Dependency not working within two resources

Hi, I’m currently trying to automate a little infrastructure setup in OCI with Terraform. However I’ve encountered a rather “simple” dependency issue that I can’t seem to solve.

I’m trying to create Network Security Groups and assign them to the VNIC’s of the VM instances, but when I perform terraform plan/apply the following error prompts up, that the ID of the NSG is not known at the time of creation and for that reason the VM instance can’t be created. However I’ve the same “dependency” with my network & subnets, but that works…

╷
│ Error: Incorrect attribute value type
│ 
│   on compute.tf line 25, in resource "oci_core_instance" "k8s-master_instance":
│   25:     nsg_ids          = oci_core_network_security_group.k8s_master_network_security_group.id
│     ├────────────────
│     │ oci_core_network_security_group.k8s_master_network_security_group.id is a string, known only after apply
│ 
│ Inappropriate value for attribute "nsg_ids": set of string required.
╵

I have the following NSG with some sample NSG rules:

# https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_network_security_group
resource "oci_core_network_security_group" "k8s_master_network_security_group" {
  #Required
  compartment_id = oci_identity_compartment.tf-compartment.id
  vcn_id         = module.vcn.vcn_id

  #Optional
  display_name = "nsg-k8s-master"
}

## k8s-master ports
resource "oci_core_network_security_group_security_rule" "k8s_api_server_network_security_group_security_rules" {
  network_security_group_id = oci_core_network_security_group.k8s_master_network_security_group.id
  direction                 = "INGRESS"
  protocol                  = "6"
  description               = "Kubernetes API server"

  source      = "0.0.0.0/0"
  source_type = "CIDR_BLOCK"
  tcp_options {
    destination_port_range {
      max = "6443"
      min = "6443"
    }
  }
}

Then I have the VM instance that complains about the nsg_ids field:

# K8s-Master
resource "oci_core_instance" "k8s-master_instance" {
  # Required
  availability_domain = data.oci_identity_availability_domains.ads.availability_domains[0].name
  compartment_id      = oci_identity_compartment.tf-compartment.id
  shape               = "VM.Standard.A1.Flex"
  source_details {
    source_id   = var.ubuntu_image_source_id
    source_type = "image"
  }

  # Optional
  display_name = "k8s-master"

  create_vnic_details {
    assign_public_ip = true
    subnet_id        = oci_core_subnet.vcn-public-subnet.id
    nsg_ids          = oci_core_network_security_group.k8s_master_network_security_group.id
    hostname_label   = "k8s-master"
  }
  metadata = {
    ssh_authorized_keys = file(var.ssh_authorized_keys_path)
  }
  preserve_boot_volume = false

  shape_config {
    memory_in_gbs = 1
    ocpus         = 1
  }
  depends_on = [oci_core_network_security_group.k8s_master_network_security_group]
}

I’ve added the depends_on field, but that doesn’t really do anything at all (not even sure if it works); when i comment out the nsg_ids field, terraform plan works.

Am I missing something very obvious here?

You tried to pass a single string ID to a parameter which wants a collection of them.

So, just put some square brackets around your single ID to make it a list.

@maxb you were right. Setting the square brackets really solved the issue. That was a stupid mistake of mine, but thanks a lot for the quick help!