation.
 	 */
-	private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\\-]+)(?:/[a-zA-Z0-9]+)*");
+	private static final Pattern PREFIX_PATTERN = Pattern.compile("[a-zA-Z0-9.\\-/]+");
 
 	/**
 	 * Pattern used for profileSeparator validation.
@@ -98,11 +98,11 @@ public void afterPropertiesSet() throws Exception {
 
 		if (StringUtils.hasLength(prefix) && !PREFIX_PATTERN.matcher(prefix).matches()) {
 			throw new ValidationException(CONFIG_PREFIX + ".prefix",
-					"The prefix must have pattern of:  " + PREFIX_PATTERN.toString());
+					"The prefix value: " + prefix + " must have pattern of: " + PREFIX_PATTERN.toString());
 		}
 		if (!PROFILE_SEPARATOR_PATTERN.matcher(profileSeparator).matches()) {
 			throw new ValidationException(CONFIG_PREFIX + ".profileSeparator",
-					"The profileSeparator must have pattern of:  " + PROFILE_SEPARATOR_PATTERN.toString());
+					"The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());
 		}
 
 	}
diff --git a/spring-cloud-aws-secrets-manager-config/src/test/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertiesTest.java b/spring-cloud-aws-secrets-manager-config/src/test/java/io/awspring/cloud/secretsmanager/AwsSecretsManagerPropertiesTest.java
@@ -18,12 +18,15 @@
 
 import java.util.stream.Stream;
 
+import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatNoException;
 import static org.assertj.core.api.Assertions.assertThatThrownBy;
+import static org.assertj.core.api.Assertions.fail;
 
 /**
  * Tests for {@link AwsSecretsManagerProperties}.
@@ -35,8 +38,14 @@ class AwsSecretsManagerPropertiesTest {
 
 	@ParameterizedTest
 	@MethodSource("invalidProperties")
-	public void validationFails(AwsSecretsManagerProperties properties, String field, String errorCode) {
-		assertThatThrownBy(properties::afterPropertiesSet).isInstanceOf(ValidationException.class);
+	public void validationFails(AwsSecretsManagerProperties properties, String field) throws Exception {
+		try {
+			properties.afterPropertiesSet();
+			fail("validation should fail");
+		}
+		catch (ValidationException e) {
+			assertThat(e.getField()).endsWith(field);
+		}
 	}
 
 	@ParameterizedTest
@@ -45,10 +54,19 @@ void validationSucceeds(AwsSecretsManagerProperties properties) {
 		assertThatNoException().isThrownBy(properties::afterPropertiesSet);
 	}
 
+	@Test
+	void checkExceptionLoggingForPrefix() {
+		AwsSecretsManagerProperties properties = new AwsSecretsManagerPropertiesBuilder().withPrefix("!.").build();
+		assertThatThrownBy(properties::afterPropertiesSet)
+				.hasMessage("The prefix value: !. must have pattern of: [a-zA-Z0-9.\\-/]+");
+	}
+
 	private static Stream<Arguments> validProperties() {
 		return Stream.of(
 				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("").withDefaultContext("app")
 						.withProfileSeparator("_").build()),
+				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("/secret/someRandomValue-dev01")
+						.withDefaultContext("app").withProfileSeparator("_").build()),
 				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("/sec").withDefaultContext("app")
 						.withProfileSeparator("_").build()),
 				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("/sec/test/var")
@@ -62,14 +80,12 @@ private static Stream<Arguments> validProperties() {
 	}
 
 	private static Stream<Arguments> invalidProperties() {
-		return Stream.of(
-				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("!.").build(), "prefix", "Pattern"),
-				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withDefaultContext("").build(), "defaultContext",
-						"NotEmpty"),
+		return Stream.of(Arguments.of(new AwsSecretsManagerPropertiesBuilder().withPrefix("!.").build(), "prefix"),
+				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withDefaultContext("").build(), "defaultContext"),
 				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withProfileSeparator("").build(),
-						"profileSeparator", "NotEmpty"),
+						"profileSeparator"),
 				Arguments.of(new AwsSecretsManagerPropertiesBuilder().withProfileSeparator("!_").build(),
-						"profileSeparator", "Pattern"));
+						"profileSeparator"));
 	}
 
 	private static class AwsSecretsManagerPropertiesBuilder {

Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ public class AwsParamStoreProperties implements InitializingBean {`
`42`	`42`	`/**`
`43`	`43`	`* Pattern used for prefix validation.`
`44`	`44`	`*/`
`45`		`- private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\\-]+)(?:/[a-zA-Z0-9]+)*");`
	`45`	`+ private static final Pattern PREFIX_PATTERN = Pattern.compile("[a-zA-Z0-9.\\-/]+");`
`46`	`46`
`47`	`47`	`/**`
`48`	`48`	`* Pattern used for profileSeparator validation.`
`@@ -96,11 +96,11 @@ public void afterPropertiesSet() throws Exception {`
`96`	`96`
`97`	`97`	`if (StringUtils.hasLength(prefix) && !PREFIX_PATTERN.matcher(prefix).matches()) {`
`98`	`98`	`throw new ValidationException(CONFIG_PREFIX + ".prefix",`
`99`		`- "The prefix must have pattern of: " + PREFIX_PATTERN.toString());`
	`99`	`+ "The prefix value: " + prefix + " must have pattern of: " + PREFIX_PATTERN.toString());`
`100`	`100`	`}`
`101`	`101`	`if (!PROFILE_SEPARATOR_PATTERN.matcher(profileSeparator).matches()) {`
`102`	`102`	`throw new ValidationException(CONFIG_PREFIX + ".profileSeparator",`
`103`		`- "The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());`
	`103`	`+ "The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());`
`104`	`104`	`}`
`105`	`105`	`}`
`106`	`106`
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ public class AwsSecretsManagerProperties implements InitializingBean {`
`43`	`43`	`/**`
`44`	`44`	`* Pattern used for prefix validation.`
`45`	`45`	`*/`
`46`		`- private static final Pattern PREFIX_PATTERN = Pattern.compile("(/)?([a-zA-Z0-9.\\-]+)(?:/[a-zA-Z0-9]+)*");`
	`46`	`+ private static final Pattern PREFIX_PATTERN = Pattern.compile("[a-zA-Z0-9.\\-/]+");`
`47`	`47`
`48`	`48`	`/**`
`49`	`49`	`* Pattern used for profileSeparator validation.`
`@@ -98,11 +98,11 @@ public void afterPropertiesSet() throws Exception {`
`98`	`98`
`99`	`99`	`if (StringUtils.hasLength(prefix) && !PREFIX_PATTERN.matcher(prefix).matches()) {`
`100`	`100`	`throw new ValidationException(CONFIG_PREFIX + ".prefix",`
`101`		`- "The prefix must have pattern of: " + PREFIX_PATTERN.toString());`
	`101`	`+ "The prefix value: " + prefix + " must have pattern of: " + PREFIX_PATTERN.toString());`
`102`	`102`	`}`
`103`	`103`	`if (!PROFILE_SEPARATOR_PATTERN.matcher(profileSeparator).matches()) {`
`104`	`104`	`throw new ValidationException(CONFIG_PREFIX + ".profileSeparator",`
`105`		`- "The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());`
	`105`	`+ "The profileSeparator must have pattern of: " + PROFILE_SEPARATOR_PATTERN.toString());`
`106`	`106`	`}`
`107`	`107`
`108`	`108`	`}`