Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to validate nullable object variable with properties

Tags:

terraform

I have module like:

variable "client_certificate" {
  description = "Client certificate settings."

  type = object({
    enabled = bool
    mode    = string
  })

  default =  null

  validation {
    condition     = var.client_certificate == null || (var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null)
    error_message = "The Client Certificate mode possible values include Optional, Required, Allow, Ignore."
  }
}


resource "null_resource" "display" {

  provisioner "local-exec" {
    command = <<EOT

        echo "${var.client_certificate != null ? var.client_certificate.mode : "siema"}"
        
    EOT
  }
}

And I want to be avle to provide client_certificate as null, but also be able to verify properties via validation mechanism.

I call it:

module "display" {
  source = "./modulek"

  client_certificate          =  null
}

but then I got:

│ Error: Attempt to get attribute from null value
│
│   on modulek\main.tf line 12, in variable "client_certificate":
│   12:     condition     = var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null
│     ├────────────────
│     │ var.client_certificate is null
│
│ This value is null, so it does not have any attributes.
╵
╷
│ Error: Attempt to get attribute from null value
│
│   on modulek\main.tf line 12, in variable "client_certificate":
│   12:     condition     = var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null
│     ├────────────────
│     │ var.client_certificate is null
│
│ This value is null, so it does not have any attributes.

For me this is really strange because I was assuming that var.client_certificate == null should finish evaluation of condition as it provides true. But I was wrong, and whole expression is evaluated. Since that I'm not sure how I could overcome this. I tried with lookup, but it was the same.

like image 460
Krzysztof Madej Avatar asked Jun 13 '26 08:06

Krzysztof Madej


2 Answers

null objects do not have enabled nor mode fields. Thus you get those errors. You have to use try.

I'm not exactly sure what you want your condition to exactly be, but you can try with:

    condition     = try((var.client_certificate == null || (var.client_certificate != null && var.client_certificate.enabled == false && var.client_certificate.mode == null)), false)
like image 155
Marcin Avatar answered Jun 15 '26 12:06

Marcin


Terraform does not short-circuit logical evaluation. It will always evaluate all branches and conditions. Therefore using simple guard condition won't work, however ternary operator ?: can can be used instead with only moderately worsened readability

condition = var.client_certificate == null ? true : (var.client_certificate.enabled == false && var.client_certificate.mode == null)

like image 35
anthavio Avatar answered Jun 15 '26 12:06

anthavio



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!