fix: add validation to bootstrap inputs (#60)

* fix: add validation to bootstrap inputs

* linting

.gitignore

@@ -33,4 +33,4 @@ override.tf.json
 .terraformrc
 terraform.rc
 .terraform.lock.hcl
-!terraform.tfvars
+terraform.tfvars

alz/azuredevops/variables.input.tf

@@ -16,21 +16,33 @@ variable "use_separate_repository_for_templates" {
 }
 
 variable "bootstrap_subscription_id" {
-  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|6|azure_subscription_id"
+  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription"
   type        = string
   default     = ""
+  validation {
+    condition     = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "service_name" {
-  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)"
   type        = string
   default     = "alz"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.service_name))
+    error_message = "The service name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "environment_name" {
-  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)"
   type        = string
   default     = "mgmt"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.environment_name))
+    error_message = "The environment name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "postfix_number" {

alz/azuredevops/variables.interface.tf

@@ -17,16 +17,28 @@ variable "root_parent_management_group_id" {
 variable "subscription_id_connectivity" {
   description = "The identifier of the Connectivity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_identity" {
   description = "The identifier of the Identity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_management" {
   description = "The identifier of the Management Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "configuration_file_path" {
@@ -54,6 +66,6 @@ variable "on_demand_folder_artifact_name" {
 }
 
 variable "bootstrap_location" {
-  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location"
+  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)"
   type        = string
 }

alz/github/variables.input.tf

@@ -16,21 +16,33 @@ variable "use_separate_repository_for_templates" {
 }
 
 variable "bootstrap_subscription_id" {
-  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|azure_subscription_id"
+  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription"
   type        = string
   default     = ""
+  validation {
+    condition     = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "service_name" {
-  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)"
   type        = string
   default     = "alz"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.service_name))
+    error_message = "The service name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "environment_name" {
-  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)"
   type        = string
   default     = "mgmt"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.environment_name))
+    error_message = "The environment name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "postfix_number" {

alz/github/variables.interface.tf

@@ -17,16 +17,28 @@ variable "root_parent_management_group_id" {
 variable "subscription_id_connectivity" {
   description = "The identifier of the Connectivity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_identity" {
   description = "The identifier of the Identity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_management" {
   description = "The identifier of the Management Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "configuration_file_path" {
@@ -54,6 +66,6 @@ variable "on_demand_folder_artifact_name" {
 }
 
 variable "bootstrap_location" {
-  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location"
+  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)"
   type        = string
 }

alz/local/variables.input.tf

@@ -11,21 +11,33 @@ variable "create_bootstrap_resources_in_azure" {
 }
 
 variable "bootstrap_subscription_id" {
-  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription|azure_subscription_id"
+  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription"
   type        = string
   default     = ""
+  validation {
+    condition     = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "service_name" {
-  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)"
   type        = string
   default     = "alz"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.service_name))
+    error_message = "The service name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "environment_name" {
-  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)|azure_name_section"
+  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)"
   type        = string
   default     = "mgmt"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.environment_name))
+    error_message = "The environment name must only contain lowercase letters and numbers"
+  }
 }
 
 variable "postfix_number" {

alz/local/variables.interface.tf

@@ -17,16 +17,28 @@ variable "root_parent_management_group_id" {
 variable "subscription_id_connectivity" {
   description = "The identifier of the Connectivity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_identity" {
   description = "The identifier of the Identity Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "subscription_id_management" {
   description = "The identifier of the Management Subscription"
   type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
 }
 
 variable "configuration_file_path" {
@@ -42,7 +54,7 @@ variable "starter_module_name" {
 }
 
 variable "bootstrap_location" {
-  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)|4|azure_location"
+  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)"
   type        = string
   default     = ""
 }