mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
Database: validate AWS Account ID (#19638)
When the AWS Account ID is provided, we must check that it is a valid one. AWS Account ID is a well documented field: 12-digit string This check is meant to prevent typos when creating Databases mainly from the Web UI in the context of Teleport Discover.
This commit is contained in:
parent
8fe2a74d02
commit
6286488be3
|
@ -627,6 +627,13 @@ func (d *DatabaseV3) CheckAndSetDefaults() error {
|
|||
}
|
||||
}
|
||||
|
||||
// Validate AWS Specific configuration
|
||||
if d.Spec.AWS.AccountID != "" {
|
||||
if err := awsutils.IsValidAccountID(d.Spec.AWS.AccountID); err != nil {
|
||||
return trace.BadParameter("invalid AWS Account ID: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
// Validate Cloud SQL specific configuration.
|
||||
switch {
|
||||
case d.Spec.GCP.ProjectID != "" && d.Spec.GCP.InstanceID == "":
|
||||
|
|
|
@ -19,25 +19,83 @@ package types
|
|||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// TestDatabaseRDSEndpoint verifies AWS info is correctly populated
|
||||
// based on the RDS endpoint.
|
||||
func TestDatabaseRDSEndpoint(t *testing.T) {
|
||||
database, err := NewDatabaseV3(Metadata{
|
||||
Name: "rds",
|
||||
}, DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, AWS{
|
||||
Region: "us-west-1",
|
||||
RDS: RDS{
|
||||
InstanceID: "aurora-instance-1",
|
||||
isBadParamErrFn := func(tt require.TestingT, err error, i ...interface{}) {
|
||||
require.True(tt, trace.IsBadParameter(err), "expected bad parameter, got %v", err)
|
||||
}
|
||||
|
||||
for _, tt := range []struct {
|
||||
name string
|
||||
spec DatabaseSpecV3
|
||||
errorCheck require.ErrorAssertionFunc
|
||||
expectedAWS AWS
|
||||
}{
|
||||
{
|
||||
name: "aurora instance",
|
||||
spec: DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432",
|
||||
},
|
||||
errorCheck: require.NoError,
|
||||
expectedAWS: AWS{
|
||||
Region: "us-west-1",
|
||||
RDS: RDS{
|
||||
InstanceID: "aurora-instance-1",
|
||||
},
|
||||
},
|
||||
},
|
||||
}, database.GetAWS())
|
||||
{
|
||||
name: "invalid account id",
|
||||
spec: DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "marcotest-db001.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5432",
|
||||
AWS: AWS{
|
||||
AccountID: "invalid",
|
||||
},
|
||||
},
|
||||
errorCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "valid account id",
|
||||
spec: DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "marcotest-db001.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5432",
|
||||
AWS: AWS{
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
},
|
||||
errorCheck: require.NoError,
|
||||
expectedAWS: AWS{
|
||||
Region: "us-east-1",
|
||||
RDS: RDS{
|
||||
InstanceID: "marcotest-db001",
|
||||
},
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
},
|
||||
} {
|
||||
tt := tt
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
database, err := NewDatabaseV3(
|
||||
Metadata{
|
||||
Name: "rds",
|
||||
},
|
||||
tt.spec,
|
||||
)
|
||||
tt.errorCheck(t, err)
|
||||
if err != nil {
|
||||
return
|
||||
}
|
||||
|
||||
require.Equal(t, tt.expectedAWS, database.GetAWS())
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
// TestDatabaseRDSProxyEndpoint verifies AWS info is correctly populated based
|
||||
|
@ -354,7 +412,7 @@ func TestCassandraAWSEndpoint(t *testing.T) {
|
|||
Protocol: "cassandra",
|
||||
AWS: AWS{
|
||||
Region: "us-west-1",
|
||||
AccountID: "12345",
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
@ -368,7 +426,7 @@ func TestCassandraAWSEndpoint(t *testing.T) {
|
|||
Protocol: "cassandra",
|
||||
URI: "cassandra.us-west-1.amazonaws.com:9142",
|
||||
AWS: AWS{
|
||||
AccountID: "12345",
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
@ -383,7 +441,7 @@ func TestCassandraAWSEndpoint(t *testing.T) {
|
|||
Protocol: "cassandra",
|
||||
URI: "cassandra-fips.us-west-2.amazonaws.com:9142",
|
||||
AWS: AWS{
|
||||
AccountID: "12345",
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
@ -413,11 +471,11 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) {
|
|||
Name: "test",
|
||||
}, DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "my-workgroup.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
URI: "my-workgroup.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RedshiftServerless: RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
@ -430,7 +488,7 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) {
|
|||
Name: "test",
|
||||
}, DatabaseSpecV3{
|
||||
Protocol: "postgres",
|
||||
URI: "my-vpc-endpoint-xxxyyyzzz.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
URI: "my-vpc-endpoint-xxxyyyzzz.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
AWS: AWS{
|
||||
RedshiftServerless: RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
@ -439,7 +497,7 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) {
|
|||
})
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RedshiftServerless: RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
|
|
@ -465,21 +465,21 @@ func TestRedshiftServerlessEndpoint(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "workgroup endpoint",
|
||||
endpoint: "my-workgroup.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
endpoint: "my-workgroup.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439",
|
||||
expectIsRedshiftServerlessEndpoint: true,
|
||||
expectDetails: &RedshiftServerlessEndpointDetails{
|
||||
WorkgroupName: "my-workgroup",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "vpc endpoint",
|
||||
endpoint: "my-vpc-endpoint-xxxyyyzzz.1234567890.us-east-1.redshift-serverless.amazonaws.com",
|
||||
endpoint: "my-vpc-endpoint-xxxyyyzzz.123456789012.us-east-1.redshift-serverless.amazonaws.com",
|
||||
expectIsRedshiftServerlessEndpoint: true,
|
||||
expectDetails: &RedshiftServerlessEndpointDetails{
|
||||
EndpointName: "my-vpc",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
},
|
||||
},
|
||||
|
|
37
api/utils/aws/identifiers.go
Normal file
37
api/utils/aws/identifiers.go
Normal file
|
@ -0,0 +1,37 @@
|
|||
/*
|
||||
Copyright 2022 Gravitational, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package aws
|
||||
|
||||
import (
|
||||
"github.com/gravitational/trace"
|
||||
)
|
||||
|
||||
// IsValidAccountID checks whether the accountID is a valid AWS Account ID
|
||||
//
|
||||
// https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html
|
||||
func IsValidAccountID(accountID string) error {
|
||||
if len(accountID) != 12 {
|
||||
return trace.BadParameter("must be 12-digit")
|
||||
}
|
||||
for _, d := range accountID {
|
||||
if d < '0' || d > '9' {
|
||||
return trace.BadParameter("must be 12-digit")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
76
api/utils/aws/identifiers_test.go
Normal file
76
api/utils/aws/identifiers_test.go
Normal file
|
@ -0,0 +1,76 @@
|
|||
/*
|
||||
Copyright 2022 Gravitational, Inc.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package aws
|
||||
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/gravitational/trace"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestIsValidAccountID(t *testing.T) {
|
||||
isBadParamErrFn := func(tt require.TestingT, err error, i ...interface{}) {
|
||||
require.True(tt, trace.IsBadParameter(err), "expected bad parameter, got %v", err)
