terraform-ibm-modules · Aashiq-J · Apr 16, 2025 · Apr 14, 2025 · Apr 16, 2025
@@ -94,7 +94,7 @@ You need the following permissions to run this module.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.15.0, <3.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.70.0, <2.0.0 |
 

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (this example), and 1 example that will always use the latest provider version (obs-agent-ocp).

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (obs-agent-iks), and 1 example that will always use the latest provider version (this exammple).

@@ -35,20 +35,6 @@ locals {
   cloud_monitoring_agent_registry   = "icr.io/ext/sysdig/agent"
   cloud_monitoring_agent_tags       = var.cloud_monitoring_add_cluster_name ? concat(["ibm.containers-kubernetes.cluster.name:${local.cluster_name}"], var.cloud_monitoring_agent_tags) : var.cloud_monitoring_agent_tags
   cloud_monitoring_host             = var.cloud_monitoring_enabled ? var.cloud_monitoring_endpoint_type == "private" ? "ingest.private.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : "logs.${var.cloud_monitoring_instance_region}.monitoring.cloud.ibm.com" : null
-
-  # TODO: Move this into variable.tf since module requires 1.9 now
-  # VARIABLE VALIDATION
-  cloud_monitoring_key_validate_condition = var.cloud_monitoring_enabled == true && var.cloud_monitoring_instance_region == null && var.cloud_monitoring_access_key == null
-  cloud_monitoring_key_validate_msg       = "Values for 'cloud_monitoring_access_key' and 'log_analysis_instance_region' variables must be passed when 'cloud_monitoring_enabled = true'"
-  # tflint-ignore: terraform_unused_declarations
-  cloud_monitoring_key_validate_check = regex("^${local.cloud_monitoring_key_validate_msg}$", (!local.cloud_monitoring_key_validate_condition ? local.cloud_monitoring_key_validate_msg : ""))
-  # Logs Agent Validation
-  # tflint-ignore: terraform_unused_declarations
-  validate_iam_mode = var.logs_agent_enabled == true && (var.logs_agent_iam_mode == "IAMAPIKey" && (var.logs_agent_iam_api_key == null || var.logs_agent_iam_api_key == "")) ? tobool("When passing 'IAMAPIKey' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_iam_api_key' as null or empty string.") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_trusted_profile_mode = var.logs_agent_enabled == true && (var.logs_agent_iam_mode == "TrustedProfile" && (var.logs_agent_trusted_profile == null || var.logs_agent_trusted_profile == "")) ? tobool(" When passing 'TrustedProfile' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_trusted_profile' as null or empty string.") : true
-  # tflint-ignore: terraform_unused_declarations
-  validate_icl_ingress_endpoint = var.logs_agent_enabled == true && (var.cloud_logs_ingress_endpoint == null || var.cloud_logs_ingress_endpoint == "") ? tobool("When 'logs_agent_enabled' is enabled, you cannot set 'cloud_logs_ingress_endpoint' as null or empty string.") : true
 }
 
 /** Cloud Monitoring Configuration Start **/

@@ -59,7 +59,7 @@ module "logs_agent_module" {
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 2.11.0, <3.0.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.59.0, <2.0.0 |
 

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   # Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions.
   required_providers {

@@ -59,6 +59,14 @@ variable "cloud_monitoring_enabled" {
   type        = bool
   description = "Deploy IBM Cloud Monitoring agent"
   default     = true
+
+  validation {
+    condition = !var.cloud_monitoring_enabled || (
+      var.cloud_monitoring_access_key != null &&
+      var.cloud_monitoring_instance_region != null
+    )
+    error_message = "When cloud_monitoring_enabled is true, both cloud_monitoring_access_key and cloud_monitoring_instance_region must be provided."
+  }
 }
 
 variable "cloud_monitoring_access_key" {
@@ -196,13 +204,31 @@ variable "logs_agent_trusted_profile" {
   type        = string
   description = "The IBM Cloud trusted profile ID. Used only when `logs_agent_iam_mode` is set to `TrustedProfile`. The trusted profile must have an IBM Cloud Logs `Sender` role."
   default     = null
+
+  validation {
+    condition = (
+      var.logs_agent_enabled == false ||
+      var.logs_agent_iam_mode != "TrustedProfile" ||
+      (var.logs_agent_trusted_profile != null && var.logs_agent_trusted_profile != "")
+    )
+    error_message = "When passing 'TrustedProfile' value for 'logs_agent_iam_mode' you cannot set 'logs_agent_trusted_profile' as null or empty string."
+  }
 }
 
 variable "logs_agent_iam_api_key" {
   type        = string
   description = "The IBM Cloud API key for the Logs agent to authenticate and communicate with the IBM Cloud Logs. It is required if `logs_agent_iam_mode` is set to `IAMAPIKey`."
   sensitive   = true
   default     = null
+
+  validation {
+    condition = (
+      var.logs_agent_enabled == false ||
+      var.logs_agent_iam_mode != "IAMAPIKey" ||
+      (var.logs_agent_iam_api_key != null && var.logs_agent_iam_api_key != "")
+    )
+    error_message = "When passing 'IAMAPIKey' value for 'logs_agent_iam_mode', you cannot set 'logs_agent_iam_api_key' as null or empty string."
+  }
 }
 
 variable "logs_agent_tolerations" {
@@ -278,6 +304,14 @@ variable "cloud_logs_ingress_endpoint" {
   description = "The host for IBM Cloud Logs ingestion. Ensure you use the ingress endpoint. See https://cloud.ibm.com/docs/cloud-logs?topic=cloud-logs-endpoints_ingress."
   type        = string
   default     = null
+
+  validation {
+    condition = (
+      var.logs_agent_enabled == false ||
+      (var.cloud_logs_ingress_endpoint != null && var.cloud_logs_ingress_endpoint != "")
+    )
+    error_message = "When 'logs_agent_enabled' is enabled, you cannot set 'cloud_logs_ingress_endpoint' as null or empty string."
+  }
 }
 
 variable "cloud_logs_ingress_port" {

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
 
   # Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions.
   required_providers {