Merge pull request #101 from lgallard/fix/retention-days

lgallard · web-flow · commit 81d9bd20fe96 · 2025-03-19T12:25:36.000+01:00
fix: Improve validation and configuration for AWS Backup vault
diff --git a/.github/.release-please-config.json b/.github/.release-please-config.json
@@ -28,7 +28,7 @@
   },
   "release-search-depth": 10,
   "include-component-in-tag": false,
-  "include-v-in-tag": true,
+  "include-v-in-tag": false,
   "date-formats": {
     "changelogDate": "(%B %d, %Y)"
   }
diff --git a/main.tf b/main.tf
@@ -16,6 +16,13 @@ resource "aws_backup_vault_lock_configuration" "ab_vault_lock_configuration" {
   min_retention_days  = var.min_retention_days
   max_retention_days  = var.max_retention_days
   changeable_for_days = var.changeable_for_days
+
+  lifecycle {
+    precondition {
+      condition     = local.check_retention_days
+      error_message = "When vault locking is enabled (locked = true), min_retention_days and max_retention_days must be provided and min_retention_days must be less than or equal to max_retention_days."
+    }
+  }
 }
 
 # AWS Backup plan
@@ -133,4 +140,13 @@ locals {
       )
     ])
   ])
+
+  # Check retention days - handling null values properly
+  check_retention_days = var.locked ? (
+    var.min_retention_days == null ? false : (
+      var.max_retention_days == null ? false : (
+        var.min_retention_days <= var.max_retention_days
+      )
+    )
+  ) : true
 }
diff --git a/variables.tf b/variables.tf
@@ -42,11 +42,6 @@ variable "locked" {
   description = "Change to true to add a lock configuration for the backup vault"
   type        = bool
   default     = false
-
-  validation {
-    condition     = !var.locked || (var.min_retention_days != null && var.max_retention_days != null && var.min_retention_days <= var.max_retention_days)
-    error_message = "When vault locking is enabled (locked = true), min_retention_days and max_retention_days must be provided and min_retention_days must be less than or equal to max_retention_days."
-  }
 }
 
 variable "changeable_for_days" {
@@ -66,8 +61,8 @@ variable "max_retention_days" {
   default     = null
 
   validation {
-    condition     = var.max_retention_days == null ? true : var.max_retention_days >= 1 && var.max_retention_days <= 36500
-    error_message = "The max_retention_days must be between 1 and 36500 days."
+    condition     = var.max_retention_days == null ? true : var.max_retention_days >= 1
+    error_message = "The max_retention_days must be greater than or equal to 1."
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@`
`28`	`28`	`},`
`29`	`29`	`"release-search-depth": 10,`
`30`	`30`	`"include-component-in-tag": false,`
`31`		`- "include-v-in-tag": true,`
	`31`	`+ "include-v-in-tag": false,`
`32`	`32`	`"date-formats": {`
`33`	`33`	`"changelogDate": "(%B %d, %Y)"`
`34`	`34`	`}`
Original file line number	Diff line number	Diff line change
`@@ -42,11 +42,6 @@ variable "locked" {`
`42`	`42`	`description = "Change to true to add a lock configuration for the backup vault"`
`43`	`43`	`type = bool`
`44`	`44`	`default = false`
`45`		`-`
`46`		`- validation {`
`47`		`- condition = !var.locked \|\| (var.min_retention_days != null && var.max_retention_days != null && var.min_retention_days <= var.max_retention_days)`
`48`		`- error_message = "When vault locking is enabled (locked = true), min_retention_days and max_retention_days must be provided and min_retention_days must be less than or equal to max_retention_days."`
`49`		`- }`
`50`	`45`	`}`
`51`	`46`
`52`	`47`	`variable "changeable_for_days" {`
`@@ -66,8 +61,8 @@ variable "max_retention_days" {`
`66`	`61`	`default = null`
`67`	`62`
`68`	`63`	`validation {`
`69`		`- condition = var.max_retention_days == null ? true : var.max_retention_days >= 1 && var.max_retention_days <= 36500`
`70`		`- error_message = "The max_retention_days must be between 1 and 36500 days."`
	`64`	`+ condition = var.max_retention_days == null ? true : var.max_retention_days >= 1`
	`65`	`+ error_message = "The max_retention_days must be greater than or equal to 1."`
`71`	`66`	`}`
`72`	`67`	`}`
`73`	`68`