feat: Add input validation for all Openshift add-on versions (#913)

Author: zikra-iqbal

main.tf

@@ -54,7 +54,7 @@ locals {
 }
 
 ########################################################################################################################
-# Get OCP AI Add-on Versions
+# Get OCP addon versions
 ########################################################################################################################
 
 data "ibm_iam_auth_token" "tokendata" {}
@@ -67,6 +67,14 @@ data "external" "ocp_addon_versions" {
   }
 }
 
+# Local block to decode the json strings returned by the external data source
+locals {
+  ocp_all_addon_versions = {
+    for addon, value in data.external.ocp_addon_versions.result :
+    addon => jsondecode(value)
+  }
+}
+
 # Local block to verify validations for OCP AI Addon.
 locals {
 
@@ -79,7 +87,6 @@ locals {
       is_gpu    = contains(["gx2", "gx3", "gx4"], split(".", pool.machine_type)[0])
     }
   }
-  ocp_ai_addon_supported_versions = jsondecode(data.external.ocp_addon_versions.result["openshift-ai"])
 }
 
 # Separate local block to handle os validations

scripts/get_ocp_addon_versions.py

@@ -46,7 +46,7 @@ def get_env_variable():
     """
     api_endpoint = os.getenv("IBMCLOUD_CS_API_ENDPOINT")
     if not api_endpoint:
-        api_endpoint = "https://containers.test.cloud.ibm.com/global"
+        api_endpoint = "https://containers.cloud.ibm.com/global"
     return api_endpoint
 
 

variables.tf

@@ -365,29 +365,63 @@ variable "addons" {
   default     = {}
 
   ########################################################################################################################
-  # OCP AI Addon version validation
+  # OCP addons version validation
   ########################################################################################################################
 
   validation {
-    condition = (
-      try(var.addons["openshift-ai"].version, null) == null ||
-      (
-        contains(keys(local.ocp_ai_addon_supported_versions), try(var.addons["openshift-ai"].version, "") != null ? try(var.addons["openshift-ai"].version, "") : "") &&
+    condition = alltrue([
+      for addon_name, addon_cfg in var.addons : (
+        try(addon_cfg.version, null) == null ? true :
+        contains(keys(local.ocp_all_addon_versions), addon_name) &&
+        contains(keys(local.ocp_all_addon_versions[addon_name]), tostring(addon_cfg.version)) &&
+        (tonumber(split(".", local.ocp_version_num)[0]) * 100 + tonumber(split(".", local.ocp_version_num)[1])) >=
         (
-          local.ocp_version_num >= tonumber(regexall("\\d+\\.\\d+", split(" ", lookup(local.ocp_ai_addon_supported_versions, try(var.addons["openshift-ai"].version, "") != null ? try(var.addons["openshift-ai"].version, "") : "", { supported_openshift_range = "0.0 0.0" }).supported_openshift_range)[0])[0])
+          (
+            tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[0]))[0]) * 100 +
+            tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[0]))[1])
+          )
         ) &&
         (
-          local.ocp_version_num < tonumber(regexall("\\d+\\.\\d+", split(" ", lookup(local.ocp_ai_addon_supported_versions, try(var.addons["openshift-ai"].version, "") != null ? try(var.addons["openshift-ai"].version, "") : "", { supported_openshift_range = "0.0 0.0" }).supported_openshift_range)[1])[0])
+          (tonumber(split(".", local.ocp_version_num)[0]) * 100 + tonumber(split(".", local.ocp_version_num)[1])) <
+          (
+            (
+              tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[1]))[0]) * 100 +
+              tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[1]))[1])
+            )
+          )
         )
       )
-    )
+    ])
 
-    error_message = (
-      try(var.addons["openshift-ai"].version, null) != null ?
-      (contains(keys(local.ocp_ai_addon_supported_versions), try(var.addons["openshift-ai"].version, "")) ?
-        format("OCP AI add-on version %s requires OCP version %s", try(var.addons["openshift-ai"].version, ""), lookup(local.ocp_ai_addon_supported_versions, try(var.addons["openshift-ai"].version, ""), { supported_openshift_range = "" }).supported_openshift_range) :
-      format("OCP AI add-on version %s is not supported.", try(var.addons["openshift-ai"].version, ""))) : "Invalid OCP AI configuration."
-    )
+    error_message = join("\n", flatten([
+      "Addon validation failed:",
+      [
+        for addon_name, addon_cfg in var.addons : (
+          try(addon_cfg.version, null) == null ? [] :
+          !contains(keys(local.ocp_all_addon_versions), addon_name) ?
+          ["- Addon '${addon_name}' is not recognized."] :
+          !contains(keys(local.ocp_all_addon_versions[addon_name]), tostring(addon_cfg.version)) ?
+          ["- Addon '${addon_name}' version '${addon_cfg.version}' is not supported."] :
+
+          (
+            (tonumber(split(".", local.ocp_version_num)[0]) * 100 + tonumber(split(".", local.ocp_version_num)[1])) <
+            (
+              tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[0]))[0]) * 100 +
+              tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[0]))[1])
+            ) ||
+            (
+              (tonumber(split(".", local.ocp_version_num)[0]) * 100 + tonumber(split(".", local.ocp_version_num)[1])) >=
+              (
+                tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[1]))[0]) * 100 +
+                tonumber(split(".", regex("\\d+\\.\\d+", split(" ", lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range)[1]))[1])
+              )
+            )
+          ) ?
+          ["- Addon '${addon_name}' version '${addon_cfg.version}' requires OCP version '${lookup(local.ocp_all_addon_versions[addon_name], tostring(addon_cfg.version), { "supported_openshift_range" = "0.0 0.0" }).supported_openshift_range}'"] :
+          []
+        )
+      ]
+    ]))
   }
 
   validation {