diff --git a/README.md b/README.md
index 59df10c9..a8bd86c2 100644
--- a/README.md
+++ b/README.md
@@ -94,7 +94,7 @@ You need the following permissions to run this module.
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3.0 |
+| [terraform](#requirement\_terraform) | >= 1.9.0 |
| [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
| [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |
diff --git a/examples/obs-agent-iks/version.tf b/examples/obs-agent-iks/version.tf
index 7f0ae1ec..7195709e 100644
--- a/examples/obs-agent-iks/version.tf
+++ b/examples/obs-agent-iks/version.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3.0"
+ required_version = ">= 1.9.0"
# Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
# module's version.tf (this example), and 1 example that will always use the latest provider version (obs-agent-ocp).
diff --git a/examples/obs-agent-ocp/version.tf b/examples/obs-agent-ocp/version.tf
index 10709c5e..4d931a65 100644
--- a/examples/obs-agent-ocp/version.tf
+++ b/examples/obs-agent-ocp/version.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3.0"
+ required_version = ">= 1.9.0"
# Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
# module's version.tf (obs-agent-iks), and 1 example that will always use the latest provider version (this exammple).
diff --git a/main.tf b/main.tf
index a901446b..20663dfb 100644
--- a/main.tf
+++ b/main.tf
@@ -35,20 +35,6 @@ locals {
cloud_monitoring_agent_registry = "icr.io/ext/sysdig/agent"
cloud_monitoring_agent_tags = var.cloud_monitoring_add_cluster_name ? concat(["ibm.containers-kubernetes.cluster.name:${local.cluster_name}"], var.cloud_monitoring_agent_tags) : var.cloud_monitoring_agent_tags
cloud_monitoring_host = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null
-
- # TODO: Move this into variable.tf since module requires 1.9 now
- # VARIABLE VALIDATION
- cloud_monitoring_key_validate_condition = var.cloud_monitoring_enabled == true && var.cloud_monitoring_instance_region == null && var.cloud_monitoring_access_key == null
- cloud_monitoring_key_validate_msg = "Values for 'cloud_monitoring_access_key' and 'log_analysis_instance_region' variables must be passed when 'cloud_monitoring_enabled = true'"
- # tflint-ignore: terraform_unused_declarations
- cloud_monitoring_key_validate_check = regex("^${local.cloud_monitoring_key_validate_msg}$", (!local.cloud_monitoring_key_validate_condition ? local.cloud_monitoring_key_validate_msg : ""))
- # Logs Agent Validation
- # tflint-ignore: terraform_unused_declarations
- validate_iam_mode = var.logs_agent_enabled == true && (var.logs_agent_iam_mode == "IAMAPIKey" && (var.logs_agent_iam_api_key == null || var.logs_agent_iam_api_key == "")) ? tobool("When passing 'IAMAPIKey' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_iam_api_key' as null or empty string.") : true
- # tflint-ignore: terraform_unused_declarations
- validate_trusted_profile_mode = var.logs_agent_enabled == true && (var.logs_agent_iam_mode == "TrustedProfile" && (var.logs_agent_trusted_profile == null || var.logs_agent_trusted_profile == "")) ? tobool(" When passing 'TrustedProfile' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_trusted_profile' as null or empty string.") : true
- # tflint-ignore: terraform_unused_declarations
- validate_icl_ingress_endpoint = var.logs_agent_enabled == true && (var.cloud_logs_ingress_endpoint == null || var.cloud_logs_ingress_endpoint == "") ? tobool("When 'logs_agent_enabled' is enabled, you cannot set 'cloud_logs_ingress_endpoint' as null or empty string.") : true
}
/** Cloud Monitoring Configuration Start **/
diff --git a/modules/logs-agent/README.md b/modules/logs-agent/README.md
index ee8849c1..258d4890 100644
--- a/modules/logs-agent/README.md
+++ b/modules/logs-agent/README.md
@@ -59,7 +59,7 @@ module "logs_agent_module" {
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.3.0 |
+| [terraform](#requirement\_terraform) | >= 1.9.0 |
| [helm](#requirement\_helm) | >= 2.11.0, <3.0.0 |
| [ibm](#requirement\_ibm) | >= 1.59.0, <2.0.0 |
diff --git a/modules/logs-agent/version.tf b/modules/logs-agent/version.tf
index 7e8fd8af..42854b02 100644
--- a/modules/logs-agent/version.tf
+++ b/modules/logs-agent/version.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3.0"
+ required_version = ">= 1.9.0"
# Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions.
required_providers {
diff --git a/variables.tf b/variables.tf
index 4392a4c2..f01b85f9 100644
--- a/variables.tf
+++ b/variables.tf
@@ -59,6 +59,14 @@ variable "cloud_monitoring_enabled" {
type = bool
description = "Deploy IBM Cloud Monitoring agent"
default = true
+
+ validation {
+ condition = !var.cloud_monitoring_enabled || (
+ var.cloud_monitoring_access_key != null &&
+ var.cloud_monitoring_instance_region != null
+ )
+ error_message = "When cloud_monitoring_enabled is true, both cloud_monitoring_access_key and cloud_monitoring_instance_region must be provided."
+ }
}
variable "cloud_monitoring_access_key" {
@@ -196,6 +204,15 @@ variable "logs_agent_trusted_profile" {
type = string
description = "The IBM Cloud trusted profile ID. Used only when `logs_agent_iam_mode` is set to `TrustedProfile`. The trusted profile must have an IBM Cloud Logs `Sender` role."
default = null
+
+ validation {
+ condition = (
+ var.logs_agent_enabled == false ||
+ var.logs_agent_iam_mode != "TrustedProfile" ||
+ (var.logs_agent_trusted_profile != null && var.logs_agent_trusted_profile != "")
+ )
+ error_message = "When passing 'TrustedProfile' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_trusted_profile' as null or empty string."
+ }
}
variable "logs_agent_iam_api_key" {
@@ -203,6 +220,15 @@ variable "logs_agent_iam_api_key" {
description = "The IBM Cloud API key for the Logs agent to authenticate and communicate with the IBM Cloud Logs. It is required if `logs_agent_iam_mode` is set to `IAMAPIKey`."
sensitive = true
default = null
+
+ validation {
+ condition = (
+ var.logs_agent_enabled == false ||
+ var.logs_agent_iam_mode != "IAMAPIKey" ||
+ (var.logs_agent_iam_api_key != null && var.logs_agent_iam_api_key != "")
+ )
+ error_message = "When passing 'IAMAPIKey' value for 'logs_agent_iam_mode', you cannot set 'logs_agent_iam_api_key' as null or empty string."
+ }
}
variable "logs_agent_tolerations" {
@@ -278,6 +304,14 @@ variable "cloud_logs_ingress_endpoint" {
description = "The host for IBM Cloud Logs ingestion. Ensure you use the ingress endpoint. See https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-endpoints_ingress."
type = string
default = null
+
+ validation {
+ condition = (
+ var.logs_agent_enabled == false ||
+ (var.cloud_logs_ingress_endpoint != null && var.cloud_logs_ingress_endpoint != "")
+ )
+ error_message = "When 'logs_agent_enabled' is enabled, you cannot set 'cloud_logs_ingress_endpoint' as null or empty string."
+ }
}
variable "cloud_logs_ingress_port" {
diff --git a/version.tf b/version.tf
index c221e6cf..ae47bb43 100644
--- a/version.tf
+++ b/version.tf
@@ -1,5 +1,5 @@
terraform {
- required_version = ">= 1.3.0"
+ required_version = ">= 1.9.0"
# Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions.
required_providers {