From 5db6962395e203ebbe2810fcd1c8af1e42eca383 Mon Sep 17 00:00:00 2001 From: Ludo Date: Mon, 8 Apr 2024 13:20:45 +0200 Subject: [PATCH] add validation rule for DNS module health check targets --- modules/dns/README.md | 2 +- modules/dns/variables.tf | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/dns/README.md b/modules/dns/README.md index 8739bbb023..9195c41719 100644 --- a/modules/dns/README.md +++ b/modules/dns/README.md @@ -163,7 +163,7 @@ module "public-dns" { | [force_destroy](variables.tf#L23) | Set this to true to delete all records in the zone upon zone destruction. | bool | | null | | [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | null | | [recordsets](variables.tf#L45) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} | -| [zone_config](variables.tf#L89) | DNS zone configuration. | object({…}) | | null | +| [zone_config](variables.tf#L102) | DNS zone configuration. | object({…}) | | null | ## Outputs diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index d23d949a2e..27d9c79d14 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -84,6 +84,19 @@ variable "recordsets" { ]) error_message = "Only one of records, wrr_routing or geo_routing can be defined for each recordset." } + validation { + condition = alltrue(flatten([ + for k, v in coalesce(var.recordsets, {}) : [ + for r in try(v.geo_routing.health_checked_targets, []) : [ + contains( + ["regionalL4ilb", "regionalL7ilb", "globalL7ilb", null], + try(r.load_balancer_type, null) + ) + ] + ] + ])) + error_message = "Invalid load balancer type for health checked target." + } } variable "zone_config" {