From 19eb2478496f723a74391e9ddffa6276e3f43e25 Mon Sep 17 00:00:00 2001
From: Viliam Pucik <viliampucik@users.noreply.github.com>
Date: Mon, 15 Jan 2024 21:40:06 +0100
Subject: [PATCH] Fix identity_type (#1978)

* Allow empty string for 'identity_type' supported by Google provider and use correct value name for ingress 'identity_type'

* Sanitizing variables as the logical operators in Terraform do not short-circuit.
---
 modules/vpc-sc/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/vpc-sc/variables.tf b/modules/vpc-sc/variables.tf
index 57fb910f..3b0bfa6d 100644
--- a/modules/vpc-sc/variables.tf
+++ b/modules/vpc-sc/variables.tf
@@ -92,7 +92,7 @@ variable "egress_policies" {
       for k, v in var.egress_policies :
       v.from.identity_type == null || contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
-        "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT"
+        "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
       ], coalesce(v.from.identity_type, "-"))
     ])
     error_message = "Invalid `from.identity_type` value in egress policy."
@@ -160,7 +160,7 @@ variable "ingress_policies" {
       for k, v in var.ingress_policies :
       v.from.identity_type == null || contains([
         "IDENTITY_TYPE_UNSPECIFIED", "ANY_IDENTITY",
-        "ANY_USER", "ANY_SERVICE_ACCOUNT"
+        "ANY_USER_ACCOUNT", "ANY_SERVICE_ACCOUNT", ""
       ], coalesce(v.from.identity_type, "-"))
     ])
     error_message = "Invalid `from.identity_type` value in ingress policy."