validating a list of input variables in terraform

Question

This validation block works for a single input variable.

variable "mytestname" {

     validation {
        condition = length(regexall("test$", var.mytestname)) > 0
        error_message = "Should end in test"
     }
}

I need it to work inside a for_each - or have some workaround to accomplish this. The issue is that there is a restriction on the condition statement - the condition HAS to take in the input variable itself (i.e. - it cannot accept an each.value)

variable "mytestnames" {

listnames = split(",",var.mytestnames)     

for_each = var.listnames

     validation {
        condition = length(regexall("test$", each.value)) > 0
        error_message = "Should end in test"
      }
}

The above snippet does not work. I need a way I can iterate over a list of values and validate each of them. It looks like the newly introduced 'validation block' does not work on lists of input variables. There must be a way to do this without a validation block...??

Answer 1

we can validate a loop

variable "mytestnames" {
  type        = string
  description = "comma separated list of names"
  # default     = "nametest,name1test,name2test"
  default = "nametest,nametest1,nametest2"

  validation {
    condition = alltrue([
      for n in split(",", var.mytestnames) :
      can(regex("test$", n)) # can't use a local var 'can only refer to the variable itself'
    ])
    error_message = "Should end in test" # can't use local var here either
  }
}

│ Error: Invalid value for variable
│ 
│   on main.tf line 5:
│    5: variable "mytestnames" {
│     ├────────────────
│     │ var.mytestnames is "nametest,nametest1,nametest2"
│ 
│ Should end in test
│ 

... but, we can do better by using an output

locals { name_regex = "test$" }
output "mytestnames_valid" {
  value = "ok" # we can output whatever we want
  precondition {
    condition = alltrue([
      for n in split(",", var.mytestnames) :
      can(regex(local.name_regex, n)) # in an output we can use a local var
    ])
    error_message = format("invalid names: %s",
      join(",", [
        for n in split(",", var.mytestnames) :
        n if !can(regex(local.name_regex, n)) # we can reference local AND make a list of bad names
        ]
      )
    )
  }
}

│ Error: Module output value precondition failed
│ 
│   on main.tf line 23, in output "mytestnames":
│   23:     condition = alltrue([
│   24:       for n in split(",", var.mytestnames) :
│   25:       can(regex(local.name_regex, n)) # an an output we can use a local var
│   26:     ])
│     ├────────────────
│     │ local.name_regex is "test$"
│     │ var.mytestnames is "nametest,nametest1,nametest2"
│ 
│ invalid names: nametest1,nametest2