diff --git a/fast/stages/1-resman/checklist.tf b/fast/stages/1-resman/checklist.tf index 9d9e8ffd8d..5f03c675e8 100644 --- a/fast/stages/1-resman/checklist.tf +++ b/fast/stages/1-resman/checklist.tf @@ -16,19 +16,12 @@ locals { # parse raw data from JSON files if they exist - _cl_data_raw = ( + _cl_data = ( var.factories_config.checklist_data == null ? null - : yamldecode(file(pathexpand(var.factories_config.checklist_data))) - ) - # check that version and organization id are fine - _cl_data = local._cl_data_raw == null ? null : ( - local._cl_data_raw.version != "0.1.0" - || - local._cl_data_raw.organization.id != tostring(var.organization.id) - ? null - : local._cl_data_raw + : jsondecode(file(pathexpand(var.factories_config.checklist_data))) ) + # normalized IAM bindings one element per binding _cl_iam = local._cl_data == null ? [] : flatten([ for v in try(local._cl_data.access_control, []) : [ @@ -54,6 +47,32 @@ locals { } } +check "checklist" { + assert { + condition = ( + var.factories_config.checklist_data == null + ) || ( + try(local._cl_data.version, "") == "0.1.0" + ) + error_message = join("", [ + "Checklist file version must be 0.1.0. ", + "File ${coalesce(var.factories_config.checklist_data, "NULL")} has version ${try(local._cl_data.version, "NULL")}.", + ]) + } + + assert { + condition = ( + var.factories_config.checklist_data == null + ) || ( + try(local._cl_data.organization.id, null) == tostring(var.organization.id) + ) + error_message = join("", [ + "Organization Id doesn't match. var.organization.id is ${var.organization.id}. ", + "File ${coalesce(var.factories_config.checklist_data, "NULL")} has organization ${try(local._cl_data.organization.id, "NULL")}.", + ]) + } +} + module "checklist-folder-1" { source = "../../../modules/folder" for_each = {