From 28a8da0b7cdc4d4ea9b8e00c5aa61bdcb37256ca Mon Sep 17 00:00:00 2001
From: piyush <Piyush.Kumar.Sahu@ibm.com>
Date: Wed, 3 Sep 2025 11:57:05 +0530
Subject: [PATCH 1/2] chore: Fix regex validation to enforce exact match
 (public or private)

---
 solutions/fully-configurable/variables.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 88e21d0..04266ed 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -218,7 +218,7 @@ variable "kms_endpoint_type" {
   default     = "private"
 
   validation {
-    condition     = can(regex("public|private", var.kms_endpoint_type))
+    condition     = can(regex("^(public|private)$", var.kms_endpoint_type))
     error_message = "The kms_endpoint_type value must be 'public' or 'private'."
   }
 }

From c235df1a5139a4443b7b4b1564a90bc04f285b7d Mon Sep 17 00:00:00 2001
From: Piyush Kumar Sahu <Piyush.Kumar.Sahu@ibm.com>
Date: Thu, 4 Sep 2025 12:18:15 +0530
Subject: [PATCH 2/2] Addressed the feedback

---
 examples/basic/variables.tf               | 2 +-
 solutions/fully-configurable/variables.tf | 2 +-
 variables.tf                              | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/examples/basic/variables.tf b/examples/basic/variables.tf
index f11c98c..dcabafb 100644
--- a/examples/basic/variables.tf
+++ b/examples/basic/variables.tf
@@ -46,7 +46,7 @@ variable "service_endpoints" {
   default     = "public"
 
   validation {
-    condition     = can(regex("public|public-and-private|private", var.service_endpoints))
+    condition     = can(regex("^(public|public-and-private|private)$", var.service_endpoints))
     error_message = "Valid values for service_endpoints are 'public', 'public-and-private', and 'private'"
   }
 }
diff --git a/solutions/fully-configurable/variables.tf b/solutions/fully-configurable/variables.tf
index 04266ed..bcd9118 100644
--- a/solutions/fully-configurable/variables.tf
+++ b/solutions/fully-configurable/variables.tf
@@ -80,7 +80,7 @@ variable "service_endpoints" {
   default     = "private"
 
   validation {
-    condition     = can(regex("public|public-and-private|private", var.service_endpoints))
+    condition     = can(regex("^(public|public-and-private|private)$", var.service_endpoints))
     error_message = "Valid values for service_endpoints are 'public', 'public-and-private', and 'private'"
   }
 }
diff --git a/variables.tf b/variables.tf
index 84f6217..16cb93f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -121,7 +121,7 @@ variable "service_endpoints" {
   default     = "private"
 
   validation {
-    condition     = can(regex("public|public-and-private|private", var.service_endpoints))
+    condition     = can(regex("^(public|public-and-private|private)$", var.service_endpoints))
     error_message = "Valid values for service_endpoints are 'public', 'public-and-private', and 'private'"
   }
 }