|
||||
}
|
||||
|
||||
for _, tt := range []struct {
|
||||
name string
|
||||
accountID string
|
||||
errCheck require.ErrorAssertionFunc
|
||||
}{
|
||||
{
|
||||
name: "valid account id",
|
||||
accountID: "123456789012",
|
||||
errCheck: require.NoError,
|
||||
},
|
||||
{
|
||||
name: "empty",
|
||||
accountID: "",
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "less digits",
|
||||
accountID: "12345678901",
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "more digits",
|
||||
accountID: "1234567890123",
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "invalid chars",
|
||||
accountID: "12345678901A",
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "invalid chars with emojis",
|
||||
accountID: "12345678901✅",
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
{
|
||||
name: "unicode digit is invalid",
|
||||
accountID: "123456789৩", // ৩ is a valid unicode digit and its len("৩") is 3
|
||||
errCheck: isBadParamErrFn,
|
||||
},
|
||||
} {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
tt.errCheck(t, IsValidAccountID(tt.accountID))
|
||||
})
|
||||
}
|
||||
}
|
|
@ -40,37 +40,37 @@ func TestGetIdentity(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
description: "role identity",
|
||||
inARN: "arn:aws:iam::1234567890:role/custom/path/EC2ReadOnly",
|
||||
inARN: "arn:aws:iam::123456789012:role/custom/path/EC2ReadOnly",
|
||||
outIdentity: Role{},
|
||||
outName: "EC2ReadOnly",
|
||||
outAccountID: "1234567890",
|
||||
outAccountID: "123456789012",
|
||||
outPartition: "aws",
|
||||
outType: "role",
|
||||
},
|
||||
{
|
||||
description: "assumed role identity",
|
||||
inARN: "arn:aws:sts::1234567890:assumed-role/DatabaseAccess/i-1234567890",
|
||||
inARN: "arn:aws:sts::123456789012:assumed-role/DatabaseAccess/i-1234567890",
|
||||
outIdentity: Role{},
|
||||
outName: "DatabaseAccess",
|
||||
outAccountID: "1234567890",
|
||||
outAccountID: "123456789012",
|
||||
outPartition: "aws",
|
||||
outType: "assumed-role",
|
||||
},
|
||||
{
|
||||
description: "user identity",
|
||||
inARN: "arn:aws-us-gov:iam::1234567890:user/custom/path/alice",
|
||||
inARN: "arn:aws-us-gov:iam::123456789012:user/custom/path/alice",
|
||||
outIdentity: User{},
|
||||
outName: "alice",
|
||||
outAccountID: "1234567890",
|
||||
outAccountID: "123456789012",
|
||||
outPartition: "aws-us-gov",
|
||||
outType: "user",
|
||||
},
|
||||
{
|
||||
description: "unsupported identity",
|
||||
inARN: "arn:aws:iam::1234567890:group/readers",
|
||||
inARN: "arn:aws:iam::123456789012:group/readers",
|
||||
outIdentity: Unknown{},
|
||||
outName: "readers",
|
||||
outAccountID: "1234567890",
|
||||
outAccountID: "123456789012",
|
||||
outPartition: "aws",
|
||||
outType: "group",
|
||||
},
|
||||
|
|
|
@ -91,7 +91,7 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr
|
|||
}},
|
||||
CreationDate: aws.Time(sampleTime),
|
||||
Endpoint: &redshiftserverless.Endpoint{
|
||||
Address: aws.String(fmt.Sprintf("%v.1234567890.%v.redshift-serverless.amazonaws.com", name, region)),
|
||||
Address: aws.String(fmt.Sprintf("%v.123456789012.%v.redshift-serverless.amazonaws.com", name, region)),
|
||||
Port: aws.Int64(5439),
|
||||
VpcEndpoints: []*redshiftserverless.VpcEndpoint{{
|
||||
VpcEndpointId: aws.String("vpc-endpoint-id"),
|
||||
|
@ -101,7 +101,7 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr
|
|||
NamespaceName: aws.String("my-namespace"),
|
||||
PubliclyAccessible: aws.Bool(true),
|
||||
Status: aws.String("AVAILABLE"),
|
||||
WorkgroupArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%v:1234567890:workgroup/some-uuid-for-%v", region, name)),
|
||||
WorkgroupArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%v:123456789012:workgroup/some-uuid-for-%v", region, name)),
|
||||
WorkgroupId: aws.String(fmt.Sprintf("some-uuid-for-%v", name)),
|
||||
WorkgroupName: aws.String(name),
|
||||
}
|
||||
|
@ -110,8 +110,8 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr
|
|||
// RedshiftServerlessEndpointAccess returns a sample redshiftserverless.EndpointAccess.
|
||||
func RedshiftServerlessEndpointAccess(workgroup *redshiftserverless.Workgroup, name, region string) *redshiftserverless.EndpointAccess {
|
||||
return &redshiftserverless.EndpointAccess{
|
||||
Address: aws.String(fmt.Sprintf("%s-endpoint-xxxyyyzzz.1234567890.%s.redshift-serverless.amazonaws.com", name, region)),
|
||||
EndpointArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%s:1234567890:managedvpcendpoint/some-uuid-for-%v", region, name)),
|
||||
Address: aws.String(fmt.Sprintf("%s-endpoint-xxxyyyzzz.123456789012.%s.redshift-serverless.amazonaws.com", name, region)),
|
||||
EndpointArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%s:123456789012:managedvpcendpoint/some-uuid-for-%v", region, name)),
|
||||
EndpointCreateTime: aws.Time(sampleTime),
|
||||
EndpointName: aws.String(name),
|
||||
EndpointStatus: aws.String("AVAILABLE"),
|
||||
|
|
|
@ -42,13 +42,13 @@ import (
|
|||
)
|
||||
|
||||
func TestAWSIAMDocuments(t *testing.T) {
|
||||
userTarget, err := awslib.IdentityFromArn("arn:aws:iam::1234567:user/example-user")
|
||||
userTarget, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:user/example-user")
|
||||
require.NoError(t, err)
|
||||
|
||||
roleTarget, err := awslib.IdentityFromArn("arn:aws:iam::1234567:role/example-role")
|
||||
roleTarget, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:role/example-role")
|
||||
require.NoError(t, err)
|
||||
|
||||
unknownIdentity, err := awslib.IdentityFromArn("arn:aws:iam::1234567:ec2/example-ec2")
|
||||
unknownIdentity, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:ec2/example-ec2")
|
||||
require.NoError(t, err)
|
||||
|
||||
tests := map[string]struct {
|
||||
|
@ -257,7 +257,7 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue",
|
||||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"},
|
||||
},
|
||||
},
|
||||
boundaryStatements: []*awslib.Statement{
|
||||
|
@ -277,7 +277,7 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue",
|
||||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -321,15 +321,15 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{
|
||||
"arn:aws:secretsmanager:*:1234567:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:1234567:secret:my-prefix/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*",
|
||||
},
|
||||
},
|
||||
{
|
||||
Effect: "Allow",
|
||||
Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"},
|
||||
Resources: []string{
|
||||
"arn:aws:kms:*:1234567:key/my-kms-id",
|
||||
"arn:aws:kms:*:123456789012:key/my-kms-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -351,15 +351,15 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{
|
||||
"arn:aws:secretsmanager:*:1234567:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:1234567:secret:my-prefix/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*",
|
||||
},
|
||||
},
|
||||
{
|
||||
Effect: "Allow",
|
||||
Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"},
|
||||
Resources: []string{
|
||||
"arn:aws:kms:*:1234567:key/my-kms-id",
|
||||
"arn:aws:kms:*:123456789012:key/my-kms-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -389,7 +389,7 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue",
|
||||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"},
