Hi all,
For Network Security Groups in Azure we have a CSV. In this CSV we have some rules … Some of them require the use of the “source_address_prefix” parameter, and other rules require “source_address_prefixes”. Both parameters cannot be at the same time.
When creating the rules, we need to apply a conditional statement that for each rule, with the following logic (obviously this is not terraform)
For each rule {
If cell == (“AzureLoadBalalancer” or “VirtualNetwork” or “*”){
source_address-prefix = cell
else
source_address_prefixes = cell
}
}
The problem we see is that we do not see any way to apply a function parameter = value inside the condition, and it is not working to us in the condition ? true : false logic.
Is there any way to achieve this?
Or at least, how could be possible to manage CSVs with rows with incompatible parameters, like “source_address_prefix” and “source_address_prefixes”; “destination_address_prefix” and “destination_address_prefixes”; “destination_port_range” and “destination_port_ranges”
Regards,
Hi @proven30,
In a resource argument setting the argument to null is always equivalent to not setting it at all (the provider cannot distinguish between these two situations) so you can write a conditional expression where one of the result expressions is null in order to specify that the argument is set only in some situations.
I’m not familiar with the specific resource types you are working with so I can’t give a concrete example, but a pseudocode-ish example would look something like this:
source_address_prefix = contains(["AzureLoadBalalancer", "VirtualNetwork", "*"], cell) ? cell : null
source_address_prefixes = contains(["AzureLoadBalalancer", "VirtualNetwork", "*"], cell) ? null : cell
The above is a very direct way to do it with everything inline. It’s possible to refactor this in a number of ways to avoid duplicating the condition across both of them like this, but it’s hard to write a useful example of that in pseudocode so I’d prefer to see some real code incorporating the above into a fuller example and then hopefully I can suggest some ways to refactor it to avoid the duplication, if needed.
