diff --git a/api/types/database.go b/api/types/database.go index 5e093e2f628..a213bda6708 100644 --- a/api/types/database.go +++ b/api/types/database.go @@ -627,6 +627,13 @@ func (d *DatabaseV3) CheckAndSetDefaults() error { } } + // Validate AWS Specific configuration + if d.Spec.AWS.AccountID != "" { + if err := awsutils.IsValidAccountID(d.Spec.AWS.AccountID); err != nil { + return trace.BadParameter("invalid AWS Account ID: %v", err) + } + } + // Validate Cloud SQL specific configuration. switch { case d.Spec.GCP.ProjectID != "" && d.Spec.GCP.InstanceID == "": diff --git a/api/types/database_test.go b/api/types/database_test.go index e01c343d1d6..aa3bd95e59e 100644 --- a/api/types/database_test.go +++ b/api/types/database_test.go @@ -19,25 +19,83 @@ package types import ( "testing" + "github.com/gravitational/trace" "github.com/stretchr/testify/require" ) // TestDatabaseRDSEndpoint verifies AWS info is correctly populated // based on the RDS endpoint. func TestDatabaseRDSEndpoint(t *testing.T) { - database, err := NewDatabaseV3(Metadata{ - Name: "rds", - }, DatabaseSpecV3{ - Protocol: "postgres", - URI: "aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432", - }) - require.NoError(t, err) - require.Equal(t, AWS{ - Region: "us-west-1", - RDS: RDS{ - InstanceID: "aurora-instance-1", + isBadParamErrFn := func(tt require.TestingT, err error, i ...interface{}) { + require.True(tt, trace.IsBadParameter(err), "expected bad parameter, got %v", err) + } + + for _, tt := range []struct { + name string + spec DatabaseSpecV3 + errorCheck require.ErrorAssertionFunc + expectedAWS AWS + }{ + { + name: "aurora instance", + spec: DatabaseSpecV3{ + Protocol: "postgres", + URI: "aurora-instance-1.abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432", + }, + errorCheck: require.NoError, + expectedAWS: AWS{ + Region: "us-west-1", + RDS: RDS{ + InstanceID: "aurora-instance-1", + }, + }, }, - }, database.GetAWS()) + { + name: "invalid account id", + spec: DatabaseSpecV3{ + Protocol: "postgres", + URI: "marcotest-db001.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5432", + AWS: AWS{ + AccountID: "invalid", + }, + }, + errorCheck: isBadParamErrFn, + }, + { + name: "valid account id", + spec: DatabaseSpecV3{ + Protocol: "postgres", + URI: "marcotest-db001.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5432", + AWS: AWS{ + AccountID: "123456789012", + }, + }, + errorCheck: require.NoError, + expectedAWS: AWS{ + Region: "us-east-1", + RDS: RDS{ + InstanceID: "marcotest-db001", + }, + AccountID: "123456789012", + }, + }, + } { + tt := tt + t.Run(tt.name, func(t *testing.T) { + database, err := NewDatabaseV3( + Metadata{ + Name: "rds", + }, + tt.spec, + ) + tt.errorCheck(t, err) + if err != nil { + return + } + + require.Equal(t, tt.expectedAWS, database.GetAWS()) + }) + } } // TestDatabaseRDSProxyEndpoint verifies AWS info is correctly populated based @@ -354,7 +412,7 @@ func TestCassandraAWSEndpoint(t *testing.T) { Protocol: "cassandra", AWS: AWS{ Region: "us-west-1", - AccountID: "12345", + AccountID: "123456789012", }, }) require.NoError(t, err) @@ -368,7 +426,7 @@ func TestCassandraAWSEndpoint(t *testing.T) { Protocol: "cassandra", URI: "cassandra.us-west-1.amazonaws.com:9142", AWS: AWS{ - AccountID: "12345", + AccountID: "123456789012", }, }) require.NoError(t, err) @@ -383,7 +441,7 @@ func TestCassandraAWSEndpoint(t *testing.T) { Protocol: "cassandra", URI: "cassandra-fips.us-west-2.amazonaws.com:9142", AWS: AWS{ - AccountID: "12345", + AccountID: "123456789012", }, }) require.NoError(t, err) @@ -413,11 +471,11 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) { Name: "test", }, DatabaseSpecV3{ Protocol: "postgres", - URI: "my-workgroup.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439", + URI: "my-workgroup.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439", }) require.NoError(t, err) require.Equal(t, AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RedshiftServerless: RedshiftServerless{ WorkgroupName: "my-workgroup", @@ -430,7 +488,7 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) { Name: "test", }, DatabaseSpecV3{ Protocol: "postgres", - URI: "my-vpc-endpoint-xxxyyyzzz.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439", + URI: "my-vpc-endpoint-xxxyyyzzz.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439", AWS: AWS{ RedshiftServerless: RedshiftServerless{ WorkgroupName: "my-workgroup", @@ -439,7 +497,7 @@ func TestDatabaseFromRedshiftServerlessEndpoint(t *testing.T) { }) require.NoError(t, err) require.Equal(t, AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RedshiftServerless: RedshiftServerless{ WorkgroupName: "my-workgroup", diff --git a/api/utils/aws/endpoint_test.go b/api/utils/aws/endpoint_test.go index ef4e44f6526..1d2c95fed12 100644 --- a/api/utils/aws/endpoint_test.go +++ b/api/utils/aws/endpoint_test.go @@ -465,21 +465,21 @@ func TestRedshiftServerlessEndpoint(t *testing.T) { }{ { name: "workgroup endpoint", - endpoint: "my-workgroup.1234567890.us-east-1.redshift-serverless.amazonaws.com:5439", + endpoint: "my-workgroup.123456789012.us-east-1.redshift-serverless.amazonaws.com:5439", expectIsRedshiftServerlessEndpoint: true, expectDetails: &RedshiftServerlessEndpointDetails{ WorkgroupName: "my-workgroup", - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", }, }, { name: "vpc endpoint", - endpoint: "my-vpc-endpoint-xxxyyyzzz.1234567890.us-east-1.redshift-serverless.amazonaws.com", + endpoint: "my-vpc-endpoint-xxxyyyzzz.123456789012.us-east-1.redshift-serverless.amazonaws.com", expectIsRedshiftServerlessEndpoint: true, expectDetails: &RedshiftServerlessEndpointDetails{ EndpointName: "my-vpc", - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", }, }, diff --git a/api/utils/aws/identifiers.go b/api/utils/aws/identifiers.go new file mode 100644 index 00000000000..2094b6e65e0 --- /dev/null +++ b/api/utils/aws/identifiers.go @@ -0,0 +1,37 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aws + +import ( + "github.com/gravitational/trace" +) + +// IsValidAccountID checks whether the accountID is a valid AWS Account ID +// +// https://docs.aws.amazon.com/accounts/latest/reference/manage-acct-identifiers.html +func IsValidAccountID(accountID string) error { + if len(accountID) != 12 { + return trace.BadParameter("must be 12-digit") + } + for _, d := range accountID { + if d < '0' || d > '9' { + return trace.BadParameter("must be 12-digit") + } + } + + return nil +} diff --git a/api/utils/aws/identifiers_test.go b/api/utils/aws/identifiers_test.go new file mode 100644 index 00000000000..8d33fa9b9ea --- /dev/null +++ b/api/utils/aws/identifiers_test.go @@ -0,0 +1,76 @@ +/* +Copyright 2022 Gravitational, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package aws + +import ( + "testing" + + "github.com/gravitational/trace" + "github.com/stretchr/testify/require" +) + +func TestIsValidAccountID(t *testing.T) { + isBadParamErrFn := func(tt require.TestingT, err error, i ...interface{}) { + require.True(tt, trace.IsBadParameter(err), "expected bad parameter, got %v", err) + } + + for _, tt := range []struct { + name string + accountID string + errCheck require.ErrorAssertionFunc + }{ + { + name: "valid account id", + accountID: "123456789012", + errCheck: require.NoError, + }, + { + name: "empty", + accountID: "", + errCheck: isBadParamErrFn, + }, + { + name: "less digits", + accountID: "12345678901", + errCheck: isBadParamErrFn, + }, + { + name: "more digits", + accountID: "1234567890123", + errCheck: isBadParamErrFn, + }, + { + name: "invalid chars", + accountID: "12345678901A", + errCheck: isBadParamErrFn, + }, + { + name: "invalid chars with emojis", + accountID: "12345678901✅", + errCheck: isBadParamErrFn, + }, + { + name: "unicode digit is invalid", + accountID: "123456789৩", // ৩ is a valid unicode digit and its len("৩") is 3 + errCheck: isBadParamErrFn, + }, + } { + t.Run(tt.name, func(t *testing.T) { + tt.errCheck(t, IsValidAccountID(tt.accountID)) + }) + } +} diff --git a/lib/cloud/aws/identity_test.go b/lib/cloud/aws/identity_test.go index 6b98b96fea3..70685519b95 100644 --- a/lib/cloud/aws/identity_test.go +++ b/lib/cloud/aws/identity_test.go @@ -40,37 +40,37 @@ func TestGetIdentity(t *testing.T) { }{ { description: "role identity", - inARN: "arn:aws:iam::1234567890:role/custom/path/EC2ReadOnly", + inARN: "arn:aws:iam::123456789012:role/custom/path/EC2ReadOnly", outIdentity: Role{}, outName: "EC2ReadOnly", - outAccountID: "1234567890", + outAccountID: "123456789012", outPartition: "aws", outType: "role", }, { description: "assumed role identity", - inARN: "arn:aws:sts::1234567890:assumed-role/DatabaseAccess/i-1234567890", + inARN: "arn:aws:sts::123456789012:assumed-role/DatabaseAccess/i-1234567890", outIdentity: Role{}, outName: "DatabaseAccess", - outAccountID: "1234567890", + outAccountID: "123456789012", outPartition: "aws", outType: "assumed-role", }, { description: "user identity", - inARN: "arn:aws-us-gov:iam::1234567890:user/custom/path/alice", + inARN: "arn:aws-us-gov:iam::123456789012:user/custom/path/alice", outIdentity: User{}, outName: "alice", - outAccountID: "1234567890", + outAccountID: "123456789012", outPartition: "aws-us-gov", outType: "user", }, { description: "unsupported identity", - inARN: "arn:aws:iam::1234567890:group/readers", + inARN: "arn:aws:iam::123456789012:group/readers", outIdentity: Unknown{}, outName: "readers", - outAccountID: "1234567890", + outAccountID: "123456789012", outPartition: "aws", outType: "group", }, diff --git a/lib/cloud/mocks/aws_redshift_serverless.go b/lib/cloud/mocks/aws_redshift_serverless.go index 7325b79954b..f2a00d85f8c 100644 --- a/lib/cloud/mocks/aws_redshift_serverless.go +++ b/lib/cloud/mocks/aws_redshift_serverless.go @@ -91,7 +91,7 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr }}, CreationDate: aws.Time(sampleTime), Endpoint: &redshiftserverless.Endpoint{ - Address: aws.String(fmt.Sprintf("%v.1234567890.%v.redshift-serverless.amazonaws.com", name, region)), + Address: aws.String(fmt.Sprintf("%v.123456789012.%v.redshift-serverless.amazonaws.com", name, region)), Port: aws.Int64(5439), VpcEndpoints: []*redshiftserverless.VpcEndpoint{{ VpcEndpointId: aws.String("vpc-endpoint-id"), @@ -101,7 +101,7 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr NamespaceName: aws.String("my-namespace"), PubliclyAccessible: aws.Bool(true), Status: aws.String("AVAILABLE"), - WorkgroupArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%v:1234567890:workgroup/some-uuid-for-%v", region, name)), + WorkgroupArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%v:123456789012:workgroup/some-uuid-for-%v", region, name)), WorkgroupId: aws.String(fmt.Sprintf("some-uuid-for-%v", name)), WorkgroupName: aws.String(name), } @@ -110,8 +110,8 @@ func RedshiftServerlessWorkgroup(name, region string) *redshiftserverless.Workgr // RedshiftServerlessEndpointAccess returns a sample redshiftserverless.EndpointAccess. func RedshiftServerlessEndpointAccess(workgroup *redshiftserverless.Workgroup, name, region string) *redshiftserverless.EndpointAccess { return &redshiftserverless.EndpointAccess{ - Address: aws.String(fmt.Sprintf("%s-endpoint-xxxyyyzzz.1234567890.%s.redshift-serverless.amazonaws.com", name, region)), - EndpointArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%s:1234567890:managedvpcendpoint/some-uuid-for-%v", region, name)), + Address: aws.String(fmt.Sprintf("%s-endpoint-xxxyyyzzz.123456789012.%s.redshift-serverless.amazonaws.com", name, region)), + EndpointArn: aws.String(fmt.Sprintf("arn:aws:redshift-serverless:%s:123456789012:managedvpcendpoint/some-uuid-for-%v", region, name)), EndpointCreateTime: aws.Time(sampleTime), EndpointName: aws.String(name), EndpointStatus: aws.String("AVAILABLE"), diff --git a/lib/configurators/aws/aws_test.go b/lib/configurators/aws/aws_test.go index f19c7a93ae6..9f06723508f 100644 --- a/lib/configurators/aws/aws_test.go +++ b/lib/configurators/aws/aws_test.go @@ -42,13 +42,13 @@ import ( ) func TestAWSIAMDocuments(t *testing.T) { - userTarget, err := awslib.IdentityFromArn("arn:aws:iam::1234567:user/example-user") + userTarget, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:user/example-user") require.NoError(t, err) - roleTarget, err := awslib.IdentityFromArn("arn:aws:iam::1234567:role/example-role") + roleTarget, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:role/example-role") require.NoError(t, err) - unknownIdentity, err := awslib.IdentityFromArn("arn:aws:iam::1234567:ec2/example-ec2") + unknownIdentity, err := awslib.IdentityFromArn("arn:aws:iam::123456789012:ec2/example-ec2") require.NoError(t, err) tests := map[string]struct { @@ -257,7 +257,7 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:TagResource", }, - Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"}, + Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"}, }, }, boundaryStatements: []*awslib.Statement{ @@ -277,7 +277,7 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:TagResource", }, - Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"}, + Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"}, }, }, }, @@ -321,15 +321,15 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:TagResource", }, Resources: []string{ - "arn:aws:secretsmanager:*:1234567:secret:teleport/*", - "arn:aws:secretsmanager:*:1234567:secret:my-prefix/*", + "arn:aws:secretsmanager:*:123456789012:secret:teleport/*", + "arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*", }, }, { Effect: "Allow", Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"}, Resources: []string{ - "arn:aws:kms:*:1234567:key/my-kms-id", + "arn:aws:kms:*:123456789012:key/my-kms-id", }, }, }, @@ -351,15 +351,15 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:TagResource", }, Resources: []string{ - "arn:aws:secretsmanager:*:1234567:secret:teleport/*", - "arn:aws:secretsmanager:*:1234567:secret:my-prefix/*", + "arn:aws:secretsmanager:*:123456789012:secret:teleport/*", + "arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*", }, }, { Effect: "Allow", Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"}, Resources: []string{ - "arn:aws:kms:*:1234567:key/my-kms-id", + "arn:aws:kms:*:123456789012:key/my-kms-id", }, }, }, @@ -389,7 +389,7 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:TagResource", }, - Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"}, + Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"}, }, }, boundaryStatements: []*awslib.Statement{ @@ -408,7 +408,7 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:GetSecretValue", "secretsmanager:PutSecretValue", "secretsmanager:TagResource", }, - Resources: []string{"arn:aws:secretsmanager:*:1234567:secret:teleport/*"}, + Resources: []string{"arn:aws:secretsmanager:*:123456789012:secret:teleport/*"}, }, }, }, @@ -451,15 +451,15 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:TagResource", }, Resources: []string{ - "arn:aws:secretsmanager:*:1234567:secret:teleport/*", - "arn:aws:secretsmanager:*:1234567:secret:my-prefix/*", + "arn:aws:secretsmanager:*:123456789012:secret:teleport/*", + "arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*", }, }, { Effect: "Allow", Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"}, Resources: []string{ - "arn:aws:kms:*:1234567:key/my-kms-id", + "arn:aws:kms:*:123456789012:key/my-kms-id", }, }, }, @@ -480,15 +480,15 @@ func TestAWSIAMDocuments(t *testing.T) { "secretsmanager:TagResource", }, Resources: []string{ - "arn:aws:secretsmanager:*:1234567:secret:teleport/*", - "arn:aws:secretsmanager:*:1234567:secret:my-prefix/*", + "arn:aws:secretsmanager:*:123456789012:secret:teleport/*", + "arn:aws:secretsmanager:*:123456789012:secret:my-prefix/*", }, }, { Effect: "Allow", Actions: []string{"kms:GenerateDataKey", "kms:Decrypt"}, Resources: []string{ - "arn:aws:kms:*:1234567:key/my-kms-id", + "arn:aws:kms:*:123456789012:key/my-kms-id", }, }, }, @@ -842,26 +842,26 @@ func TestAWSPoliciesTarget(t *testing.T) { targetPartitionID: "aws", }, "UserARNFromFlags": { - flags: configurators.BootstrapFlags{AttachToUser: "arn:aws:iam::123456:user/example-user"}, + flags: configurators.BootstrapFlags{AttachToUser: "arn:aws:iam::123456789012:user/example-user"}, targetType: awslib.User{}, targetName: "example-user", - targetAccountID: "123456", + targetAccountID: "123456789012", targetPartitionID: "aws", }, "RoleNameFromFlags": { flags: configurators.BootstrapFlags{AttachToRole: "example-role"}, - accountID: "123456", + accountID: "123456789012", partitionID: "aws", targetType: awslib.Role{}, targetName: "example-role", - targetAccountID: "123456", + targetAccountID: "123456789012", targetPartitionID: "aws", }, "RoleARNFromFlags": { - flags: configurators.BootstrapFlags{AttachToRole: "arn:aws:iam::123456:role/example-role"}, + flags: configurators.BootstrapFlags{AttachToRole: "arn:aws:iam::123456789012:role/example-role"}, targetType: awslib.Role{}, targetName: "example-role", - targetAccountID: "123456", + targetAccountID: "123456789012", targetPartitionID: "aws", }, "UserFromIdentity": { diff --git a/lib/services/database.go b/lib/services/database.go index 757c03941a3..85a640358cc 100644 --- a/lib/services/database.go +++ b/lib/services/database.go @@ -799,7 +799,7 @@ func MetadataFromRDSProxy(rdsProxy *rds.DBProxy) (*types.AWS, error) { // rds.DBProxy has no resource ID attribute. The resource ID can be found // in the ARN, e.g.: // - // arn:aws:rds:ca-central-1:1234567890:db-proxy:prx-xxxyyyzzz + // arn:aws:rds:ca-central-1:123456789012:db-proxy:prx-xxxyyyzzz // // In this example, the arn.Resource is "db-proxy:prx-xxxyyyzzz", where the // resource type is "db-proxy" and the resource ID is "prx-xxxyyyzzz". diff --git a/lib/services/database_test.go b/lib/services/database_test.go index 13bee9fba66..945e3ba8570 100644 --- a/lib/services/database_test.go +++ b/lib/services/database_test.go @@ -204,7 +204,7 @@ func TestValidateDatabase(t *testing.T) { Protocol: defaults.ProtocolCassandra, AWS: types.AWS{ Region: "us-east-1", - AccountID: "1234567890", + AccountID: "123456789012", }, }, expectError: false, @@ -421,7 +421,7 @@ func TestDatabaseFromAzureRedisEnterprise(t *testing.T) { // TestDatabaseFromRDSInstance tests converting an RDS instance to a database resource. func TestDatabaseFromRDSInstance(t *testing.T) { instance := &rds.DBInstance{ - DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:instance-1"), + DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:instance-1"), DBInstanceIdentifier: aws.String("instance-1"), DBClusterIdentifier: aws.String("cluster-1"), DbiResourceId: aws.String("resource-1"), @@ -442,7 +442,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) { Description: "RDS instance in us-west-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-west-1", labelEngine: RDSEnginePostgres, labelEngineVersion: "13.0", @@ -453,7 +453,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) { Protocol: defaults.ProtocolPostgres, URI: "localhost:5432", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-west-1", RDS: types.RDS{ InstanceID: "instance-1", @@ -472,7 +472,7 @@ func TestDatabaseFromRDSInstance(t *testing.T) { // TestDatabaseFromRDSInstance tests converting an RDS instance to a database resource. func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) { instance := &rds.DBInstance{ - DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:instance-1"), + DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:instance-1"), DBInstanceIdentifier: aws.String("instance-1"), DBClusterIdentifier: aws.String("cluster-1"), DbiResourceId: aws.String("resource-1"), @@ -493,7 +493,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) { Description: "RDS instance in us-west-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-west-1", labelEngine: RDSEnginePostgres, labelEngineVersion: "13.0", @@ -505,7 +505,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) { Protocol: defaults.ProtocolPostgres, URI: "localhost:5432", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-west-1", RDS: types.RDS{ InstanceID: "instance-1", @@ -524,7 +524,7 @@ func TestDatabaseFromRDSInstanceNameOverride(t *testing.T) { // TestDatabaseFromRDSCluster tests converting an RDS cluster to a database resource. func TestDatabaseFromRDSCluster(t *testing.T) { cluster := &rds.DBCluster{ - DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:cluster-1"), + DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:cluster-1"), DBClusterIdentifier: aws.String("cluster-1"), DbClusterResourceId: aws.String("resource-1"), IAMDatabaseAuthenticationEnabled: aws.Bool(true), @@ -544,7 +544,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) { } expectedAWS := types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RDS: types.RDS{ ClusterID: "cluster-1", @@ -559,7 +559,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) { Description: "Aurora cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -583,7 +583,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) { Description: "Aurora cluster in us-east-1 (reader endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -604,7 +604,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) { t.Run("custom endpoints", func(t *testing.T) { expectedLabels := map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -659,7 +659,7 @@ func TestDatabaseFromRDSCluster(t *testing.T) { // TestDatabaseFromRDSClusterNameOverride tests converting an RDS cluster to a database resource with overridden name. func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { cluster := &rds.DBCluster{ - DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:cluster-1"), + DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:cluster-1"), DBClusterIdentifier: aws.String("cluster-1"), DbClusterResourceId: aws.String("resource-1"), IAMDatabaseAuthenticationEnabled: aws.Bool(true), @@ -679,7 +679,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { } expectedAWS := types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RDS: types.RDS{ ClusterID: "cluster-1", @@ -694,7 +694,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { Description: "Aurora cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -719,7 +719,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { Description: "Aurora cluster in us-east-1 (reader endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -741,7 +741,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { t.Run("custom endpoints", func(t *testing.T) { expectedLabels := map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEngine: RDSEngineAuroraMySQL, labelEngineVersion: "8.0.0", @@ -797,7 +797,7 @@ func TestDatabaseFromRDSClusterNameOverride(t *testing.T) { func TestDatabaseFromRDSProxy(t *testing.T) { var port int64 = 9999 dbProxy := &rds.DBProxy{ - DBProxyArn: aws.String("arn:aws:rds:ca-central-1:123456:db-proxy:prx-abcdef"), + DBProxyArn: aws.String("arn:aws:rds:ca-central-1:123456789012:db-proxy:prx-abcdef"), DBProxyName: aws.String("testproxy"), EngineFamily: aws.String(rds.EngineFamilyMysql), Endpoint: aws.String("proxy.rds.test"), @@ -808,7 +808,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) { Endpoint: aws.String("custom.proxy.rds.test"), DBProxyEndpointName: aws.String("custom"), DBProxyName: aws.String("testproxy"), - DBProxyEndpointArn: aws.String("arn:aws:rds:ca-central-1:123456:db-proxy-endpoint:prx-endpoint-abcdef"), + DBProxyEndpointArn: aws.String("arn:aws:rds:ca-central-1:123456789012:db-proxy-endpoint:prx-endpoint-abcdef"), TargetRole: aws.String(rds.DBProxyEndpointTargetRoleReadOnly), } @@ -824,7 +824,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) { Labels: map[string]string{ "key": "val", types.OriginLabel: types.OriginCloud, - labelAccountID: "123456", + labelAccountID: "123456789012", labelRegion: "ca-central-1", labelEngine: "MYSQL", labelVPCID: "test-vpc-id", @@ -834,7 +834,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) { URI: "proxy.rds.test:9999", AWS: types.AWS{ Region: "ca-central-1", - AccountID: "123456", + AccountID: "123456789012", RDSProxy: types.RDSProxy{ ResourceID: "prx-abcdef", Name: "testproxy", @@ -855,7 +855,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) { Labels: map[string]string{ "key": "val", types.OriginLabel: types.OriginCloud, - labelAccountID: "123456", + labelAccountID: "123456789012", labelRegion: "ca-central-1", labelEngine: "MYSQL", labelVPCID: "test-vpc-id", @@ -866,7 +866,7 @@ func TestDatabaseFromRDSProxy(t *testing.T) { URI: "custom.proxy.rds.test:9999", AWS: types.AWS{ Region: "ca-central-1", - AccountID: "123456", + AccountID: "123456789012", RDSProxy: types.RDSProxy{ ResourceID: "prx-abcdef", Name: "testproxy", @@ -946,7 +946,7 @@ func TestIsRDSClusterSupported(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { cluster := &rds.DBCluster{ - DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:test"), + DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:test"), DBClusterIdentifier: aws.String(test.name), DbClusterResourceId: aws.String(uuid.New().String()), Engine: aws.String(RDSEngineAuroraMySQL), @@ -996,7 +996,7 @@ func TestIsRDSInstanceSupported(t *testing.T) { for _, test := range tests { t.Run(test.name, func(t *testing.T) { cluster := &rds.DBInstance{ - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:1234567890:instance:test"), + DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:instance:test"), DBClusterIdentifier: aws.String(test.name), DbiResourceId: aws.String(uuid.New().String()), Engine: aws.String(test.engine), @@ -1025,7 +1025,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { t.Run("success", func(t *testing.T) { cluster := &redshift.Cluster{ ClusterIdentifier: aws.String("mycluster"), - ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:1234567890:namespace:u-u-i-d"), + ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:123456789012:namespace:u-u-i-d"), Endpoint: &redshift.Endpoint{ Address: aws.String("localhost"), Port: aws.Int64(5439), @@ -1046,7 +1046,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { Description: "Redshift cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", "key": "val", "elasticbeanstalk:environment-id": "id", @@ -1055,7 +1055,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { Protocol: defaults.ProtocolPostgres, URI: "localhost:5439", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", Redshift: types.Redshift{ ClusterID: "mycluster", @@ -1073,7 +1073,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { t.Run("success with name override", func(t *testing.T) { cluster := &redshift.Cluster{ ClusterIdentifier: aws.String("mycluster"), - ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:1234567890:namespace:u-u-i-d"), + ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-1:123456789012:namespace:u-u-i-d"), Endpoint: &redshift.Endpoint{ Address: aws.String("localhost"), Port: aws.Int64(5439), @@ -1098,7 +1098,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { Description: "Redshift cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelTeleportDBName: "mycluster-override-2", "key": "val", @@ -1108,7 +1108,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { Protocol: defaults.ProtocolPostgres, URI: "localhost:5439", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", Redshift: types.Redshift{ ClusterID: "mycluster", @@ -1134,7 +1134,7 @@ func TestDatabaseFromRedshiftCluster(t *testing.T) { func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) { cluster := &elasticache.ReplicationGroup{ - ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"), + ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"), ReplicationGroupId: aws.String("my-cluster"), Status: aws.String("available"), TransitEncryptionEnabled: aws.Bool(true), @@ -1176,7 +1176,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) { Description: "ElastiCache cluster in us-east-1 (configuration endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "configuration", "key": "value", @@ -1185,7 +1185,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "configuration.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1204,7 +1204,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpoint(t *testing.T) { func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T) { cluster := &elasticache.ReplicationGroup{ - ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"), + ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"), ReplicationGroupId: aws.String("my-cluster"), Status: aws.String("available"), TransitEncryptionEnabled: aws.Bool(true), @@ -1249,7 +1249,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T) Description: "ElastiCache cluster in us-east-1 (configuration endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "configuration", labelTeleportDBName: "my-override-cluster-2", @@ -1259,7 +1259,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T) Protocol: defaults.ProtocolRedis, URI: "configuration.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1278,7 +1278,7 @@ func TestDatabaseFromElastiCacheConfigurationEndpointNameOverride(t *testing.T) func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { cluster := &elasticache.ReplicationGroup{ - ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"), + ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"), ReplicationGroupId: aws.String("my-cluster"), Status: aws.String("available"), TransitEncryptionEnabled: aws.Bool(true), @@ -1305,7 +1305,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { Description: "ElastiCache cluster in us-east-1 (primary endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "primary", "key": "value", @@ -1314,7 +1314,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "primary.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1331,7 +1331,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { Description: "ElastiCache cluster in us-east-1 (reader endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "reader", "key": "value", @@ -1340,7 +1340,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "reader.