From 609518eed52bca75f035e2eb231fff740d466974 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Mon, 9 Dec 2024 12:21:26 +0000 Subject: [PATCH 1/2] fix: add validation to bootstrap inputs --- alz/azuredevops/variables.input.tf | 18 +++++++++++++++--- alz/azuredevops/variables.interface.tf | 14 +++++++++++++- alz/github/variables.input.tf | 18 +++++++++++++++--- alz/github/variables.interface.tf | 14 +++++++++++++- alz/local/terraform.tfvars | 7 +++++++ alz/local/variables.input.tf | 18 +++++++++++++++--- alz/local/variables.interface.tf | 14 +++++++++++++- 7 files changed, 91 insertions(+), 12 deletions(-) create mode 100644 alz/local/terraform.tfvars diff --git a/alz/azuredevops/variables.input.tf b/alz/azuredevops/variables.input.tf index 23d3f4c..5fe5344 100644 --- a/alz/azuredevops/variables.input.tf +++ b/alz/azuredevops/variables.input.tf @@ -16,21 +16,33 @@ variable "use_separate_repository_for_templates" { } variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|6|azure_subscription_id" + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" type = string default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" type = string default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } } variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" type = string default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } } variable "postfix_number" { diff --git a/alz/azuredevops/variables.interface.tf b/alz/azuredevops/variables.interface.tf index 66abcf6..8075751 100644 --- a/alz/azuredevops/variables.interface.tf +++ b/alz/azuredevops/variables.interface.tf @@ -17,16 +17,28 @@ variable "root_parent_management_group_id" { variable "subscription_id_connectivity" { description = "The identifier of the Connectivity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_identity" { description = "The identifier of the Identity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_management" { description = "The identifier of the Management Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "configuration_file_path" { @@ -54,6 +66,6 @@ variable "on_demand_folder_artifact_name" { } variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location" + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" type = string } diff --git a/alz/github/variables.input.tf b/alz/github/variables.input.tf index 3586cc5..bb02610 100644 --- a/alz/github/variables.input.tf +++ b/alz/github/variables.input.tf @@ -16,21 +16,33 @@ variable "use_separate_repository_for_templates" { } variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|azure_subscription_id" + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" type = string default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" type = string default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } } variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" type = string default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } } variable "postfix_number" { diff --git a/alz/github/variables.interface.tf b/alz/github/variables.interface.tf index c2fc4f9..f1048c2 100644 --- a/alz/github/variables.interface.tf +++ b/alz/github/variables.interface.tf @@ -17,16 +17,28 @@ variable "root_parent_management_group_id" { variable "subscription_id_connectivity" { description = "The identifier of the Connectivity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_identity" { description = "The identifier of the Identity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_management" { description = "The identifier of the Management Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "configuration_file_path" { @@ -54,6 +66,6 @@ variable "on_demand_folder_artifact_name" { } variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location" + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" type = string } diff --git a/alz/local/terraform.tfvars b/alz/local/terraform.tfvars new file mode 100644 index 0000000..af252ae --- /dev/null +++ b/alz/local/terraform.tfvars @@ -0,0 +1,7 @@ +iac_type = "terraform" +module_folder_path = "testing" +subscription_id_connectivity = "b857908d-3f5c-4477-91c1-0fbd08df4e88" +subscription_id_identity = "b857908d-3f5c-4477-91c1-0fbd08df4e88" +subscription_id_management = "b857908d-3f5c-4477-91c1-0fbd08df4e88" +bootstrap_location = "uksouth" +service_name = "testtest" \ No newline at end of file diff --git a/alz/local/variables.input.tf b/alz/local/variables.input.tf index a64e5cc..3d1138e 100644 --- a/alz/local/variables.input.tf +++ b/alz/local/variables.input.tf @@ -11,21 +11,33 @@ variable "create_bootstrap_resources_in_azure" { } variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|azure_subscription_id" + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" type = string default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" type = string default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } } variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)|azure_name_section" + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" type = string default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } } variable "postfix_number" { diff --git a/alz/local/variables.interface.tf b/alz/local/variables.interface.tf index 04d38f0..7323582 100644 --- a/alz/local/variables.interface.tf +++ b/alz/local/variables.interface.tf @@ -17,16 +17,28 @@ variable "root_parent_management_group_id" { variable "subscription_id_connectivity" { description = "The identifier of the Connectivity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_identity" { description = "The identifier of the Identity Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "subscription_id_management" { description = "The identifier of the Management Subscription" type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } } variable "configuration_file_path" { @@ -42,7 +54,7 @@ variable "starter_module_name" { } variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location" + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" type = string default = "" } From 7b7baebba8426cedba4690511b81ef95e79aaea4 Mon Sep 17 00:00:00 2001 From: Jared Holgate Date: Mon, 9 Dec 2024 12:25:10 +0000 Subject: [PATCH 2/2] linting --- .gitignore | 2 +- alz/local/terraform.tfvars | 7 ------- 2 files changed, 1 insertion(+), 8 deletions(-) delete mode 100644 alz/local/terraform.tfvars diff --git a/.gitignore b/.gitignore index 1a486d2..7583592 100644 --- a/.gitignore +++ b/.gitignore @@ -33,4 +33,4 @@ override.tf.json .terraformrc terraform.rc .terraform.lock.hcl -!terraform.tfvars \ No newline at end of file +terraform.tfvars \ No newline at end of file diff --git a/alz/local/terraform.tfvars b/alz/local/terraform.tfvars deleted file mode 100644 index af252ae..0000000 --- a/alz/local/terraform.tfvars +++ /dev/null @@ -1,7 +0,0 @@ -iac_type = "terraform" -module_folder_path = "testing" -subscription_id_connectivity = "b857908d-3f5c-4477-91c1-0fbd08df4e88" -subscription_id_identity = "b857908d-3f5c-4477-91c1-0fbd08df4e88" -subscription_id_management = "b857908d-3f5c-4477-91c1-0fbd08df4e88" -bootstrap_location = "uksouth" -service_name = "testtest" \ No newline at end of file