|
||||
},
|
||||
},
|
||||
boundaryStatements: []*awslib.Statement{
|
||||
|
@ -408,7 +408,7 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue",
|
||||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"},
|
||||
Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -451,15 +451,15 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{
|
||||
"arn:aws:secretsmanager:*:1234567:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:1234567:secret:my-prefix/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*",
|
||||
},
|
||||
},
|
||||
{
|
||||
Effect: "Allow",
|
||||
Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"},
|
||||
Resources: []string{
|
||||
"arn:aws:kms:*:1234567:key/my-kms-id",
|
||||
"arn:aws:kms:*:123456789012:key/my-kms-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -480,15 +480,15 @@ func TestAWSIAMDocuments(t *testing.T) {
|
|||
"secretsmanager:TagResource",
|
||||
},
|
||||
Resources: []string{
|
||||
"arn:aws:secretsmanager:*:1234567:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:1234567:secret:my-prefix/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:teleport/*",
|
||||
"arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*",
|
||||
},
|
||||
},
|
||||
{
|
||||
Effect: "Allow",
|
||||
Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"},
|
||||
Resources: []string{
|
||||
"arn:aws:kms:*:1234567:key/my-kms-id",
|
||||
"arn:aws:kms:*:123456789012:key/my-kms-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
|
@ -842,26 +842,26 @@ func TestAWSPoliciesTarget(t *testing.T) {
|
|||
targetPartitionID: "aws",
|
||||
},
|
||||
"UserARNFromFlags": {
|
||||
flags: configurators.BootstrapFlags{AttachToUser: "arn:aws:iam::123456:user/example-user"},
|
||||
flags: configurators.BootstrapFlags{AttachToUser: "arn:aws:iam::123456789012:user/example-user"},
|
||||
targetType: awslib.User{},
|
||||
targetName: "example-user",
|
||||
targetAccountID: "123456",
|
||||
targetAccountID: "123456789012",
|
||||
targetPartitionID: "aws",
|
||||
},
|
||||
"RoleNameFromFlags": {
|
||||
flags: configurators.BootstrapFlags{AttachToRole: "example-role"},
|
||||
accountID: "123456",
|
||||
accountID: "123456789012",
|
||||
partitionID: "aws",
|
||||
targetType: awslib.Role{},
|
||||
targetName: "example-role",
|
||||
targetAccountID: "123456",
|
||||
targetAccountID: "123456789012",
|
||||
targetPartitionID: "aws",
|
||||
},
|
||||
"RoleARNFromFlags": {
|
||||
flags: configurators.BootstrapFlags{AttachToRole: "arn:aws:iam::123456:role/example-role"},
|
||||
flags: configurators.BootstrapFlags{AttachToRole: "arn:aws:iam::123456789012:role/example-role"},
|
||||
targetType: awslib.Role{},
|
||||
targetName: "example-role",
|
||||
targetAccountID: "123456",
|
||||
targetAccountID: "123456789012",
|
||||
targetPartitionID: "aws",
|
||||
},
|
||||
"UserFromIdentity": {
|
||||
|
|
|
@ -799,7 +799,7 @@ func MetadataFromRDSProxy(rdsProxy *rds.DBProxy) (*types.AWS, error) {
|
|||
// rds.DBProxy has no resource ID attribute. The resource ID can be found
|
||||
// in the ARN, e.g.:
|
||||
//
|
||||
// arn:aws:rds:ca-central-1:1234567890:db-proxy:prx-xxxyyyzzz
|
||||
// arn:aws:rds:ca-central-1:123456789012:db-proxy:prx-xxxyyyzzz
|
||||
//
|
||||
// In this example, the arn.Resource is "db-proxy:prx-xxxyyyzzz", where the
|
||||
// resource type is "db-proxy" and the resource ID is "prx-xxxyyyzzz".
|
||||
|
|
|
@ -204,7 +204,7 @@ func TestValidateDatabase(t *testing.T) {
|
|||
Protocol: defaults.ProtocolCassandra,
|
||||
AWS: types.AWS{
|
||||
Region: "us-east-1",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
},
|
||||
},
|
||||
expectError: false,
|
||||
|
@ -421,7 +421,7 @@ func TestDatabaseFromAzureRedisEnterprise(t *testing.T) {
|
|||
// TestDatabaseFromRDSInstance tests converting an RDS instance to a database resource.
|
||||
func TestDatabaseFromRDSInstance(t *testing.T) {
|
||||
instance := &rds.DBInstance{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:instance-1"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:instance-1"),
|
||||
DBInstanceIdentifier: aws.String("instance-1"),
|
||||
DBClusterIdentifier: aws.String("cluster-1"),
|
||||
DbiResourceId: aws.String("resource-1"),
|
||||
|
@ -442,7 +442,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) {
|
|||
Description: "RDS instance in us-west-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-west-1",
|
||||
labelEngine: RDSEnginePostgres,
|
||||
labelEngineVersion: "13.0",
|
||||
|
@ -453,7 +453,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) {
|
|||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost:5432",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
RDS: types.RDS{
|
||||
InstanceID: "instance-1",
|
||||
|
@ -472,7 +472,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) {
|
|||
// TestDatabaseFromRDSInstance tests converting an RDS instance to a database resource.
|
||||
func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) {
|
||||
instance := &rds.DBInstance{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:instance-1"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:instance-1"),
|
||||
DBInstanceIdentifier: aws.String("instance-1"),
|
||||
DBClusterIdentifier: aws.String("cluster-1"),
|
||||
DbiResourceId: aws.String("resource-1"),
|
||||
|
@ -493,7 +493,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) {
|
|||
Description: "RDS instance in us-west-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-west-1",
|
||||
labelEngine: RDSEnginePostgres,
|
||||
labelEngineVersion: "13.0",
|
||||
|
@ -505,7 +505,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) {
|
|||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost:5432",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
RDS: types.RDS{
|
||||
InstanceID: "instance-1",
|
||||
|
@ -524,7 +524,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) {
|
|||
// TestDatabaseFromRDSCluster tests converting an RDS cluster to a database resource.
|
||||
func TestDatabaseFromRDSCluster(t *testing.T) {
|
||||
cluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:cluster-1"),
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:cluster-1"),
|
||||
DBClusterIdentifier: aws.String("cluster-1"),
|
||||
DbClusterResourceId: aws.String("resource-1"),
|
||||
IAMDatabaseAuthenticationEnabled: aws.Bool(true),
|
||||
|
@ -544,7 +544,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) {
|
|||
}
|
||||
|
||||
expectedAWS := types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RDS: types.RDS{
|
||||
ClusterID: "cluster-1",
|
||||
|
@ -559,7 +559,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) {
|
|||
Description: "Aurora cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -583,7 +583,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) {
|
|||
Description: "Aurora cluster in us-east-1 (reader endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -604,7 +604,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) {
|
|||
t.Run("custom endpoints", func(t *testing.T) {
|
||||
expectedLabels := map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -659,7 +659,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) {
|
|||
// TestDatabaseFromRDSClusterNameOverride tests converting an RDS cluster to a database resource with overridden name.
