feat: updated required terraform version to >= 1.9.0 + updated variable validation logic (#655)

Author: vkuma17

README.md

@@ -140,7 +140,7 @@ For more info, see [Understanding user roles and resources](https://cloud.ibm.co
 
 | Name | Version |
 |------|---------|
-| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.9.0 |
 | <a name="requirement_ibm"></a> [ibm](#requirement\_ibm) | >= 1.76.0, <2.0.0 |
 
 ### Modules

examples/advanced/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (basic example), and 1 example that will always use the latest provider version (this example).

examples/basic/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (this example), and 1 example that will always use the latest provider version (existing resources example).

examples/existing-resources/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.9.0"
 
   # Ensure that there is always 1 example locked into the lowest provider version of the range defined in the main
   # module's version.tf (basic example), and 1 example that will always use the latest provider version (this example).

main.tf

@@ -3,28 +3,11 @@
 ##############################################################################
 
 locals {
-  # variable validation around resource_group_id
-  rg_validate_condition = var.create_key_protect_instance && var.resource_group_id == null
-  rg_validate_msg       = "A value must be passed for 'resource_group_id' when 'create_key_protect_instance' is true"
-  # tflint-ignore: terraform_unused_declarations
-  rg_validate_check = regex("^${local.rg_validate_msg}$", (!local.rg_validate_condition ? local.rg_validate_msg : ""))
 
   parsed_existing_kms_instance_crn = var.existing_kms_instance_crn != null ? split(":", var.existing_kms_instance_crn) : []
   existing_kms_instance_guid       = length(local.parsed_existing_kms_instance_crn) > 0 ? local.parsed_existing_kms_instance_crn[7] : null
   existing_kms_account_id          = length(local.parsed_existing_kms_instance_crn) > 0 ? split("/", local.parsed_existing_kms_instance_crn[6])[1] : null
 
-  # variable validation around new instance vs existing
-  instance_validate_condition = var.create_key_protect_instance && local.existing_kms_instance_guid != null
-  instance_validate_msg       = "'create_key_protect_instance' cannot be true when passing a value for 'existing_key_protect_instance_guid'"
-  # tflint-ignore: terraform_unused_declarations
-  instance_validate_check = regex("^${local.instance_validate_msg}$", (!local.instance_validate_condition ? local.instance_validate_msg : ""))
-
-  # variable validation when not creating new instance
-  existing_instance_validate_condition = !var.create_key_protect_instance && local.existing_kms_instance_guid == null
-  existing_instance_validate_msg       = "A value must be provided for 'existing_key_protect_instance_guid' when 'create_key_protect_instance' is false"
-  # tflint-ignore: terraform_unused_declarations
-  existing_instance_validate_check = regex("^${local.existing_instance_validate_msg}$", (!local.existing_instance_validate_condition ? local.existing_instance_validate_msg : ""))
-
   # set key_protect_guid as either the ID of the passed in name of instance or the one created by this module
   kms_guid = var.create_key_protect_instance ? module.key_protect[0].key_protect_guid : local.existing_kms_instance_guid
 

solutions/standard/version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.3.0"
+  required_version = ">= 1.9.0"
   # Lock DA into an exact provider version - renovate automation will keep it updated
   required_providers {
     ibm = {

variables.tf

@@ -17,6 +17,11 @@ variable "create_key_protect_instance" {
   type        = bool
   description = "A flag to control whether a Key Protect instance is created, defaults to true."
   default     = true
+
+  validation {
+    condition     = !var.create_key_protect_instance || var.resource_group_id != null
+    error_message = "A value must be passed for 'resource_group_id' when 'create_key_protect_instance' is true"
+  }
 }
 
 variable "key_protect_instance_name" {
@@ -88,6 +93,16 @@ variable "existing_kms_instance_crn" {
   type        = string
   description = "The CRN of an existing Key Protect or Hyper Protect Crypto Services instance. Required if 'create_key_protect_instance' is false."
   default     = null
+
+  validation {
+    condition     = !(var.create_key_protect_instance && var.existing_kms_instance_crn != null)
+    error_message = "'create_key_protect_instance' cannot be true when passing a value for 'existing_kms_instance_crn'"
+  }
+
+  validation {
+    condition     = var.create_key_protect_instance || var.existing_kms_instance_crn != null
+    error_message = "A value must be provided for 'existing_kms_instance_crn' when 'create_key_protect_instance' is false"
+  }
 }
 
 variable "keys" {

version.tf

@@ -1,5 +1,5 @@
 terraform {
-  required_version = ">= 1.0.0"
+  required_version = ">= 1.9.0"
 
   # Each required provider's version should be a flexible range to future proof the module's usage with upcoming minor and patch versions.
   required_providers {