I’m trying to author a module that requires the azurerm provider to deploy resources.
The provider configuration comes from the root main.tf script and is passed down to the child module using its providers block.
I would like to validate that the azurerm provider that is passed down is configured in a certain way. For instance, It should be valid only if the subscription_id is one of two valid identifiers.
I would like to module to fail if the provider requirements are not satisfied.
I’m not directly familiar with this feature, but I notice that the hashicorp/azurerm provider has a data source azurerm_subscription, which seems to have a default behavior of returning information about the provider’s current subscription.
If that’s true then one way to solve this would be something like this, using that data source in conjunction with a postcondition:
If you use this technique, you may wish to make other resources in the same module depend on this data resource either by referring to one of its attributes or using the depends_on argument. Doing that will make sure that downstream operations are guarded by this postcondition, to reduce the risk that something else might fail first and prevent Terraform from reaching, checking, and reporting this particular condition.
Aha. I focused too much on “reading provider configuration” and didn’t think about the provider potentially “playing back” the particular item of configuration that was desired, via a data resource.
.