From 5372361b8cedbea55929ff76cd480e29c04c1602 Mon Sep 17 00:00:00 2001
From: Viliam Pucik <viliampucik@users.noreply.github.com>
Date: Tue, 16 Jan 2024 10:28:30 +0100
Subject: [PATCH] Proper validation of empty string value in identity_type
 (#1980)

---
 modules/vpc-sc/variables.tf | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/modules/vpc-sc/variables.tf b/modules/vpc-sc/variables.tf
index 3b0bfa6d2e..e852ed1c42 100644
--- a/modules/vpc-sc/variables.tf
+++ b/modules/vpc-sc/variables.tf
@@ -90,10 +90,10 @@ variable "egress_policies" {
   validation {
     condition = alltrue([
       for k, v in var.egress_policies :
-      v.from.identity_type == null || contains([
+      v.from.identity_type == null ? true : contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
         "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
-      ], coalesce(v.from.identity_type, "-"))
+      ], v.from.identity_type)
     ])
     error_message = "Invalid `from.identity_type` value in egress policy."
   }
@@ -158,10 +158,10 @@ variable "ingress_policies" {
   validation {
     condition = alltrue([
       for k, v in var.ingress_policies :
-      v.from.identity_type == null || contains([
+      v.from.identity_type == null ? true : contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
         "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
-      ], coalesce(v.from.identity_type, "-"))
+      ], v.from.identity_type)
     ])
     error_message = "Invalid `from.identity_type` value in ingress policy."
   }