Proper validation of empty string value in identity_type (#1980)

GoogleCloudPlatform · Jan 16, 2024 · 5372361 · 5372361
1 parent 834269b
commit 5372361
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/modules/vpc-sc/variables.tf b/modules/vpc-sc/variables.tf
@@ -90,10 +90,10 @@ variable "egress_policies" {
   validation {
     condition = alltrue([
       for k, v in var.egress_policies :
-      v.from.identity_type == null || contains([
+      v.from.identity_type == null ? true : contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
         "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
-      ], coalesce(v.from.identity_type, "-"))
+      ], v.from.identity_type)
     ])
     error_message = "Invalid `from.identity_type` value in egress policy."
   }
@@ -158,10 +158,10 @@ variable "ingress_policies" {
   validation {
     condition = alltrue([
       for k, v in var.ingress_policies :
-      v.from.identity_type == null || contains([
+      v.from.identity_type == null ? true : contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
         "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
-      ], coalesce(v.from.identity_type, "-"))
+      ], v.from.identity_type)
     ])
     error_message = "Invalid `from.identity_type` value in ingress policy."
   }