Today I Learned: Terraform variable validation

As of Terraform 0.13.0 it is now possible to run a level of validation over your input variables to ensure they match what you'd expect them to be. There are some limitations to this, which I wont go into right now. Today I groked how it to deal with more complex validations scenarios.

If you had a module that made a call to a resource where one of it's fields accepted a list() and you wanted to ensure that only a subset of the options that are actually available are allowed to be passed into the module. This can be done using validation, there isn't a clean way to deal with this in the current implementation of validation but the below is something that certainly works.

I have removed the majority of the config for the defined resource as we don't overly care about that. The point we care about most is ensuring that only NFSv3 and NFSv4.1 are allowed to be passed into the module, another option that is allowed is CIFS but we don't want to allow it.

resource "azurerm_netapp_volume" "this" {
  name                = "netapp-volume"

  ...

  protocols           = var.protocols
}

variable "protocols" {
  description = "List of protocols to be enabled for this NetApp volume"
  type        = list(string)

  validation {
    condition = length([
      for p in var.protocols : true
      if contains(["NFSv3", "NFSv4.1"], p)
    ]) == length(var.protocols)
    error_message = "One of more of the passed in protocols is not allowed."
  }
}

By using the above validation clause you can see it is simple to do this sort of validation using maths.