Validate base64 fields in the Google Provider (#4338) (#2906)

Co-authored-by: upodroid <[email protected]>
Signed-off-by: Modular Magician <[email protected]>

Co-authored-by: upodroid <[email protected]>

Author: modular-magician

.changelog/4338.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+provider: added plan time validations for fields that expect base64 values.
+```

google-beta/resource_api_gateway_api_config.go

@@ -63,10 +63,11 @@ func resourceApiGatewayApiConfig() *schema.Resource {
 							Elem: &schema.Resource{
 								Schema: map[string]*schema.Schema{
 									"contents": {
-										Type:        schema.TypeString,
-										Required:    true,
-										ForceNew:    true,
-										Description: `Base64 encoded content of the file.`,
+										Type:         schema.TypeString,
+										Required:     true,
+										ForceNew:     true,
+										ValidateFunc: validateBase64String,
+										Description:  `Base64 encoded content of the file.`,
 									},
 									"path": {
 										Type:        schema.TypeString,

google-beta/resource_cloud_scheduler_job.go

@@ -171,8 +171,9 @@ By default, the job is sent to the version which is the default version when the
 							},
 						},
 						"body": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateBase64String,
 							Description: `HTTP request body. 
 A request body is allowed only if the HTTP method is POST or PUT. 
 It will result in invalid argument error to set a body on a job with an incompatible HttpMethod.
@@ -232,8 +233,9 @@ send a request to the targeted url`,
 							Description: `The full URI path that the request will be sent to.`,
 						},
 						"body": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateBase64String,
 							Description: `HTTP request body. 
 A request body is allowed only if the HTTP method is POST, PUT, or PATCH. 
 It is an error to set body on a job with an incompatible HttpMethod.
@@ -330,10 +332,13 @@ Pubsub message must contain either non-empty data, or at least one attribute.`,
 							Elem: &schema.Schema{Type: schema.TypeString},
 						},
 						"data": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateBase64String,
 							Description: `The message payload for PubsubMessage.
-Pubsub message must contain either non-empty data, or at least one attribute.`,
+Pubsub message must contain either non-empty data, or at least one attribute.
+
+ A base64-encoded string.`,
 						},
 					},
 				},

google-beta/resource_healthcare_hl7_v2_store.go

@@ -160,8 +160,9 @@ store if schematized parsing is desired.`,
 							AtLeastOneOf: []string{"parser_config.0.allow_null_header", "parser_config.0.segment_terminator", "parser_config.0.schema", "parser_config.0.version"},
 						},
 						"segment_terminator": {
-							Type:     schema.TypeString,
-							Optional: true,
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: validateBase64String,
 							Description: `Byte(s) to be used as the segment terminator. If this is unset, '\r' will be used as segment terminator.
 
 A base64-encoded string.`,

google-beta/validation.go

@@ -1,6 +1,7 @@
 package google
 
 import (
+	"encoding/base64"
 	"fmt"
 	"net"
 	"regexp"
@@ -265,6 +266,14 @@ func validateIpAddress(i interface{}, val string) ([]string, []error) {
 	return nil, nil
 }
 
+func validateBase64String(i interface{}, val string) ([]string, []error) {
+	_, err := base64.StdEncoding.DecodeString(i.(string))
+	if err != nil {
+		return nil, []error{fmt.Errorf("could not decode %q as a valid base64 value. Please use the terraform base64 functions such as base64encode() or filebase64() to supply a valid base64 string", val)}
+	}
+	return nil, nil
+}
+
 // StringNotInSlice returns a SchemaValidateFunc which tests if the provided value
 // is of type string and that it matches none of the element in the invalid slice.
 // if ignorecase is true, case is ignored.

website/docs/r/cloud_scheduler_job.html.markdown

@@ -302,6 +302,7 @@ The `pubsub_target` block supports:
   (Optional)
   The message payload for PubsubMessage.
   Pubsub message must contain either non-empty data, or at least one attribute.
+   A base64-encoded string.
 
 * `attributes` -
   (Optional)