Skip to content

Commit

Permalink
fix up URL/URI validation
Browse files Browse the repository at this point in the history
  • Loading branch information
@manicminer
manicminer committed Oct 17, 2023
1 parent b46649e commit 009b180
Show file tree
Hide file tree
Showing 6 changed files with 143 additions and 179 deletions.
12 changes: 6 additions & 6 deletions internal/services/applications/application_registration_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,21 +76,21 @@ func (r ApplicationRegistrationResource) Arguments() map[string]*pluginsdk.Schem
Description: "URL of the home page for the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"logout_url": {
Description: "URL of the logout page for the application, where the session is cleared for single sign-out",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsLogoutUrl,
},

"marketing_url": {
Description: "URL of the marketing page for the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"notes": {
Expand All @@ -104,7 +104,7 @@ func (r ApplicationRegistrationResource) Arguments() map[string]*pluginsdk.Schem
Description: "URL of the privacy statement for the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"requested_access_token_version": {
Expand Down Expand Up @@ -149,14 +149,14 @@ func (r ApplicationRegistrationResource) Arguments() map[string]*pluginsdk.Schem
Description: "URL of the support page for the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"terms_of_service_url": {
Description: "URL of the terms of service statement for the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},
}
}
Expand Down
150 changes: 75 additions & 75 deletions internal/services/applications/application_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,10 +61,10 @@ func applicationResource() *pluginsdk.Resource {

Schema: map[string]*pluginsdk.Schema{
"display_name": {
Description: "The display name for the application",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "The display name for the application",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"api": {
Expand All @@ -79,8 +79,8 @@ func applicationResource() *pluginsdk.Resource {
Type: pluginsdk.TypeSet,
Optional: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsUUID,
},
},

Expand All @@ -97,24 +97,24 @@ func applicationResource() *pluginsdk.Resource {
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"id": {
Description: "The unique identifier of the delegated permission",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Description: "The unique identifier of the delegated permission",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.IsUUID,
},

"admin_consent_description": {
Description: "Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Delegated permission description that appears in all tenant-wide admin consent experiences, intended to be read by an administrator granting the permission on behalf of all users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"admin_consent_display_name": {
Description: "Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Display name for the delegated permission, intended to be read by an administrator granting the permission on behalf of all users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"enabled": {
Expand All @@ -136,17 +136,17 @@ func applicationResource() *pluginsdk.Resource {
},

"user_consent_description": {
Description: "Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Delegated permission description that appears in the end user consent experience, intended to be read by a user consenting on their own behalf",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"user_consent_display_name": {
Description: "Display name for the delegated permission that appears in the end user consent experience",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Display name for the delegated permission that appears in the end user consent experience",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"value": {
Expand Down Expand Up @@ -194,10 +194,10 @@ func applicationResource() *pluginsdk.Resource {
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"id": {
Description: "The unique identifier of the app role",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Description: "The unique identifier of the app role",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.IsUUID,
},

"allowed_member_types": {
Expand All @@ -217,17 +217,17 @@ func applicationResource() *pluginsdk.Resource {
},

"description": {
Description: "Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Description of the app role that appears when the role is being assigned and, if the role functions as an application permissions, during the consent experiences",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"display_name": {
Description: "Display name for the app role that appears during app role assignment and in consent experiences",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "Display name for the app role that appears during app role assignment and in consent experiences",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.StringIsNotEmpty,
},

"enabled": {
Expand Down Expand Up @@ -257,10 +257,10 @@ func applicationResource() *pluginsdk.Resource {
},

"description": {
Description: "Description of the application as shown to end users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringLenBetween(0, 1024)),
Description: "Description of the application as shown to end users",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringLenBetween(0, 1024),
},

"device_only_auth_enabled": {
Expand Down Expand Up @@ -331,8 +331,8 @@ func applicationResource() *pluginsdk.Resource {
Type: pluginsdk.TypeSet,
Optional: true,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.IsAppUri,
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsAppUri,
},
},

Expand All @@ -350,10 +350,10 @@ func applicationResource() *pluginsdk.Resource {
},

"notes": {
Description: "User-specified notes relevant for the management of the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.ValidateDiag(validation.StringIsNotEmpty),
Description: "User-specified notes relevant for the management of the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.StringIsNotEmpty,
},

// This is a top level attribute because d.SetNewComputed() doesn't work inside a block
Expand Down Expand Up @@ -393,8 +393,8 @@ func applicationResource() *pluginsdk.Resource {
Set: pluginsdk.HashString,
MaxItems: 100,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsUUID,
},
},

