I have module like:
variable "client_certificate" {
description = "Client certificate settings."
type = object({
enabled = bool
mode = string
})
default = null
validation {
condition = var.client_certificate == null || (var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null)
error_message = "The Client Certificate mode possible values include Optional, Required, Allow, Ignore."
}
}
resource "null_resource" "display" {
provisioner "local-exec" {
command = <<EOT
echo "${var.client_certificate != null ? var.client_certificate.mode : "siema"}"
EOT
}
}
And I want to be avle to provide client_certificate as null, but also be able to verify properties via validation mechanism.
I call it:
module "display" {
source = "./modulek"
client_certificate = null
}
but then I got:
│ Error: Attempt to get attribute from null value
│
│ on modulek\main.tf line 12, in variable "client_certificate":
│ 12: condition = var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null
│ ├────────────────
│ │ var.client_certificate is null
│
│ This value is null, so it does not have any attributes.
╵
╷
│ Error: Attempt to get attribute from null value
│
│ on modulek\main.tf line 12, in variable "client_certificate":
│ 12: condition = var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null
│ ├────────────────
│ │ var.client_certificate is null
│
│ This value is null, so it does not have any attributes.
For me this is really strange because I was assuming that var.client_certificate == null should finish evaluation of condition as it provides true. But I was wrong, and whole expression is evaluated. Since that I'm not sure how I could overcome this. I tried with lookup, but it was the same.
null objects do not have enabled nor mode fields. Thus you get those errors. You have to use try.
I'm not exactly sure what you want your condition to exactly be, but you can try with:
condition = try((var.client_certificate == null || (var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null)), false)
Terraform does not short-circuit logical evaluation. It will always evaluate all branches and conditions. Therefore using simple guard condition won't work, however ternary operator ?: can can be used instead with only moderately worsened readability
condition = var.client_certificate == null ? true : (var.client_certificate.enabled == false && var.client_certificate.mode == null)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With