Allow validation blocks in inputs

[ThisGuyCodes]

Description

Fixes #5059

In #5041 I inadvertently introduced some incomplete schema validation to variable blocks, resulting in errors when variable blocks contain anything besides attributes.

This switches to doing partial schema validation, allowing any other structure to exist without producing an error.

TODOs

Read the Gruntwork contribution guidelines.

• I authored this code entirely myself
• I am submitting code based on open source software (e.g. MIT, MPL-2.0, Apache)]
• I am adding or upgrading a dependency or adapted code and confirm it has a compatible open source license
• Update the docs.
• Run the relevant tests successfully, including pre-commit checks.
• Include release notes. If this PR is backward incompatible, include a migration guide.

Release Notes (draft)

• fix regression on validation blocks for variables in hcl validate

Summary by CodeRabbit

• Tests

  • Added comprehensive test fixtures for Terraform variable validation blocks, including validation rules and custom error messages.

• Bug Fixes

  • Improved handling of default values in variables with validation rules for more accurate variable requirement detection.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
terragrunt-docs	Ready	Preview	Comment	Nov 5, 2025 4:36pm

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR fixes Terragrunt's HCL validation to correctly parse Terraform variable blocks containing validation rules. The fix updates tf/tf.go to use a more permissive schema that recognizes validation blocks as valid nested constructs within variables. Test fixtures are added to verify the functionality.

Changes

Cohort / File(s)	Summary
Test fixtures test/fixtures/hclvalidate/valid/validation-block/main.tf, test/fixtures/hclvalidate/valid/validation-block/terragrunt.hcl	Introduces test fixtures demonstrating a Terraform variable with validation block (enforcing non-empty string) and accompanying Terragrunt HCL configuration.
Variable parsing schema tf/tf.go	Introduces varsAttributesSchema to explicitly recognize the "default" attribute in variable blocks. Replaces JustAttributes() with PartialContent() to allow nested validation blocks and updates default-checking logic to use the parsed content object.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• The test fixture additions are straightforward
• The tf/tf.go changes follow a focused pattern: schema definition, PartialContent usage, and attribute reference update
• The change is localized to variable block parsing with minimal scope

Possibly related PRs

• allow input validation with variable in source or version #5041: Modifies variable attribute parsing logic in tf/tf.go using similar schema and PartialContent approach for detecting optional variables.

Suggested reviewers

• yhakbar

Pre-merge checks and finishing touches

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Allow validation blocks in inputs' directly reflects the main code change: enabling validation blocks in variable schema to be recognized without errors.
Description check	✅ Passed	The description includes issue reference, explanation of the regression fix, completed TODOs, and release notes. Most template sections are addressed.
Linked Issues check	✅ Passed	The code changes fix the validation block schema error [#5059] by switching to partial content parsing in tf/tf.go, allowing validation blocks in variable definitions as required.
Out of Scope Changes check	✅ Passed	All changes are scoped to fixing the regression: test fixtures demonstrate the fix, and tf/tf.go modifies schema validation. No unrelated changes present.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch thisguycodes/allow-validation-blocks-inputs

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b6c636a and ac244f4.

📒 Files selected for processing (3)

• test/fixtures/hclvalidate/valid/validation-block/main.tf (1 hunks)
• test/fixtures/hclvalidate/valid/validation-block/terragrunt.hcl (1 hunks)
• tf/tf.go (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

⚙️ CodeRabbit configuration file

Review the Go code for quality and correctness. Make sure that the Go code follows best practices, is performant, and is easy to understand and maintain.

Files:

• tf/tf.go

🧠 Learnings (3)

📓 Common learnings

Learnt from: ThisGuyCodes
Repo: gruntwork-io/terragrunt PR: 5041
File: test/fixtures/hclvalidate/valid/duplicate-attributes-in-required-providers/main.tf:2-7
Timestamp: 2025-11-03T04:40:01.000Z
Learning: In the terragrunt repository, test fixtures under test/fixtures/hclvalidate/valid/ are intentionally testing that INPUT validation succeeds even when Terraform code contains syntax errors or other issues unrelated to input validation (e.g., duplicate attributes, circular references, invalid locals). The "valid" designation means "valid for input validation purposes" not "syntactically valid Terraform/OpenTofu code".

