Terraform contains(...) - how to check for wildcard or prefix - terraform

Is there a way I can check if a variable in Terraform contains a specific substring, i.e. en environment prefix such as eu- or us-? Please, see the following to better understand what I want to do.
contains("eu-<...>", var.environment) ? do-something : do-something-else
<...> could be anything.

You can achieve this with regexall:
length(regexall("eu-", var.environment)) > 0
For example:
variable environment {
default = "eu-dev-environment"
}
locals {
contains = length(regexall("eu-", var.environment)) > 0
}
The value for contains will be true in this case.

Related

Parsing Terraform files with inner conditions

I'm trying to parse and configure a Terraform HCL configuration, using a script.
So far I've been using a tool named "hclq" (Link to github page).
Unfortunately, while this tool is great. When I have a conditional statement, such as:
resource "vault_identity_group" "group_a" {
count = terraform.workspace != "prod" ? 1 : 0
...
}
As documented by HashiCorp: Conditional Expressions
I tried encasing the condition as a literal:
count = ${terraform.workspace != "prod" ? 1 : 0}
But it seems that is no longer supported by Terraform.
Does anyone have any idea how can I get over this issue?
Thank you!
UPDATE: I've found an error in my literal, it should be encased in quotation marks:
count = "${terraform.workspace != var.prod ? 1 : 0}"
This way, the hclq tool can parse it as a string, I also had to switch the "prod" string with a variable, as the TF configuration does not support character escaping.

Terraform: count == true

I have used this previously in my TF code:
count = "${var.whatever == "true" ? 1 : 0}"
Which works great for what I wanted to use. However, I'm thinking of how best to use something similar to say, if var.whatever is equal to true, then count is equal to length(var.whatever).
Would this work?
count = "${var.whatever == "true" ? ${length(var.whatever) : 0}"
It's just that I was always under the impression with TF that you can't nest interpolations.
Also, this kind of leads me to another interesting question.. what do you guys use to test syntax? I don't mean to lint the TF Code, I mean something to run the code against to test things like this? I don't want to just deploy to dev, just to test the output of my TF code. I was wondering if there was something, shell like, which I could literally test this stuff as is it were bash or something. Any thoughts?
Your original idea won't work because if var.whatever is a list, then it can't also be a string (i.e. = "true").
However, the good news is that interpolations can be used inside the general ternary operator.
So you can have something like:
count = "${var.bool == "true" ? length(var.whatever) : 0}"
A good way to test out interpolations before dropping them into your final code is by using Terraform's console feature (i.e. terraform console).
Set up your vars in a file, say console.tf in a directory without any other TF code.
variable "whatever" {
type = "list"
default = ["1", "2", "foo", "bar" ]
}
variable "bool" {
default = "true"
}
Now from the command line, run terraform console.
$ terraform console
> var.whatever
[
"1",
"2",
"foo",
"bar",
]
> length(var.whatever)
4
> "${var.bool == "true" ? length(var.whatever) : 0}"
4
> exit
$
You can see that Terraform performs the interpolations, then runs the ternary operator on those evaluated values.

multiple outputs in a single string in Terraform

Terraform provides excellent documentation for displaying outputs including AWS.
output "ip" {
value = "${aws_eip.ip.public_ip}"
}
That would in term provide something like
ip = 50.17.232.209
what I would like to get if possible is something like:
public_ip = x.x.x.x and private_ip = y.y.y.y
in one line as opposed to separate items. I have tried something like this:
output "public ip and private ip" {
value = "${aws_eip.ip.public_ip}"
value = "${aws_eip.ip.private_ip}"
}
Currently, It's working if I split them up like this:
output "public_ip" {
value = "${aws_eip.ip.public_ip}"
}
output "private_ip" {
value = "${aws_eip.ip.private_ip}"
}
Thanks
The following should work, although splitting them up probably makes most sense:
output "public ip and private ip" {
value = "public_ip = ${aws_eip.ip.public_ip} and private_ip = ${aws_eip.ip.private_ip}"
}
Maybe you have to tune it a bit to have the formatting as you prefer, but I hope that my answer at least shows that there is nothing special compared to string interpolation somewhere else..
Terraform v0.12.13
+ provider.aws v2.43.0
+ provider.null v2.1.2
Your version of Terraform is out of date! The latest version
is 0.12.18. You can update by downloading from www.terraform.io/downloads.html
Error: Invalid output name
on outputs.tf line 1, in output "public and private":
1: output "public and private" {
A name must start with a letter and may contain only letters, digits,
underscores, and dashes.

How to check if string contains a substring in terraform interpolation?

