Unable to set null value in TFE workspace terraform variable

Unable to set null value in terraform enterprise workspace variable

rules = [{“blob-types” = [“blockBlob”],“delete-after-days-since-creation-greater-than” = 30,“delete-after-days-since-modification-greater-than” = 100,“enabled” = true,“name” = “testRule1”,“prefix-match” = [“test1”,“tst2”],“tier-to-archive-after-days-since-modification-greater-than” = null,“tier-to-cool-after-days-since-modification-greater-than” = null}]

error occurred:

  • Invalid HCL in variable “rules”: At 1:14: error while trying to parse object within list: At 1:290: Unknown token: 1:290 IDENT null

works fine if I set below

rules = [{“blob-types” = [“blockBlob”],“delete-after-days-since-creation-greater-than” = 30,“delete-after-days-since-modification-greater-than” = 100,“enabled” = true,“name” = “testRule1”,“prefix-match” = [“test1”,“tst2”],“tier-to-archive-after-days-since-modification-greater-than” = 20,“tier-to-cool-after-days-since-modification-greater-than” = 30}]

I get the same error if set null value for any variable.

Terraform version 0.13.4
tfe provider
tfe_variable resource.

Hi @summitdevops,

The specific error message you shared here looks like something that the old language parser from Terraform v0.11 or earlier would generate. The newer implementation introduced in v0.12, and thus still present in v0.13, doesn’t have this same idea of an “IDENT token”, so I can’t explain how you would see this error message when using Terraform v0.13.

Can you verify that your Terraform Enterprise workspace is actually configred to use Terraform v0.13.4? If you are using the Terraform Cloud/Enterprise “Remote Operations” feature then note that the version used for remote operations will be the one configured remotely in the workspace settings, which won’t necessarily match the local Terraform CLI version you are using to start these operations.

HI @summitdevops

Were you able to overcome this issue?


I’m experiencing the same behaviour on Terraform Cloud.
Workspace with remote operations. v1.0.9

This is the value of my variable with the HCL checkbox checked.

1 error occurred:
Invalid HCL in variable “rules”: At 2:3: error while trying to parse object within list: At 8:33: Unknown token: 8:33 IDENT null

Is there any other way to give those settings a null value?

      name                    = "allow-all"
      description             = "Allow all traffic withing cluster network"
      direction               = "INGRESS"
      priority                = 1000
      network_name            = "engage-shared-network-244"
      ranges                  = null
      source_tags             = null
      source_service_accounts = null
      target_tags             = ["app", "test"]
      target_service_accounts = null
      allow = [{
          protocol = "all"
          ports    = null
      deny = []
      log_config = {
          metadata = "INCLUDE_ALL_METADATA"

Thanks for your help!


Hi @sgarciajaramillo,

Looking at this again with fresh eyes I think I can see what’s going on here: Terraform Cloud has some logic to validate that all of the HCL-flagged variables contain valid HCL syntax, but it’s some pretty old code (circa 2017) and so it’s using the old HCL parser that Terraform v0.11 and earlier would’ve used, rather than the one from Terraform v0.12 and later.

Most of the time that doesn’t matter because variables files only support literal values anyway, and the literal value syntax is mostly the same between both HCL versions. However, one important disagreement for this case is that null only became meaningful as a value in Terraform v0.12, and so this validation doesn’t support that.

With Terraform Cloud as it currently exists, then, I think unfortunately you won’t be able to set these variables to null. Instead, you may have to change their definitions slightly to allow defining them without using null and then perhaps use a local value within the module to project them into the shape you actually wanted, with any added null attributes.

However, I’d also suggest contacting Terraform support who may be able to offer you a more tailored workaround in the meantime (since they will be able to access more details about your situation than I can in the public forum) but should also be able to send this feedback on to the relevant Terraform Cloud team to see about updating this validation to support the modern Terraform language.

1 Like

Thanks a lot @apparentlymart

Will bring see if there is an issue open for this already and figure out a workaround.

Best regards,