Reputation: 133
First thanks for this post Adding a default field for type = map(object()) in, this answered the first part of the struggle that I had in getting default values to work with type map(object()). The last part that I am trying to get working is how to do validation of the input values.
terraform {
experiments = [module_variable_optional_attrs]
variable "dns_server" {
description = "Add DNS Servers for domain resolution. You can configure a maximum of two servers. Only one can be preferred 'true'."
type = map(object({
preferred = optional(bool)
server = optional(string)
default = {
default = {
preferred = false
server = ""
validation {
condition = (
can(regexall("^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$", var.dns_server["server"]))
error_message = "The DNS Server is not a valid IPv4 Address."
locals {
dns_server = {
for k, v in var.dns_server : k => {
preferred = coalesce(v.preferred, false)
server = coalesce(v.server, "")
The defaults value in the variable field I know isn't used but I am using it as a placeholder for the terraform docs output.
I also know what I have above for validation is not correct because if the user used the default server IPv4 that wouldn't be set until the locals definition. I just don't know of a way to do the validation because I my trusty google search hasn't pulled up any similar examples.
The code is located here if you need more details about how it is being used:
If I comment out the validation everything else is working fine. Thanks in advance.
Upvotes: 7
Views: 18019
Reputation: 196
Is this what you are after?
variable "mapobject" {
type = map(object({
cidr_block = string
destination_type = string
validation {
condition = alltrue([for o in var.mapobject : contains(["CIDR_BLOCK", "NETWORK_SECURITY_GROUP", "SERVICE_CIDR_BLOCK"], o.destination_type)])
error_message = "All destination_types must be one of CIDR_BLOCK, NETWORK_SECURITY_GROUP or SERVICE_CIDR_BLOCK!"
With a variable assignment of:
mapobject = {
"r0" = {
cidr_block = "",
destination_type = "CIDR_BLOCK"
The validation succeeds, whereas the following fails (as intended):
mapobject = {
"r0" = {
cidr_block = "",
destination_type = "**CIRD_BLOCK**"
Associated error text with the previous usage:
Error: Invalid value for variable
on line 86:
86: variable "mapobject" {
All destination_types must be one of CIDR_BLOCK, NETWORK_SECURITY_GROUP or
This was checked by the validation rule at,2-12.
If it is, then kudos goes here:
Upvotes: 17