Terraform 0.14，根据另一个变量的值验证变量

Question

有没有办法实现逻辑，就像我必须检查两个变量的条件，即 env 和订阅 id。它应该跳过 dev env 的执行并继续 stg 和 prod。我正在尝试以下代码：

locals {
   validate_env_code_cnd = var.env == "dev" && var.subscription_id == "XXX"
   validate_env_code_msg = "The environment should not dev for given sub"
   validate_env_code_chk = regex (
        "^${local.validate_env_code_msg}$",
        (!local.validate_env_code_cnd 
         ? local.validate_env_code_msg 
         : "") )

我收到如下错误：

Error: Error in function call

  on vars.tf line 20, in locals:
  20:   validate_env_code_chk = regex("^${local.validate_env_code_msg}$", 
   (!local.validate_env_code_cnd ? local.validate_env_code_msg : "") )
    |----------------
    | local.validate_env_code_cnd is true
    | local.validate_env_code_msg is "The dev environment not allowed for given 
    sub"

  Call to function "regex" failed: pattern did not match any part of the given
  string.

Answer 1

它不起作用的原因是validate_env_code_cnd 正在返回true 或false，但您需要实际值。这应该适用于您的用例。

variable "env" {
  default = "dev"
}

variable "subscription_id" {
  default = "XXX"
}

locals {
   validate_env_code_msg = "The environment should not dev for given sub"
   validate_env_code_chk = length(regexall(var.env, local.validate_env_code_msg)) > 0 && length(regexall(var.subscription_id, local.validate_env_code_msg)) > 0
  
   validate_env_code_updated = var.env == "dev" && var.subscription_id == "XXX" ? local.validate_env_code_msg : ""
}

output "test" {
  value = local.validate_env_code_chk
}

output "test_updated" {
  value = local.validate_env_code_updated
}

我正在返回 True 或 False 但您可以返回任何内容或检查并继续。