Validate SMB mount endpoint fields

Add stricter validation and credential handling for StorageMover SMB mount endpoints. Host now must be a valid IPv4 address or hostname/FQDN; share_name is limited to 1-80 characters and forbids control characters and a set of punctuation; description is limited to 1024 characters. Update Update() logic to require both username_key_vault_secret_id and password_key_vault_secret_id to be set together (or both empty) and to set/clear credentials accordingly. Adjust tests formatting and update R docs to describe the new validation rules.

Author: hqhqhqhqhqhqhqhqhqhqhq

internal/services/storagemover/storage_mover_smb_mount_endpoint_resource.go

@@ -73,17 +73,29 @@ func (r StorageMoverSmbMountEndpointResource) Arguments() map[string]*pluginsdk.
 		},
 
 		"host": {
-			Type:         pluginsdk.TypeString,
-			Required:     true,
-			ForceNew:     true,
-			ValidateFunc: validation.StringIsNotEmpty,
+			Type:     pluginsdk.TypeString,
+			Required: true,
+			ForceNew: true,
+			ValidateFunc: validation.Any(
+				validation.IsIPv4Address,
+				validation.StringMatch(
+					regexp.MustCompile(`^[a-zA-Z0-9]([a-zA-Z0-9.-]*[a-zA-Z0-9])?$`),
+					"Host must be a valid IPv4 address or hostname/FQDN (letters, numbers, dots, hyphens only).",
+				),
+			),
 		},
 
 		"share_name": {
-			Type:         pluginsdk.TypeString,
-			Required:     true,
-			ForceNew:     true,
-			ValidateFunc: validation.StringIsNotEmpty,
+			Type:     pluginsdk.TypeString,
+			Required: true,
+			ForceNew: true,
+			ValidateFunc: validation.All(
+				validation.StringLenBetween(1, 80),
+				validation.StringMatch(
+					regexp.MustCompile(`^[^\\/\[\]:<> +=;,*?\x00-\x1f\x7f]+$`),
+					"Share name must be 1-80 characters and cannot contain: \\ / [ ] : < > + = ; , * ? or control characters.",
+				),
+			),
 		},
 
 		"username_key_vault_secret_id": {
@@ -104,7 +116,7 @@ func (r StorageMoverSmbMountEndpointResource) Arguments() map[string]*pluginsdk.
 		"description": {
 			Type:         pluginsdk.TypeString,
 			Optional:     true,
-			ValidateFunc: validation.StringIsNotEmpty,
+			ValidateFunc: validation.StringLenBetween(0, 1024),
 		},
 	}
 }
@@ -207,15 +219,18 @@ func (r StorageMoverSmbMountEndpointResource) Update() sdk.ResourceFunc {
 				}
 
 				if metadata.ResourceData.HasChange("username_key_vault_secret_id") || metadata.ResourceData.HasChange("password_key_vault_secret_id") {
-					if model.UsernameKeyVaultSecretId != "" && model.PasswordKeyVaultSecretId != "" {
+					bothSet := model.UsernameKeyVaultSecretId != "" && model.PasswordKeyVaultSecretId != ""
+					bothEmpty := model.UsernameKeyVaultSecretId == "" && model.PasswordKeyVaultSecretId == ""
+					switch {
+					case bothSet:
 						v.Credentials = &endpoints.AzureKeyVaultSmbCredentials{
 							Type:        endpoints.CredentialTypeAzureKeyVaultSmb,
 							UsernameUri: pointer.To(model.UsernameKeyVaultSecretId),
 							PasswordUri: pointer.To(model.PasswordKeyVaultSecretId),
 						}
-					} else if model.UsernameKeyVaultSecretId == "" && model.PasswordKeyVaultSecretId == "" {
+					case bothEmpty:
 						v.Credentials = nil
-					} else {
+					default:
 						return fmt.Errorf("both `username_key_vault_secret_id` and `password_key_vault_secret_id` must be specified together")
 					}
 				}

internal/services/storagemover/storage_mover_smb_mount_endpoint_resource_test.go

@@ -191,10 +191,10 @@ resource "azurerm_key_vault_secret" "password" {
 }
 
 resource "azurerm_storage_mover_smb_mount_endpoint" "test" {
-  name             = "acctest-smse-%d"
-  storage_mover_id = azurerm_storage_mover.test.id
-  host             = "192.168.0.1"
-  share_name       = "testshare"
+  name                         = "acctest-smse-%d"
+  storage_mover_id             = azurerm_storage_mover.test.id
+  host                         = "192.168.0.1"
+  share_name                   = "testshare"
   username_key_vault_secret_id = azurerm_key_vault_secret.username.versionless_id
   password_key_vault_secret_id = azurerm_key_vault_secret.password.versionless_id
   description                  = "Example SMB Mount Endpoint Description"
@@ -247,10 +247,10 @@ resource "azurerm_key_vault_secret" "password" {
 }
 
 resource "azurerm_storage_mover_smb_mount_endpoint" "test" {
-  name             = "acctest-smse-%d"
-  storage_mover_id = azurerm_storage_mover.test.id
-  host             = "192.168.0.1"
-  share_name       = "testshare"
+  name                         = "acctest-smse-%d"
+  storage_mover_id             = azurerm_storage_mover.test.id
+  host                         = "192.168.0.1"
+  share_name                   = "testshare"
   username_key_vault_secret_id = azurerm_key_vault_secret.username.versionless_id
   password_key_vault_secret_id = azurerm_key_vault_secret.password.versionless_id
   description                  = "Updated SMB Mount Endpoint Description"

website/docs/r/storage_mover_smb_mount_endpoint.html.markdown

@@ -66,15 +66,15 @@ The following arguments are supported:
 
 * `storage_mover_id` - (Required) Specifies the ID of the Storage Mover for this SMB Mount Endpoint. Changing this forces a new resource to be created.
 
-* `host` - (Required) Specifies the host name or IP address of the SMB server. Changing this forces a new resource to be created.
+* `host` - (Required) Specifies the host name or IP address of the SMB server. Must be a valid IPv4 address or hostname/FQDN (letters, numbers, dots, hyphens only). Changing this forces a new resource to be created.
 
-* `share_name` - (Required) Specifies the name of the SMB share. Changing this forces a new resource to be created.
+* `share_name` - (Required) Specifies the name of the SMB share. Must be 1-80 characters and cannot contain: `\` `/` `[` `]` `:` `<` `>` `+` `=` `;` `,` `*` `?` or control characters. Changing this forces a new resource to be created.
 
 * `username_key_vault_secret_id` - (Optional) Specifies the Azure Key Vault secret ID for the username to use for authentication. Must be specified together with `password_key_vault_secret_id`. You can use `azurerm_key_vault_secret.<name>.id` or `azurerm_key_vault_secret.<name>.versionless_id` (recommended to avoid pinning to a specific secret version).
 
 * `password_key_vault_secret_id` - (Optional) Specifies the Azure Key Vault secret ID for the password to use for authentication. Must be specified together with `username_key_vault_secret_id`. You can use `azurerm_key_vault_secret.<name>.id` or `azurerm_key_vault_secret.<name>.versionless_id` (recommended).
 
-* `description` - (Optional) Specifies a description for the Storage Mover SMB Mount Endpoint.
+* `description` - (Optional) Specifies a description for the Storage Mover SMB Mount Endpoint. Maximum length 1024 characters.
 
 ## Attributes Reference