0
0
Terraformcloud~20 mins

Variable validation blocks in Terraform - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Terraform Variable Validation Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Configuration
intermediate
2:00remaining
Identify the correct validation block for a variable
Given the following Terraform variable declaration, which validation block correctly ensures the variable 'environment' only accepts the values 'dev', 'staging', or 'prod'?
Terraform
variable "environment" {
  type = string
  description = "Deployment environment"
  validation {
    condition     = ???
    error_message = "Environment must be one of: dev, staging, prod."
  }
}
Acondition = contains(["dev", "staging", "prod"], var.environment)
Bcondition = var.environment == "dev" || var.environment == "staging" || var.environment == "prod"
Ccondition = var.environment in ["dev", "staging", "prod"]
Dcondition = var.environment matches "dev|staging|prod"
Attempts:
2 left
💡 Hint
Use a function that checks if a list contains a value.
service_behavior
intermediate
1:30remaining
What happens when a variable fails validation?
In Terraform, if a variable's validation block condition evaluates to false during plan or apply, what is the expected behavior?
ATerraform continues applying changes but logs a warning.
BTerraform stops and shows the error_message from the validation block.
CTerraform ignores the validation and uses the default value if set.
DTerraform replaces the invalid value with null and continues.
Attempts:
2 left
💡 Hint
Think about how Terraform enforces input correctness.
Architecture
advanced
2:30remaining
Designing variable validation for CIDR blocks
You want to validate a Terraform variable 'network_cidr' to ensure it is a valid CIDR block (e.g., '10.0.0.0/16'). Which validation condition correctly uses Terraform functions to check this?
Acondition = can(cidrsubnet(var.network_cidr, 8, 1))
Bcondition = length(regexall("^\\d+\\.\\d+\\.\\d+\\.\\d+/\\d+$", var.network_cidr)) > 0
Ccondition = var.network_cidr != ""
Dcondition = can(cidrhost(var.network_cidr, 0))
Attempts:
2 left
💡 Hint
Use 'can' with a function that parses CIDR blocks.
security
advanced
2:00remaining
Validating sensitive variable length
You have a sensitive Terraform variable 'api_key' that must be exactly 32 characters long. Which validation block condition correctly enforces this?
Acondition = length(var.api_key) == 32
Bcondition = var.api_key matches "^[a-zA-Z0-9]{32}$"
Ccondition = can(length(var.api_key)) && length(var.api_key) == 32
Dcondition = var.api_key != null && length(var.api_key) >= 32
Attempts:
2 left
💡 Hint
Use 'can' to safely check length on sensitive variables.
Best Practice
expert
3:00remaining
Choosing the best validation for a list variable
You have a Terraform variable 'allowed_ports' of type list(number). You want to validate that all ports are between 1024 and 65535 inclusive. Which validation condition correctly enforces this for every element in the list?
Acondition = can(alltrue([for p in var.allowed_ports : p >= 1024 && p <= 65535]))
Bcondition = length([for p in var.allowed_ports : p >= 1024 && p <= 65535]) == length(var.allowed_ports)
Ccondition = all([for p in var.allowed_ports : p >= 1024 && p <= 65535])
Dcondition = alltrue([for p in var.allowed_ports : p >= 1024 && p <= 65535])
Attempts:
2 left
💡 Hint
Use the correct function that returns true if all elements satisfy a condition.