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1359,7 +1359,7 @@ func TestDatabaseFromElastiCacheNodeGroups(t *testing.T) { func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { cluster := &elasticache.ReplicationGroup{ - ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:replicationgroup:my-cluster"), + ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:replicationgroup:my-cluster"), ReplicationGroupId: aws.String("my-cluster"), Status: aws.String("available"), TransitEncryptionEnabled: aws.Bool(true), @@ -1389,7 +1389,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { Description: "ElastiCache cluster in us-east-1 (primary endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "primary", labelTeleportDBName: "my-override-cluster-2", @@ -1399,7 +1399,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "primary.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1416,7 +1416,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { Description: "ElastiCache cluster in us-east-1 (reader endpoint)", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "reader", labelTeleportDBName: "my-override-cluster-2", @@ -1426,7 +1426,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "reader.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-cluster", @@ -1445,7 +1445,7 @@ func TestDatabaseFromElastiCacheNodeGroupsNameOverride(t *testing.T) { func TestDatabaseFromMemoryDBCluster(t *testing.T) { cluster := &memorydb.Cluster{ - ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:cluster:my-cluster"), + ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:cluster:my-cluster"), Name: aws.String("my-cluster"), Status: aws.String("available"), TLSEnabled: aws.Bool(true), @@ -1462,7 +1462,7 @@ func TestDatabaseFromMemoryDBCluster(t *testing.T) { Description: "MemoryDB cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "cluster", "key": "value", @@ -1471,7 +1471,7 @@ func TestDatabaseFromMemoryDBCluster(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "memorydb.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", MemoryDB: types.MemoryDB{ ClusterName: "my-cluster", @@ -1496,7 +1496,7 @@ func TestDatabaseFromRedshiftServerlessWorkgroup(t *testing.T) { Description: "Redshift Serverless workgroup in eu-west-2", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "eu-west-2", labelEndpointType: "workgroup", labelNamespace: "my-namespace", @@ -1505,9 +1505,9 @@ func TestDatabaseFromRedshiftServerlessWorkgroup(t *testing.T) { }, }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, - URI: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439", + URI: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "eu-west-2", RedshiftServerless: types.RedshiftServerless{ WorkgroupName: "my-workgroup", @@ -1531,7 +1531,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) { Description: "Redshift Serverless endpoint in eu-west-2", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "eu-west-2", labelEndpointType: "vpc-endpoint", labelWorkgroup: "my-workgroup", @@ -1541,9 +1541,9 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) { }, }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, - URI: "my-endpoint-endpoint-xxxyyyzzz.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439", + URI: "my-endpoint-endpoint-xxxyyyzzz.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "eu-west-2", RedshiftServerless: types.RedshiftServerless{ WorkgroupName: "my-workgroup", @@ -1552,7 +1552,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) { }, }, TLS: types.DatabaseTLS{ - ServerName: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com", + ServerName: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com", }, }) require.NoError(t, err) @@ -1564,7 +1564,7 @@ func TestDatabaseFromRedshiftServerlessVPCEndpoint(t *testing.T) { func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) { cluster := &memorydb.Cluster{ - ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:cluster:my-cluster"), + ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:cluster:my-cluster"), Name: aws.String("my-cluster"), Status: aws.String("available"), TLSEnabled: aws.Bool(true), @@ -1584,7 +1584,7 @@ func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) { Description: "MemoryDB cluster in us-east-1", Labels: map[string]string{ types.OriginLabel: types.OriginCloud, - labelAccountID: "1234567890", + labelAccountID: "123456789012", labelRegion: "us-east-1", labelEndpointType: "cluster", labelTeleportDBName: "override-1", @@ -1594,7 +1594,7 @@ func TestDatabaseFromMemoryDBClusterNameOverride(t *testing.T) { Protocol: defaults.ProtocolRedis, URI: "memorydb.localhost:6379", AWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", MemoryDB: types.MemoryDB{ ClusterName: "my-cluster", diff --git a/lib/srv/app/aws/handler_test.go b/lib/srv/app/aws/handler_test.go index 55c1366a367..7bfd3390565 100644 --- a/lib/srv/app/aws/handler_test.go +++ b/lib/srv/app/aws/handler_test.go @@ -323,7 +323,7 @@ func createSuite(t *testing.T, mockAWSHandler http.HandlerFunc, app types.Applic Username: "user", Expires: clock.Now().Add(time.Hour), RouteToApp: tlsca.RouteToApp{ - AWSRoleARN: "arn:aws:iam::123456789:role/test", + AWSRoleARN: "arn:aws:iam::123456789012:role/test", }, } diff --git a/lib/srv/app/cloud_test.go b/lib/srv/app/cloud_test.go index 63e110f5bed..984c2d7a82b 100644 --- a/lib/srv/app/cloud_test.go +++ b/lib/srv/app/cloud_test.go @@ -165,7 +165,7 @@ func TestCloudGetFederationDuration(t *testing.T) { req := &AWSSigninRequest{ Identity: &tlsca.Identity{ RouteToApp: tlsca.RouteToApp{ - AWSRoleARN: "arn:aws:iam::123456789:role/test", + AWSRoleARN: "arn:aws:iam::123456789012:role/test", }, Expires: test.expiresAt, }, @@ -269,7 +269,7 @@ func TestCloudGetAWSSigninToken(t *testing.T) { req := &AWSSigninRequest{ Identity: &tlsca.Identity{ RouteToApp: tlsca.RouteToApp{ - AWSRoleARN: "arn:aws:iam::123456789:role/test", + AWSRoleARN: "arn:aws:iam::123456789012:role/test", }, Expires: time.Now().Add(24 * time.Hour), }, diff --git a/lib/srv/db/ca_test.go b/lib/srv/db/ca_test.go index 410bf4167fd..bfaf267196e 100644 --- a/lib/srv/db/ca_test.go +++ b/lib/srv/db/ca_test.go @@ -80,7 +80,7 @@ func TestInitCACert(t *testing.T) { URI: "localhost:5432", AWS: types.AWS{ Region: "us-east-1", - AccountID: "1234567890", + AccountID: "123456789012", RedshiftServerless: types.RedshiftServerless{ WorkgroupName: "workgroup", }, diff --git a/lib/srv/db/cloud/iam_test.go b/lib/srv/db/cloud/iam_test.go index d449f087a4d..dc022ed60fe 100644 --- a/lib/srv/db/cloud/iam_test.go +++ b/lib/srv/db/cloud/iam_test.go @@ -46,25 +46,25 @@ func TestAWSIAM(t *testing.T) { // Setup AWS database objects. rdsInstance := &rds.DBInstance{ - DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:postgres-rds"), + DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:postgres-rds"), DBInstanceIdentifier: aws.String("postgres-rds"), DbiResourceId: aws.String("db-xyz"), } auroraCluster := &rds.DBCluster{ - DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:postgres-aurora"), + DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:postgres-aurora"), DBClusterIdentifier: aws.String("postgres-aurora"), DbClusterResourceId: aws.String("cluster-xyz"), } redshiftCluster := &redshift.Cluster{ - ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:1234567890:namespace:namespace-xyz"), + ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:123456789012:namespace:namespace-xyz"), ClusterIdentifier: aws.String("redshift-cluster-1"), } // Configure mocks. stsClient := &mocks.STSMock{ - ARN: "arn:aws:iam::1234567890:role/test-role", + ARN: "arn:aws:iam::123456789012:role/test-role", } rdsClient := &mocks.RDSMock{ @@ -84,7 +84,7 @@ func TestAWSIAM(t *testing.T) { }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, URI: "localhost", - AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}}, + AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}}, }) require.NoError(t, err) @@ -93,7 +93,7 @@ func TestAWSIAM(t *testing.T) { }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, URI: "localhost", - AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}}, + AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}}, }) require.NoError(t, err) @@ -102,7 +102,7 @@ func TestAWSIAM(t *testing.T) { }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, URI: "localhost", - AWS: types.AWS{Region: "localhost", AccountID: "1234567890", RDSProxy: types.RDSProxy{Name: "rds-proxy", ResourceID: "rds-proxy-resource-id"}}, + AWS: types.AWS{Region: "localhost", AccountID: "123456789012", RDSProxy: types.RDSProxy{Name: "rds-proxy", ResourceID: "rds-proxy-resource-id"}}, }) require.NoError(t, err) @@ -111,7 +111,7 @@ func TestAWSIAM(t *testing.T) { }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, URI: "localhost", - AWS: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, + AWS: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, }) require.NoError(t, err) @@ -227,7 +227,7 @@ func TestAWSIAMNoPermissions(t *testing.T) { // Create unauthorized mocks for AWS services. stsClient := &mocks.STSMock{ - ARN: "arn:aws:iam::1234567890:role/test-role", + ARN: "arn:aws:iam::123456789012:role/test-role", } // Make configurator. configurator, err := NewIAM(ctx, IAMConfig{ @@ -244,7 +244,7 @@ func TestAWSIAMNoPermissions(t *testing.T) { }{ { name: "RDS database", - meta: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}}, + meta: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{InstanceID: "postgres-rds", ResourceID: "postgres-rds-resource-id"}}, clients: &clients.TestCloudClients{ RDS: &mocks.RDSMockUnauth{}, IAM: &mocks.IAMErrorMock{ @@ -255,7 +255,7 @@ func TestAWSIAMNoPermissions(t *testing.T) { }, { name: "Aurora cluster", - meta: types.AWS{Region: "localhost", AccountID: "1234567890", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}}, + meta: types.AWS{Region: "localhost", AccountID: "123456789012", RDS: types.RDS{ClusterID: "postgres-aurora", ResourceID: "postgres-aurora-resource-id"}}, clients: &clients.TestCloudClients{ RDS: &mocks.RDSMockUnauth{}, IAM: &mocks.IAMErrorMock{ @@ -277,7 +277,7 @@ func TestAWSIAMNoPermissions(t *testing.T) { }, { name: "Redshift cluster", - meta: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, + meta: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, clients: &clients.TestCloudClients{ Redshift: &mocks.RedshiftMockUnauth{}, IAM: &mocks.IAMErrorMock{ @@ -288,7 +288,7 @@ func TestAWSIAMNoPermissions(t *testing.T) { }, { name: "IAM UnmodifiableEntityException", - meta: types.AWS{Region: "localhost", AccountID: "1234567890", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, + meta: types.AWS{Region: "localhost", AccountID: "123456789012", Redshift: types.Redshift{ClusterID: "redshift-cluster-1"}}, clients: &clients.TestCloudClients{ Redshift: &mocks.RedshiftMockUnauth{}, IAM: &mocks.IAMErrorMock{ diff --git a/lib/srv/db/cloud/meta_test.go b/lib/srv/db/cloud/meta_test.go index 042d1c875ed..dee212b16e4 100644 --- a/lib/srv/db/cloud/meta_test.go +++ b/lib/srv/db/cloud/meta_test.go @@ -41,14 +41,14 @@ func TestAWSMetadata(t *testing.T) { DBInstances: []*rds.DBInstance{ // Standalone RDS instance. { - DBInstanceArn: aws.String("arn:aws:rds:us-west-1:1234567890:db:postgres-rds"), + DBInstanceArn: aws.String("arn:aws:rds:us-west-1:123456789012:db:postgres-rds"), DBInstanceIdentifier: aws.String("postgres-rds"), DbiResourceId: aws.String("db-xyz"), IAMDatabaseAuthenticationEnabled: aws.Bool(true), }, // Instance that is a part of an Aurora cluster. { - DBInstanceArn: aws.String("arn:aws:rds:us-east-1:1234567890:db:postgres-aurora-1"), + DBInstanceArn: aws.String("arn:aws:rds:us-east-1:123456789012:db:postgres-aurora-1"), DBInstanceIdentifier: aws.String("postgres-aurora-1"), DBClusterIdentifier: aws.String("postgres-aurora"), }, @@ -56,14 +56,14 @@ func TestAWSMetadata(t *testing.T) { DBClusters: []*rds.DBCluster{ // Aurora cluster. { - DBClusterArn: aws.String("arn:aws:rds:us-east-1:1234567890:cluster:postgres-aurora"), + DBClusterArn: aws.String("arn:aws:rds:us-east-1:123456789012:cluster:postgres-aurora"), DBClusterIdentifier: aws.String("postgres-aurora"), DbClusterResourceId: aws.String("cluster-xyz"), }, }, DBProxies: []*rds.DBProxy{ { - DBProxyArn: aws.String("arn:aws:rds:us-east-1:1234567890:db-proxy:prx-resource-id"), + DBProxyArn: aws.String("arn:aws:rds:us-east-1:123456789012:db-proxy:prx-resource-id"), DBProxyName: aws.String("rds-proxy"), }, }, @@ -79,11 +79,11 @@ func TestAWSMetadata(t *testing.T) { redshift := &mocks.RedshiftMock{ Clusters: []*redshift.Cluster{ { - ClusterNamespaceArn: aws.String("arn:aws:redshift:us-west-1:1234567890:namespace:namespace-id"), + ClusterNamespaceArn: aws.String("arn:aws:redshift:us-west-1:123456789012:namespace:namespace-id"), ClusterIdentifier: aws.String("redshift-cluster-1"), }, { - ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:0987654321:namespace:namespace-id"), + ClusterNamespaceArn: aws.String("arn:aws:redshift:us-east-2:210987654321:namespace:namespace-id"), ClusterIdentifier: aws.String("redshift-cluster-2"), }, }, @@ -93,7 +93,7 @@ func TestAWSMetadata(t *testing.T) { elasticache := &mocks.ElastiCacheMock{ ReplicationGroups: []*elasticache.ReplicationGroup{ { - ARN: aws.String("arn:aws:elasticache:us-west-1:123456789:replicationgroup:my-redis"), + ARN: aws.String("arn:aws:elasticache:us-west-1:123456789012:replicationgroup:my-redis"), ReplicationGroupId: aws.String("my-redis"), ClusterEnabled: aws.Bool(true), TransitEncryptionEnabled: aws.Bool(true), @@ -106,7 +106,7 @@ func TestAWSMetadata(t *testing.T) { memorydb := &mocks.MemoryDBMock{ Clusters: []*memorydb.Cluster{ { - ARN: aws.String("arn:aws:memorydb:us-west-1:123456789:cluster:my-cluster"), + ARN: aws.String("arn:aws:memorydb:us-west-1:123456789012:cluster:my-cluster"), Name: aws.String("my-cluster"), TLSEnabled: aws.Bool(true), ACLName: aws.String("my-user-group"), @@ -148,7 +148,7 @@ func TestAWSMetadata(t *testing.T) { }, outAWS: types.AWS{ Region: "us-west-1", - AccountID: "1234567890", + AccountID: "123456789012", RDS: types.RDS{ InstanceID: "postgres-rds", ResourceID: "db-xyz", @@ -165,7 +165,7 @@ func TestAWSMetadata(t *testing.T) { }, outAWS: types.AWS{ Region: "us-east-1", - AccountID: "1234567890", + AccountID: "123456789012", RDS: types.RDS{ ClusterID: "postgres-aurora", ResourceID: "cluster-xyz", @@ -181,7 +181,7 @@ func TestAWSMetadata(t *testing.T) { }, outAWS: types.AWS{ Region: "us-east-1", - AccountID: "1234567890", + AccountID: "123456789012", RDS: types.RDS{ ClusterID: "postgres-aurora", ResourceID: "cluster-xyz", @@ -196,7 +196,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-west-1", Redshift: types.Redshift{ ClusterID: "redshift-cluster-1", @@ -211,7 +211,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "0987654321", + AccountID: "210987654321", Region: "us-east-2", Redshift: types.Redshift{ ClusterID: "redshift-cluster-2", @@ -227,7 +227,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "123456789", + AccountID: "123456789012", Region: "us-west-1", ElastiCache: types.ElastiCache{ ReplicationGroupID: "my-redis", @@ -246,7 +246,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "123456789", + AccountID: "123456789012", Region: "us-west-1", MemoryDB: types.MemoryDB{ ClusterName: "my-cluster", @@ -265,7 +265,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RDSProxy: types.RDSProxy{ Name: "rds-proxy", @@ -282,7 +282,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-east-1", RDSProxy: types.RDSProxy{ Name: "rds-proxy", @@ -300,7 +300,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-west-1", RedshiftServerless: types.RedshiftServerless{ WorkgroupName: "my-workgroup", @@ -317,7 +317,7 @@ func TestAWSMetadata(t *testing.T) { }, }, outAWS: types.AWS{ - AccountID: "1234567890", + AccountID: "123456789012", Region: "us-west-1", RedshiftServerless: types.RedshiftServerless{ WorkgroupName: "my-workgroup", diff --git a/lib/srv/db/cloud/users/helpers_test.go b/lib/srv/db/cloud/users/helpers_test.go index d06c8a2ce66..0755f90835c 100644 --- a/lib/srv/db/cloud/users/helpers_test.go +++ b/lib/srv/db/cloud/users/helpers_test.go @@ -115,9 +115,9 @@ func TestSecretKeyFromAWSARN(t *testing.T) { _, err := secretKeyFromAWSARN("invalid:arn") require.True(t, trace.IsBadParameter(err)) - key, err := secretKeyFromAWSARN("arn:aws-cn:elasticache:cn-north-1:1234567890:user:alice") + key, err := secretKeyFromAWSARN("arn:aws-cn:elasticache:cn-north-1:123456789012:user:alice") require.NoError(t, err) - require.Equal(t, "elasticache/cn-north-1/1234567890/user/alice", key) + require.Equal(t, "elasticache/cn-north-1/123456789012/user/alice", key) } type mockUser struct { diff --git a/lib/srv/db/cloud/users/users_test.go b/lib/srv/db/cloud/users/users_test.go index ebae1e9c0b7..e66299decce 100644 --- a/lib/srv/db/cloud/users/users_test.go +++ b/lib/srv/db/cloud/users/users_test.go @@ -135,7 +135,7 @@ func mustCreateElastiCacheDatabase(t *testing.T, name string, userGroupIDs ...st Name: name, }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolRedis, - URI: "master.redis-cluster.1234567890.use1.cache.amazonaws.com:6379", + URI: "master.redis-cluster.123456789012.use1.cache.amazonaws.com:6379", AWS: types.AWS{ ElastiCache: types.ElastiCache{ UserGroupIDs: userGroupIDs, @@ -176,7 +176,7 @@ func mustCreateRDSDatabase(t *testing.T, name string) types.Database { func elastiCacheUser(name string, groupIDs ...string) *elasticache.User { return &elasticache.User{ UserId: aws.String(name), - ARN: aws.String("arn:aws:elasticache:us-east-1:1234567890:user:" + name), + ARN: aws.String("arn:aws:elasticache:us-east-1:123456789012:user:" + name), UserName: aws.String(name), UserGroupIds: aws.StringSlice(groupIDs), } @@ -184,7 +184,7 @@ func elastiCacheUser(name string, groupIDs ...string) *elasticache.User { func memoryDBUser(name string, aclNames ...string) *memorydb.User { return &memorydb.User{ - ARN: aws.String("arn:aws:memorydb:us-east-1:1234567890:user/" + name), + ARN: aws.String("arn:aws:memorydb:us-east-1:123456789012:user/" + name), Name: aws.String(name), ACLNames: aws.StringSlice(aclNames), } diff --git a/lib/srv/db/common/auth_test.go b/lib/srv/db/common/auth_test.go index 229288efc53..48b00f05940 100644 --- a/lib/srv/db/common/auth_test.go +++ b/lib/srv/db/common/auth_test.go @@ -393,24 +393,24 @@ func TestRedshiftServerlessUsernameToRoleARN(t *testing.T) { expectError bool }{ { - inputUsername: "arn:aws:iam::1234567890:role/rolename", - expectRoleARN: "arn:aws:iam::1234567890:role/rolename", + inputUsername: "arn:aws:iam::123456789012:role/rolename", + expectRoleARN: "arn:aws:iam::123456789012:role/rolename", }, { - inputUsername: "arn:aws:iam::1234567890:user/user", + inputUsername: "arn:aws:iam::123456789012:user/user", expectError: true, }, { - inputUsername: "arn:aws:not-iam::1234567890:role/rolename", + inputUsername: "arn:aws:not-iam::123456789012:role/rolename", expectError: true, }, { inputUsername: "role/rolename", - expectRoleARN: "arn:aws:iam::1234567890:role/rolename", + expectRoleARN: "arn:aws:iam::123456789012:role/rolename", }, { inputUsername: "rolename", - expectRoleARN: "arn:aws:iam::1234567890:role/rolename", + expectRoleARN: "arn:aws:iam::123456789012:role/rolename", }, { inputUsername: "IAM:user", @@ -520,7 +520,7 @@ func newRedshiftServerlessDatabase(t *testing.T) types.Database { Name: "test-database", }, types.DatabaseSpecV3{ Protocol: defaults.ProtocolPostgres, - URI: "my-workgroup.1234567890.eu-west-2.redshift-serverless.amazonaws.com:5439", + URI: "my-workgroup.123456789012.eu-west-2.redshift-serverless.amazonaws.com:5439", }) require.NoError(t, err) return database diff --git a/lib/srv/db/common/iam/aws_test.go b/lib/srv/db/common/iam/aws_test.go index cba9b56902d..dc0f705b22b 100644 --- a/lib/srv/db/common/iam/aws_test.go +++ b/lib/srv/db/common/iam/aws_test.go @@ -40,7 +40,7 @@ func TestGetAWSPolicyDocument(t *testing.T) { Protocol: "postgres", URI: "instance.abcdefghijklmnop.us-east-1.rds.amazonaws.com:5438", AWS: types.AWS{ - AccountID: "12345", + AccountID: "123456789012", RDS: types.RDS{ ResourceID: "abcdef", }, @@ -54,7 +54,7 @@ func TestGetAWSPolicyDocument(t *testing.T) { Protocol: "postgres", URI: "my-proxy.proxy-abcdefghijklmnop.us-west-1.rds.amazonaws.com:5432", AWS: types.AWS{ - AccountID: "12345", + AccountID: "123456789012", RDSProxy: types.RDSProxy{ ResourceID: "qwerty", }, @@ -102,7 +102,7 @@ func TestGetAWSPolicyDocument(t *testing.T) { { "Effect": "Allow", "Action": "rds-db:connect", - "Resource": "arn:aws:rds-db:us-east-1:12345:dbuser:abcdef/*" + "Resource": "arn:aws:rds-db:us-east-1:123456789012:dbuser:abcdef/*" } ] }`, @@ -115,7 +115,7 @@ func TestGetAWSPolicyDocument(t *testing.T) { { "Effect": "Allow", "Action": "rds-db:connect", - "Resource": "arn:aws:rds-db:us-west-1:12345:dbuser:qwerty/*" + "Resource": "arn:aws:rds-db:us-west-1:123456789012:dbuser:qwerty/*" } ] }`, diff --git a/lib/srv/db/secrets/aws_mocks.go b/lib/srv/db/secrets/aws_mocks.go index 9485450fee2..b447ada562b 100644 --- a/lib/srv/db/secrets/aws_mocks.go +++ b/lib/srv/db/secrets/aws_mocks.go @@ -44,7 +44,7 @@ func (c *MockSecretsManagerClientConfig) SetDefaults() { c.Region = "us-east-1" } if c.Account == "" { - c.Account = "1234567890" + c.Account = "123456789012" } if c.Clock == nil { c.Clock = clockwork.NewFakeClock() diff --git a/lib/srv/db/secrets/aws_secrets_manager_test.go b/lib/srv/db/secrets/aws_secrets_manager_test.go index 5f56c15beb6..97d429c0840 100644 --- a/lib/srv/db/secrets/aws_secrets_manager_test.go +++ b/lib/srv/db/secrets/aws_secrets_manager_test.go @@ -77,7 +77,7 @@ func TestAWSSecretsManager(t *testing.T) { SecretId: aws.String("teleport/key"), }) require.NoError(t, err) - require.Equal(t, "arn:aws:kms:us-east-1:1234567890:alias/aws/secretsmanager", aws.StringValue(output1.KmsKeyId)) + require.Equal(t, "arn:aws:kms:us-east-1:123456789012:alias/aws/secretsmanager", aws.StringValue(output1.KmsKeyId)) // Create secret for the second time with custom KMS. Create returns // IsAlreadyExists but KMSKeyID should be updated. diff --git a/lib/srv/discovery/fetchers/db/aws_elasticache_test.go b/lib/srv/discovery/fetchers/db/aws_elasticache_test.go index 7c71bfb757b..cf4ca200002 100644 --- a/lib/srv/discovery/fetchers/db/aws_elasticache_test.go +++ b/lib/srv/discovery/fetchers/db/aws_elasticache_test.go @@ -113,7 +113,7 @@ func TestElastiCacheFetcher(t *testing.T) { func makeElastiCacheCluster(t *testing.T, name, region, env string, opts ...func(*elasticache.ReplicationGroup)) (*elasticache.ReplicationGroup, types.Database, []*elasticache.Tag) { cluster := &elasticache.ReplicationGroup{ - ARN: aws.String(fmt.Sprintf("arn:aws:elasticache:%s:123456789:replicationgroup:%s", region, name)), + ARN: aws.String(fmt.Sprintf("arn:aws:elasticache:%s:123456789012:replicationgroup:%s", region, name)), ReplicationGroupId: aws.String(name), Status: aws.String("available"), TransitEncryptionEnabled: aws.Bool(true), diff --git a/lib/srv/discovery/fetchers/db/aws_memorydb_test.go b/lib/srv/discovery/fetchers/db/aws_memorydb_test.go index 