Add validation to input variables

Signed-off-by: Jim Enright <[email protected]>
cloudera-labs · Dec 18, 2024 · 12b6273 · 12b6273
1 parent 5efe633
commit 12b6273
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 3 deletions.
diff --git a/modules/terraform-aws-firewall/README.md b/modules/terraform-aws-firewall/README.md
@@ -51,10 +51,8 @@ No modules.
 | <a name="input_firewall_policy_name"></a> [firewall\_policy\_name](#input\_firewall\_policy\_name) | Name of the Firewall Policy. | `string` | n/a | yes |
 | <a name="input_firewall_subnet_ids"></a> [firewall\_subnet\_ids](#input\_firewall\_subnet\_ids) | List of subnet ids to assign to the Firewall. | `list(string)` | n/a | yes |
 | <a name="input_network_vpc_id"></a> [network\_vpc\_id](#input\_network\_vpc\_id) | VPC ID for where the Networking components are running | `string` | n/a | yes |
-| <a name="input_aws_region"></a> [aws\_region](#input\_aws\_region) | AWS region, used in Domain allowlist configuration files. If not provided will perform lookup of aws\_region data source. | `string` | `null` | no |
 | <a name="input_cdp_firewall_domain_allowlist"></a> [cdp\_firewall\_domain\_allowlist](#input\_cdp\_firewall\_domain\_allowlist) | Domain allowlist for CDP Rule Group. | `list(string)` | <pre>[<br>  "cloudera.com"<br>]</pre> | no |
 | <a name="input_cdp_fw_rule_group_capacity"></a> [cdp\_fw\_rule\_group\_capacity](#input\_cdp\_fw\_rule\_group\_capacity) | Capacity (maximum number of operating resources) for the CDP Firewall Rule Group | `number` | `300` | no |
-| <a name="input_cdp_region"></a> [cdp\_region](#input\_cdp\_region) | CDP Control Plane region, used in Proxy Whitelist configuration files. | `string` | `"us-west-1"` | no |
 | <a name="input_firewall_logging_config"></a> [firewall\_logging\_config](#input\_firewall\_logging\_config) | Logging config for cloudwatch logs created for network Firewall | `map(any)` | <pre>{<br>  "alert": {<br>    "retention_in_days": 3<br>  },<br>  "flow": {<br>    "retention_in_days": 1<br>  }<br>}</pre> | no |
 | <a name="input_route_tables_to_update"></a> [route\_tables\_to\_update](#input\_route\_tables\_to\_update) | List of any route tables to update to target the Firewall Endpoint | <pre>list(object({<br>    route_tables           = list(string)<br>    availability_zones     = optional(list(string))<br>    destination_cidr_block = string<br>  }))</pre> | `[]` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | Tags applied to provisioned resources | `map(any)` | `{}` | no |

diff --git a/modules/terraform-aws-firewall/variables.tf b/modules/terraform-aws-firewall/variables.tf
@@ -33,6 +33,11 @@ variable "cdp_firewall_rule_group_name" {
   type = string
 
   description = "Name of the CDP Rule Group."
+
+  validation {
+    condition     = (length(var.cdp_firewall_rule_group_name) >= 1 && length(var.cdp_firewall_rule_group_name) <= 64)
+    error_message = "The length of cdp_firewall_rule_group_name must be between 1 and 64 characters."
+  }
 }
 
 variable "cdp_firewall_domain_allowlist" {
@@ -52,13 +57,23 @@ variable "firewall_policy_name" {
   type = string
 
   description = "Name of the Firewall Policy."
+
+  validation {
+    condition     = (length(var.firewall_policy_name) >= 1 && length(var.firewall_policy_name) <= 128)
+    error_message = "The length of firewall_policy_name must be between 1 and 128 characters."
+  }
 }
 
 # ------- Firewall -------
 variable "firewall_name" {
   type = string
 
   description = "Name of the Firewall."
+
+  validation {
+    condition     = (length(var.firewall_name) >= 1 && length(var.firewall_name) <= 256)
+    error_message = "The length of firewall_name must be between 1 and 256 characters."
+  }
 }
 
 variable "firewall_subnet_ids" {

diff --git a/modules/terraform-aws-nfw-vpc/README.md b/modules/terraform-aws-nfw-vpc/README.md
@@ -82,7 +82,6 @@ No modules.
 | <a name="output_nat_subnet_route_tables"></a> [nat\_subnet\_route\_tables](#output\_nat\_subnet\_route\_tables) | List of IDs of the routes tables associated with the NAT subnets |
 | <a name="output_nat_subnets"></a> [nat\_subnets](#output\_nat\_subnets) | All details of the NAT subnets |
 | <a name="output_tgw_subnet_ids"></a> [tgw\_subnet\_ids](#output\_tgw\_subnet\_ids) | The IDs of Transit Gateway subnets |
-| <a name="output_tgw_subnet_offset"></a> [tgw\_subnet\_offset](#output\_tgw\_subnet\_offset) | n/a |
 | <a name="output_tgw_subnet_route_tables"></a> [tgw\_subnet\_route\_tables](#output\_tgw\_subnet\_route\_tables) | List of IDs of the routes tables associated with the Transit Gateway subnets |
 | <a name="output_tgw_subnets"></a> [tgw\_subnets](#output\_tgw\_subnets) | All details of the Transit Gateway subnets |
 | <a name="output_vpc_cidr_blocks"></a> [vpc\_cidr\_blocks](#output\_vpc\_cidr\_blocks) | CIDR Block Associations for the VPC |

diff --git a/modules/terraform-aws-nfw-vpc/variables.tf b/modules/terraform-aws-nfw-vpc/variables.tf
@@ -17,6 +17,10 @@ variable "vpc_name" {
 
   description = "Name of the VPC"
 
+  validation {
+    condition     = length(var.vpc_name) <= 64
+    error_message = "The length of vpc_name must be 64 characters or less."
+  }
 }
 
 variable "vpc_cidr" {