Research and Engineering Studio (RES) is an AWS supported open source product that enables IT administrators to provide an easy-to-use web portal for scientists and engineers to run technical computing workloads on AWS.
Describe the bug
The regex pattern to confirm a valid secret arn for the parametter ServiceAccountPasswordSecretArn is not ok since is not allowing the slash (/) in the arn. For example the _arn us-west-2:123456789012:secret:application/research_and_engineeringstudio is rejected by the use of a slash.
Using that arn value we got the following output
│ Error: creating CloudFormation Stack (res-hw-lightmatter): operation error CloudFormation: CreateStack, https response error StatusCode: 400, RequestID: 0bea9954-df95-4292-853f-efcae1514f17, api error ValidationError: Parameter 'ServiceAccountPasswordSecretArn' must match pattern ^(?:arn:(?:aws|aws-us-gov|aws-cn):secretsmanager:[a-z0-9-]{1,20}:[0-9]{12}:secret:[A-Za-z0-9-\+\=\,.\@]{1,128})?$
│
│ with aws_cloudformation_stack.res_hw,
│ on res-test.tf line 3, in resource "aws_cloudformation_stack" "res_hw":
│ 3: resource "aws_cloudformation_stack" "reshw" {
│
╵
To handle this error we had to create a new secret without a slash (/).
Expected behavior
the regex pattern has to accept all the possible arn secrets for ServiceAccountPasswordSecretArn
Actual behavior
The regex pattern is excluding slash symbols (/) which are normally used for secrets.
Environment (please complete the following information):
RES Version: 2024.06
Additional context
This was tested in terraforn (resource "aws_cloudformation_stack" ) using the most recent version as CloudFormation stack template.
Describe the bug The regex pattern to confirm a valid secret arn for the parametter ServiceAccountPasswordSecretArn is not ok since is not allowing the slash (/) in the arn. For example the _arn us-west-2:123456789012:secret:application/research_and_engineeringstudio is rejected by the use of a slash.
Using that arn value we got the following output
│ Error: creating CloudFormation Stack (res-hw-lightmatter): operation error CloudFormation: CreateStack, https response error StatusCode: 400, RequestID: 0bea9954-df95-4292-853f-efcae1514f17, api error ValidationError: Parameter 'ServiceAccountPasswordSecretArn' must match pattern ^(?:arn:(?:aws|aws-us-gov|aws-cn):secretsmanager:[a-z0-9-]{1,20}:[0-9]{12}:secret:[A-Za-z0-9-\+\=\,.\@]{1,128})?$ │ │ with aws_cloudformation_stack.res_hw, │ on res-test.tf line 3, in resource "aws_cloudformation_stack" "res_hw": │ 3: resource "aws_cloudformation_stack" "reshw" { │ ╵
To handle this error we had to create a new secret without a slash (/).
Expected behavior the regex pattern has to accept all the possible arn secrets for ServiceAccountPasswordSecretArn
Actual behavior The regex pattern is excluding slash symbols (/) which are normally used for secrets.
Environment (please complete the following information):
Additional context This was tested in terraforn (resource "aws_cloudformation_stack" ) using the most recent version as CloudFormation stack template.