From ebb013d1772860faf64570069a43b37dfdb3b160 Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Wed, 15 Oct 2025 17:12:35 +0530 Subject: [PATCH 1/5] fix: added validation to allow 1 item in cbr_rules --- common-dev-assets | 2 +- modules/project/variables.tf | 4 ++++ solutions/apps/variables.tf | 4 ++++ solutions/project/variables.tf | 4 ++++ variables.tf | 4 ++++ 5 files changed, 17 insertions(+), 1 deletion(-) diff --git a/common-dev-assets b/common-dev-assets index 8a8a5f03..3c754bf7 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 8a8a5f032d7812c65bc0825402e87feca8088af1 +Subproject commit 3c754bf732e99f95e77014077d2d7ed4b29c55b0 diff --git a/modules/project/variables.tf b/modules/project/variables.tf index b8b6424c..66d5fd8d 100644 --- a/modules/project/variables.tf +++ b/modules/project/variables.tf @@ -30,4 +30,8 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create." default = [] + validation { + condition = length(var.cbr_rules) <= 1 + error_message = "There should only be one rule." + } } diff --git a/solutions/apps/variables.tf b/solutions/apps/variables.tf index 8782f7df..e54693f8 100644 --- a/solutions/apps/variables.tf +++ b/solutions/apps/variables.tf @@ -283,4 +283,8 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-code-engine/blob/main/solutions/project/DA-cbr_rules.md)" default = [] + validation { + condition = length(var.cbr_rules) <= 1 + error_message = "There should only be one rule." + } } diff --git a/solutions/project/variables.tf b/solutions/project/variables.tf index 6a690e18..a2cdd1b9 100644 --- a/solutions/project/variables.tf +++ b/solutions/project/variables.tf @@ -166,4 +166,8 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-code-engine/blob/main/solutions/project/DA-cbr_rules.md)" default = [] + validation { + condition = length(var.cbr_rules) <= 1 + error_message = "There should only be one rule." + } } diff --git a/variables.tf b/variables.tf index 3e54572b..956dfe6b 100644 --- a/variables.tf +++ b/variables.tf @@ -202,4 +202,8 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create." default = [] + validation { + condition = length(var.cbr_rules) <= 1 + error_message = "There should only be one rule." + } } From ddada2fe3a2e8a72bdfa1e453f49d606a2bcff0e Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Thu, 16 Oct 2025 13:11:08 +0530 Subject: [PATCH 2/5] fix: reverted validation changes for some files --- modules/project/variables.tf | 4 ---- solutions/apps/variables.tf | 4 ---- solutions/project/variables.tf | 4 ---- 3 files changed, 12 deletions(-) diff --git a/modules/project/variables.tf b/modules/project/variables.tf index 66d5fd8d..b8b6424c 100644 --- a/modules/project/variables.tf +++ b/modules/project/variables.tf @@ -30,8 +30,4 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create." default = [] - validation { - condition = length(var.cbr_rules) <= 1 - error_message = "There should only be one rule." - } } diff --git a/solutions/apps/variables.tf b/solutions/apps/variables.tf index e54693f8..8782f7df 100644 --- a/solutions/apps/variables.tf +++ b/solutions/apps/variables.tf @@ -283,8 +283,4 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-code-engine/blob/main/solutions/project/DA-cbr_rules.md)" default = [] - validation { - condition = length(var.cbr_rules) <= 1 - error_message = "There should only be one rule." - } } diff --git a/solutions/project/variables.tf b/solutions/project/variables.tf index a2cdd1b9..6a690e18 100644 --- a/solutions/project/variables.tf +++ b/solutions/project/variables.tf @@ -166,8 +166,4 @@ variable "cbr_rules" { })) description = "The list of context-based restrictions rules to create.[Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-code-engine/blob/main/solutions/project/DA-cbr_rules.md)" default = [] - validation { - condition = length(var.cbr_rules) <= 1 - error_message = "There should only be one rule." - } } From efc87e0b947070419d5ba167c23f213ce48eafec Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Thu, 16 Oct 2025 13:12:20 +0530 Subject: [PATCH 3/5] chore: updated error message for cbr_rules validation Co-authored-by: Akash Kumar --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 956dfe6b..a15151ab 100644 --- a/variables.tf +++ b/variables.tf @@ -204,6 +204,6 @@ variable "cbr_rules" { default = [] validation { condition = length(var.cbr_rules) <= 1 - error_message = "There should only be one rule." + error_message = "Only one CBR rule is allowed." } } From 1ce510468a5e0f67b3617d54f8d45bdbca39d98a Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Fri, 17 Oct 2025 09:36:12 +0530 Subject: [PATCH 4/5] chore: updated cbr_rules description Co-authored-by: Akash Kumar --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index a15151ab..1be6b049 100644 --- a/variables.tf +++ b/variables.tf @@ -200,7 +200,7 @@ variable "cbr_rules" { })) }))) })) - description = "The list of context-based restrictions rules to create." + description = "The context-based restrictions rule to create. Only one rule is allowed." default = [] validation { condition = length(var.cbr_rules) <= 1 From 9c8f18e8a5f686b3edc487f8d2adf8fb62998ecf Mon Sep 17 00:00:00 2001 From: Ayushmaan Singh Date: Wed, 22 Oct 2025 17:04:08 +0530 Subject: [PATCH 5/5] chore: updated README for cbr_rules fixed typo --- README.md | 2 +- common-dev-assets | 2 +- modules/build/scripts/build-run.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ef43ddb4..ab250073 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ No resources. | [apps](#input\_apps) | A map of code engine apps to be created. | 