|
||||
func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
||||
cluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:cluster-1"),
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:cluster-1"),
|
||||
DBClusterIdentifier: aws.String("cluster-1"),
|
||||
DbClusterResourceId: aws.String("resource-1"),
|
||||
IAMDatabaseAuthenticationEnabled: aws.Bool(true),
|
||||
|
@ -679,7 +679,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
|||
}
|
||||
|
||||
expectedAWS := types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RDS: types.RDS{
|
||||
ClusterID: "cluster-1",
|
||||
|
@ -694,7 +694,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
|||
Description: "Aurora cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -719,7 +719,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
|||
Description: "Aurora cluster in us-east-1 (reader endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -741,7 +741,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
|||
t.Run("custom endpoints", func(t *testing.T) {
|
||||
expectedLabels := map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEngine: RDSEngineAuroraMySQL,
|
||||
labelEngineVersion: "8.0.0",
|
||||
|
@ -797,7 +797,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) {
|
|||
func TestDatabaseFromRDSProxy(t *testing.T) {
|
||||
var port int64 = 9999
|
||||
dbProxy := &rds.DBProxy{
|
||||
DBProxyArn: aws.String("arn:aws:rds:ca-central-1:123456:db-proxy:prx-abcdef"),
|
||||
DBProxyArn: aws.String("arn:aws:rds:ca-central-1:123456789012:db-proxy:prx-abcdef"),
|
||||
DBProxyName: aws.String("testproxy"),
|
||||
EngineFamily: aws.String(rds.EngineFamilyMysql),
|
||||
Endpoint: aws.String("proxy.rds.test"),
|
||||
|
@ -808,7 +808,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) {
|
|||
Endpoint: aws.String("custom.proxy.rds.test"),
|
||||
DBProxyEndpointName: aws.String("custom"),
|
||||
DBProxyName: aws.String("testproxy"),
|
||||
DBProxyEndpointArn: aws.String("arn:aws:rds:ca-central-1:123456:db-proxy-endpoint:prx-endpoint-abcdef"),
|
||||
DBProxyEndpointArn: aws.String("arn:aws:rds:ca-central-1:123456789012:db-proxy-endpoint:prx-endpoint-abcdef"),
|
||||
TargetRole: aws.String(rds.DBProxyEndpointTargetRoleReadOnly),
|
||||
}
|
||||
|
||||
|
@ -824,7 +824,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) {
|
|||
Labels: map[string]string{
|
||||
"key": "val",
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "123456",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "ca-central-1",
|
||||
labelEngine: "MYSQL",
|
||||
labelVPCID: "test-vpc-id",
|
||||
|
@ -834,7 +834,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) {
|
|||
URI: "proxy.rds.test:9999",
|
||||
AWS: types.AWS{
|
||||
Region: "ca-central-1",
|
||||
AccountID: "123456",
|
||||
AccountID: "123456789012",
|
||||
RDSProxy: types.RDSProxy{
|
||||
ResourceID: "prx-abcdef",
|
||||
Name: "testproxy",
|
||||
|
@ -855,7 +855,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) {
|
|||
Labels: map[string]string{
|
||||
"key": "val",
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "123456",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "ca-central-1",
|
||||
labelEngine: "MYSQL",
|
||||
labelVPCID: "test-vpc-id",
|
||||
|
@ -866,7 +866,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) {
|
|||
URI: "custom.proxy.rds.test:9999",
|
||||
AWS: types.AWS{
|
||||
Region: "ca-central-1",
|
||||
AccountID: "123456",
|
||||
AccountID: "123456789012",
|
||||
RDSProxy: types.RDSProxy{
|
||||
ResourceID: "prx-abcdef",
|
||||
Name: "testproxy",
|
||||
|
@ -946,7 +946,7 @@ func TestIsRDSClusterSupported(t *testing.T) {
|
|||
for _, test := range tests {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
cluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:test"),
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:test"),
|
||||
DBClusterIdentifier: aws.String(test.name),
|
||||
DbClusterResourceId: aws.String(uuid.New().String()),
|
||||
Engine: aws.String(RDSEngineAuroraMySQL),
|
||||
|
@ -996,7 +996,7 @@ func TestIsRDSInstanceSupported(t *testing.T) {
|
|||
for _, test := range tests {
|
||||
t.Run(test.name, func(t *testing.T) {
|
||||
cluster := &rds.DBInstance{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-east-1:1234567890:instance:test"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:instance:test"),
|
||||
DBClusterIdentifier: aws.String(test.name),
|
||||
DbiResourceId: aws.String(uuid.New().String()),
|
||||
Engine: aws.String(test.engine),
|
||||
|
@ -1025,7 +1025,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
t.Run("success", func(t *testing.T) {
|
||||
cluster := &redshift.Cluster{
|
||||
ClusterIdentifier: aws.String("mycluster"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:1234567890:namespace:u-u-i-d"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:123456789012:namespace:u-u-i-d"),
|
||||
Endpoint: &redshift.Endpoint{
|
||||
Address: aws.String("localhost"),
|
||||
Port: aws.Int64(5439),
|
||||
|
@ -1046,7 +1046,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
Description: "Redshift cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
"key": "val",
|
||||
"elasticbeanstalk:environment-id": "id",
|
||||
|
@ -1055,7 +1055,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost:5439",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
Redshift: types.Redshift{
|
||||
ClusterID: "mycluster",
|
||||
|
@ -1073,7 +1073,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
t.Run("success with name override", func(t *testing.T) {
|
||||
cluster := &redshift.Cluster{
|
||||
ClusterIdentifier: aws.String("mycluster"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:1234567890:namespace:u-u-i-d"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:123456789012:namespace:u-u-i-d"),
|
||||
Endpoint: &redshift.Endpoint{
|
||||
Address: aws.String("localhost"),
|
||||
Port: aws.Int64(5439),
|
||||
|
@ -1098,7 +1098,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
Description: "Redshift cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelTeleportDBName: "mycluster-override-2",
|
||||
"key": "val",
|
||||
|
@ -1108,7 +1108,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost:5439",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
Redshift: types.Redshift{
|
||||
ClusterID: "mycluster",
|
||||
|
@ -1134,7 +1134,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) {
|
|||
|
||||
func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) {
|
||||
cluster := &elasticache.ReplicationGroup{
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"),
|
||||
ReplicationGroupId: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
@ -1176,7 +1176,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) {
|
|||
Description: "ElastiCache cluster in us-east-1 (configuration endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "configuration",
|
||||
"key": "value",
|
||||
|
@ -1185,7 +1185,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "configuration.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1204,7 +1204,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) {
|
|||
|
||||
func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T) {
|
||||
cluster := &elasticache.ReplicationGroup{
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"),
|
||||
ReplicationGroupId: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
@ -1249,7 +1249,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T)
|
|||
Description: "ElastiCache cluster in us-east-1 (configuration endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "configuration",
|
||||
labelTeleportDBName: "my-override-cluster-2",
|
||||
|
@ -1259,7 +1259,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T)
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "configuration.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1278,7 +1278,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T)
|
|||
|
||||
func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
||||
cluster := &elasticache.ReplicationGroup{
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"),
|
||||
ReplicationGroupId: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
@ -1305,7 +1305,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
|||
Description: "ElastiCache cluster in us-east-1 (primary endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "primary",
|
||||
"key": "value",
|
||||
|
@ -1314,7 +1314,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "primary.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1331,7 +1331,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
|||
Description: "ElastiCache cluster in us-east-1 (reader endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "reader",
|
||||
"key": "value",
|
||||
|
@ -1340,7 +1340,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "reader.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1359,7 +1359,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) {
|
|||
|
||||
func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
||||
cluster := &elasticache.ReplicationGroup{
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"),
|
||||
ReplicationGroupId: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
@ -1389,7 +1389,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
|||
Description: "ElastiCache cluster in us-east-1 (primary endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "primary",
|
||||
labelTeleportDBName: "my-override-cluster-2",
|
||||
|
@ -1399,7 +1399,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "primary.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1416,7 +1416,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
|||
