Hi, anyone using Cisco ASA provider for creating ACL’s with group-objects? It doesn’t work for me but I’m not sure if it should. From the provider code it looks like the rule accepts only single value. Any thoughts?
resource "ciscoasa_network_service_group" "gdc-wl-ports-test" {
name = "GDC-WHITELISTED-PORTS-TEST"
members = [
"tcp/25",
"tcp/5671",
"udp/53",
]
}
data "external" "allips" {
program = ["bash", "getprefixes.sh" ]
}
resource "ciscoasa_network_object_group" "all-gdc-ips"{
name = "ALL-GDC-PUBLIC-IPS-TEST"
members = [
for k,v in data.external.allips.result: v
]
}
resource "ciscoasa_acl" "raw-perimeter-filter-test" {
name = "RAW-PERIMETER-FILTER-TEST"
rule {
source = ciscoasa_network_object_group.all-gdc-ips.value
destination = "1.1.1.0/24"
destination_service = ciscoasa_network_service_group.gdc-wl-ports-test.value
}
}
~/terrasa$ terraform apply
Error: Unsupported attribute
on perimeter_policy.tf line 51, in resource "ciscoasa_acl" "raw-perimeter-filter-test":
51: source = ciscoasa_network_object_group.all-gdc-ips.value
This object has no argument, nested block, or exported attribute named
"value".
Error: Unsupported attribute
on perimeter_policy.tf line 53, in resource "ciscoasa_acl" "raw-perimeter-filter-test":
53: destination_service = ciscoasa_network_service_group.gdc-wl-ports-test.value
This object has no argument, nested block, or exported attribute named
"value".