fix: comments

matttrach · matttrach · commit e157cede73b5 · 2026-05-20T19:35:38.000-05:00
Signed-off-by: matttrach &lt;matt.trachier@suse.com&gt;
diff --git a/modules/deploy/main.tf b/modules/deploy/main.tf
@@ -51,7 +51,7 @@ locals {
 
 resource "file_local_directory" "deploy_path" {
   path        = local.deploy_path
-  permissions = "0775"
+  permissions = "0755"
 }
 
 resource "file_local_directory" "tf_data_dir" {
@@ -60,7 +60,7 @@ resource "file_local_directory" "tf_data_dir" {
   ]
   count       = (local.tf_data_dir != local.deploy_path ? 1 : 0)
   path        = local.tf_data_dir
-  permissions = "0775"
+  permissions = "0755"
 }
 
 ### Template Files ###
@@ -200,7 +200,7 @@ resource "file_local" "generate_files" {
   directory   = dirname("${local.deploy_path}/${each.key}")
   name        = basename(each.key)
   contents    = each.value
-  permissions = "0644"
+  permissions = "0600"
 }
 
 ## Deploy ##
diff --git a/modules/install_rancher/rancher/main.tf b/modules/install_rancher/rancher/main.tf
@@ -219,8 +219,7 @@ resource "terraform_data" "wait_for_certificate_secret" {
 }
 
 
-# The Helm resource completes in less than 10 seconds
-#   at which time the tls-rancher-ingress secret is generated
+# Wait for the tls-rancher-ingress secret to be generated by the Helm release
 data "kubernetes_secret_v1" "certificate" {
   depends_on = [
     time_sleep.settle_before_rancher,
diff --git a/modules/install_rancher/rancher/variables.tf b/modules/install_rancher/rancher/variables.tf
@@ -23,6 +23,10 @@ variable "rke2_version" {
     The version of rke2 powering the cluster.
     This is used for determining ingress configuration.
   EOT
+  validation {
+    condition     = can(regex("^v\\d+\\.\\d+\\.\\d+\\+rke2r\\d+$", var.rke2_version))
+    error_message = "The rke2_version must match the format vX.Y.Z+rke2rN (eg. v1.34.7+rke2r1)."
+  }
 }
 variable "rancher_helm_repo" {
   type        = string
diff --git a/modules/install_rancher/rancher_externalTLS/variables.tf b/modules/install_rancher/rancher_externalTLS/variables.tf
@@ -23,6 +23,10 @@ variable "rke2_version" {
     The version of rke2 powering the cluster.
     This is used for determining ingress configuration.
   EOT
+  validation {
+    condition     = can(regex("^v?[0-9]+\\.[0-9]+\\.[0-9]+.*$", var.rke2_version))
+    error_message = "The rke2_version must be a valid version string, e.g., 'v1.28.4+rke2r1'."
+  }
 }
 variable "rancher_helm_repo" {
   type        = string
@@ -67,7 +71,7 @@ variable "rancher_helm_chart_values" {
       "agentTLSMode"              : "system-store"
     }
   EOT
-  default     = "{}"
+  default     = "e30="
   sensitive   = true
 }
 variable "ca_certs" {
diff --git a/modules/install_rancher/variables.tf b/modules/install_rancher/variables.tf
@@ -50,6 +50,10 @@ variable "rke2_version" {
     The version of rke2 powering the cluster.
     This is used for determining ingress configuration.
   EOT
+  validation {
+    condition     = can(regex("^v?[0-9]+\\.[0-9]+\\.[0-9]+.*$", var.rke2_version))
+    error_message = "The rke2_version must be a valid version string, e.g., 'v1.28.4+rke2r1'."
+  }
 }
 variable "rancher_helm_repo" {
   type        = string

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ locals {`
`51`	`51`
`52`	`52`	`resource "file_local_directory" "deploy_path" {`
`53`	`53`	`path = local.deploy_path`
`54`		`- permissions = "0775"`
	`54`	`+ permissions = "0755"`
`55`	`55`	`}`
`56`	`56`
`57`	`57`	`resource "file_local_directory" "tf_data_dir" {`
`@@ -60,7 +60,7 @@ resource "file_local_directory" "tf_data_dir" {`
`60`	`60`	`]`
`61`	`61`	`count = (local.tf_data_dir != local.deploy_path ? 1 : 0)`
`62`	`62`	`path = local.tf_data_dir`
`63`		`- permissions = "0775"`
	`63`	`+ permissions = "0755"`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`### Template Files ###`
`@@ -200,7 +200,7 @@ resource "file_local" "generate_files" {`
`200`	`200`	`directory = dirname("${local.deploy_path}/${each.key}")`
`201`	`201`	`name = basename(each.key)`
`202`	`202`	`contents = each.value`
`203`		`- permissions = "0644"`
	`203`	`+ permissions = "0600"`
`204`	`204`	`}`
`205`	`205`
`206`	`206`	`## Deploy ##`
Original file line number	Diff line number	Diff line change
`@@ -219,8 +219,7 @@ resource "terraform_data" "wait_for_certificate_secret" {`
`219`	`219`	`}`
`220`	`220`
`221`	`221`
`222`		`-# The Helm resource completes in less than 10 seconds`
`223`		`-# at which time the tls-rancher-ingress secret is generated`
	`222`	`+# Wait for the tls-rancher-ingress secret to be generated by the Helm release`
`224`	`223`	`data "kubernetes_secret_v1" "certificate" {`
`225`	`224`	`depends_on = [`
`226`	`225`	`time_sleep.settle_before_rancher,`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,10 @@ variable "rke2_version" {`
`23`	`23`	`The version of rke2 powering the cluster.`
`24`	`24`	`This is used for determining ingress configuration.`
`25`	`25`	`EOT`
	`26`	`+ validation {`
	`27`	`+ condition = can(regex("^v?[0-9]+\\.[0-9]+\\.[0-9]+.*$", var.rke2_version))`
	`28`	`+ error_message = "The rke2_version must be a valid version string, e.g., 'v1.28.4+rke2r1'."`
	`29`	`+ }`
`26`	`30`	`}`
`27`	`31`	`variable "rancher_helm_repo" {`
`28`	`32`	`type = string`
`@@ -67,7 +71,7 @@ variable "rancher_helm_chart_values" {`
`67`	`71`	`"agentTLSMode" : "system-store"`
`68`	`72`	`}`
`69`	`73`	`EOT`
`70`		`- default = "{}"`
	`74`	`+ default = "e30="`
`71`	`75`	`sensitive = true`
`72`	`76`	`}`
`73`	`77`	`variable "ca_certs" {`