71f699d0190..0ceaf52d234 100644 --- a/lib/srv/discovery/fetchers/db/aws_memorydb_test.go +++ b/lib/srv/discovery/fetchers/db/aws_memorydb_test.go @@ -112,7 +112,7 @@ func TestMemoryDBFetcher(t *testing.T) { func makeMemoryDBCluster(t *testing.T, name, region, env string, opts ...func(*memorydb.Cluster)) (*memorydb.Cluster, types.Database, []*memorydb.Tag) { cluster := &memorydb.Cluster{ - ARN: aws.String(fmt.Sprintf("arn:aws:memorydb:%s:123456789:cluster:%s", region, name)), + ARN: aws.String(fmt.Sprintf("arn:aws:memorydb:%s:123456789012:cluster:%s", region, name)), Name: aws.String(name), Status: aws.String("available"), TLSEnabled: aws.Bool(true), diff --git a/lib/srv/discovery/fetchers/db/aws_rds_proxy_test.go b/lib/srv/discovery/fetchers/db/aws_rds_proxy_test.go index 899a2f46ab8..51eefb20256 100644 --- a/lib/srv/discovery/fetchers/db/aws_rds_proxy_test.go +++ b/lib/srv/discovery/fetchers/db/aws_rds_proxy_test.go @@ -76,7 +76,7 @@ func TestRDSDBProxyFetcher(t *testing.T) { func makeRDSProxy(t *testing.T, name, region, vpcID string) (*rds.DBProxy, types.Database) { rdsProxy := &rds.DBProxy{ - DBProxyArn: aws.String(fmt.Sprintf("arn:aws:rds:%s:1234567890:db-proxy:prx-%s", region, name)), + DBProxyArn: aws.String(fmt.Sprintf("arn:aws:rds:%s:123456789012:db-proxy:prx-%s", region, name)), DBProxyName: aws.String(name), EngineFamily: aws.String(rds.EngineFamilyMysql), Endpoint: aws.String("localhost"), @@ -95,7 +95,7 @@ func makeRDSProxyCustomEndpoint(t *testing.T, rdsProxy *rds.DBProxy, name, regio Endpoint: aws.String("localhost"), DBProxyEndpointName: aws.String(name), DBProxyName: rdsProxy.DBProxyName, - DBProxyEndpointArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456:db-proxy-endpoint:prx-endpoint-%v", region, name)), + DBProxyEndpointArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:db-proxy-endpoint:prx-endpoint-%v", region, name)), TargetRole: aws.String(rds.DBProxyEndpointTargetRoleReadOnly), Status: aws.String("available"), } diff --git a/lib/srv/discovery/fetchers/db/aws_rds_test.go b/lib/srv/discovery/fetchers/db/aws_rds_test.go index 26a857140c9..0ed3a6b7981 100644 --- a/lib/srv/discovery/fetchers/db/aws_rds_test.go +++ b/lib/srv/discovery/fetchers/db/aws_rds_test.go @@ -220,7 +220,7 @@ func TestRDSFetchers(t *testing.T) { func makeRDSInstance(t *testing.T, name, region string, labels map[string]string, opts ...func(*rds.DBInstance)) (*rds.DBInstance, types.Database) { instance := &rds.DBInstance{ - DBInstanceArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:db:%v", region, name)), + DBInstanceArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:db:%v", region, name)), DBInstanceIdentifier: aws.String(name), DbiResourceId: aws.String(uuid.New().String()), Engine: aws.String(services.RDSEnginePostgres), @@ -242,7 +242,7 @@ func makeRDSInstance(t *testing.T, name, region string, labels map[string]string func makeRDSCluster(t *testing.T, name, region string, labels map[string]string, opts ...func(*rds.DBCluster)) (*rds.DBCluster, types.Database) { cluster := &rds.DBCluster{ - DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:cluster:%v", region, name)), + DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:cluster:%v", region, name)), DBClusterIdentifier: aws.String(name), DbClusterResourceId: aws.String(uuid.New().String()), Engine: aws.String(services.RDSEngineAuroraMySQL), @@ -266,7 +266,7 @@ func makeRDSCluster(t *testing.T, name, region string, labels map[string]string, func makeRDSClusterWithExtraEndpoints(t *testing.T, name, region string, labels map[string]string, hasWriter bool) (*rds.DBCluster, types.Databases) { cluster := &rds.DBCluster{ - DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:1234567890:cluster:%v", region, name)), + DBClusterArn: aws.String(fmt.Sprintf("arn:aws:rds:%v:123456789012:cluster:%v", region, name)), DBClusterIdentifier: aws.String(name), DbClusterResourceId: aws.String(uuid.New().String()), Engine: aws.String(services.RDSEngineAuroraMySQL), diff --git a/lib/srv/discovery/fetchers/db/aws_redshift_test.go b/lib/srv/discovery/fetchers/db/aws_redshift_test.go index 623e03e3803..c8103033380 100644 --- a/lib/srv/discovery/fetchers/db/aws_redshift_test.go +++ b/lib/srv/discovery/fetchers/db/aws_redshift_test.go @@ -90,7 +90,7 @@ func TestRedshiftFetcher(t *testing.T) { func makeRedshiftCluster(t *testing.T, region, env string, opts ...func(*redshift.Cluster)) (*redshift.Cluster, types.Database) { cluster := &redshift.Cluster{ ClusterIdentifier: aws.String(env), - ClusterNamespaceArn: aws.String(fmt.Sprintf("arn:aws:redshift:%s:1234567890:namespace:%s", region, env)), + ClusterNamespaceArn: aws.String(fmt.Sprintf("arn:aws:redshift:%s:123456789012:namespace:%s", region, env)), ClusterStatus: aws.String("available"), Endpoint: &redshift.Endpoint{ Address: aws.String("localhost"), diff --git a/lib/utils/aws/aws_test.go b/lib/utils/aws/aws_test.go index cebdc7cc944..4b0cdfa0120 100644 --- a/lib/utils/aws/aws_test.go +++ b/lib/utils/aws/aws_test.go @@ -93,22 +93,22 @@ func TestExtractCredFromAuthHeader(t *testing.T) { // TestFilterAWSRoles verifies filtering AWS role ARNs by AWS account ID. func TestFilterAWSRoles(t *testing.T) { acc1ARN1 := Role{ - ARN: "arn:aws:iam::1234567890:role/EC2FullAccess", + ARN: "arn:aws:iam::123456789012:role/EC2FullAccess", Display: "EC2FullAccess", Name: "EC2FullAccess", } acc1ARN2 := Role{ - ARN: "arn:aws:iam::1234567890:role/EC2ReadOnly", + ARN: "arn:aws:iam::123456789012:role/EC2ReadOnly", Display: "EC2ReadOnly", Name: "EC2ReadOnly", } acc1ARN3 := Role{ - ARN: "arn:aws:iam::1234567890:role/path/to/customrole", + ARN: "arn:aws:iam::123456789012:role/path/to/customrole", Display: "customrole", Name: "path/to/customrole", } acc2ARN1 := Role{ - ARN: "arn:aws:iam::0987654321:role/test-role", + ARN: "arn:aws:iam::210987654321:role/test-role", Display: "test-role", Name: "test-role", } @@ -125,12 +125,12 @@ func TestFilterAWSRoles(t *testing.T) { }{ { name: "first account roles", - accountID: "1234567890", + accountID: "123456789012", outARNs: Roles{acc1ARN1, acc1ARN2, acc1ARN3}, }, { name: "second account roles", - accountID: "0987654321", + accountID: "210987654321", outARNs: Roles{acc2ARN1}, }, { @@ -146,18 +146,18 @@ func TestFilterAWSRoles(t *testing.T) { func TestRoles(t *testing.T) { arns := []string{ - "arn:aws:iam::1234567890:role/test-role", - "arn:aws:iam::1234567890:role/EC2FullAccess", - "arn:aws:iam::1234567890:role/path/to/EC2FullAccess", + "arn:aws:iam::123456789012:role/test-role", + "arn:aws:iam::123456789012:role/EC2FullAccess", + "arn:aws:iam::123456789012:role/path/to/EC2FullAccess", } - roles := FilterAWSRoles(arns, "1234567890") + roles := FilterAWSRoles(arns, "123456789012") require.Len(t, roles, 3) t.Run("Sort", func(t *testing.T) { roles.Sort() - require.Equal(t, "arn:aws:iam::1234567890:role/EC2FullAccess", roles[0].ARN) - require.Equal(t, "arn:aws:iam::1234567890:role/path/to/EC2FullAccess", roles[1].ARN) - require.Equal(t, "arn:aws:iam::1234567890:role/test-role", roles[2].ARN) + require.Equal(t, "arn:aws:iam::123456789012:role/EC2FullAccess", roles[0].ARN) + require.Equal(t, "arn:aws:iam::123456789012:role/path/to/EC2FullAccess", roles[1].ARN) + require.Equal(t, "arn:aws:iam::123456789012:role/test-role", roles[2].ARN) }) t.Run("FindRoleByARN", func(t *testing.T) { @@ -170,7 +170,7 @@ func TestRoles(t *testing.T) { }) t.Run("not found", func(t *testing.T) { - _, found := roles.FindRoleByARN("arn:aws:iam::1234567889:role/unknown") + _, found := roles.FindRoleByARN("arn:aws:iam::123456788912:role/unknown") require.False(t, found) }) })