fix: added regex validation to the DA for prefix, existing_kms_instance_crn, existing_cluster_kms_key_crn and existing_boot_volume_kms_key_crn inputs (#751)

arya-girish-k · web-flow · commit f94351d60ca8 · 2025-08-06T07:57:31.000+01:00
diff --git a/ibm_catalog.json b/ibm_catalog.json
@@ -190,7 +190,12 @@
             },
             {
               "key": "prefix",
-              "required": true
+              "required": true,
+              "value_constraint": {
+                "type": "regex",
+                "description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters",
+                "value": "^$|^__NULL__$|^[a-z](?!.*--)[a-z0-9-]{0,14}[a-z0-9]$"
+              }
             },
             {
               "key": "cluster_name",
@@ -655,10 +660,20 @@
               "key": "kms_encryption_enabled_cluster"
             },
             {
-              "key": "existing_kms_instance_crn"
+              "key": "existing_kms_instance_crn",
+              "value_constraint": {
+                "type": "regex",
+                "description": "The value provided for 'existing_kms_instance_crn' is not valid.",
+                "value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
+              }
             },
             {
-              "key": "existing_cluster_kms_key_crn"
+              "key": "existing_cluster_kms_key_crn",
+              "value_constraint": {
+                "type": "regex",
+                "description": "The value provided for 'existing_cluster_kms_key_crn' in not valid.",
+                "value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+              }
             },
             {
               "key": "kms_endpoint_type",
@@ -684,7 +699,12 @@
               "key": "kms_encryption_enabled_boot_volume"
             },
             {
-              "key": "existing_boot_volume_kms_key_crn"
+              "key": "existing_boot_volume_kms_key_crn",
+              "value_constraint": {
+                "type": "regex",
+                "description": "The value provided for 'existing_boot_volume_kms_key_crn' in not valid.",
+                "value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
+              }
             },
             {
               "key": "boot_volume_kms_key_name"
@@ -776,7 +796,7 @@
               "hidden": true
             },
             {
-              "key":"enable_kube_audit"
+              "key": "enable_kube_audit"
             },
             {
               "key": "audit_deployment_name"
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
@@ -600,9 +600,4 @@ variable "audit_webhook_listener_image_tag_digest" {
   type        = string
   description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
   default     = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"
-
-  validation {
-    condition     = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_tag_digest))
-    error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
-  }
 }
