Parsing Terraform files with inner conditions - terraform

I'm trying to parse and configure a Terraform HCL configuration, using a script.
So far I've been using a tool named "hclq" (Link to github page).
Unfortunately, while this tool is great. When I have a conditional statement, such as:
resource "vault_identity_group" "group_a" {
count = terraform.workspace != "prod" ? 1 : 0
...
}
As documented by HashiCorp: Conditional Expressions
I tried encasing the condition as a literal:
count = ${terraform.workspace != "prod" ? 1 : 0}
But it seems that is no longer supported by Terraform.
Does anyone have any idea how can I get over this issue?
Thank you!
UPDATE: I've found an error in my literal, it should be encased in quotation marks:
count = "${terraform.workspace != var.prod ? 1 : 0}"
This way, the hclq tool can parse it as a string, I also had to switch the "prod" string with a variable, as the TF configuration does not support character escaping.

Related

Terraform contains(...) - how to check for wildcard or prefix

Is there a way I can check if a variable in Terraform contains a specific substring, i.e. en environment prefix such as eu- or us-? Please, see the following to better understand what I want to do.
contains("eu-<...>", var.environment) ? do-something : do-something-else
<...> could be anything.
You can achieve this with regexall:
length(regexall("eu-", var.environment)) > 0
For example:
variable environment {
default = "eu-dev-environment"
}
locals {
contains = length(regexall("eu-", var.environment)) > 0
}
The value for contains will be true in this case.

Terraform enclosing issue in variable assignment

I Got a syntax problem with terraform:
Let me write some pseudo code to descript the problem as the line is a bit complicated:
I would like to have display_name equal to force_name when defined.
And if not defined I would like to have name_prefix**-01**
Now the -XX suffix is always added in both case, and I can't enclose it correctly to add it in the else clause.
What I tried:
I've tried many enclosing {} "" () in differents places.
resource "exoscale_compute" "generic" {
count = "${var.replicas}"
affinity_groups = "${var.affinity_group}"
disk_size = "${var.disk_size}"
display_name = "${var.force_name != "" ? var.force_name : var.name_prefix}-${format("%02d", count.index + var.replicas_index_start) }
The issue:
The output is always forcedname**-01** or nameprefix**-01**
What I'd like would be:
forcedname or nameprefix-01
Could you help ?
Thanks
You can nest the interpolation, so the 2nd option for the ?: operator becomes another string with more interpolation:
display_name = "${var.force_name != "" ? var.force_name : "${var.name_prefix}-${format("%02d", count.index + var.replicas_index_start)}" }

Question about referencing specific indexes in Terraform Interpolation

Let me first start out by saying that I currently have a working terraform configuration, however my IDE (VSCode; using the mauve.terraform extension, v 1.3.12) complains about my syntax when I do something like:
virtual_machine_name = "${azurerm_virtual_machine.sql["${count.index}"].name}"
It complains that it's expecting a '}' but found a '.'.
Should I be writing this out differently, or in a more "correct" manner? I'm fairly new to working with terraform so I'm sure my syntax could use some help.
Thanks in advance!
For reference, here's my full resource block:
resource "azurerm_virtual_machine_extension" "sql" {
name = "OMSExtension"
location = "${data.azurerm_resource_group.generics_sql_dev.location}"
resource_group_name = "${data.azurerm_resource_group.generics_sql_dev.name}"
virtual_machine_name = "${azurerm_virtual_machine.sql["${count.index}"].name}"
publisher = "Microsoft.EnterpriseCloud.Monitoring"
type = "MicrosoftMonitoringAgent"
type_handler_version = "1.0"
auto_upgrade_minor_version = true
count = "${var.sql_node_count}"
settings = <<-BASE_SETTINGS
{
"workspaceId" : "${data.azurerm_log_analytics_workspace.oms.workspace_id}"
}
BASE_SETTINGS
protected_settings = <<-PROTECTED_SETTINGS
{
"workspaceKey" : "${data.azurerm_log_analytics_workspace.oms.primary_shared_key}"
}
PROTECTED_SETTINGS
}
From Terraform 0.12 and later, the "standard" way to write that is:
virtual_machine_name = azurerm_virtual_machine.sql[count.index].name
What you tried would also work in Terraform 0.12, but the string interpolations are redundant in that version. It works in Terraform 0.12 because of a special backward-compatibility rule that if a quoted string sequence consists only of a single interpolation (like "${ ...anything ... }") then Terraform will ignore the quotes and just return the inner expression value directly.
That's only supported for backward-compatibility with configurations written for Terraform 0.11 and so I'd recommend avoiding it if you are using Terraform 0.12 or later; it tends to hurt readability by leaving a reader wondering if it implies conversion to a string.
For Terraform 0.11 and earlier, one level of string interpolation is required and indexing must be against a "splat operator":
virtual_machine_name = "${azurerm_virtual_machine.sql.*.name[count.index]}"
The azurerm_virtual_machine.sql.*.name part here produces a list of name values, and then [count.index] selects one of them. This approach is required in Terraform 0.11 and earlier because in those versions the index operator [...] must always come at the end of a sequence of traversal steps.

