fix(deps): updated required terraform version to >=1.9.0 and updated the variable validation logic (#225)

kierramarie · web-flow · commit e1e72c78b6f5 · 2025-05-09T09:47:00.000+01:00
diff --git a/README.md b/README.md
@@ -162,7 +162,7 @@ You need the following permissions to run this module.
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.76.0, < 2.0.0 |
 | <a name="requirement_time"></a> [time](#requirement\_time) | >= 0.9.1, < 1.0.0 |
 
diff --git a/examples/api_key_auth/version.tf b/examples/api_key_auth/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works
     ibm = {
diff --git a/examples/iam_auth/version.tf b/examples/iam_auth/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Pin to the lowest provider version of the range defined in the main module to ensure lowest version still works
     ibm = {
diff --git a/main.tf b/main.tf
@@ -1,31 +1,10 @@
-# Validation
-# approach based on https://stackoverflow.com/a/66682419
-locals {
-  # public cert DNS config
-  dns_validate_condition = var.dns_config_name != null && var.internet_services_crn == null
-  dns_validate_msg       = "A value for 'internet_services_crn' must be passed to create a DNS config for public_cert secrets engine"
-  # tflint-ignore: terraform_unused_declarations
-  dns_validate_check = regex("^${local.dns_validate_msg}$", (!local.dns_validate_condition ? local.dns_validate_msg : ""))
-
-  # public cert CA config
-  ca_validate_condition = var.ca_config_name != null && (var.acme_letsencrypt_private_key == null && (var.private_key_secrets_manager_instance_guid == null || var.private_key_secrets_manager_secret_id == null))
-  ca_validate_msg       = "A value for 'acme_letsencrypt_private_key' must be passed to create a CA config for public_cert secrets engine"
-  # tflint-ignore: terraform_unused_declarations
-  ca_validate_check = regex("^${local.ca_validate_msg}$", (!local.ca_validate_condition ? local.ca_validate_msg : ""))
-
-  # ensure an acme private key is being passed
-  # tflint-ignore: terraform_unused_declarations
-  validate_acme_values = (var.private_key_secrets_manager_instance_guid == null || var.private_key_secrets_manager_secret_id == null) && var.acme_letsencrypt_private_key == null ? tobool("A value for 'acme_letsencrypt_private_key' must be provided, or both `private_key_secrets_manager_instance_guid` and `private_key_secrets_manager_secret_id` must be provided to pull the private key.") : true
-
-  create_access_policy_cis = !var.skip_iam_authorization_policy && var.dns_config_name != null && var.ibmcloud_cis_api_key == null
-}
-
 # Data source to retrieve account ID
 data "ibm_iam_account_settings" "iam_account_settings" {
 }
 
 locals {
-  cis_account_id = var.cis_account_id != null ? var.cis_account_id : data.ibm_iam_account_settings.iam_account_settings.account_id
+  create_access_policy_cis = !var.skip_iam_authorization_policy && var.dns_config_name != null && var.ibmcloud_cis_api_key == null
+  cis_account_id           = var.cis_account_id != null ? var.cis_account_id : data.ibm_iam_account_settings.iam_account_settings.account_id
 }
 
 resource "ibm_iam_authorization_policy" "cis_service_authorization" {
diff --git a/variables.tf b/variables.tf
@@ -24,6 +24,11 @@ variable "internet_services_crn" {
   type        = string
   description = "CRN of the CIS instance to authorize Secrets Manager against"
   default     = null
+
+  validation {
+    condition     = var.dns_config_name != null ? var.internet_services_crn != null : true
+    error_message = "A value for 'internet_services_crn' must be passed to create a DNS config for public_cert secrets engine"
+  }
 }
 
 variable "cis_account_id" {
@@ -61,6 +66,11 @@ variable "acme_letsencrypt_private_key" {
   description = "The private key generated by the ACME account creation tool. Required if private_key_secrets_manager_instance_guid and private_key_secrets_manager_secret_id are not set."
   default     = null
   sensitive   = true
+
+  validation {
+    condition     = var.ca_config_name != null ? var.acme_letsencrypt_private_key == null ? (var.private_key_secrets_manager_instance_guid != null && var.private_key_secrets_manager_secret_id != null) : true : true
+    error_message = "A value for 'acme_letsencrypt_private_key' must be provided, or both `private_key_secrets_manager_instance_guid` and `private_key_secrets_manager_secret_id` must be provided to pull the private key to create a CA config for public_cert secrets engine."
+  }
 }
 
 variable "service_endpoints" {
diff --git a/version.tf b/version.tf
@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   required_providers {
     # Use "greater than or equal to" range in modules
     ibm = {
