From aa420d7cf9fbc17f7fb50bdb2e983cf9d702aabf Mon Sep 17 00:00:00 2001
From: Ari Palo <ari@aripalo.fi>
Date: Tue, 30 Apr 2024 11:18:16 +0300
Subject: [PATCH] fix: allow slash

Fixes #44
---
 internal/assumecfg/validate.go      |  2 +-
 internal/assumecfg/validate_test.go | 16 +++++++++++++---
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/internal/assumecfg/validate.go b/internal/assumecfg/validate.go
index d1f45bf..e9d6716 100644
--- a/internal/assumecfg/validate.go
+++ b/internal/assumecfg/validate.go
@@ -46,7 +46,7 @@ User, Role or Role Session Names can be maximum 64 characters.
 Names of users, groups, roles, policies, instance profiles, and server certificates must be alphanumeric, including the following common characters: plus (+), equal (=), comma (,), period (.), at (@), underscore (_), and hyphen (-).
 https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length
 */
-var iamResourceNamePatternBase = `[a-zA-Z0-9_+=,.@-]{1,64}`
+var iamResourceNamePatternBase = `[a-zA-Z0-9_+=,./@-]{1,64}`
 var iamResourceNamePAtternFull = fmt.Sprintf("^%s$", iamResourceNamePatternBase)
 var iamResourceNamePattern = regexp.MustCompile(iamResourceNamePAtternFull)
 
diff --git a/internal/assumecfg/validate_test.go b/internal/assumecfg/validate_test.go
index 651f494..3f1dcc0 100644
--- a/internal/assumecfg/validate_test.go
+++ b/internal/assumecfg/validate_test.go
@@ -59,7 +59,17 @@ func TestValidate(t *testing.T) {
 				MfaSerial:     "arn:aws:iam::111111111111:mfa/FrankSinatra",
 				RoleArn:       "invalid",
 			},
-			expected: errors.New("Profile \"frank@concerts\" contains invalid vegas_role_arn \"invalid\". Must satisty ^arn:aws:iam:\\d*:\\d{12}:role\\/[a-zA-Z0-9_+=,.@-]{1,64}$"),
+			expected: errors.New("Profile \"frank@concerts\" contains invalid vegas_role_arn \"invalid\". Must satisty ^arn:aws:iam:\\d*:\\d{12}:role\\/[a-zA-Z0-9_+=,./@-]{1,64}$"),
+		},
+		{
+			name: "vegas_role_arn may contain slash",
+			input: AssumeCfg{
+				ProfileName:   "frank@concerts",
+				SourceProfile: "default",
+				MfaSerial:     "arn:aws:iam::111111111111:mfa/FrankSinatra",
+				RoleArn:       "arn:aws:iam::111111111111:role/FrankSinatra/WithASlash",
+			},
+			expected: nil,
 		},
 		{
 			name: "role_session_name invalid",
@@ -68,9 +78,9 @@ func TestValidate(t *testing.T) {
 				SourceProfile:   "default",
 				MfaSerial:       "arn:aws:iam::111111111111:mfa/FrankSinatra",
 				RoleArn:         "arn:aws:iam::222222222222:role/SingerRole",
-				RoleSessionName: "invalid//",
+				RoleSessionName: "invalid€",
 			},
-			expected: errors.New("Profile \"frank@concerts\" contains invalid role_session_name \"invalid//\". Must satisfy ^[a-zA-Z0-9_+=,.@-]{1,64}$"),
+			expected: errors.New("Profile \"frank@concerts\" contains invalid role_session_name \"invalid€\". Must satisfy ^[a-zA-Z0-9_+=,./@-]{1,64}$"),
 		},
 		{
 			name: "external_id invalid",