I think Terraform should provide a function to return the default value of a variable.
Consider the following definition.
variable "attribute_mapping" {
type = map(any)
default = {
"google.subject" = "assertion.sub",
"attribute.aud" = "assertion.aud",
"attribute.terraform_run_phase" = "assertion.terraform_run_phase",
"attribute.terraform_project_id" = "assertion.terraform_project_id",
"attribute.terraform_project_name" = "assertion.terraform_project_name",
"attribute.terraform_workspace_id" = "assertion.terraform_workspace_id",
"attribute.terraform_workspace_name" = "assertion.terraform_workspace_name",
"attribute.terraform_organization_id" = "assertion.terraform_organization_id",
"attribute.terraform_organization_name" = "assertion.terraform_organization_name",
"attribute.terraform_run_id" = "assertion.terraform_run_id",
"attribute.terraform_full_workspace" = "assertion.terraform_full_workspace",
}
}
Suppose that we are almost happy with the default value, but sometimes we would like to pass a different value for google.subject or another attribute.
As it stands, the default value cannot help us with this. We would have to provide the value for this input variable when we invoke the module.
In the following code, only the google.subject mapping is different from the default value:
module "oidc" {
// ...
attribute_mapping = {
"google.subject" = "'myprovider::' + assertion.aud + '::' + assertion.sub",
"attribute.aud" = "assertion.aud",
"attribute.terraform_run_phase" = "assertion.terraform_run_phase",
"attribute.terraform_project_id" = "assertion.terraform_project_id",
"attribute.terraform_project_name" = "assertion.terraform_project_name",
"attribute.terraform_workspace_id" = "assertion.terraform_workspace_id",
"attribute.terraform_workspace_name" = "assertion.terraform_workspace_name",
"attribute.terraform_organization_id" = "assertion.terraform_organization_id",
"attribute.terraform_organization_name" = "assertion.terraform_organization_name",
"attribute.terraform_run_id" = "assertion.terraform_run_id",
"attribute.terraform_full_workspace" = "assertion.terraform_full_workspace",
}
// ...
}
In contrast, if we had a function such as default_value(var), we could use it when we invoke the module to amend just some of the mappings:
module "oidc" {
// ...
attribute_mapping = merge(
{ "google.subject" = "'myprovider::' + assertion.aud + '::' + assertion.sub" },
default_value(var.attribute_mapping))
// ...
}
This would merge the default value with the provided value before passing the result into the module as input.
The new function would be a true function because the default value of an input variable is a literal value.
I think such function would make Terraform configuration more DRY and maintainable.