Terraform: count == true

I have used this previously in my TF code:
count = "${var.whatever == "true" ? 1 : 0}"
Which works great for what I wanted to use. However, I'm thinking of how best to use something similar to say, if var.whatever is equal to true, then count is equal to length(var.whatever).
Would this work?
count = "${var.whatever == "true" ? ${length(var.whatever) : 0}"
It's just that I was always under the impression with TF that you can't nest interpolations.
Also, this kind of leads me to another interesting question.. what do you guys use to test syntax? I don't mean to lint the TF Code, I mean something to run the code against to test things like this? I don't want to just deploy to dev, just to test the output of my TF code. I was wondering if there was something, shell like, which I could literally test this stuff as is it were bash or something. Any thoughts?
Your original idea won't work because if var.whatever is a list, then it can't also be a string (i.e. = "true").
However, the good news is that interpolations can be used inside the general ternary operator.
So you can have something like:
count = "${var.bool == "true" ? length(var.whatever) : 0}"
A good way to test out interpolations before dropping them into your final code is by using Terraform's console feature (i.e. terraform console).
Set up your vars in a file, say console.tf in a directory without any other TF code.
variable "whatever" {
type = "list"
default = ["1", "2", "foo", "bar" ]
}
variable "bool" {
default = "true"
}
Now from the command line, run terraform console.
$ terraform console
> var.whatever
[
"1",
"2",
"foo",
"bar",
]
> length(var.whatever)
4
> "${var.bool == "true" ? length(var.whatever) : 0}"
4
> exit
$
You can see that Terraform performs the interpolations, then runs the ternary operator on those evaluated values.

How to check if string contains a substring in terraform interpolation?

How do you check if a terraform string contains another string?
For example, I want to treat terraform workspaces with "tmp" in the name specially (e.g. allowing rds instances to be deleted without a snapshot), so something like this:
locals
{
is_tmp = "${"tmp" in terraform.workspace}"
}
As far as I can tell, the substr interpolation function doesn't accomplish this.
For terraform 0.12.xx apparently you are suppose to use regexall to do this.
From the manual for terraform 0.12.XX:
regexall() documentation
regexall can also be used to test whether a particular string matches a given pattern, by testing whether the length of the resulting list of matches is greater than zero.
Example from the manual:
> length(regexall("[a-z]+", "1234abcd5678efgh9"))
2
> length(regexall("[a-z]+", "123456789")) > 0
false
Example applied to your case in terraform 0.12.xx syntax should be something like:
locals
{
is_tmp = length(regexall(".*tmp.*", terraform.workspace)) > 0
}
It also specifically says in the manual not to use "regex" but instead use regexall.
If the given pattern does not match at all, the regex raises an error. To test whether a given pattern matches a string, use regexall and test that the result has length greater than zero.
As stated above this is because you will actually get an exception error when you try to use it in the later versions of 0.12.xx that are out now when you run plan. This is how I found this out and why I posted the new answer back here.
You can indirectly check for substrings using replace, e.g.
locals
{
is_tmp = "${replace(terraform.workspace, "tmp", "") != terraform.workspace}"
}
Like #MechaStorm, with Terrafor 0.12.7+ you can use regex to return a Boolean value if your string contains a particular substring
locals {
is_tmp = contains(regex("^(?:.*(tmp))?.*$",terraform.workspace),"tmp")
}
The regex query returns a list of capture groups for any characters before tmp, tmp if found, any characters after tmp. Then contains looks for "tmp" in the list and returns true or false. I am using this type of logic in my own terraform.
Length of the list produced by split function is greater than one when separtor is a substring.
locals {
is_tmp = length(split("tmp", terraform.workspace)) > 1
}
Use replace( string, search, replace ) as in the snippet:
// string contains ABBA = result is ABBA
output "match" {
value = "${ replace("xxxABBAyyy", "/(?:.*)(ABBA)(?:.*)/", "$1") }"
}
// string doesn't contain ABBA = result is original string
output "no_match" {
value = "${ replace("xxxBABAyyy", "/(?:.*)(ABBA)(?:.*)/", "$1")}"
}
// string contains ABBA (ingorecase) = result is AbBA
output "equals_ignorecase" {
value = "${ replace("xxxAbBAyyy", "/(?:.*)((?i)ABBA)(?:.*)/", "$1")}"
}
An output of terraform apply is:
Outputs:
equals_ignorecase = AbBA
match = ABBA
no_match = xxxBABAyyy
In terraform 0.12.7, we now have regex . This may help simplify some code and make it readable to some (perhaps?)
> regex("[a-z]+", "53453453.345345aaabbbccc23454")
aaabbbccc
I use this way to check if bucket name start with test-tmp
eg. test-tmp, test-tmp-app1, test-tmp-db1 etc..
is_test_bucket = can(regex("^(test-tmp){1}($|-{1}.*$)", var.bucket_name))
Something that makes sense reading, IMHO:
locals {
is_tmp = can(regex("tmp", terraform.workspace))
}
This works because the regex function will raise an error if no matches are found.
Bonus: since Terraform 1.3.x, there are the new startswith and endswith functions that can be handy in a good amount of cases.

Resources