Hi @ramsateesh,
I assume what you want to achieve here is to apply that condition to each of the objects in the list. In which case, the main building block of the answer is to use for expressions to evaluate the condition once for each element of the list.
In Terraform v0.13 you can write this as a for expression with an if clause where you test the length of the result to see if the condition was valid:
validation {
condition = length([
for o in var.rules : true
if contains(["Allow", "Deny"], o.access)
]) == length(var.rules)
error_message = "All rules must have access of either Allow or Deny."
}
The above works by filtering the input to only include the items that are valid and then checking whether the resulting list still has the same amount of elements. It would have fewer elements if any of the items were invalid.
The forthcoming Terraform 0.14.0 (expected in the next week or so) will include a new function alltrue which aims to simplify the above pattern by allowing you to rewrite it as a for expression whose result is a list of boolean values that must all be true for the condition to hold:
validation {
condition = alltrue([
for o in var.rules : contains(["Allow", "Deny"], o.access)
])
error_message = "All rules must have access of either Allow or Deny."
}
Once you’re able to use Terraform v0.14 I would recommend adopting this second pattern because I think (subjectively) it’d be easier for a future maintainer to read and understand what it means and how it works.