Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add input validation for security group creation #538

Merged
merged 2 commits into from
Sep 21, 2023
Merged

fix: Add input validation for security group creation #538

merged 2 commits into from
Sep 21, 2023

Conversation

akocbek
Copy link
Contributor

@akocbek akocbek commented Sep 21, 2023

Description

The user incorrectly used SGs with VSI. He wanted to attach existing SG with a new VSI using var.create_security_group=false and set value of var.security_group.

Therefore, the output error occurred.

Instead, to append existing SG to VSI var.security_group_ids needs to be used.

To prevent this behavior new input validation was added which checks if var.create_security_group=false then var.security_group shouldn't have the value.
In addition extra check was added to vsi_security_group output to prevent error to occur again.

Release required?

  • No release
  • Patch release (x.x.X)
  • Minor release (x.X.x)
  • Major release (X.x.x)
Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

  • If relevant, a test for the change is included or updated with this PR.
  • If relevant, documentation for the change is included or updated with this PR.

Merge actions for mergers

  • When merging, use a relevant conventional commit message that is based on the PR contents and any release notes provided by the PR author. The commit message determines whether a new version of the module is needed, and if so, which semver increment to use (major, minor, or patch).
  • Merge by using "Squash and merge".

@akocbek
Copy link
Contributor Author

akocbek commented Sep 21, 2023

/run pipeline

@ocofaigh
Copy link
Member

Give security_group a default value of null and then add one more validation block:

validate_security_group_2 = var.create_security_group == true && var.security_group == null ? tobool("var.security_group cannot be null when var.create_security_group is true.") : true

@akocbek
Copy link
Contributor Author

akocbek commented Sep 21, 2023

/run pipeline

@ocofaigh
Copy link
Member

Error: [ERROR] Error creating authorization policy: The policy wasn't created because an access policy with identical attributes already exists. Please update the roles in the existing policy (f00508a3-d07d-4831-b0be-bf797fd5f654), or update the one you're trying to assign to include a different attribute assignment.

Known issue when parallel PRs running for this repo. Will retry when account clean of this auth policy

@ocofaigh
Copy link
Member

/run pipeline

@ocofaigh ocofaigh merged commit d8ddd05 into main Sep 21, 2023
2 checks passed
@ocofaigh ocofaigh deleted the sg_fix branch September 21, 2023 14:24
@terraform-ibm-modules-ops
Copy link
Contributor

🎉 This PR is included in version 2.7.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

jor2 pushed a commit that referenced this pull request Sep 22, 2023
@akocbek
fix: add input validation for security group creation (#538)
ffa6074
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ocofaigh ocofaigh ocofaigh approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@akocbek @ocofaigh @terraform-ibm-modules-ops @akocbekIBM