Description: "ElastiCache cluster in us-east-1 (reader endpoint)",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "reader",
|
||||
labelTeleportDBName: "my-override-cluster-2",
|
||||
|
@ -1426,7 +1426,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "reader.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-cluster",
|
||||
|
@ -1445,7 +1445,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) {
|
|||
|
||||
func TestDatabaseFromMemoryDBCluster(t *testing.T) {
|
||||
cluster := &memorydb.Cluster{
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:cluster:my-cluster"),
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:cluster:my-cluster"),
|
||||
Name: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TLSEnabled: aws.Bool(true),
|
||||
|
@ -1462,7 +1462,7 @@ func TestDatabaseFromMemoryDBCluster(t *testing.T) {
|
|||
Description: "MemoryDB cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "cluster",
|
||||
"key": "value",
|
||||
|
@ -1471,7 +1471,7 @@ func TestDatabaseFromMemoryDBCluster(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "memorydb.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
MemoryDB: types.MemoryDB{
|
||||
ClusterName: "my-cluster",
|
||||
|
@ -1496,7 +1496,7 @@ func TestDatabaseFromRedshiftServerlessWorkgroup(t *testing.T) {
|
|||
Description: "Redshift Serverless workgroup in eu-west-2",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "eu-west-2",
|
||||
labelEndpointType: "workgroup",
|
||||
labelNamespace: "my-namespace",
|
||||
|
@ -1505,9 +1505,9 @@ func TestDatabaseFromRedshiftServerlessWorkgroup(t *testing.T) {
|
|||
},
|
||||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
URI: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "eu-west-2",
|
||||
RedshiftServerless: types.RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
@ -1531,7 +1531,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) {
|
|||
Description: "Redshift Serverless endpoint in eu-west-2",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "eu-west-2",
|
||||
labelEndpointType: "vpc-endpoint",
|
||||
labelWorkgroup: "my-workgroup",
|
||||
|
@ -1541,9 +1541,9 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) {
|
|||
},
|
||||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "my-endpoint-endpoint-xxxyyyzzz.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
URI: "my-endpoint-endpoint-xxxyyyzzz.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "eu-west-2",
|
||||
RedshiftServerless: types.RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
@ -1552,7 +1552,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) {
|
|||
},
|
||||
},
|
||||
TLS: types.DatabaseTLS{
|
||||
ServerName: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com",
|
||||
ServerName: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
@ -1564,7 +1564,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) {
|
|||
|
||||
func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) {
|
||||
cluster := &memorydb.Cluster{
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:cluster:my-cluster"),
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:cluster:my-cluster"),
|
||||
Name: aws.String("my-cluster"),
|
||||
Status: aws.String("available"),
|
||||
TLSEnabled: aws.Bool(true),
|
||||
|
@ -1584,7 +1584,7 @@ func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) {
|
|||
Description: "MemoryDB cluster in us-east-1",
|
||||
Labels: map[string]string{
|
||||
types.OriginLabel: types.OriginCloud,
|
||||
labelAccountID: "1234567890",
|
||||
labelAccountID: "123456789012",
|
||||
labelRegion: "us-east-1",
|
||||
labelEndpointType: "cluster",
|
||||
labelTeleportDBName: "override-1",
|
||||
|
@ -1594,7 +1594,7 @@ func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) {
|
|||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "memorydb.localhost:6379",
|
||||
AWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
MemoryDB: types.MemoryDB{
|
||||
ClusterName: "my-cluster",
|
||||
|
|
|
@ -323,7 +323,7 @@ func createSuite(t *testing.T, mockAWSHandler http.HandlerFunc, app types.Applic
|
|||
Username: "user",
|
||||
Expires: clock.Now().Add(time.Hour),
|
||||
RouteToApp: tlsca.RouteToApp{
|
||||
AWSRoleARN: "arn:aws:iam::123456789:role/test",
|
||||
AWSRoleARN: "arn:aws:iam::123456789012:role/test",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
@ -165,7 +165,7 @@ func TestCloudGetFederationDuration(t *testing.T) {
|
|||
req := &AWSSigninRequest{
|
||||
Identity: &tlsca.Identity{
|
||||
RouteToApp: tlsca.RouteToApp{
|
||||
AWSRoleARN: "arn:aws:iam::123456789:role/test",
|
||||
AWSRoleARN: "arn:aws:iam::123456789012:role/test",
|
||||
},
|
||||
Expires: test.expiresAt,
|
||||
},
|
||||
|
@ -269,7 +269,7 @@ func TestCloudGetAWSSigninToken(t *testing.T) {
|
|||
req := &AWSSigninRequest{
|
||||
Identity: &tlsca.Identity{
|
||||
RouteToApp: tlsca.RouteToApp{
|
||||
AWSRoleARN: "arn:aws:iam::123456789:role/test",
|
||||
AWSRoleARN: "arn:aws:iam::123456789012:role/test",
|
||||
},
|
||||
Expires: time.Now().Add(24 * time.Hour),
|
||||
},
|
||||
|
|
|
@ -80,7 +80,7 @@ func TestInitCACert(t *testing.T) {
|
|||
URI: "localhost:5432",
|
||||
AWS: types.AWS{
|
||||
Region: "us-east-1",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
RedshiftServerless: types.RedshiftServerless{
|
||||
WorkgroupName: "workgroup",
|
||||
},
|
||||
|
|
|
@ -46,25 +46,25 @@ func TestAWSIAM(t *testing.T) {
|
|||
|
||||
// Setup AWS database objects.
|
||||
rdsInstance := &rds.DBInstance{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:postgres-rds"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:postgres-rds"),
|
||||
DBInstanceIdentifier: aws.String("postgres-rds"),
|
||||
DbiResourceId: aws.String("db-xyz"),
|
||||
}
|
||||
|
||||
auroraCluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:postgres-aurora"),
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:postgres-aurora"),
|
||||
DBClusterIdentifier: aws.String("postgres-aurora"),
|
||||
DbClusterResourceId: aws.String("cluster-xyz"),
|
||||
}
|
||||
|
||||
redshiftCluster := &redshift.Cluster{
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:1234567890:namespace:namespace-xyz"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:123456789012:namespace:namespace-xyz"),
|
||||
ClusterIdentifier: aws.String("redshift-cluster-1"),
|
||||
}
|
||||
|
||||
// Configure mocks.
|
||||
stsClient := &mocks.STSMock{
|
||||
ARN: "arn:aws:iam::1234567890:role/test-role",
|
||||
ARN: "arn:aws:iam::123456789012:role/test-role",
|
||||
}
|
||||
|
||||
rdsClient := &mocks.RDSMock{
|
||||
|
@ -84,7 +84,7 @@ func TestAWSIAM(t *testing.T) {
|
|||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost",
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}},
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
|
@ -93,7 +93,7 @@ func TestAWSIAM(t *testing.T) {
|
|||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost",
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}},
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
|
@ -102,7 +102,7 @@ func TestAWSIAM(t *testing.T) {
|
|||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost",
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDSProxy: types.RDSProxy{Name: "rds-proxy", ResourceID: "rds-proxy-resource-id"}},
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDSProxy: types.RDSProxy{Name: "rds-proxy", ResourceID: "rds-proxy-resource-id"}},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
|
@ -111,7 +111,7 @@ func TestAWSIAM(t *testing.T) {
|
|||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "localhost",
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
AWS: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
|
@ -227,7 +227,7 @@ func TestAWSIAMNoPermissions(t *testing.T) {
|
|||
|
||||
// Create unauthorized mocks for AWS services.
|
||||
stsClient := &mocks.STSMock{
|
||||
ARN: "arn:aws:iam::1234567890:role/test-role",
|
||||
ARN: "arn:aws:iam::123456789012:role/test-role",
|
||||
}
|
||||
// Make configurator.
|
||||
configurator, err := NewIAM(ctx, IAMConfig{
|
||||
|
@ -244,7 +244,7 @@ func TestAWSIAMNoPermissions(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "RDS database",
|
||||
meta: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}},
|
||||
meta: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}},
|
||||
clients: &clients.TestCloudClients{
|
||||
RDS: &mocks.RDSMockUnauth{},
|
||||
IAM: &mocks.IAMErrorMock{
|
||||
|
@ -255,7 +255,7 @@ func TestAWSIAMNoPermissions(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "Aurora cluster",
|
||||
meta: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}},
|
||||
meta: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}},
|
||||
clients: &clients.TestCloudClients{
|
||||
RDS: &mocks.RDSMockUnauth{},
|
||||
IAM: &mocks.IAMErrorMock{
|
||||
|
@ -277,7 +277,7 @@ func TestAWSIAMNoPermissions(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "Redshift cluster",
|
||||
meta: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
meta: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
clients: &clients.TestCloudClients{
|
||||
Redshift: &mocks.RedshiftMockUnauth{},
|
||||
IAM: &mocks.IAMErrorMock{
|
||||
|
@ -288,7 +288,7 @@ func TestAWSIAMNoPermissions(t *testing.T) {
|
|||
},
|
||||
{
|
||||
name: "IAM UnmodifiableEntityException",
|
||||
meta: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
meta: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}},
|
||||
clients: &clients.TestCloudClients{
|
||||
Redshift: &mocks.RedshiftMockUnauth{},
|
||||
IAM: &mocks.IAMErrorMock{
|
||||
|
|
|
@ -41,14 +41,14 @@ func TestAWSMetadata(t *testing.T) {
|
|||
DBInstances: []*rds.DBInstance{
|
||||
// Standalone RDS instance.