📚 Learning: 2025-11-03T04:40:01.000Z

Learnt from: ThisGuyCodes
Repo: gruntwork-io/terragrunt PR: 5041
File: test/fixtures/hclvalidate/valid/duplicate-attributes-in-required-providers/main.tf:2-7
Timestamp: 2025-11-03T04:40:01.000Z
Learning: In the terragrunt repository, test fixtures under test/fixtures/hclvalidate/valid/ are intentionally testing that INPUT validation succeeds even when Terraform code contains syntax errors or other issues unrelated to input validation (e.g., duplicate attributes, circular references, invalid locals). The "valid" designation means "valid for input validation purposes" not "syntactically valid Terraform/OpenTofu code".

Applied to files:

• test/fixtures/hclvalidate/valid/validation-block/terragrunt.hcl
• test/fixtures/hclvalidate/valid/validation-block/main.tf

📚 Learning: 2025-02-10T23:20:04.295Z

Learnt from: yhakbar
Repo: gruntwork-io/terragrunt PR: 3868
File: docs-starlight/patches/@astrojs%[email protected]:33-33
Timestamp: 2025-02-10T23:20:04.295Z
Learning: In Terragrunt projects, all `.hcl` files can be assumed to be Terragrunt configurations by default, with specific exceptions like `.terraform.lock.hcl` that need explicit handling.

Applied to files:

• test/fixtures/hclvalidate/valid/validation-block/terragrunt.hcl

🧬 Code graph analysis (1)

tf/tf.go (1)

config/hclparse/attributes.go (1)

• Attributes (10-10)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: integration_tests / Test (Engine)
• GitHub Check: integration_tests / Test (Fixtures with Latest Terraform)
• GitHub Check: integration_tests / Test (Provider Cache Server with Latest Terraform)
• GitHub Check: integration_tests / Test (AWS Tofu)
• GitHub Check: integration_tests / Test (AWS with Latest Terraform)
• GitHub Check: integration_tests / Test (SOPS)

🔇 Additional comments (4)

test/fixtures/hclvalidate/valid/validation-block/terragrunt.hcl (1)

1-1: LGTM! Appropriate minimal test fixture.

The intentionally blank file serves as a valid minimal Terragrunt configuration for testing the validation-block parsing fix.

tf/tf.go (2)

182-189: LGTM! Correctly defines attribute schema for partial parsing.

The varsAttributesSchema properly defines only the "default" attribute needed to distinguish optional from required variables. Using Required: false is correct since the "default" attribute itself is optional in variable blocks. This schema enables PartialContent() to extract just the "default" attribute while allowing other blocks like validation to exist without error.

---

197-204: Excellent fix! Properly uses PartialContent to allow validation blocks.

The switch from JustAttributes() to PartialContent(varsAttributesSchema) is the correct solution for the regression:

• JustAttributes() would fail when any blocks (e.g., validation) were present in the variable body
• PartialContent() extracts only the specified "default" attribute while allowing other blocks and attributes to exist
• Diagnostics are properly aggregated from the PartialContent call
• The attribute existence check correctly uses varBodyContent.Attributes["default"] to determine optional vs required variables

This minimal change directly addresses the root cause described in issue #5059.

test/fixtures/hclvalidate/valid/validation-block/main.tf (1)

1-10: LGTM! Excellent test fixture for the regression fix.

This fixture correctly tests the issue from #5059:

• Contains a variable block with a validation block (the problematic case)
• Has a default value making it optional
• Uses valid Terraform/OpenTofu validation syntax with condition and error_message
• The default value "test" satisfies the validation rule

With the fix in tf/tf.go using PartialContent(), this fixture verifies that the parser successfully extracts the "default" attribute while allowing the validation block to exist without error. Based on learnings.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}