Validation on complex input variable

Terraform
1

Hello,

I have the following input variable:

variable "network_profile" {
  type = object({
    network_plugin      = string
    network_mode        = optional(string, null)
    network_policy      = optional(string, null)
    dns_service_ip      = optional(string, null)
    network_data_plane  = optional(string, "azure")
    network_plugin_mode = optional(string, null)
    outbound_type       = optional(string, "loadBalancer")
    pod_cidr            = optional(string, null)
    pod_cids            = optional(list(string), [])
    service_cidr        = optional(string, null)
    service_cidrs       = optional(list(string), [])
    ip_versions         = optional(list(string), [])
    load_balancer_sku   = optional(string, "standard")
    load_balancer_profile = optional(object({
      idle_timeout_in_minutes     = optional(number, 30)
      managed_outbound_ip_count   = optional(number, null)
      managed_outbound_ipv6_count = optional(number, null)
      outbound_ip_address_ids     = optional(set(string), [])
      outbound_ip_prefix_ids      = optional(set(string), [])
      outbound_ports_allocated    = optional(number, 0)
    }), null)
    nat_gateway_profile = optional(object({
      idle_timeout_in_minutes   = optional(number, 4)
      managed_outbound_ip_count = optional(number, null)
    }), null)
  })
  default     = null
  validation {
    condition = var.network_profile == null ? true : [
      for np in var.network_profile : np.nat_gateway_profile == null ? true : [
        for ngp in np.nat_gateway_profile : (coalesce(ngp.managed_outbound_ip_count, 0) >= 1 && coalesce(ngp.managed_outbound_ip_count, 17) <= 16)
      ]
    ]
    error_message = "Must be between 1 and 16 inclusive."
  }
}

The validation fails with the following:

│ Error: Inconsistent conditional result types
│ 
│   on ..\..\..\modules\aks\variables.tf line 1002, in variable "network_profile":
│ 1002:     condition = var.network_profile == null ? true : [
│ 1003:       for np in var.network_profile : np.nat_gateway_profile == null ? true : [
│ 1004:         for ngp in np.nat_gateway_profile : (coalesce(ngp.managed_outbound_ip_count, 0) >= 1 && coalesce(ngp.managed_outbound_ip_count, 17) <= 16)
│ 1005:       ]
│ 1006:     ]
│     ├────────────────
│     │ var.network_profile is object with 15 attributes
│ 
│ The true and false result expressions must have consistent types. The
│ 'true' value is bool, but the 'false' value is tuple.

What am I doing wrong?
Thanks!

2

Hi @niertamas,

The error is attempting to explain the situation, but it boils down to the fact that terraform needs to know what the type of the expression is, but the true and false branches evaluated to different types.

 var.network_profile == null ? true : [ ... ]

So here the “true” expression is simply true, a boolean value, and the false expression is enclosed in [] which is going to be a collection of some sort, usually a tuple.

Since condition must be a boolean value, I’m not sure what the intent of the tuple expression is, but maybe what you are looking for is the alltrue function.