func()

in provider/secret_descriptor.go [244:316]

• 50 lines of code
• 20 McCabe index (conditional complexity)

func (p *SecretDescriptor) validateSecretDescriptor(regions []string) error {

	if len(p.ObjectName) == 0 {
		return fmt.Errorf("Object name must be specified")
	}

	err := p.validateObjectName(p.ObjectName, p.ObjectType, regions[0])
	if err != nil {
		return err
	}

	// Can only use objectVersion or objectVersionLabel for SSM not both
	if p.GetSecretType() == SSMParameter && len(p.ObjectVersion) != 0 && len(p.ObjectVersionLabel) != 0 {
		return fmt.Errorf("ssm parameters can not specify both objectVersion and objectVersionLabel: %s", p.ObjectName)
	}

	// Do not allow ../ in a path when translation is turned off
	if badPathRE.MatchString(p.GetFileName()) {
		return fmt.Errorf("path can not contain ../: %s", p.ObjectName)
	}

	// Ensure the string file permission is valid octal
	err = p.validateFilePermission(p.FilePermission)
	if err != nil {
		return err
	}

	//ensure each jmesPath entry has a path and an objectalias
	for _, jmesPathEntry := range p.JMESPath {
		if len(jmesPathEntry.Path) == 0 {
			return fmt.Errorf("Path must be specified for JMES object")
		}

		if len(jmesPathEntry.ObjectAlias) == 0 {
			return fmt.Errorf("Object alias must be specified for JMES object")
		}

		// Validate the jmesPath has a valid filePermission
		err = p.validateFilePermission(jmesPathEntry.FilePermission)
		if err != nil {
			return err
		}

	}

	if len(p.FailoverObject.ObjectName) > 0 {
		// Backup arns require object alias to be set.
		if len(p.ObjectAlias) == 0 {
			return fmt.Errorf("object alias must be specified for objects with failover entries: %s", p.ObjectName)
		}

		// Our regions must exist
		if len(regions) < 2 {
			return fmt.Errorf("failover object allowed only when failover region is defined: %s", p.ObjectName)
		}

		err := p.validateObjectName(p.FailoverObject.ObjectName, p.ObjectType, regions[1])
		if err != nil {
			return err
		}

		// Can only use objectVersion or objectVersionLabel for SSM not both
		if p.GetSecretType() == SSMParameter && len(p.FailoverObject.ObjectVersion) != 0 && len(p.FailoverObject.ObjectVersionLabel) != 0 {
			return fmt.Errorf("ssm parameters can not specify both objectVersion and objectVersionLabel: %s", p.ObjectName)
		}

		if p.FailoverObject.ObjectVersion != p.ObjectVersion {
			return fmt.Errorf("object versions must match between primary and failover regions: %s", p.ObjectName)
		}
	}

	return nil
}