Add variable validation for input variables to all modules (#82)

Signed-off-by: Jim Enright <[email protected]>

modules/terraform-aws-cred-permissions/variables.tf

@@ -42,6 +42,12 @@ variable "xaccount_policy_name" {
   description = "Cross Account Policy name. Required if xaccount resources are to be created."
 
   default = null
+
+  validation {
+    condition     = (var.xaccount_policy_name == null ? true : length(var.xaccount_policy_name) <= 128)
+    error_message = "The length of xaccount_policy_name must be 128 characters or less."
+  }
+
 }
 
 variable "xaccount_account_policy_doc" {
@@ -57,6 +63,12 @@ variable "xaccount_role_name" {
   description = "Cross account Assume role Name. Required if xaccount resources are to be created."
 
   default = null
+
+  validation {
+    condition     = (var.xaccount_role_name == null ? true : length(var.xaccount_role_name) <= 64)
+    error_message = "The length of xaccount_role_name must be 64 characters or less."
+  }
+
 }
 
 # ------- Support for existing Cross Account Role -------

modules/terraform-aws-permissions/variables.tf

@@ -41,6 +41,10 @@ variable "idbroker_policy_name" {
   type        = string
   description = "IDBroker Policy name"
 
+  validation {
+    condition     = length(var.idbroker_policy_name) <= 128
+    error_message = "The length of idbroker_policy_name must be 128 characters or less."
+  }
 }
 
 variable "idbroker_policy_doc" {
@@ -53,6 +57,11 @@ variable "log_data_access_policy_name" {
   type        = string
   description = "Log Data Access Policy Name"
 
+  validation {
+    condition     = length(var.log_data_access_policy_name) <= 128
+    error_message = "The length of log_data_access_policy_name must be 128 characters or less."
+  }
+
 }
 
 variable "log_data_access_policy_doc" {
@@ -65,6 +74,11 @@ variable "log_data_access_policy_doc" {
 variable "ranger_audit_s3_policy_name" {
   type        = string
   description = "Ranger S3 Audit Data Access Policy Name"
+
+  validation {
+    condition     = length(var.ranger_audit_s3_policy_name) <= 128
+    error_message = "The length of ranger_audit_s3_policy_name must be 128 characters or less."
+  }
 }
 
 variable "ranger_audit_s3_policy_doc" {
@@ -77,6 +91,11 @@ variable "datalake_admin_s3_policy_name" {
   type        = string
   description = "Datalake Admin S3 Data Access Policy Name"
 
+  validation {
+    condition     = length(var.datalake_admin_s3_policy_name) <= 128
+    error_message = "The length of datalake_admin_s3_policy_name must be 128 characters or less."
+  }
+
 }
 
 variable "datalake_admin_s3_policy_doc" {
@@ -103,17 +122,30 @@ variable "data_bucket_access_policy_name" {
   type        = string
   description = "Data Bucket Access Data Access Policy Name"
 
+  validation {
+    condition     = length(var.data_bucket_access_policy_name) <= 128
+    error_message = "The length of data_bucket_access_policy_name must be 128 characters or less."
+  }
+
 }
 variable "log_bucket_access_policy_name" {
   type        = string
   description = "Log Bucket Access Data Access Policy Name"
 
+  validation {
+    condition     = length(var.log_bucket_access_policy_name) <= 128
+    error_message = "The length of log_bucket_access_policy_name must be 128 characters or less."
+  }
 }
 
 variable "backup_bucket_access_policy_name" {
   type        = string
   description = "Backup Bucket Access Data Access Policy Name"
 
+  validation {
+    condition     = length(var.backup_bucket_access_policy_name) <= 128
+    error_message = "The length of backup_bucket_access_policy_name must be 128 characters or less."
+  }
 }
 
 # CDP Datalake restore Policies - datalake
@@ -122,13 +154,22 @@ variable "datalake_restore_policy_name" {
   description = "Datalake restore Data Access Policy Name"
 
   default = null
+
+  validation {
+    condition     = length(var.datalake_restore_policy_name) <= 128
+    error_message = "The length of datalake_restore_policy_name must be 128 characters or less."
+  }
 }
 
 # CDP Datalake backup Policies - datalake
 variable "datalake_backup_policy_name" {
   type        = string
   description = "Datalake backup Data Access Policy Name"
 
