feat: improved user experience for validating input variable values<br> * updated required terraform to be >= 1.9.0 (#301)

vkuma17 · web-flow · commit 96b02eb0ab2a · 2025-04-08T13:57:38.000+05:30
diff --git a/README.md b/README.md
@@ -188,7 +188,7 @@ You need the following permissions to run this module.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.49.0, < 2.0.0 |
 | <a name="requirement_local"></a> [local](#requirement\_local) | >= 2.4.0, < 3.0.0 |
 
diff --git a/examples/basic/version.tf b/examples/basic/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
     # module's version.tf (basic example), and 1 example that will always use the latest provider version (complete example).
diff --git a/examples/complete/version.tf b/examples/complete/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
     # module's version.tf (basic example), and 1 example that will always use the latest provider version (complete example).
diff --git a/examples/fscloud/version.tf b/examples/fscloud/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
     # module's version.tf (basic example), and 1 example that will always use the latest provider version (complete example).
diff --git a/examples/hybrid-hpcs/version.tf b/examples/hybrid-hpcs/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
     # module's version.tf (basic example), and 1 example that will always use the latest provider version (complete example).
diff --git a/main.tf b/main.tf
@@ -3,19 +3,6 @@ This file is used to implement the HPCS module.
 *********************************************************************/
 
 locals {
-  # tflint-ignore: terraform_unused_declarations
-  validate_inputs = var.hsm_connector_id != null && var.auto_initialization_using_recovery_crypto_units == true ? tobool("Provided inputs are not correct. If hsm_conector_id is set to a value then auto_initialization_using_recovery_crypto_units can not be true.") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_region = var.auto_initialization_using_recovery_crypto_units == true ? (contains(["us-south", "us-east"], var.region) ? true : tobool("Currently us-south and us-east are the only supported regions for HPCS instance initialization using recovery crypto units.")) : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_num_of_administrators = var.auto_initialization_using_recovery_crypto_units == true ? ((length(var.admins) >= 1 && length(var.admins) <= 8) || (length(var.base64_encoded_admins) >= 1 && length(var.base64_encoded_admins) <= 8) ? true : tobool("At least one administrator is required for the instance crypto unit and you can set upto 8 adminsitrators.")) : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_admins_and_threshold = var.auto_initialization_using_recovery_crypto_units == true ? (((length(var.admins) >= var.signature_threshold) || (length(var.base64_encoded_admins) >= var.signature_threshold) && (length(var.admins) >= var.revocation_threshold) || (length(var.base64_encoded_admins) >= var.revocation_threshold)) ? true : tobool("The adminstrators of the instance crypto units need to be equal to or greater than the threshold value.")) : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_num_of_failover_units = var.auto_initialization_using_recovery_crypto_units == true ? (var.number_of_failover_units <= var.number_of_crypto_units ? true : tobool("Number of failover_units must be less than or equal to the number of operational crypto units")) : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_admins_variables = var.auto_initialization_using_recovery_crypto_units == true ? ((length(var.admins) == 0 && length(var.base64_encoded_admins) == 0) || (length(var.admins) != 0 && length(var.base64_encoded_admins) != 0) ? tobool("Please provide exactly one of admins or base64_encoded_admins. Passing neither or both is invalid.") : true) : true
-
   admins_name_map = merge([for admin in var.base64_encoded_admins : { (admin.name) = { "name" = admin.name } }]...) # map created for non-sensitive value (admin name) only
   admins_map      = length(var.base64_encoded_admins) != 0 ? { for admin in var.base64_encoded_admins : admin.name => admin } : null
   admins = local.admins_map != null ? [
diff --git a/modules/fscloud/README.md b/modules/fscloud/README.md
@@ -16,7 +16,7 @@ As a result, several manual steps must be taken after deploying and initializing
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 
 ### Modules
 
diff --git a/modules/fscloud/version.tf b/modules/fscloud/version.tf
@@ -1,3 +1,3 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 }
diff --git a/variables.tf b/variables.tf
@@ -10,6 +10,11 @@ variable "resource_group_id" {
 variable "region" {
   type        = string
   description = "The region where you want to deploy your instance."
+
+  validation {
+    condition     = var.auto_initialization_using_recovery_crypto_units != true || contains(["us-south", "us-east"], var.region)
+    error_message = "Currently us-south and us-east are the only supported regions for HPCS instance initialization using recovery crypto units."
+  }
 }
 
 variable "name" {
@@ -89,6 +94,22 @@ variable "admins" {
   default     = []
   sensitive   = true
   description = "A list of administrators for the instance crypto units. See [instructions](https://github.com/terraform-ibm-modules/terraform-ibm-hpcs#before-you-begin) to create administrator signature keys. You can set up to 8 administrators. Required if auto_initialization_using_recovery_crypto_units set to true. "
+
+  validation {
+    condition     = var.auto_initialization_using_recovery_crypto_units != true || ((length(var.admins) >= 1 && length(var.admins) <= 8) || (length(var.base64_encoded_admins) >= 1 && length(var.base64_encoded_admins) <= 8))
+    error_message = "At least one administrator is required for the instance crypto unit and you can set upto 8 adminsitrators."
+  }
+
+  validation {
+    condition     = var.auto_initialization_using_recovery_crypto_units != true || ((length(var.admins) >= var.signature_threshold || length(var.base64_encoded_admins) >= var.signature_threshold) && (length(var.admins) >= var.revocation_threshold || length(var.base64_encoded_admins) >= var.revocation_threshold))
+    error_message = "The adminstrators of the instance crypto units need to be equal to or greater than the threshold value."
+  }
+
+  validation {
+    condition     = var.auto_initialization_using_recovery_crypto_units != true || !((length(var.admins) == 0 && length(var.base64_encoded_admins) == 0) || (length(var.admins) != 0 && length(var.base64_encoded_admins) != 0))
+    error_message = "Please provide exactly one of admins or base64_encoded_admins. Passing neither or both is invalid."
+  }
+
 }
 
 variable "base64_encoded_admins" {
@@ -110,6 +131,13 @@ variable "number_of_failover_units" {
     condition     = contains([0, 2, 3], var.number_of_failover_units)
     error_message = "Allowed values of failover_units is 0, 2, 3."
   }
+
+  validation {
+
+    condition     = var.auto_initialization_using_recovery_crypto_units != true || (var.number_of_failover_units <= var.number_of_crypto_units)
+    error_message = "Number of failover_units must be less than or equal to the number of operational crypto units"
+
+  }
 }
 
 variable "service_endpoints" {
@@ -127,6 +155,11 @@ variable "hsm_connector_id" {
   type        = string
   description = "The HSM connector ID provided by IBM required for Hybrid HPCS. Available to selected customers only."
   default     = null
+
+  validation {
+    condition     = var.hsm_connector_id == null || var.auto_initialization_using_recovery_crypto_units != true
+    error_message = "Provided inputs are not correct. If hsm_connector_id is set to a value then auto_initialization_using_recovery_crypto_units cannot be true."
+  }
 }
 
 variable "create_timeout" {
diff --git a/version.tf b/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   required_providers {
     # Use "greater than or equal to" range in modules

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,3 @@`
`1`	`1`	`terraform {`
`2`		`- required_version = ">= 1.3.0"`
	`2`	`+ required_version = ">= 1.9.0"`
`3`	`3`	`}`