Azure azurerm_role_assignment dynamic condition

Hey,

I have a module used to created Azure service principal and assign roles to it.
I need to configure couple of arguments (see bold) to the role assignment, based on some criteria.
Is there a more “elegant” way to achieve this, or using an IF statement is the only way to go? for example:

resource “azurerm_role_assignment” “user_app_assignment” {
scope = var.scope
role_definition_name = var.role
principal_id = azuread_service_principal.my_principal.id
condition_version = length(regexall(“some_regex”, var.some_var)) > 0 ? null : “2.0”
condition = length(regexall(“some_regex”, var.some_var)) > 0 ? null : <<-EOT
(
(
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/tags/write’})
AND
!(ActionMatches{‘Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete’})
)
EOT
}