Skip to content

refactor: Regex validation #751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Aug 6, 2025
Merged

refactor: Regex validation #751

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
04c2423
refactor: regex validation
Jul 30, 2025
e6bbd6e
Testing
Jul 30, 2025
4e0d249
update catalog
Jul 31, 2025
40064e2
Testing
Jul 31, 2025
3518398
Testing
Jul 31, 2025
430a45d
added null pattern
Aug 1, 2025
be58a69
fix: formatted json
Aug 1, 2025
5f2c796
Reverted back validation in varaible.tf
Aug 1, 2025
19f7b81
Merge branch 'main' into regex-validation
arya-girish-k Aug 4, 2025
4c75c51
Addressed review comments
Aug 4, 2025
3f38e90
Merge branch 'main' into regex-validation
arya-girish-k Aug 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 31 additions & 6 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,12 @@
},
{
"key": "prefix",
"required": true
"required": true,
"value_constraint": {
"type": "regex",
"description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters",
"value": "^$|^__NULL__$|^[a-z](?!.*--)[a-z0-9-]{0,14}[a-z0-9]$"
}
},
{
"key": "cluster_name",
Expand Down Expand Up @@ -655,10 +660,20 @@
"key": "kms_encryption_enabled_cluster"
},
{
"key": "existing_kms_instance_crn"
"key": "existing_kms_instance_crn",
"value_constraint": {
"type": "regex",
"description": "The value provided for 'existing_kms_instance_crn' is not valid.",
"value": "^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
},
{
"key": "existing_cluster_kms_key_crn"
"key": "existing_cluster_kms_key_crn",
"value_constraint": {
"type": "regex",
"description": "The value provided for 'existing_cluster_kms_key_crn' in not valid.",
"value": "^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
},
{
"key": "kms_endpoint_type",
Expand All @@ -684,7 +699,12 @@
"key": "kms_encryption_enabled_boot_volume"
},
{
"key": "existing_boot_volume_kms_key_crn"
"key": "existing_boot_volume_kms_key_crn",
"value_constraint": {
"type": "regex",
"description": "The value provided for 'existing_boot_volume_kms_key_crn' in not valid.",
"value": "^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
},
{
"key": "boot_volume_kms_key_name"
Expand Down Expand Up @@ -776,7 +796,7 @@
"hidden": true
},
{
"key":"enable_kube_audit"
"key": "enable_kube_audit"
},
{
"key": "audit_deployment_name"
Expand All @@ -801,7 +821,12 @@
"key": "audit_webhook_listener_image"
},
{
"key": "audit_webhook_listener_image_tag_digest"
"key": "audit_webhook_listener_image_tag_digest",
"value_constraint": {
"type": "regex",
"description": "The value of the audit webhook listener image version must match the tag and sha256 image digest format",
"value": "^[a-f0-9]{40}@sha256:[a-f0-9]{64}$"
}
}
],
"dependencies": [
Expand Down
52 changes: 1 addition & 51 deletions solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,28 +14,7 @@ variable "ibmcloud_api_key" {
variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0405-ocp. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
# - Must not contain consecutive hyphens (--): length(regexall("--", var.prefix)) == 0
# - Starts with a lowercase letter: [a-z]
# - Contains only lowercase letters (a–z), digits (0–9), and hyphens (-)
# - Must not end with a hyphen (-): [a-z0-9]
condition = (var.prefix == null || var.prefix == "" ? true :
alltrue([
can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)),
length(regexall("--", var.prefix)) == 0
])
)
error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
}

validation {
# must not exceed 16 characters in length
condition = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
error_message = "Prefix must not exceed 16 characters."
}
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. Example: prod-0405-ocp. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
}


Expand Down Expand Up @@ -378,29 +357,13 @@ variable "existing_kms_instance_crn" {
type = string
default = null
description = "The CRN of an existing KMS instance (Hyper Protect Crypto Services or Key Protect). If the KMS instance is in different account you must also provide a value for `ibmcloud_kms_api_key`."

validation {
condition = anytrue([
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_kms_instance_crn)),
var.existing_kms_instance_crn == null,
])
error_message = "The provided KMS instance CRN in the input 'existing_kms_instance_crn' in not valid."
}
}

variable "existing_cluster_kms_key_crn" {
type = string
default = null
description = "The CRN of an existing KMS key to use for encrypting the Object Storage of the Cluster. If no value is set for this variable, specify a value for `existing_kms_instance_crn` variable to create a key ring and key."

validation {
condition = anytrue([
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_cluster_kms_key_crn)),
var.existing_cluster_kms_key_crn == null,
])
error_message = "The provided KMS key CRN in the input 'existing_cluster_kms_key_crn' in not valid."
}

validation {
condition = var.existing_cluster_kms_key_crn != null ? var.existing_kms_instance_crn == null : true
error_message = "A value should not be passed for 'existing_kms_instance_crn' when passing an existing key value using the 'existing_cluster_kms_key_crn' input."
Expand Down Expand Up @@ -464,14 +427,6 @@ variable "existing_boot_volume_kms_key_crn" {
type = string
default = null
description = "The CRN of an existing KMS key to use to encrypt the the block storage volumes for VPC. If no value is set for this variable, specify a value for either the `existing_kms_instance_crn` variable to create a key ring and key."

validation {
condition = anytrue([
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_boot_volume_kms_key_crn)),
var.existing_boot_volume_kms_key_crn == null,
])
error_message = "The provided KMS key CRN in the input 'existing_boot_volume_kms_key_crn' in not valid."
}
}

variable "boot_volume_kms_key_ring_name" {
Expand Down Expand Up @@ -600,9 +555,4 @@ variable "audit_webhook_listener_image_tag_digest" {
type = string
description = "The tag or digest for the audit webhook listener image to deploy. If changing the value, ensure it is compatible with `audit_webhook_listener_image`."
default = "deaabcb8225e800385413ba420cf3f819d3b0671@sha256:acf123f4dba63534cbc104c6886abedff9d25a22a34ab7b549ede988ed6e7144"

validation {
condition = can(regex("^[a-f0-9]{40}@sha256:[a-f0-9]{64}$", var.audit_webhook_listener_image_tag_digest))
error_message = "The value of the audit webhook listener image version must match the tag and sha256 image digest format"
}
}