Release/validate variables (#4)

iKnowJavaScript · web-flow · commit ffad25b7a904 · 2025-01-26T00:41:37.000+01:00
* fix: update var default values

* feat: add validations to terraform variables
diff --git a/examples/basic/main.tf b/examples/basic/main.tf
@@ -5,7 +5,7 @@ module "remediation" {
   name             = "vulne-soldier-compliance-remediate"
   environment      = "dev"
   aws_region       = "us-east-1"
-  account_id       = "2132323212_dummmmy"
+  account_id       = "111122223333"
   lambda_log_group = "/aws/lambda/vulne-soldier-compliance-remediate"
   lambda_zip       = "../../lambda.zip"
   remediation_options = {
diff --git a/main.tf b/main.tf
@@ -5,7 +5,6 @@ provider "aws" {
 locals {
   function_name     = "${var.name}-${var.environment}"
   ssm_document_name = "${var.name}-inspector-findings-${var.environment}"
-  # You can specify the vulnerability severities to filter findings: default is CRITICAL and HIGH vulnerabilities
   lambda_zip        = var.lambda_zip
 }
 
diff --git a/variables.tf b/variables.tf
@@ -1,21 +1,28 @@
 variable "name" {
   description = "Name of the application"
   type        = string
+  default = "vulne-soldier-compliance-remediate"
 }
 
 variable "aws_region" {
   description = "AWS region where the resources will be created"
   type        = string
+  default = "us-east-1"
 }
 
 variable "environment" {
   description = "Name of the environment"
   type        = string
+  default = "dev"
 }
 
 variable "account_id" {
   description = "AWS account ID"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9]{12}$", var.account_id))
+    error_message = "The account_id must be a 12-digit number."
+  }
 }
 
 variable "lambda_log_group" {
@@ -26,7 +33,10 @@ variable "lambda_log_group" {
 variable "lambda_zip" {
   description = "File location of the lambda zip file for remediation."
   type        = string
-  default     = null
+  validation {
+    condition     = can(regex("^.+\\.zip$", var.lambda_zip))
+    error_message = "The lambda_zip must be a path to a zip file."
+  }
 }
 
 variable "remediation_options" {
@@ -47,4 +57,12 @@ variable "remediation_options" {
     vulnerability_severities                   = "CRITICAL, HIGH"
     override_findings_for_target_instances_ids = null
   }
+  validation {
+    condition     = contains(["NoReboot", "RebootIfNeeded"], var.remediation_options.reboot_option)
+    error_message = "The reboot_option must be either NoReboot or RebootIfNeeded."
+  }
+  validation {
+    condition     = can(regex("^([A-Z]+, )*[A-Z]+$", var.remediation_options.vulnerability_severities))
+    error_message = "The vulnerability_severities must be a comma-separated list of severities in uppercase."
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,6 @@ provider "aws" {`
`5`	`5`	`locals {`
`6`	`6`	`function_name = "${var.name}-${var.environment}"`
`7`	`7`	`ssm_document_name = "${var.name}-inspector-findings-${var.environment}"`
`8`		`- # You can specify the vulnerability severities to filter findings: default is CRITICAL and HIGH vulnerabilities`
`9`	`8`	`lambda_zip = var.lambda_zip`
`10`	`9`	`}`
`11`	`10`