Increase validation for max length of Azure managed identities name (#102)

jimright · web-flow · commit 53f2096a1ef3 · 2025-03-25T20:01:25.000Z
Signed-off-by: Jim Enright &lt;jenright@cloudera.com&gt;
diff --git a/modules/terraform-azure-cdw-permissions/variables.tf b/modules/terraform-azure-cdw-permissions/variables.tf
@@ -40,11 +40,11 @@ variable "azure_aks_credential_managed_identity_name" {
   description = "Name of the Managed Identity for the AKS Credential"
 
   validation {
-    condition     = length(var.azure_aks_credential_managed_identity_name) <= 24
-    error_message = "The length of azure_aks_credential_managed_identity_name must be 24 characters or less."
+    condition     = length(var.azure_aks_credential_managed_identity_name) <= 128
+    error_message = "The length of azure_aks_credential_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = can(regex("^[a-zA-Z0-9-_]{1,24}$", var.azure_aks_credential_managed_identity_name))
+    condition     = can(regex("^[a-zA-Z0-9-_]{1,128}$", var.azure_aks_credential_managed_identity_name))
     error_message = "azure_aks_credential_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }
diff --git a/modules/terraform-cdp-azure-pre-reqs/variables.tf b/modules/terraform-cdp-azure-pre-reqs/variables.tf
@@ -375,11 +375,11 @@ variable "datalake_admin_managed_identity_name" {
   default = null
 
   validation {
-    condition     = (var.datalake_admin_managed_identity_name == null ? true : length(var.datalake_admin_managed_identity_name) <= 24)
-    error_message = "The length of datalake_admin_managed_identity_name must be 24 characters or less."
+    condition     = (var.datalake_admin_managed_identity_name == null ? true : length(var.datalake_admin_managed_identity_name) <= 128)
+    error_message = "The length of datalake_admin_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = (var.datalake_admin_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.datalake_admin_managed_identity_name)))
+    condition     = (var.datalake_admin_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.datalake_admin_managed_identity_name)))
     error_message = "datalake_admin_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }
@@ -392,11 +392,11 @@ variable "idbroker_managed_identity_name" {
   default = null
 
   validation {
-    condition     = (var.idbroker_managed_identity_name == null ? true : length(var.idbroker_managed_identity_name) <= 24)
-    error_message = "The length of idbroker_managed_identity_name must be 24 characters or less."
+    condition     = (var.idbroker_managed_identity_name == null ? true : length(var.idbroker_managed_identity_name) <= 128)
+    error_message = "The length of idbroker_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = (var.idbroker_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.idbroker_managed_identity_name)))
+    condition     = (var.idbroker_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.idbroker_managed_identity_name)))
     error_message = "idbroker_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }
@@ -409,11 +409,11 @@ variable "log_data_access_managed_identity_name" {
   default = null
 
   validation {
-    condition     = (var.log_data_access_managed_identity_name == null ? true : length(var.log_data_access_managed_identity_name) <= 24)
-    error_message = "The length of log_data_access_managed_identity_name must be 24 characters or less."
+    condition     = (var.log_data_access_managed_identity_name == null ? true : length(var.log_data_access_managed_identity_name) <= 128)
+    error_message = "The length of log_data_access_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = (var.log_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.log_data_access_managed_identity_name)))
+    condition     = (var.log_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.log_data_access_managed_identity_name)))
     error_message = "log_data_access_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }
@@ -426,11 +426,11 @@ variable "ranger_audit_data_access_managed_identity_name" {
   default = null
 
   validation {
-    condition     = (var.ranger_audit_data_access_managed_identity_name == null ? true : length(var.ranger_audit_data_access_managed_identity_name) <= 24)
-    error_message = "The length of ranger_audit_data_access_managed_identity_name must be 24 characters or less."
+    condition     = (var.ranger_audit_data_access_managed_identity_name == null ? true : length(var.ranger_audit_data_access_managed_identity_name) <= 128)
+    error_message = "The length of ranger_audit_data_access_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = (var.ranger_audit_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.ranger_audit_data_access_managed_identity_name)))
+    condition     = (var.ranger_audit_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.ranger_audit_data_access_managed_identity_name)))
     error_message = "ranger_audit_data_access_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }
@@ -443,11 +443,11 @@ variable "raz_managed_identity_name" {
   default = null
 
