Added validation 'db_use_mtls' variable and updated min tf req to 1.9.0

[skj-skj]

Background

I have added validation db_use_mtls to give error when db_use_mtls and enable_aurora both variable are true.

Why?

to improve the developer experience

How?

I have added validation block in db_use_mtls variable and cross reference enable_aurora variable, to cross reference min tf version should be 1.9.0 so I have updated min tf version requirement to 1.9.0, I had to also updated tflint version in workflow as older version gives error on cross referencing variable in validation.

also updated tflint command and config as newer version have removed options/feature marked as deprecated:

• added --chdir option in tflint command
• replace module = false to call_module_type = "none" in tflint config (.tflint.hcl)

Testing?

tested changes locally by setting db_use_mtls and enable_aurora variable true and false, see below screenshot

Screenshots

Scenario	Screenshot
✅db_use_mtls, ✅enable_aurora
✅db_use_mtls, ❌enable_aurora	no error
❌db_use_mtls, ✅enable_aurora	no error
❌db_use_mtls, ❌enable_aurora	no error

release test also passed - https://github.com/hashicorp/terraform-enterprise/actions/runs/17382920555

note: one of the azure release test is falling due to an allocation error, which is not related to version changes.

How Has This Been Tested

Ran Locally to check error behavior and its working as expected

Test Configuration

• Terraform Version: 1.13.0
• Any additional relevant variables: set db_use_mtls and enable_aurora true, it will show error in terraform plan

This PR makes me feel

[ajmera-naman]

Great work! Could you attach the release test links to your PR.

[skj-skj]

Great work! Could you attach the release test links to your PR.

sure, updated

[tauhid621]

Looks good overall.
I just want to know if this could break existing infra which is deployed using the module 🤔

[tauhid621]

Could there be any implications of the version bump for existing infra which uses this module?

[skj-skj]

yes, as cross referencing variable in validation block is available from 1.9.0, so consumer of this module needs to use terraform version 1.9.0+

[tauhid621]

I am wondering if we used to get error from this earlier?
If yes, was it during a later stage?

[skj-skj]

yes, earlier also we used to get error, but it wasn't descriptive

and yes it was running at later stage, as previously it will create plan for resouce blocks and reads from data blocks which uses/depends on db_use_mtls variable. it will now only run these blocks when validation pass.

[skj-skj]

Looks good overall. I just want to know if this could break existing infra which is deployed using the module 🤔

it should not break any exisitng infra as there is no tf script changes in the pr.

if consumer is using ~> or <= 1.9 (pessimistic version constraints) and anchored to terraform version lower to 1.9.0 in their tf script or any other module they are using, they need to update their version constraints in terraform block.

it may break any existing pipeline which is using terraform version <= 1.9 and deploy tfe using this module.

[tauhid621]

Looks good overall. I guess we can expect end users to update to 1.9 if they are using an older version.

[ajmera-naman]

LGTM

[kkavish]

Looks good overall. I guess we can expect end users to update to 1.9 if they are using an older version.

I had the same concern, and things will definitely break (as they did in release tests where the version had to be bumped up). Alos, people using 0.14.7 might be using a lot of syntax/features which have been deprecated in the releases before 1.9 and this will break all those.

[skj-skj]

Closing this PR for now. These changes would break compatibility for users running Terraform <= 1.9.0 to deploy Terraform Enterprise. Some users are constrained by internal dependencies, policies, or syntax/features of older Terraform, and so future module updates based on this change wouldn’t work for them.