+  validation {
+    condition     = length(var.datalake_backup_policy_name) <= 128
+    error_message = "The length of datalake_backup_policy_name must be 128 characters or less."
+  }
 }
 
 variable "data_bucket_access_policy_doc" {
@@ -154,27 +195,43 @@ variable "idbroker_role_name" {
   type        = string
   description = "IDBroker service role Name"
 
+  validation {
+    condition     = length(var.idbroker_role_name) <= 64
+    error_message = "The length of idbroker_role_name must be 64 characters or less."
+  }
 }
 
 # Log service role
 variable "log_role_name" {
   type        = string
   description = "Log service role Name"
 
+  validation {
+    condition     = length(var.log_role_name) <= 64
+    error_message = "The length of log_role_name must be 64 characters or less."
+  }
 }
 
 # CDP Datalake Admin role
 variable "datalake_admin_role_name" {
   type        = string
   description = "Datalake Admin role Name"
 
+  validation {
+    condition     = length(var.datalake_admin_role_name) <= 64
+    error_message = "The length of datalake_admin_role_name must be 64 characters or less."
+  }
 }
 
 # CDP Ranger Audit role
 variable "ranger_audit_role_name" {
   type        = string
   description = "Ranger Audit role Name"
 
+  validation {
+    condition     = length(var.ranger_audit_role_name) <= 64
+    error_message = "The length of ranger_audit_role_name must be 64 characters or less."
+  }
 }
 
 # ------- Buckets and Storage Locations -------

modules/terraform-aws-proxy/examples/ex01-minimal_inputs/main.tf

@@ -13,8 +13,7 @@
 # limitations under the License.
 
 provider "aws" {
-  profile = var.aws_profile
-  region  = var.aws_region
+  region = var.aws_region
 }
 
 module "ex01_network_vpc" {

modules/terraform-aws-proxy/examples/ex01-minimal_inputs/variables.tf

@@ -13,14 +13,6 @@
 # limitations under the License.
 
 # ------- Global settings -------
-variable "aws_profile" {
-  type        = string
-  description = "Profile for AWS cloud credentials"
-
-  # Profile is default unless explicitly specified
-  default = "default"
-}
-
 variable "aws_region" {
   type        = string
   description = "Region which Cloud resources will be created"

modules/terraform-aws-proxy/variables.tf

@@ -55,6 +55,11 @@ variable "proxy_security_group_name" {
   description = "Name of Proxy Security Group for CDP environment. Used only if create_proxy_sg is true."
 
   default = null
+
+  validation {
+    condition     = length(var.proxy_security_group_name) <= 256
+    error_message = "The length of proxy_security_group_name must be 256 characters or less."
+  }
 }
 
 variable "proxy_security_group_id" {
@@ -105,6 +110,11 @@ variable "proxy_launch_template_name" {
 
   description = "Name of Launch Template for the Proxy VMs."
 
+  validation {
+    condition     = length(var.proxy_launch_template_name) <= 255
+    error_message = "The length of proxy_launch_template_name must be 255 characters or less."
+  }
+
 }
 
 variable "enable_proxy_public_ip" {
@@ -158,6 +168,11 @@ variable "proxy_autoscaling_group_name" {
 
   description = "Name of Autoscaling Group for the Proxy VMs."
 
+  validation {
+    condition     = length(var.proxy_autoscaling_group_name) <= 255
+    error_message = "The length of proxy_autoscaling_group_name must be 255 characters or less."
+  }
+
 }
 
 variable "autoscaling_group_scaling" {
@@ -189,6 +204,15 @@ variable "network_load_balancer_name" {
 
   description = "Name of Network Load Balancer for the Proxy."
 
+  validation {
+    condition     = length(var.network_load_balancer_name) <= 32
+    error_message = "The length of network_load_balancer_name must be 32 characters or less."
+  }
+
+  validation {
+    condition     = can(regex("^[a-zA-Z0-9-]{1,32}$", var.network_load_balancer_name))
+    error_message = "Network Load Balancer names can consist only of letters, numbers, and hyphens (-)."
+  }
 }
 
 variable "lb_subnet_ids" {
@@ -203,6 +227,15 @@ variable "target_group_proxy_name" {
 
   description = "Name of Target Group for the Proxy."
 