|
||||
{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:postgres-rds"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:postgres-rds"),
|
||||
DBInstanceIdentifier: aws.String("postgres-rds"),
|
||||
DbiResourceId: aws.String("db-xyz"),
|
||||
IAMDatabaseAuthenticationEnabled: aws.Bool(true),
|
||||
},
|
||||
// Instance that is a part of an Aurora cluster.
|
||||
{
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-east-1:1234567890:db:postgres-aurora-1"),
|
||||
DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:postgres-aurora-1"),
|
||||
DBInstanceIdentifier: aws.String("postgres-aurora-1"),
|
||||
DBClusterIdentifier: aws.String("postgres-aurora"),
|
||||
},
|
||||
|
@ -56,14 +56,14 @@ func TestAWSMetadata(t *testing.T) {
|
|||
DBClusters: []*rds.DBCluster{
|
||||
// Aurora cluster.
|
||||
{
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:postgres-aurora"),
|
||||
DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:postgres-aurora"),
|
||||
DBClusterIdentifier: aws.String("postgres-aurora"),
|
||||
DbClusterResourceId: aws.String("cluster-xyz"),
|
||||
},
|
||||
},
|
||||
DBProxies: []*rds.DBProxy{
|
||||
{
|
||||
DBProxyArn: aws.String("arn:aws:rds:us-east-1:1234567890:db-proxy:prx-resource-id"),
|
||||
DBProxyArn: aws.String("arn:aws:rds:us-east-1:123456789012:db-proxy:prx-resource-id"),
|
||||
DBProxyName: aws.String("rds-proxy"),
|
||||
},
|
||||
},
|
||||
|
@ -79,11 +79,11 @@ func TestAWSMetadata(t *testing.T) {
|
|||
redshift := &mocks.RedshiftMock{
|
||||
Clusters: []*redshift.Cluster{
|
||||
{
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-west-1:1234567890:namespace:namespace-id"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-west-1:123456789012:namespace:namespace-id"),
|
||||
ClusterIdentifier: aws.String("redshift-cluster-1"),
|
||||
},
|
||||
{
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:0987654321:namespace:namespace-id"),
|
||||
ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:210987654321:namespace:namespace-id"),
|
||||
ClusterIdentifier: aws.String("redshift-cluster-2"),
|
||||
},
|
||||
},
|
||||
|
@ -93,7 +93,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
elasticache := &mocks.ElastiCacheMock{
|
||||
ReplicationGroups: []*elasticache.ReplicationGroup{
|
||||
{
|
||||
ARN: aws.String("arn:aws:elasticache:us-west-1:123456789:replicationgroup:my-redis"),
|
||||
ARN: aws.String("arn:aws:elasticache:us-west-1:123456789012:replicationgroup:my-redis"),
|
||||
ReplicationGroupId: aws.String("my-redis"),
|
||||
ClusterEnabled: aws.Bool(true),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
@ -106,7 +106,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
memorydb := &mocks.MemoryDBMock{
|
||||
Clusters: []*memorydb.Cluster{
|
||||
{
|
||||
ARN: aws.String("arn:aws:memorydb:us-west-1:123456789:cluster:my-cluster"),
|
||||
ARN: aws.String("arn:aws:memorydb:us-west-1:123456789012:cluster:my-cluster"),
|
||||
Name: aws.String("my-cluster"),
|
||||
TLSEnabled: aws.Bool(true),
|
||||
ACLName: aws.String("my-user-group"),
|
||||
|
@ -148,7 +148,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
outAWS: types.AWS{
|
||||
Region: "us-west-1",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
RDS: types.RDS{
|
||||
InstanceID: "postgres-rds",
|
||||
ResourceID: "db-xyz",
|
||||
|
@ -165,7 +165,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
outAWS: types.AWS{
|
||||
Region: "us-east-1",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
RDS: types.RDS{
|
||||
ClusterID: "postgres-aurora",
|
||||
ResourceID: "cluster-xyz",
|
||||
|
@ -181,7 +181,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
outAWS: types.AWS{
|
||||
Region: "us-east-1",
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
RDS: types.RDS{
|
||||
ClusterID: "postgres-aurora",
|
||||
ResourceID: "cluster-xyz",
|
||||
|
@ -196,7 +196,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
Redshift: types.Redshift{
|
||||
ClusterID: "redshift-cluster-1",
|
||||
|
@ -211,7 +211,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "0987654321",
|
||||
AccountID: "210987654321",
|
||||
Region: "us-east-2",
|
||||
Redshift: types.Redshift{
|
||||
ClusterID: "redshift-cluster-2",
|
||||
|
@ -227,7 +227,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "123456789",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
ElastiCache: types.ElastiCache{
|
||||
ReplicationGroupID: "my-redis",
|
||||
|
@ -246,7 +246,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "123456789",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
MemoryDB: types.MemoryDB{
|
||||
ClusterName: "my-cluster",
|
||||
|
@ -265,7 +265,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RDSProxy: types.RDSProxy{
|
||||
Name: "rds-proxy",
|
||||
|
@ -282,7 +282,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-east-1",
|
||||
RDSProxy: types.RDSProxy{
|
||||
Name: "rds-proxy",
|
||||
|
@ -300,7 +300,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
RedshiftServerless: types.RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
@ -317,7 +317,7 @@ func TestAWSMetadata(t *testing.T) {
|
|||
},
|
||||
},
|
||||
outAWS: types.AWS{
|
||||
AccountID: "1234567890",
|
||||
AccountID: "123456789012",
|
||||
Region: "us-west-1",
|
||||
RedshiftServerless: types.RedshiftServerless{
|
||||
WorkgroupName: "my-workgroup",
|
||||
|
|
|
@ -115,9 +115,9 @@ func TestSecretKeyFromAWSARN(t *testing.T) {
|
|||
_, err := secretKeyFromAWSARN("invalid:arn")
|
||||
require.True(t, trace.IsBadParameter(err))
|
||||
|
||||
key, err := secretKeyFromAWSARN("arn:aws-cn:elasticache:cn-north-1:1234567890:user:alice")
|
||||
key, err := secretKeyFromAWSARN("arn:aws-cn:elasticache:cn-north-1:123456789012:user:alice")
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, "elasticache/cn-north-1/1234567890/user/alice", key)
|
||||
require.Equal(t, "elasticache/cn-north-1/123456789012/user/alice", key)
|
||||
}
|
||||
|
||||
type mockUser struct {
|
||||
|
|
|
@ -135,7 +135,7 @@ func mustCreateElastiCacheDatabase(t *testing.T, name string, userGroupIDs ...st
|
|||
Name: name,
|
||||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolRedis,
|
||||
URI: "master.redis-cluster.1234567890.use1.cache.amazonaws.com:6379",
|
||||
URI: "master.redis-cluster.123456789012.use1.cache.amazonaws.com:6379",
|
||||
AWS: types.AWS{
|
||||
ElastiCache: types.ElastiCache{
