Terraform Provider Validation

The Terraform provider that displays helpful messages to users.

Terraform 0.13 added input variable validation support, a much requested feature by module developers and maintainers. However, the variable validation introduced in 0.13 only allowed validation in the context of a single variable, and not much has changed with this feature even though Terraform has now gone 1.0 and beyond.

Consider the following example:

You are introducing an experimental feature into your configuration. Since it is experimental, it is not ready to be released into production, but you want to make the feature available in your development environment for testing/vetting.

Attempting to execute the above code results in an error, but not the one we want.

Terraform throws an error, but not the one we want! Terraform doesn’t allow references to other variables in the validation block.

There have been workarounds suggested in various GitHub issue threads, but none of these workarounds are particularly straightforward to understand (neither writing the code nor reading the error message).

This workaround uses an explicit programming error in the case that the count condition evaluates to true, and will attempt to set a string as the value for a count (which requires a numeric value).

The output of the workaround shows the offending code snippet itself, which can contain the error message you wish to display. However, this is a hack and it relies on your user to understand its purpose as an error message.

Executing this code results in the offending code snippet being printed to the user, so technically the custom message is shown — but it is a hack based on an intentional programming error, and relies on your user to understand that the programming error is intended to serve as an error message.

Being unable to validate multiple variables together and the inability to produce custom warning/error messages are the exact problems that I solved by creating the terraform-provider-validation.

The Validation provider is a purely logical Terraform provider — it does not call any external services, and instead relies solely upon Terraform’s core library to function.

There are two resources, validation_warning and validation_error. These resources accept an input condition which, if true, will display a summary message of respective severity during the Terraform execution. If the condition for validation_error is true, the execution will fail and display the configured information to the user.

The provider also provides two companion data sources, validation_warning and validation_error. These data sources have exactly the same schema as the resources, but can be used to stop execution prior to the apply phase.

The warnings can be used to show users a deprecation notice on input variables being used without causing Terraform to exit. The details section can also be compressed when using the -compact-warnings option on the Terraform CLI.

Instead of failing the execution, the run continues (and succeeds), and prints a helpful message to the user so that they can better prepare for an upcoming release.

Terraform plan output showing the summary and details to the user, providing instructions on how best to prepare for upcoming releases of the hypothetical Terraform module.

The same output from the prior execution, but with compact warnings enabled. In this case the details are not visible to the user.