+  validation {
+    condition     = length(var.target_group_proxy_name) <= 32
+    error_message = "The length of target_group_proxy_name must be 32 characters or less."
+  }
+
+  validation {
+    condition     = can(regex("^[a-zA-Z0-9-]{1,32}$", var.target_group_proxy_name))
+    error_message = "Target Group names can consist only of letters, numbers, and hyphens (-)."
+  }
 }
 
 # ------- Route table updates -------
@@ -214,4 +247,4 @@ variable "route_tables_to_update" {
   }))
 
   default = []
-}
+}

modules/terraform-aws-tgw/examples/ex01-vpc-tgw-attach/step1_vpcs/main.tf

@@ -13,8 +13,7 @@
 # limitations under the License.
 
 provider "aws" {
-  profile = var.aws_profile
-  region  = var.aws_region
+  region = var.aws_region
 }
 
 module "ex01_cdp_vpc" {

modules/terraform-aws-tgw/examples/ex01-vpc-tgw-attach/step1_vpcs/variables.tf

@@ -13,14 +13,6 @@
 # limitations under the License.
 
 # ------- Global settings -------
-variable "aws_profile" {
-  type        = string
-  description = "Profile for AWS cloud credentials"
-
-  # Profile is default unless explicitly specified
-  default = "default"
-}
-
 variable "aws_region" {
   type        = string
   description = "Region which Cloud resources will be created"

modules/terraform-aws-tgw/examples/ex01-vpc-tgw-attach/step2_tgw/main.tf

@@ -22,8 +22,7 @@ data "terraform_remote_state" "step1" {
 }
 
 provider "aws" {
-  profile = var.aws_profile
-  region  = var.aws_region
+  region = var.aws_region
 }
 
 # Use terraform_remote_state to retrieve CDP VPC details from step01

modules/terraform-aws-tgw/examples/ex01-vpc-tgw-attach/step2_tgw/variables.tf

@@ -13,14 +13,6 @@
 # limitations under the License.
 
 # ------- Global settings -------
-variable "aws_profile" {
-  type        = string
-  description = "Profile for AWS cloud credentials"
-
-  # Profile is default unless explicitly specified
-  default = "default"
-}
-
 variable "aws_region" {
   type        = string
   description = "Region which Cloud resources will be created"

modules/terraform-aws-tgw/variables.tf

@@ -16,8 +16,12 @@
 variable "tgw_name" {
   type        = string
   description = "Name of the Transit Gateway. Also used to prefix associated TGW resource names."
-}
 
+  validation {
+    condition     = length(var.tgw_name) <= 128
+    error_message = "The length of tgw_name must be 128 characters or less."
+  }
+}
 
 variable "env_tags" {
   type        = map(any)

modules/terraform-aws-vpc/examples/ex01-cdp-vpc/main.tf

@@ -13,8 +13,7 @@
 # limitations under the License.
 
 provider "aws" {
-  profile = var.aws_profile
-  region  = var.aws_region
+  region = var.aws_region
 }
 
 module "ex01_cdp_vpc" {

modules/terraform-aws-vpc/examples/ex01-cdp-vpc/variables.tf

@@ -13,14 +13,6 @@
 # limitations under the License.
 
 # ------- Global settings -------
-variable "aws_profile" {
-  type        = string
-  description = "Profile for AWS cloud credentials"
-
-  # Profile is default unless explicitly specified
-  default = "default"
-}
-
 variable "aws_region" {
   type        = string
   description = "Region which Cloud resources will be created"

modules/terraform-aws-vpc/examples/ex02-network-vpc/main.tf

@@ -13,8 +13,7 @@
 # limitations under the License.
 
 provider "aws" {
-  profile = var.aws_profile
-  region  = var.aws_region
+  region = var.aws_region
 }
 
 module "ex01_network_vpc" {

modules/terraform-aws-vpc/examples/ex02-network-vpc/variables.tf

@@ -13,14 +13,6 @@
 # limitations under the License.
 
 # ------- Global settings -------
-variable "aws_profile" {
-  type        = string
-  description = "Profile for AWS cloud credentials"
-
-  # Profile is default unless explicitly specified
-  default = "default"
-}
-
 variable "aws_region" {
   type        = string
   description = "Region which Cloud resources will be created"

modules/terraform-aws-vpc/variables.tf

@@ -25,6 +25,10 @@ variable "vpc_name" {
 
   description = "Name of the VPC. Only used when create_vpc is true."
 
+  validation {
+    condition     = length(var.vpc_name) <= 64
+    error_message = "The length of vpc_name must be 64 characters or less."
+  }
 }
 
 variable "vpc_cidr" {