Validate AWS region (#872)

github · Mar 20, 2023 · 90444c3 · 90444c3
1 parent 621a7a6
commit 90444c3
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 6 deletions.
diff --git a/RELEASENOTES.md b/RELEASENOTES.md
@@ -1,4 +1,5 @@
 - Adds retry logic during GHES archive generation in cases of transient failure
 - Added log output linking to migration log URL after migration completes
 - Add support for specifying `--archive-download-host` with `gh bbs2gh migrate-repo` and `gh bbs2gh generate-script`, rather than taking the host from the `--bbs-server-url`
-- Improve handling of GraphQL errors, throwing an exception with the specific error message returned by the API
+- Improve handling of GraphQL errors, throwing an exception with the specific error message returned by the API
+- Validate AWS region when using Amazon S3 to upload the migration archive in `gh gei` and `gh bbs2gh` 
diff --git a/src/Octoshift/AwsApi.cs b/src/Octoshift/AwsApi.cs
@@ -30,7 +30,7 @@ private static AmazonS3Client BuildAmazonS3Client(string awsAccessKeyId, string
         var regionEndpoint = DefaultRegionEndpoint;
         if (awsRegion.HasValue())
         {
-            regionEndpoint = RegionEndpoint.GetBySystemName(awsRegion);
+            regionEndpoint = GetRegionEndpoint(awsRegion);
             AWSConfigsS3.UseSignatureVersion4 = true;
         }
 
@@ -39,6 +39,10 @@ private static AmazonS3Client BuildAmazonS3Client(string awsAccessKeyId, string
             : new AmazonS3Client(awsAccessKeyId, awsSecretAccessKey, regionEndpoint);
     }
 
+    private static RegionEndpoint GetRegionEndpoint(string awsRegion) => RegionEndpoint.GetBySystemName(awsRegion) is { DisplayName: not "Unknown" } regionEndpoint
+        ? regionEndpoint
+        : throw new OctoshiftCliException($"Invalid AWS region \"{awsRegion}\".");
+
     public virtual async Task<string> UploadToBucket(string bucketName, string fileName, string keyName)
     {
         await _transferUtility.UploadAsync(fileName, bucketName, keyName);

diff --git a/src/OctoshiftCLI.Tests/AwsApiTests.cs b/src/OctoshiftCLI.Tests/AwsApiTests.cs
@@ -61,4 +61,15 @@ public async Task UploadToBucket_Uploads_FileStream()
         result.Should().Be(url);
         transferUtility.Verify(m => m.UploadAsync(It.IsAny<MemoryStream>(), bucketName, keyName, It.IsAny<CancellationToken>()));
     }
+
+    [Fact]
+    public void It_Throws_If_Aws_Region_Is_Invalid()
+    {
+        // Arrange, Act
+        const string awsRegion = "invalid-region";
+        var awsApi = () => new AwsApi("awsAccessKeyId", "awsSecretAccessKey", awsRegion);
+
+        // Assert
+        awsApi.Should().Throw<OctoshiftCliException>().WithMessage($"*{awsRegion}*");
+    }
 }
diff --git a/src/OctoshiftCLI.Tests/bbs2gh/AwsApiFactoryTests.cs b/src/OctoshiftCLI.Tests/bbs2gh/AwsApiFactoryTests.cs
@@ -19,12 +19,13 @@ public void It_Falls_Back_To_Aws_Access_Key_Environment_Variable_If_Aws_Access_K
     {
         // Arrange
         const string awsAccessKey = "AWS_ACCESS_KEY";
+        const string awsRegion = "us-east-2";
 #pragma warning disable CS0618
         _mockEnvironmentVariableProvider.Setup(m => m.AwsAccessKey(false)).Returns(awsAccessKey);
 #pragma warning restore CS0618
 
         // Act
-        _awsApiFactory.Create("aws-region", null, "aws-secret-access-key", "aws-session-token");
+        _awsApiFactory.Create(awsRegion, null, "aws-secret-access-key", "aws-session-token");
 
         // Assert
 #pragma warning disable CS0618
@@ -37,12 +38,13 @@ public void It_Falls_Back_To_Aws_Secret_Key_Environment_Variable_If_Aws_Secret_A
     {
         // Arrange
         const string awsSecretKey = "AWS_SECRET_KEY";
+        const string awsRegion = "us-east-2";
 #pragma warning disable CS0618
         _mockEnvironmentVariableProvider.Setup(m => m.AwsSecretKey(false)).Returns(awsSecretKey);
 #pragma warning restore CS0618
 
         // Act
-        _awsApiFactory.Create("aws-region", "aws-access-key-id", null, "aws-session-token");
+        _awsApiFactory.Create(awsRegion, "aws-access-key-id", null, "aws-session-token");
 
         // Assert
 #pragma warning disable CS0618

diff --git a/src/OctoshiftCLI.Tests/gei/AwsApiFactoryTests.cs b/src/OctoshiftCLI.Tests/gei/AwsApiFactoryTests.cs
@@ -19,12 +19,13 @@ public void It_Falls_Back_To_Aws_Access_Key_Environment_Variable_If_Aws_Access_K
     {
         // Arrange
         const string awsAccessKey = "AWS_ACCESS_KEY";
+        const string awsRegion = "us-east-2";
 #pragma warning disable CS0618
         _mockEnvironmentVariableProvider.Setup(m => m.AwsAccessKey(false)).Returns(awsAccessKey);
 #pragma warning restore CS0618
 
         // Act
-        _awsApiFactory.Create("aws-region", null, "aws-secret-access-key", "aws-session-token");
+        _awsApiFactory.Create(awsRegion, null, "aws-secret-access-key", "aws-session-token");
 
         // Assert
 #pragma warning disable CS0618
@@ -37,12 +38,13 @@ public void It_Falls_Back_To_Aws_Secret_Key_Environment_Variable_If_Aws_Secret_A
     {
         // Arrange
         const string awsSecretKey = "AWS_SECRET_KEY";
+        const string awsRegion = "us-east-2";
 #pragma warning disable CS0618
         _mockEnvironmentVariableProvider.Setup(m => m.AwsSecretKey(false)).Returns(awsSecretKey);
 #pragma warning restore CS0618
 
         // Act
-        _awsApiFactory.Create("aws-region", "aws-access-key-id", null, "aws-session-token");
+        _awsApiFactory.Create(awsRegion, "aws-access-key-id", null, "aws-session-token");
 
         // Assert
 #pragma warning disable CS0618