map(object({
    image_reference = string
    image_secret    = optional(string)
    run_env_variables = optional(list(object({
      type      = optional(string)
      name      = optional(string)
      value     = optional(string)
      prefix    = optional(string)
      key       = optional(string)
      reference = optional(string)
    })))
    run_volume_mounts = optional(list(object({
      mount_path = string
      reference  = string
      name       = optional(string)
      type       = string
    })))
    image_port                    = optional(number)
    managed_domain_mappings       = optional(string)
    run_arguments                 = optional(list(string))
    run_as_user                   = optional(number)
    run_commands                  = optional(list(string))
    run_service_account           = optional(string)
    scale_concurrency             = optional(number)
    scale_concurrency_target      = optional(number)
    scale_cpu_limit               = optional(string)
    scale_ephemeral_storage_limit = optional(string)
    scale_initial_instances       = optional(number)
    scale_max_instances           = optional(number)
    scale_memory_limit            = optional(string)
    scale_min_instances           = optional(number)
    scale_request_timeout         = optional(number)
    scale_down_delay              = optional(number)
  }))
| `{}` | no | | [bindings](#input\_bindings) | A map of code engine bindings to be created. | 
map(object({
    secret_name = string
    components = list(object({
      name          = string
      resource_type = string
    }))
  }))
| `{}` | no | | [builds](#input\_builds) | A map of code engine builds to be created. Requires 'ibmcloud\_api\_key' to be set for authentication and execution. | 
map(object({
    output_image       = string
    output_secret      = string # pragma: allowlist secret
    source_url         = string
    strategy_type      = string
    source_context_dir = optional(string)
    source_revision    = optional(string)
    source_secret      = optional(string)
    source_type        = optional(string)
    strategy_size      = optional(string)
    strategy_spec_file = optional(string)
    timeout            = optional(number)
  }))
| `{}` | no | -| [cbr\_rules](#input\_cbr\_rules) | The list of context-based restrictions rules to create. | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | +| [cbr\_rules](#input\_cbr\_rules) | The context-based restrictions rule to create. Only one rule is allowed. | 
list(object({
    description = string
    account_id  = string
    rule_contexts = list(object({
      attributes = optional(list(object({
        name  = string
        value = string
    }))) }))
    enforcement_mode = string
    operations = optional(list(object({
      api_types = list(object({
        api_type_id = string
      }))
    })))
  }))
| `[]` | no | | [config\_maps](#input\_config\_maps) | A map of code engine config maps to be created. | 
map(object({
    data = map(string)
  }))
| `{}` | no | | [domain\_mappings](#input\_domain\_mappings) | A map of code engine domain mappings to be created. | 
map(object({
    tls_secret = string # pragma: allowlist secret
    components = list(object({
      name          = string
      resource_type = string
    }))
  }))
| `{}` | no | | [existing\_project\_id](#input\_existing\_project\_id) | The ID of the existing project to which code engine resources will be added. It is required if var.project\_name is null. | `string` | `null` | no | diff --git a/common-dev-assets b/common-dev-assets index 3c754bf7..1df43f2d 160000 --- a/common-dev-assets +++ b/common-dev-assets @@ -1 +1 @@ -Subproject commit 3c754bf732e99f95e77014077d2d7ed4b29c55b0 +Subproject commit 1df43f2daf97a529d05350408d32a12f50d89fbf diff --git a/modules/build/scripts/build-run.sh b/modules/build/scripts/build-run.sh index 4c505be7..b5fc6ef7 100755 --- a/modules/build/scripts/build-run.sh +++ b/modules/build/scripts/build-run.sh @@ -45,7 +45,7 @@ fi # ibm cloud login ibmcloud_login -# selecet the right code engine project +# select the right code engine project ibmcloud ce project select -n "${CE_PROJECT_NAME}" # check the image build status