Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow Variable Validation Conditions to Refer to Other Variables #1336

Open
RoseSecurity opened this issue Mar 1, 2024 · 2 comments
Open

Allow Variable Validation Conditions to Refer to Other Variables #1336

RoseSecurity opened this issue Mar 1, 2024 · 2 comments
Labels
enhancement New feature or request pending-decision This issue has not been accepted for implementation nor rejected. It's still open to discussion.

Comments

@RoseSecurity
Copy link

OpenTofu Version

OpenTofu 1.6.2

Use Cases

I want to be able to have conditional validation on variables - the condition being the value of other variables.
Currently, I'm trying to implement a load balancer (resource "aws_lb") in AWS - the load balancer resource can either be of type "application" or "network". Depending on the load balancer type, there are several required and optional variables that you can pass in. Terraform throws an error if you fail to pass a required variable, but, if you pass in an optional variable to the wrong load balancer type, there isn't much warning.

For the sake of example, an application load balancer can optionally take a list of security groups, but a network load balancer can't. If a developer passes in a list of security groups to an NLB, they may have specified the wrong value for load_balancer_type, or they may be passing variables into the wrong load balancer resource - in either case, I'd like to give a warning to the developer to save them having to go debugging.

This isn't a request that's strictly for AWS load balancers - the pattern of "value X is required if value Y is Z" seems to be fairly common across Terraform plugins.

Attempted Solutions

I tried adding a validation block here:

variable "security_groups" {
  description = "A list of security groups to attach to the load balancer. Only works with ALBs"
  type = list(string)

  validation {
    condition = var.lb_type == "application"
    error_message = "Security groups can only be used by Application Load Balancers."
  }
}

Error:

Error: Invalid variable validation condition

  on variables.tf line 36, in variable "security_groups":
  36:     condition = var.lb_type == "application"

The condition for variable "security_groups" must refer to var.security_groups
in order to test incoming values.

Proposal

Just a few prefaces to my proposals:

  • Implementing such a feature could allow for cyclic dependencies between variables - although, I think that it's at the developer's own risk - like how to package systems in programming languages facilitate cyclic dependencies (but we still all recognize the benefit of having them).

  • I think that the (bigger) potential issue is causing a significant growth in the dependency graph by creating a complex set of conditional validation rules

References
@RoseSecurity RoseSecurity added enhancement New feature or request pending-decision This issue has not been accepted for implementation nor rejected. It's still open to discussion. labels Mar 1, 2024
@cam72cam
Copy link
Contributor

cam72cam commented Mar 1, 2024

Do you think a variant of #1042 may be helpful here?

@RoseSecurity
Copy link
Author

@cam72cam Definitely, I really would love to see more flexibility around this area

@github-actions github-actions bot mentioned this issue May 6, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request pending-decision This issue has not been accepted for implementation nor rejected. It's still open to discussion.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cam72cam @RoseSecurity