Ommit optional blocks in terraform module

3
votes

Currently I'm trying to create a universal sql_database module in Terraform. I want to have control over arguments I want to include in this resource. For example one time I need only required arguments but next time in another project I need them plus threat_detection_policy block with all nested arguments.

modules/sql_database.tf

resource "azurerm_sql_database" "sql-db" {
  name                             = var.sql-db-name
  resource_group_name              = data.azurerm_resource_group.rg-name.name
  location                         = var.location
  server_name                      = var.server-name
  edition                          = var.sql-db-edition
  collation                        = var.collation
  create_mode                      = var.create-mode
  requested_service_objective_name = var.sql-requested-service-objective-name
  read_scale                       = var.read-scale
  zone_redundant                   = var.zone-redundant

  extended_auditing_policy {
    storage_endpoint                        = var.eap-storage-endpoint
    storage_account_access_key              = var.eap-storage-account-access-key
    storage_account_access_key_is_secondary = var.eap-storage-account-access-key-is-secondary
    retention_in_days                       = var.eap-retention-days
  }

  import = {
    storage_uri                  = var.storage-uri
    storage_key                  = var.storage-key
    storage_key_type             = var.storage-key-type
    administrator_login          = var.administrator-login
    administrator_login_password = var.administrator-login-password
    authentication_type          = var.authentication-type
    operation_mode               = var.operation-mode
  }

  threat_detection_policy = {
    state                      = var.state
    disabled_alerts            = var.disabled-alerts
    email_account_admins       = var.email-account-admins
    email_addresses            = var.email-addresses
    retention_days             = var.retention-days
    storage_account_access_key = var.storage-account-access-key
    storage_endpoint           = var.storage-endpoint
    use_server_default         = var.use-server-default
  }
}

modules/variables.tf (few sql_database vars)

variable "sql-db-edition" {
  type        = string
}
...

variable "state" { #for example this should be optional
  type        = string
}
...

main.tf

module "sql_database" {
  source = "./modules/sql_database"

  sql-db-name = "sqldbs-example"
  location    = "westus"
  server-name = "sqlsrv-example"

    storage-uri                        = "" #some values 
    storage-key                        = ""
    storage-key_type                   = ""
    administrator-login                = ""
    administrator-login-password       = ""
    authentication-type                = ""
    operation-mode                     = ""

  sql-db-edition                       = "Standard"
  collation                            = "SQL_LATIN1_GENERAL_CP1_CI_AS"
  create-mode                          = "Default"
  sql-requested_service_objective_name = "S0"
  requested_service_objective_id       = ""
  read-scale = "false"
  zone_redundant                       = ""
  source_database_id                   = ""
  restore_point_in_time                = ""
  max_size_bytes                       = ""
  source_database_deletion_date        = ""
  elastic_pool_name                    = ""

#variables below should be all optional
    state                              = ""
    disabled_alerts                    = ""  
    email_account_admins               = ""
    email_addresses                    = ""
    retention_days                     = 6
    storage_account_access_key         = ""
    storage_endpoint                   = ""
    use_server_default                 = ""

  storage_endpoint                        = ""
  storage_account_access_key              = ""
  storage_account_access_key_is_secondary = "false"
  retention_in_days                       = 6
}

Thank you in advance for help!

1
terraformterraform-provider-azurehcl
It sounds to me that the threat_detection_policy block is optional can you not set a default? - Helder Sepulveda
Of course it is optional. Do you mean default=null or default=my_default_value? - Bater55
Can you provide your variables file or create a minimal project on GitHub... the terraform behavior in your comment module wants me to input all values, required and optional is really strange ... my guess is what you call optional is not really coded as optional - Helder Sepulveda

1 Answers

0
votes

For your requirements, I think a possible way is to set the default values inside the module and make the default values act as you do not set them. For example, in the threat_detection_policy block, the property use_server_default, when you do not set it, the default value is Disabled. And when you want to set them, just input the values in the module block.