|
||||
UserGroupIDs: userGroupIDs,
|
||||
|
@ -176,7 +176,7 @@ func mustCreateRDSDatabase(t *testing.T, name string) types.Database {
|
|||
func elastiCacheUser(name string, groupIDs ...string) *elasticache.User {
|
||||
return &elasticache.User{
|
||||
UserId: aws.String(name),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:user:" + name),
|
||||
ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:user:" + name),
|
||||
UserName: aws.String(name),
|
||||
UserGroupIds: aws.StringSlice(groupIDs),
|
||||
}
|
||||
|
@ -184,7 +184,7 @@ func elastiCacheUser(name string, groupIDs ...string) *elasticache.User {
|
|||
|
||||
func memoryDBUser(name string, aclNames ...string) *memorydb.User {
|
||||
return &memorydb.User{
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:user/" + name),
|
||||
ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:user/" + name),
|
||||
Name: aws.String(name),
|
||||
ACLNames: aws.StringSlice(aclNames),
|
||||
}
|
||||
|
|
|
@ -393,24 +393,24 @@ func TestRedshiftServerlessUsernameToRoleARN(t *testing.T) {
|
|||
expectError bool
|
||||
}{
|
||||
{
|
||||
inputUsername: "arn:aws:iam::1234567890:role/rolename",
|
||||
expectRoleARN: "arn:aws:iam::1234567890:role/rolename",
|
||||
inputUsername: "arn:aws:iam::123456789012:role/rolename",
|
||||
expectRoleARN: "arn:aws:iam::123456789012:role/rolename",
|
||||
},
|
||||
{
|
||||
inputUsername: "arn:aws:iam::1234567890:user/user",
|
||||
inputUsername: "arn:aws:iam::123456789012:user/user",
|
||||
expectError: true,
|
||||
},
|
||||
{
|
||||
inputUsername: "arn:aws:not-iam::1234567890:role/rolename",
|
||||
inputUsername: "arn:aws:not-iam::123456789012:role/rolename",
|
||||
expectError: true,
|
||||
},
|
||||
{
|
||||
inputUsername: "role/rolename",
|
||||
expectRoleARN: "arn:aws:iam::1234567890:role/rolename",
|
||||
expectRoleARN: "arn:aws:iam::123456789012:role/rolename",
|
||||
},
|
||||
{
|
||||
inputUsername: "rolename",
|
||||
expectRoleARN: "arn:aws:iam::1234567890:role/rolename",
|
||||
expectRoleARN: "arn:aws:iam::123456789012:role/rolename",
|
||||
},
|
||||
{
|
||||
inputUsername: "IAM:user",
|
||||
|
@ -520,7 +520,7 @@ func newRedshiftServerlessDatabase(t *testing.T) types.Database {
|
|||
Name: "test-database",
|
||||
}, types.DatabaseSpecV3{
|
||||
Protocol: defaults.ProtocolPostgres,
|
||||
URI: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
URI: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439",
|
||||
})
|
||||
require.NoError(t, err)
|
||||
return database
|
||||
|
|
|
@ -40,7 +40,7 @@ func TestGetAWSPolicyDocument(t *testing.T) {
|
|||
Protocol: "postgres",
|
||||
URI: "instance.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5438",
|
||||
AWS: types.AWS{
|
||||
AccountID: "12345",
|
||||
AccountID: "123456789012",
|
||||
RDS: types.RDS{
|
||||
ResourceID: "abcdef",
|
||||
},
|
||||
|
@ -54,7 +54,7 @@ func TestGetAWSPolicyDocument(t *testing.T) {
|
|||
Protocol: "postgres",
|
||||
URI: "my-proxy.proxy-abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432",
|
||||
AWS: types.AWS{
|
||||
AccountID: "12345",
|
||||
AccountID: "123456789012",
|
||||
RDSProxy: types.RDSProxy{
|
||||
ResourceID: "qwerty",
|
||||
},
|
||||
|
@ -102,7 +102,7 @@ func TestGetAWSPolicyDocument(t *testing.T) {
|
|||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "rds-db:connect",
|
||||
"Resource": "arn:aws:rds-db:us-east-1:12345:dbuser:abcdef/*"
|
||||
"Resource": "arn:aws:rds-db:us-east-1:123456789012:dbuser:abcdef/*"
|
||||
}
|
||||
]
|
||||
}`,
|
||||
|
@ -115,7 +115,7 @@ func TestGetAWSPolicyDocument(t *testing.T) {
|
|||
{
|
||||
"Effect": "Allow",
|
||||
"Action": "rds-db:connect",
|
||||
"Resource": "arn:aws:rds-db:us-west-1:12345:dbuser:qwerty/*"
|
||||
"Resource": "arn:aws:rds-db:us-west-1:123456789012:dbuser:qwerty/*"
|
||||
}
|
||||
]
|
||||
}`,
|
||||
|
|
|
@ -44,7 +44,7 @@ func (c *MockSecretsManagerClientConfig) SetDefaults() {
|
|||
c.Region = "us-east-1"
|
||||
}
|
||||
if c.Account == "" {
|
||||
c.Account = "1234567890"
|
||||
c.Account = "123456789012"
|
||||
}
|
||||
if c.Clock == nil {
|
||||
c.Clock = clockwork.NewFakeClock()
|
||||
|
|
|
@ -77,7 +77,7 @@ func TestAWSSecretsManager(t *testing.T) {
|
|||
SecretId: aws.String("teleport/key"),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
require.Equal(t, "arn:aws:kms:us-east-1:1234567890:alias/aws/secretsmanager", aws.StringValue(output1.KmsKeyId))
|
||||
require.Equal(t, "arn:aws:kms:us-east-1:123456789012:alias/aws/secretsmanager", aws.StringValue(output1.KmsKeyId))
|
||||
|
||||
// Create secret for the second time with custom KMS. Create returns
|
||||
// IsAlreadyExists but KMSKeyID should be updated.
|
||||
|
|
|
@ -113,7 +113,7 @@ func TestElastiCacheFetcher(t *testing.T) {
|
|||
|
||||
func makeElastiCacheCluster(t *testing.T, name, region, env string, opts ...func(*elasticache.ReplicationGroup)) (*elasticache.ReplicationGroup, types.Database, []*elasticache.Tag) {
|
||||
cluster := &elasticache.ReplicationGroup{
|
||||
ARN: aws.String(fmt.Sprintf("arn:aws:elasticache:%s:123456789:replicationgroup:%s", region, name)),
|
||||
ARN: aws.String(fmt.Sprintf("arn:aws:elasticache:%s:123456789012:replicationgroup:%s", region, name)),
|
||||
ReplicationGroupId: aws.String(name),
|
||||
Status: aws.String("available"),
|
||||
TransitEncryptionEnabled: aws.Bool(true),
|
||||
|
|
|
@ -112,7 +112,7 @@ func TestMemoryDBFetcher(t *testing.T) {
|
|||
|
||||
func makeMemoryDBCluster(t *testing.T, name, region, env string, opts ...func(*memorydb.Cluster)) (*memorydb.Cluster, types.Database, []*memorydb.Tag) {
|
||||
cluster := &memorydb.Cluster{
|
||||
ARN: aws.String(fmt.Sprintf("arn:aws:memorydb:%s:123456789:cluster:%s", region, name)),
|
||||
ARN: aws.String(fmt.Sprintf("arn:aws:memorydb:%s:123456789012:cluster:%s", region, name)),
|
||||
Name: aws.String(name),
|
||||
Status: aws.String("available"),
|
||||
TLSEnabled: aws.Bool(true),
|
||||
|
|
|
@ -76,7 +76,7 @@ func TestRDSDBProxyFetcher(t *testing.T) {
|
|||
|
||||
func makeRDSProxy(t *testing.T, name, region, vpcID string) (*rds.DBProxy, types.Database) {
|
||||
rdsProxy := &rds.DBProxy{
|
||||
DBProxyArn: aws.String(fmt.Sprintf("arn:aws:rds:%s:1234567890:db-proxy:prx-%s", region, name)),
|
||||
DBProxyArn: aws.String(fmt.Sprintf("arn:aws:rds:%s:123456789012:db-proxy:prx-%s", region, name)),
|
||||
DBProxyName: aws.String(name),
|
||||
EngineFamily: aws.String(rds.EngineFamilyMysql),
|
||||
Endpoint: aws.String("localhost"),
|
||||
|
@ -95,7 +95,7 @@ func makeRDSProxyCustomEndpoint(t *testing.T, rdsProxy *rds.DBProxy, name, regio
|
|||
Endpoint: aws.String("localhost"),
|
||||
DBProxyEndpointName: aws.String(name),
|
||||
DBProxyName: rdsProxy.DBProxyName,
|
||||
DBProxyEndpointArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456:db-proxy-endpoint:prx-endpoint-%v", region, name)),
|
||||
DBProxyEndpointArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:db-proxy-endpoint:prx-endpoint-%v", region, name)),
|
||||
TargetRole: aws.String(rds.DBProxyEndpointTargetRoleReadOnly),
|
||||
Status: aws.String("available"),
|
||||
}
|
||||
|
|
|
@ -220,7 +220,7 @@ func TestRDSFetchers(t *testing.T) {
|
|||
|
||||
func makeRDSInstance(t *testing.T, name, region string, labels map[string]string, opts ...func(*rds.DBInstance)) (*rds.DBInstance, types.Database) {
|
||||
instance := &rds.DBInstance{
|
||||
DBInstanceArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:db:%v", region, name)),
|
||||
DBInstanceArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:db:%v", region, name)),
|
||||
DBInstanceIdentifier: aws.String(name),
|
||||
DbiResourceId: aws.String(uuid.New().String()),
|
||||
Engine: aws.String(services.RDSEnginePostgres),
|
||||
|
@ -242,7 +242,7 @@ func makeRDSInstance(t *testing.T, name, region string, labels map[string]string
|
|||
|
||||
func makeRDSCluster(t *testing.T, name, region string, labels map[string]string, opts ...func(*rds.DBCluster)) (*rds.DBCluster, types.Database) {
|
||||
cluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:cluster:%v", region, name)),
|
||||
DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:cluster:%v", region, name)),
|
||||
DBClusterIdentifier: aws.String(name),
|
||||
DbClusterResourceId: aws.String(uuid.New().String()),
|
||||
Engine: aws.String(services.RDSEngineAuroraMySQL),
|
||||
|
@ -266,7 +266,7 @@ func makeRDSCluster(t *testing.T, name, region string, labels map[string]string,
|
|||
|
||||
func makeRDSClusterWithExtraEndpoints(t *testing.T, name, region string, labels map[string]string, hasWriter bool) (*rds.DBCluster, types.Databases) {
|
||||
cluster := &rds.DBCluster{
|
||||
DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:cluster:%v", region, name)),
|
||||
DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:cluster:%v", region, name)),
|
||||
DBClusterIdentifier: aws.String(name),
|
||||
DbClusterResourceId: aws.String(uuid.New().String()),
|
||||
Engine: aws.String(services.RDSEngineAuroraMySQL),
|
||||
|
|
|
@ -90,7 +90,7 @@ func TestRedshiftFetcher(t *testing.T) {
|
|||
func makeRedshiftCluster(t *testing.T, region, env string, opts ...func(*redshift.Cluster)) (*redshift.Cluster, types.Database) {
|
||||
cluster := &redshift.Cluster{
|
||||
ClusterIdentifier: aws.String(env),
|
||||
ClusterNamespaceArn: aws.String(fmt.Sprintf("arn:aws:redshift:%s:1234567890:namespace:%s", region, env)),
|
||||
ClusterNamespaceArn: aws.String(fmt.Sprintf("arn:aws:redshift:%s:123456789012:namespace:%s", region, env)),
|
||||
ClusterStatus: aws.String("available"),
|
||||
Endpoint: &redshift.Endpoint{
|
||||
Address: aws.String("localhost"),
|
||||
|
|
|
@ -93,22 +93,22 @@ func TestExtractCredFromAuthHeader(t *testing.T) {
|
|||
// TestFilterAWSRoles verifies filtering AWS role ARNs by AWS account ID.
|
||||
func TestFilterAWSRoles(t *testing.T) {
|
||||
acc1ARN1 := Role{
|
||||
ARN: "arn:aws:iam::1234567890:role/EC2FullAccess",
|
||||
ARN: "arn:aws:iam::123456789012:role/EC2FullAccess",
|
||||
Display: "EC2FullAccess",
|
||||
Name: "EC2FullAccess",
|
||||
}
|
||||
acc1ARN2 := Role{
|
||||
ARN: "arn:aws:iam::1234567890:role/EC2ReadOnly",
|
||||
ARN: "arn:aws:iam::123456789012:role/EC2ReadOnly",
|
||||
Display: "EC2ReadOnly",
|
||||
Name: "EC2ReadOnly",
|
||||
}
|
||||
acc1ARN3 := Role{
|
||||
ARN: "arn:aws:iam::1234567890:role/path/to/customrole",
|
||||
ARN: "arn:aws:iam::123456789012:role/path/to/customrole",
|
||||
Display: "customrole",
|
||||
Name: "path/to/customrole",
|
||||
}
|
||||
acc2ARN1 := Role{
|
||||
ARN: "arn:aws:iam::0987654321:role/test-role",
|
||||
ARN: "arn:aws:iam::210987654321:role/test-role",
|
||||
Display: "test-role",
|
||||
Name: "test-role",
|
||||
}
|
||||
|
@ -125,12 +125,12 @@ func TestFilterAWSRoles(t *testing.T) {
|
|||
}{
|
||||
{
|
||||
name: "first account roles",
|
||||
accountID: "1234567890",
|
||||
accountID: "123456789012",
|
||||
outARNs: Roles{acc1ARN1, acc1ARN2, acc1ARN3},
|
||||
},
|
||||
{
|
||||
name: "second account roles",
|
||||
accountID: "0987654321",
|
||||
accountID: "210987654321",
|
||||
outARNs: Roles{acc2ARN1},
|
||||
},
|
||||
{
|
||||
|
@ -146,18 +146,18 @@ func TestFilterAWSRoles(t *testing.T) {
|
|||
|
||||
func TestRoles(t *testing.T) {
|
||||
arns := []string{
|
||||
"arn:aws:iam::1234567890:role/test-role",
|
||||
"arn:aws:iam::1234567890:role/EC2FullAccess",
|
||||
"arn:aws:iam::1234567890:role/path/to/EC2FullAccess",
|
||||
"arn:aws:iam::123456789012:role/test-role",
|
||||
"arn:aws:iam::123456789012:role/EC2FullAccess",
|
||||
"arn:aws:iam::123456789012:role/path/to/EC2FullAccess",
|
||||
}
|
||||
roles := FilterAWSRoles(arns, "1234567890")
|
||||
roles := FilterAWSRoles(arns, "123456789012")
|
||||
require.Len(t, roles, 3)
|
||||
|
||||
t.Run("Sort", func(t *testing.T) {
|
||||
roles.Sort()
|
||||
require.Equal(t, "arn:aws:iam::1234567890:role/EC2FullAccess", roles[0].ARN)
|
||||
require.Equal(t, "arn:aws:iam::1234567890:role/path/to/EC2FullAccess", roles[1].ARN)
|
||||
require.Equal(t, "arn:aws:iam::1234567890:role/test-role", roles[2].ARN)
|
||||
require.Equal(t, "arn:aws:iam::123456789012:role/EC2FullAccess", roles[0].ARN)
|
||||
require.Equal(t, "arn:aws:iam::123456789012:role/path/to/EC2FullAccess", roles[1].ARN)
|
||||
require.Equal(t, "arn:aws:iam::123456789012:role/test-role", roles[2].ARN)
|
||||
})
|
||||
|
||||
t.Run("FindRoleByARN", func(t *testing.T) {
|
||||
|
@ -170,7 +170,7 @@ func TestRoles(t *testing.T) {
|
|||
})
|
||||
|
||||
t.Run("not found", func(t *testing.T) {
|
||||
_, found := roles.FindRoleByARN("arn:aws:iam::1234567889:role/unknown")
|
||||
_, found := roles.FindRoleByARN("arn:aws:iam::123456788912:role/unknown")
|
||||
require.False(t, found)
|
||||
})
|
||||
})
|
||||
|
|
Loading…
Reference in a new issue