From ccd835addc3a3e7df8e9673ba45d332b7d0af176 Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Tue, 28 Oct 2025 14:46:30 +0530 Subject: [PATCH] fix: added validation to allow 1 item in cbr_rules --- README.md | 2 +- variables.tf | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f7c6758..71efead 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ You need the following permissions to run this module. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [access\_tags](#input\_access\_tags) | A list of access tags to apply to the IBM Cloud Logs instance created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial. | `list(string)` | `[]` | no | -| [cbr\_rules](#input\_cbr\_rules) | (Optional, list) List of context-based restrictions rules to create | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | +| [cbr\_rules](#input\_cbr\_rules) | The context-based restrictions rule to create. Only one rule is allowed. | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | | [data\_storage](#input\_data\_storage) | A logs data bucket and a metrics bucket in IBM Cloud Object Storage to store your IBM Cloud Logs data for long term storage, search, analysis and alerting. | 
object({
    logs_data = optional(object({
      enabled              = optional(bool, false)
      bucket_crn           = optional(string)
      bucket_endpoint      = optional(string)
      skip_cos_auth_policy = optional(bool, false)
    }), {})
    metrics_data = optional(object({
      enabled              = optional(bool, false)
      bucket_crn           = optional(string)
      bucket_endpoint      = optional(string)
      skip_cos_auth_policy = optional(bool, false)
    }), {})
    }
  )
| 
{
  "logs_data": null,
  "metrics_data": null
}
| no | | [existing\_event\_notifications\_instances](#input\_existing\_event\_notifications\_instances) | List of Event Notifications instance details for routing critical events that occur in your IBM Cloud Logs. | 
list(object({
    crn                  = string
    integration_name     = optional(string)
    skip_iam_auth_policy = optional(bool, false)
  }))
| `[]` | no | | [instance\_name](#input\_instance\_name) | The name of the IBM Cloud Logs instance to create. Defaults to 'cloud-logs-' | `string` | `null` | no | diff --git a/variables.tf b/variables.tf index 926e6ff..712518f 100644 --- a/variables.tf +++ b/variables.tf @@ -200,7 +200,11 @@ variable "cbr_rules" { })) }))) })) - description = "(Optional, list) List of context-based restrictions rules to create" + description = "The context-based restrictions rule to create. Only one rule is allowed." default = [] # Validation happens in the rule module + validation { + condition = length(var.cbr_rules) <= 1 + error_message = "Only one CBR rule is allowed." + } }