Cloud/Terraform/Validation

Terraform variables can contain validations, from v1.10 they can also refer to other variables.

Problem with objects accepting any value

By default object will ignore additional values passed in.

Here is a method to validate strict set by using setsubtract - https://github.com/hashicorp/terraform/issues/33570#issuecomment-3079589065

  validation {
    error_message = <<-DOCS
      Firewall rule specs cannot contain unknown fields.
    DOCS

    condition = alltrue([
      for _, spec in var.firewall_rules : 0 == length(setsubtract(keys(spec), [
        "description",
        "priority",
        "source_subnets",
        "source_ranges",
        "source_tags",
        "source_service_accounts",
        "source_all",
        "target_tags",
        "target_service_accounts",
        "allow_tcp",
        "allow_udp",
        "allow_icmp"
      ]))
    ])
  }