-
Notifications
You must be signed in to change notification settings - Fork 230
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
helper/schema: Online/Network/API validation #101
Comments
This sort of validation was one of the intended use-cases of the The [ CustomizeDiff: customdiff.All(
customdiff.ValidateValue("security_groups", func (value, meta interface{}) error {
if !hasEc2Classic(meta.(*AWSClient).supportedplatforms) {
return fmt.Errorf("Use security_group_ids (with SG IDs) in VPC-enabled region"))
}
}),
// ...
), Of course, there are some ergonomic problems here. Most notably, the validation rule is expressed outside of the Having a new schema-specific function for this seems fine to me, but from the perspective of Terraform Core I'd prefer to have the provider SDK do it as part of the existing I think I'd approach this by using the very general |
Depends on hashicorp/terraform#15895
Or it's probably better if it hashicorp/terraform#15895 is implemented first.
It is certainly undesirable to perform any "slow" validation which requires network access by default in
terraform validate
, but there's still value in having such validation.It can be opt-in for
validate
command and it can also (more importantly) run as part ofplan
.The implementation can be very much similar to
ValidateFunc
, except that the interface needs access to provider'smeta
.Example use cases in AWS provider:
I'm not sure if
NetworkValidateFunc
is the best name, but this is rather a simple "reminder" rather than full-blown proposal with all answers.Related: hashicorp/terraform-provider-aws#3897
The text was updated successfully, but these errors were encountered: