Skip to content

feat: Add UI regex validation #547

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ocofaigh merged 16 commits into from
Nov 19, 2025
Merged

feat: Add UI regex validation #547

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
a2bc8bf
feat: Add UI regex validation
Oct 23, 2025
f3ea43f
feat: Added validation for kibana_image_digest
Oct 23, 2025
0a4ad22
Merge branch 'main' into regex-validation
arya-girish-k Oct 28, 2025
ae86f6f
fix: Updated validation in variable.tf
Oct 31, 2025
711b905
Merge branch 'main' into regex-validation
arya-girish-k Oct 31, 2025
47829e8
Merge branch 'main' into regex-validation
shemau Nov 10, 2025
cc4c8c4
fix: Updated CRN pattern
Nov 11, 2025
dfe9bab
Merge branch 'main' into regex-validation
arya-girish-k Nov 11, 2025
593d043
fix: bump test wrapper for resource group fix
shemau Nov 12, 2025
130575e
fix : updated CRN pattern
Nov 13, 2025
f8c9142
fix : updated CRN pattern
Nov 13, 2025
b148aa0
update branch
Nov 17, 2025
7d26c30
update branch
Nov 17, 2025
3ef4758
removed common dev assets changes
Nov 17, 2025
299802c
updated variable descritption
Nov 17, 2025
454f66c
Merge branch 'main' into regex-validation
arya-girish-k Nov 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
152 changes: 136 additions & 16 deletions ibm_catalog.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,18 @@
"description": "The name of an existing resource group to provision the resources."
},
{
"key": "prefix"
"key": "prefix",
"default_value": "dev",
"random_string": {
"length": 4
},
"value_constraints": [
{
"type": "regex",
"description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters.",
"value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$"
}
]
},
{
"key": "region",
Expand Down Expand Up @@ -321,7 +332,14 @@
"key": "admin_pass"
},
{
"key": "existing_secrets_manager_instance_crn"
"key": "existing_secrets_manager_instance_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_secrets_manager_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}secrets-manager:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "existing_secrets_manager_endpoint_type",
Expand Down Expand Up @@ -365,10 +383,24 @@
"key": "kms_encryption_enabled"
},
{
"key": "existing_kms_instance_crn"
"key": "existing_kms_instance_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_kms_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "existing_kms_key_crn"
"key": "existing_kms_key_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_kms_key_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
]
},
{
"key": "kms_endpoint_type",
Expand All @@ -391,10 +423,24 @@
"key": "key_name"
},
{
"key": "backup_crn"
"key": "backup_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'backup_crn' is not valid.",
"value": "^__NULL__$|^crn:.*:backup:"
}
]
},
{
"key": "existing_backup_kms_key_crn"
"key": "existing_backup_kms_key_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_backup_kms_key_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
]
},
{
"key": "use_default_backup_encryption_key"
Expand All @@ -403,7 +449,14 @@
"key": "skip_elasticsearch_kms_auth_policy"
},
{
"key": "existing_elasticsearch_instance_crn"
"key": "existing_elasticsearch_instance_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_elasticsearch_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}databases-for-elasticsearch:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "enable_elser_model"
Expand Down Expand Up @@ -444,7 +497,14 @@
"key": "kibana_registry_namespace_image"
},
{
"key": "kibana_image_digest"
"key": "kibana_image_digest",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'kibana_image_digest' is not valid.",
"value": "^__NULL__$|^sha256:"
}
]
},
{
"key": "kibana_image_port"
Expand Down Expand Up @@ -574,7 +634,18 @@
"description": "The name of an existing resource group to provision the resources."
},
{
"key": "prefix"
"key": "prefix",
"default_value": "dev",
"random_string": {
"length": 4
},
"value_constraints": [
{
"type": "regex",
"description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters.",
"value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$"
}
]
},
{
"key": "region",
Expand Down Expand Up @@ -737,7 +808,14 @@
"key": "admin_pass"
},
{
"key": "existing_secrets_manager_instance_crn"
"key": "existing_secrets_manager_instance_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_secrets_manager_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}secrets-manager:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "skip_elasticsearch_to_secrets_manager_auth_policy"
Expand Down Expand Up @@ -765,10 +843,24 @@
},
{
"key": "existing_kms_instance_crn",
"required": true
"required": true,
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_kms_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "existing_kms_key_crn"
"key": "existing_kms_key_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_kms_key_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
]
},
{
"key": "key_ring_name"
Expand All @@ -777,16 +869,37 @@
"key": "key_name"
},
{
"key": "backup_crn"
"key": "backup_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'backup_crn' is not valid.",
"value": "^__NULL__$|^crn:.*:backup:"
}
]
},
{
"key": "existing_backup_kms_key_crn"
"key": "existing_backup_kms_key_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_backup_kms_key_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
}
]
},
{
"key": "skip_elasticsearch_kms_auth_policy"
},
{
"key": "existing_elasticsearch_instance_crn"
"key": "existing_elasticsearch_instance_crn",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'existing_elasticsearch_instance_crn' is not valid.",
"value": "^__NULL__$|^crn:(.*:){3}databases-for-elasticsearch:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$"
}
]
},
{
"key": "enable_elser_model"
Expand Down Expand Up @@ -824,7 +937,14 @@
"key": "kibana_registry_namespace_image"
},
{
"key": "kibana_image_digest"
"key": "kibana_image_digest",
"value_constraints": [
{
"type": "regex",
"description": "The value provided for 'kibana_image_digest' must start with 'sha256:'.",
"value": "^__NULL__$|^sha256:"
}
]
},
{
"key": "kibana_image_port"
Expand Down
37 changes: 36 additions & 1 deletion solutions/fully-configurable/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ variable "existing_resource_group_name" {
variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
description = "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). To skip using a prefix, set this value to null or an empty string. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
Expand Down Expand Up @@ -62,6 +62,14 @@ variable "existing_elasticsearch_instance_crn" {
type = string
default = null
description = "The CRN of an existing Databases for Elasticsearch instance. If no value is specified, a new instance is created."

