2

When defining a complex input variable:

variable "s3_shares" {
  type = map(object({
    s3_bucket_arn         = string
    client_list           = list(string)
    read_only             = bool
    default_storage_class = string
  }))
}

How can one deal with read_only and default_storage_class being mutually exclusive? In other words, when using the module and defining an s3_share with read_only = true the default_storage_class could be omitted.

Improve this question

1 Answer 1

Reset to default
3

Using validation{} block and alltrue() function :

variable "s3_shares" {
  type = map(object({
    s3_bucket_arn         = string
    client_list           = list(string)
    read_only             = bool
    default_storage_class = string
  }))
default = {
  "one" = {
    s3_bucket_arn         = "foo"
    client_list           = ["foo","bar"]
    read_only             = false
    default_storage_class = "bar" # IS OK
}
  "two" = {
    s3_bucket_arn         = "foo"
    client_list           = ["foo","bar"]
    read_only             = false
    default_storage_class = "" # IS OK
}}
  "three" = {
    s3_bucket_arn         = "foo"
    client_list           = ["foo","bar"]
    read_only             = true
    default_storage_class = "" # IS OK
}}
  "four" = {
    s3_bucket_arn         = "foo"
    client_list           = ["foo","bar"]
    read_only             = true
    default_storage_class = "bar" # IS KO
}}

validation {
  condition = alltrue([
     for o in var.s3_shares : !(o.read_only && length(o.default_storage_class) > 0)])
     error_message = "Read_only and default_storage_class are exclusive."     
   }
}

Mind the use case "two" where read_only is set to false and default_storage_class is empty : this will return true. This might not be the behavior you are looking for.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Thank you! I wasn't aware of the validation block before. Could this though also be used with the map wrapped around the object?
No worries. I think that would still works, but I struggle to understand why you need a map there. Would you mind explaining me the usecase ?
Of course, I don't mind, :) I'm deploying the AWS Storage Gateway and one gateway will have multiple file shares. The object describes the individual share, and the map brings all shares together that belong to the gateway. I will give the solution a try and mark it working later :)
I've updated my answer. It works like a charm on my side ;)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.