Any way to order dynamic block iterations for a list of objects type variable according to the order given in configuration?

devops-rohit · August 25, 2023, 6:45pm

From the given list of objects variable, how to use dynamic block to create multiple iterations but in order given in the module call or configuration. I know dynamic block doesn’t control the order of the iterations as per configuration for list of object, but is there any workaround we can do it please. We have some On-premise integration with Terraform Plan for which we need to have allow blocks in order as given in the configuration.

variable “allow” {
type = list(object({
protocol = string
ports = list(string)
}))

default = [
{
protocol = “tcp”
ports = [“80”]
},
{
protocol = “tcp”
ports = [“443”]
},
{
protocol = “tcp”
ports = [“22”]
}
]
}
Dynamic block used is below:

dynamic “allow” {
for_each = var.allow
content {
protocol = allow.value.protocol
ports = allow.value.ports
}
}

Running TF Plan, gives this order in allow iterations

  + allow {
      + ports    = [
          + "22",
        ]
      + protocol = "tcp"
    }
  + allow {
      + ports    = [
          + "443",
        ]
      + protocol = "udp"
    }
  + allow {
      + ports    = [
          + "80",
        ]
      + protocol = "tcp"
    }

But we need to preserve the order as given in the default value or given by user

apparentlymart · August 25, 2023, 9:32pm

Hi @devops-rohit,

The decision about how to represent the collection of objects represented by a series of nested blocks is made by the provider itself, and the provider development team in turn make that decision based on how this data is tracked by the underlying remote API.

You haven’t mentioned which resource type this is but based on what you’ve described it seems like this resource type is treating these allow blocks as an unordered set, and I assume the provider developers did this because the underlying API itself does not preserve the ordering of these “allow” rules.

When working with a remote system that treats a collection as unordered, there is no way to force preserving order yourself as a module author. If you think that the provider developers have made a design error in treating these blocks as unordered (i.e. if the remote system can actually preserve the order and considers it meaningful) then I would suggest opening an issue in that provider’s GitHub repository to discuss that with the provider developers.

devops-rohit · August 28, 2023, 12:08pm

Thanks @apparentlymart for the reply. Resource I was talking about is google_compute_firewall. Understood the provider API part, we will try to raise a feature request with Google for this. In the meantime, we’ve got a workaround to get the ordered nested block items in the description of the rule itself as a string, we will use that till Google changes the ordering mechanism. Thanks a lot again!!