validation {
condition = anytrue([
var.existing_elasticsearch_instance_crn == null,
can(regex("^crn:(.*:){3}databases-for-elasticsearch:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_elasticsearch_instance_crn))
])
error_message = "The value provided for 'existing_elasticsearch_instance_crn' is not valid."
}
}

variable "elasticsearch_version" {
Expand Down Expand Up @@ -229,12 +237,30 @@ variable "existing_kms_instance_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services instance. Required to create a new encryption key and key ring which will be used to encrypt both deployment data and backups. To use an existing key, pass values for `existing_kms_key_crn` and/or `existing_backup_kms_key_crn`. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null

validation {
condition = anytrue([
var.existing_kms_instance_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_kms_instance_crn))
])
error_message = "The value provided for 'existing_kms_instance_crn' is not valid."
}

}

variable "existing_kms_key_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services encryption key to encrypt your data. By default this key is used for both deployment data and backups, but this behaviour can be altered using the optional `existing_backup_kms_key_crn` input. If no value is passed a new key will be created in the instance specified in the `existing_kms_instance_crn` input. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null

validation {
condition = anytrue([
var.existing_kms_key_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_kms_key_crn))
])
error_message = "The value provided for 'existing_kms_key_crn’ is not valid."
}

}

variable "kms_endpoint_type" {
Expand Down Expand Up @@ -277,6 +303,15 @@ variable "existing_backup_kms_key_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. Applies only if `kms_encryption_enabled` is true. If no value is passed, the value of `existing_kms_key_crn` is used. If no value is passed for `existing_kms_key_crn`, a new key will be created in the instance specified in the `existing_kms_instance_crn` input. Alternatively set `kms_encryption_enabled` to false to use the IBM Cloud Databases default encryption. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null

validation {
condition = anytrue([
var.existing_backup_kms_key_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_backup_kms_key_crn))
])
error_message = "The value provided for 'existing_backup_kms_key_crn' is not valid."
}

}

variable "use_default_backup_encryption_key" {
Expand Down
42 changes: 41 additions & 1 deletion solutions/security-enforced/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ variable "existing_resource_group_name" {
variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
description = "The prefix to add to all resources that this solution creates (e.g `prod`, `test`, `dev`). To skip using a prefix, set this value to null or an empty string. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."

validation {
# - null and empty string is allowed
Expand Down Expand Up @@ -57,6 +57,14 @@ variable "existing_elasticsearch_instance_crn" {
type = string
default = null
description = "The CRN of an existing Databases for Elasticsearch instance. If no value is specified, a new instance is created."

validation {
condition = anytrue([
var.existing_elasticsearch_instance_crn == null,
can(regex("^crn:(.*:){3}databases-for-elasticsearch:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_elasticsearch_instance_crn))
])
error_message = "The value provided for 'existing_elasticsearch_instance_crn' is not valid."
}
}

variable "elasticsearch_version" {
Expand Down Expand Up @@ -186,6 +194,14 @@ variable "existing_kms_instance_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services instance. Required to create a new encryption key and key ring which will be used to encrypt both deployment data and backups. To use an existing key, pass values for `existing_kms_key_crn` and/or `existing_backup_kms_key_crn`. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null

validation {
condition = anytrue([
var.existing_kms_instance_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_kms_instance_crn))
])
error_message = "The value provided for 'existing_kms_instance_crn' is not valid."
}
}

variable "existing_kms_key_crn" {
Expand All @@ -200,6 +216,14 @@ variable "existing_kms_key_crn" {
)
error_message = "Either existing_kms_key_crn or existing_kms_instance_crn must be set, but not both."
}

validation {
condition = anytrue([
var.existing_kms_key_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_kms_key_crn))
])
error_message = "The value provided for 'existing_kms_key_crn’ is not valid."
}
}

variable "skip_elasticsearch_kms_auth_policy" {
Expand Down Expand Up @@ -231,6 +255,14 @@ variable "existing_backup_kms_key_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. If no value is passed, the value of `existing_kms_key_crn` is used. If no value is passed for `existing_kms_key_crn`, a new key will be created in the instance specified in the `existing_kms_instance_crn` input."
default = null

validation {
condition = anytrue([
var.existing_backup_kms_key_crn == null,
can(regex("^crn:(.*:){3}(kms|hs-crypto):(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}:key:[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$", var.existing_backup_kms_key_crn))
])
error_message = "The value provided for 'existing_backup_kms_key_crn' is not valid."
}
}

variable "backup_crn" {
Expand Down Expand Up @@ -307,6 +339,14 @@ variable "existing_secrets_manager_instance_crn" {
type = string
default = null
description = "The CRN of existing secrets manager to use to create service credential secrets for Databases for Elasticsearch instance."

validation {
condition = anytrue([
var.existing_secrets_manager_instance_crn == null,
can(regex("^crn:(.*:){3}secrets-manager:(.*:){2}[0-9a-fA-F]{8}(?:-[0-9a-fA-F]{4}){3}-[0-9a-fA-F]{12}::$", var.existing_secrets_manager_instance_crn))
])
error_message = "The value provided for 'existing_secrets_manager_instance_crn' is not valid."
}
}

variable "service_credential_secrets" {
Expand Down