From 6b64c320757f1efb0aee6152ff9b7869034e2965 Mon Sep 17 00:00:00 2001 From: Loren Gordon Date: Tue, 29 Aug 2023 15:53:26 -0700 Subject: [PATCH] Defaults control_finding_generator to null to allow org to manage setting --- modules/account/variables.tf | 7 ++++++- variables.tf | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/modules/account/variables.tf b/modules/account/variables.tf index c5a017b..cd0fd42 100644 --- a/modules/account/variables.tf +++ b/modules/account/variables.tf @@ -7,7 +7,12 @@ variable "auto_enable_controls" { variable "control_finding_generator" { description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard." type = string - default = "SECURITY_CONTROL" + default = null + + validation { + condition = contains(["SECURITY_CONTROL", "STANDARDS_CONTROL", null], var.control_finding_generator) + error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null" + } } variable "enable_default_standards" { diff --git a/variables.tf b/variables.tf index d816beb..3bf1c44 100644 --- a/variables.tf +++ b/variables.tf @@ -17,7 +17,12 @@ variable "auto_enable_controls" { variable "control_finding_generator" { description = "Manages whether the account reports consolidated control findings, or generates separate findings for every enabled standard." type = string - default = "SECURITY_CONTROL" + default = null + + validation { + condition = contains(["SECURITY_CONTROL", "STANDARDS_CONTROL", null], var.control_finding_generator) + error_message = "control_finding_generator must be one of: SECURITY_CONTROL, STANDARDS_CONTROL, null" + } } variable "enable_default_standards" {