Expand All @@ -417,8 +417,8 @@ func applicationResource() *pluginsdk.Resource {
Optional: true,
MaxItems: 256,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.IsRedirectUriFunc(true, true),
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsRedirectUriFunc(true, true),
},
},
},
Expand All @@ -443,10 +443,10 @@ func applicationResource() *pluginsdk.Resource {
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"id": {
Description: "",
Type: pluginsdk.TypeString,
Required: true,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Description: "",
Type: pluginsdk.TypeString,
Required: true,
ValidateFunc: validation.IsUUID,
},

"type": {
Expand Down Expand Up @@ -500,8 +500,8 @@ func applicationResource() *pluginsdk.Resource {
Optional: true,
MaxItems: 256,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.IsRedirectUriFunc(false, false),
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsRedirectUriFunc(false, false),
},
},
},
Expand All @@ -527,12 +527,12 @@ func applicationResource() *pluginsdk.Resource {
},

"template_id": {
Description: "Unique ID of the application template from which this application is created",
Type: pluginsdk.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ValidateDiagFunc: validation.ValidateDiag(validation.IsUUID),
Description: "Unique ID of the application template from which this application is created",
Type: pluginsdk.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ValidateFunc: validation.IsUUID,
},

"terms_of_service_url": {
Expand All @@ -549,17 +549,17 @@ func applicationResource() *pluginsdk.Resource {
Elem: &pluginsdk.Resource{
Schema: map[string]*pluginsdk.Schema{
"homepage_url": {
Description: "Home page or landing page of the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.IsHttpOrHttpsUrl,
Description: "Home page or landing page of the application",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"logout_url": {
Description: "The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.IsLogoutUrl,
Description: "The URL that will be used by Microsoft's authorization service to sign out a user using front-channel, back-channel or SAML logout protocols",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.IsLogoutUrl,
},

"redirect_uris": {
Expand All @@ -568,8 +568,8 @@ func applicationResource() *pluginsdk.Resource {
Optional: true,
MaxItems: 256,
Elem: &pluginsdk.Schema{
Type: pluginsdk.TypeString,
ValidateDiagFunc: validation.IsRedirectUriFunc(true, false),
Type: pluginsdk.TypeString,
ValidateFunc: validation.IsRedirectUriFunc(true, false),
},
},

Expand Down Expand Up @@ -730,7 +730,7 @@ func applicationResourceCustomizeDiff(ctx context.Context, diff *pluginsdk.Resou
}
// urn scheme not supported with personal account sign-ins
for _, v := range identifierUris {
if diags := validation.IsUriFunc([]string{"http", "https", "api", "ms-appx"}, false, false, false)(v, cty.Path{}); diags.HasError() {
if _, errs := validation.IsUriFunc([]string{"http", "https", "api", "ms-appx"}, false, false, false)(v, "identifier_uris"); len(errs) > 0 {
return fmt.Errorf("`identifier_uris` is invalid. The URN scheme is not supported when `sign_in_audience` is %q or %q",
msgraph.SignInAudienceAzureADandPersonalMicrosoftAccount, msgraph.SignInAudiencePersonalMicrosoftAccount)
}
Expand Down
10 changes: 5 additions & 5 deletions internal/services/invitations/invitation_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ func invitationResource() *pluginsdk.Resource {

Schema: map[string]*pluginsdk.Schema{
"redirect_url": {
Description: "The URL that the user should be redirected to once the invitation is redeemed",
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateDiagFunc: validation.IsHttpOrHttpsUrl,
Description: "The URL that the user should be redirected to once the invitation is redeemed",
Type: pluginsdk.TypeString,
Required: true,
ForceNew: true,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"user_email_address": {
Expand Down
8 changes: 4 additions & 4 deletions internal/services/serviceprincipals/service_principal_resource.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,10 +158,10 @@ func servicePrincipalResource() *pluginsdk.Resource {
},

"login_url": {
Description: "The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on",
Type: pluginsdk.TypeString,
Optional: true,
ValidateDiagFunc: validation.IsHttpOrHttpsUrl,
Description: "The URL where the service provider redirects the user to Azure AD to authenticate. Azure AD uses the URL to launch the application from Microsoft 365 or the Azure AD My Apps. When blank, Azure AD performs IdP-initiated sign-on for applications configured with SAML-based single sign-on",
Type: pluginsdk.TypeString,
Optional: true,
ValidateFunc: validation.IsHttpOrHttpsUrl,
},

"notes": {
Expand Down
Loading

0 comments on commit 009b180

Please sign in to comment.