   validation {
-    condition     = (var.raz_managed_identity_name == null ? true : length(var.raz_managed_identity_name) <= 24)
-    error_message = "The length of raz_managed_identity_name must be 24 characters or less."
+    condition     = (var.raz_managed_identity_name == null ? true : length(var.raz_managed_identity_name) <= 128)
+    error_message = "The length of raz_managed_identity_name must be 128 characters or less."
   }
   validation {
-    condition     = (var.raz_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.raz_managed_identity_name)))
+    condition     = (var.raz_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.raz_managed_identity_name)))
     error_message = "raz_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -40,11 +40,11 @@ variable "azure_aks_credential_managed_identity_name" {`
`40`	`40`	`description = "Name of the Managed Identity for the AKS Credential"`
`41`	`41`
`42`	`42`	`validation {`
`43`		`- condition = length(var.azure_aks_credential_managed_identity_name) <= 24`
`44`		`- error_message = "The length of azure_aks_credential_managed_identity_name must be 24 characters or less."`
	`43`	`+ condition = length(var.azure_aks_credential_managed_identity_name) <= 128`
	`44`	`+ error_message = "The length of azure_aks_credential_managed_identity_name must be 128 characters or less."`
`45`	`45`	`}`
`46`	`46`	`validation {`
`47`		`- condition = can(regex("^[a-zA-Z0-9-_]{1,24}$", var.azure_aks_credential_managed_identity_name))`
	`47`	`+ condition = can(regex("^[a-zA-Z0-9-_]{1,128}$", var.azure_aks_credential_managed_identity_name))`
`48`	`48`	`error_message = "azure_aks_credential_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`49`	`49`	`}`
`50`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -375,11 +375,11 @@ variable "datalake_admin_managed_identity_name" {`
`375`	`375`	`default = null`
`376`	`376`
`377`	`377`	`validation {`
`378`		`- condition = (var.datalake_admin_managed_identity_name == null ? true : length(var.datalake_admin_managed_identity_name) <= 24)`
`379`		`- error_message = "The length of datalake_admin_managed_identity_name must be 24 characters or less."`
	`378`	`+ condition = (var.datalake_admin_managed_identity_name == null ? true : length(var.datalake_admin_managed_identity_name) <= 128)`
	`379`	`+ error_message = "The length of datalake_admin_managed_identity_name must be 128 characters or less."`
`380`	`380`	`}`
`381`	`381`	`validation {`
`382`		`- condition = (var.datalake_admin_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.datalake_admin_managed_identity_name)))`
	`382`	`+ condition = (var.datalake_admin_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.datalake_admin_managed_identity_name)))`
`383`	`383`	`error_message = "datalake_admin_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`384`	`384`	`}`
`385`	`385`	`}`
`@@ -392,11 +392,11 @@ variable "idbroker_managed_identity_name" {`
`392`	`392`	`default = null`
`393`	`393`
`394`	`394`	`validation {`
`395`		`- condition = (var.idbroker_managed_identity_name == null ? true : length(var.idbroker_managed_identity_name) <= 24)`
`396`		`- error_message = "The length of idbroker_managed_identity_name must be 24 characters or less."`
	`395`	`+ condition = (var.idbroker_managed_identity_name == null ? true : length(var.idbroker_managed_identity_name) <= 128)`
	`396`	`+ error_message = "The length of idbroker_managed_identity_name must be 128 characters or less."`
`397`	`397`	`}`
`398`	`398`	`validation {`
`399`		`- condition = (var.idbroker_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.idbroker_managed_identity_name)))`
	`399`	`+ condition = (var.idbroker_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.idbroker_managed_identity_name)))`
`400`	`400`	`error_message = "idbroker_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`401`	`401`	`}`
`402`	`402`	`}`
`@@ -409,11 +409,11 @@ variable "log_data_access_managed_identity_name" {`
`409`	`409`	`default = null`
`410`	`410`
`411`	`411`	`validation {`
`412`		`- condition = (var.log_data_access_managed_identity_name == null ? true : length(var.log_data_access_managed_identity_name) <= 24)`
`413`		`- error_message = "The length of log_data_access_managed_identity_name must be 24 characters or less."`
	`412`	`+ condition = (var.log_data_access_managed_identity_name == null ? true : length(var.log_data_access_managed_identity_name) <= 128)`
	`413`	`+ error_message = "The length of log_data_access_managed_identity_name must be 128 characters or less."`
`414`	`414`	`}`
`415`	`415`	`validation {`
`416`		`- condition = (var.log_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.log_data_access_managed_identity_name)))`
	`416`	`+ condition = (var.log_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.log_data_access_managed_identity_name)))`
`417`	`417`	`error_message = "log_data_access_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`418`	`418`	`}`
`419`	`419`	`}`
`@@ -426,11 +426,11 @@ variable "ranger_audit_data_access_managed_identity_name" {`
`426`	`426`	`default = null`
`427`	`427`
`428`	`428`	`validation {`
`429`		`- condition = (var.ranger_audit_data_access_managed_identity_name == null ? true : length(var.ranger_audit_data_access_managed_identity_name) <= 24)`
`430`		`- error_message = "The length of ranger_audit_data_access_managed_identity_name must be 24 characters or less."`
	`429`	`+ condition = (var.ranger_audit_data_access_managed_identity_name == null ? true : length(var.ranger_audit_data_access_managed_identity_name) <= 128)`
	`430`	`+ error_message = "The length of ranger_audit_data_access_managed_identity_name must be 128 characters or less."`
`431`	`431`	`}`
`432`	`432`	`validation {`
`433`		`- condition = (var.ranger_audit_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.ranger_audit_data_access_managed_identity_name)))`
	`433`	`+ condition = (var.ranger_audit_data_access_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.ranger_audit_data_access_managed_identity_name)))`
`434`	`434`	`error_message = "ranger_audit_data_access_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`435`	`435`	`}`
`436`	`436`	`}`
`@@ -443,11 +443,11 @@ variable "raz_managed_identity_name" {`
`443`	`443`	`default = null`
`444`	`444`
`445`	`445`	`validation {`
`446`		`- condition = (var.raz_managed_identity_name == null ? true : length(var.raz_managed_identity_name) <= 24)`
`447`		`- error_message = "The length of raz_managed_identity_name must be 24 characters or less."`
	`446`	`+ condition = (var.raz_managed_identity_name == null ? true : length(var.raz_managed_identity_name) <= 128)`
	`447`	`+ error_message = "The length of raz_managed_identity_name must be 128 characters or less."`
`448`	`448`	`}`
`449`	`449`	`validation {`
`450`		`- condition = (var.raz_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,24}$", var.raz_managed_identity_name)))`
	`450`	`+ condition = (var.raz_managed_identity_name == null ? true : can(regex("^[a-zA-Z0-9-_]{1,128}$", var.raz_managed_identity_name)))`
`451`	`451`	`error_message = "raz_managed_identity_name can consist only of letters, numbers, hyphens (-) and underscores (_)."`
`452`	`452`	`}`
`453`	`453`	`}`