How do you check if a terraform string contains another string?
For example, I want to treat terraform workspaces with "tmp" in the name specially (e.g. allowing rds instances to be deleted without a snapshot), so something like this:
locals
{
is_tmp = "${"tmp" in terraform.workspace}"
}
As far as I can tell, the substr interpolation function doesn't accomplish this.
For terraform 0.12.xx apparently you are suppose to use regexall to do this.
From the manual for terraform 0.12.XX:
regexall() documentation
regexall can also be used to test whether a particular string matches a given pattern, by testing whether the length of the resulting list of matches is greater than zero.
Example from the manual:
> length(regexall("[a-z]+", "1234abcd5678efgh9"))
2
> length(regexall("[a-z]+", "123456789")) > 0
false
Example applied to your case in terraform 0.12.xx syntax should be something like:
locals
{
is_tmp = length(regexall(".*tmp.*", terraform.workspace)) > 0
}
It also specifically says in the manual not to use "regex" but instead use regexall.
If the given pattern does not match at all, the regex raises an error. To test whether a given pattern matches a string, use regexall and test that the result has length greater than zero.
As stated above this is because you will actually get an exception error when you try to use it in the later versions of 0.12.xx that are out now when you run plan. This is how I found this out and why I posted the new answer back here.
You can indirectly check for substrings using replace, e.g.
locals
{
is_tmp = "${replace(terraform.workspace, "tmp", "") != terraform.workspace}"
}
Like #MechaStorm, with Terrafor 0.12.7+ you can use regex to return a Boolean value if your string contains a particular substring
locals {
is_tmp = contains(regex("^(?:.*(tmp))?.*$",terraform.workspace),"tmp")
}
The regex query returns a list of capture groups for any characters before tmp, tmp if found, any characters after tmp. Then contains looks for "tmp" in the list and returns true or false. I am using this type of logic in my own terraform.
Length of the list produced by split function is greater than one when separtor is a substring.
locals {
is_tmp = length(split("tmp", terraform.workspace)) > 1
}
Use replace( string, search, replace ) as in the snippet:
// string contains ABBA = result is ABBA
output "match" {
value = "${ replace("xxxABBAyyy", "/(?:.*)(ABBA)(?:.*)/", "$1") }"
}
// string doesn't contain ABBA = result is original string
output "no_match" {
value = "${ replace("xxxBABAyyy", "/(?:.*)(ABBA)(?:.*)/", "$1")}"
}
// string contains ABBA (ingorecase) = result is AbBA
output "equals_ignorecase" {
value = "${ replace("xxxAbBAyyy", "/(?:.*)((?i)ABBA)(?:.*)/", "$1")}"
}
An output of terraform apply is:
Outputs:
equals_ignorecase = AbBA
match = ABBA
no_match = xxxBABAyyy
In terraform 0.12.7, we now have regex . This may help simplify some code and make it readable to some (perhaps?)
> regex("[a-z]+", "53453453.345345aaabbbccc23454")
aaabbbccc
I use this way to check if bucket name start with test-tmp
eg. test-tmp, test-tmp-app1, test-tmp-db1 etc..
is_test_bucket = can(regex("^(test-tmp){1}($|-{1}.*$)", var.bucket_name))
Something that makes sense reading, IMHO:
locals {
is_tmp = can(regex("tmp", terraform.workspace))
}
This works because the regex function will raise an error if no matches are found.
Bonus: since Terraform 1.3.x, there are the new startswith and endswith functions that can be handy in a good amount of cases.

Variable Interpolation in Terraform

I am having trouble in variable interpolation in terraform. Here is what my terraform configuration looks like. i.e variable inside builtin function
variable "key" {}
ssh_keys {
path = "/home/${var.provider["user"]}/.ssh/authorized_keys"
key_data = "${file(${var.key})}"
}
Command: terraform apply -var 'key=~/.ssh/id_rsa.pub'
It's not reading the value of "key" from command line argument or from env variable. However when i hardcore the value in .tf file, it works. Like below.
key_data = "${file("~/.ssh/id_rsa.pub")}"
The ${ ... } syntax is only used when embedding an expression into a quoted string. In this case, where your var.key variable is just being passed as an argument to a function already within a ${ ... } sequence, you can just reference the variable name directly like this:
key_data = "${file(var.key)}"
Nested ${ ... } sequences are sometimes used to pass an interpolated string to a function. In that case there would first be a nested set of quotes to return to string context. For example:
key_data = "${file("${path.module}/${var.key_filename}")}"
In this more complicated case, the innermost string expression is first evaluated to join together the two variables with a /, then that whole string is passed to the file function, with the result finally returned as the value of key_data.
It doesn't work because you were using the wrong flag for the scenario you described above.
If you want to specify a path to a file use the "-var-file" flag as follow:
terraform apply -var-file=~/.ssh/id_rsa.pub
If you must use the "-var" flag then you must specify the content of the file as follow:
terraform apply -var 'key=contenctOFPublicKey'
ssh_keys - (Optional) Specifies a collection of path and key_data to be placed on the virtual machine.
Note: Please note that the only allowed path is /home/<username>/.ssh/authorized_keys due to a limitation of Azure.
refer: AZURERM_VIRTUAL_MACHINE

Resources