Loading list variable on OpenStack secgroups

Hi guys,

I’m working on a Terraform definition for Openstack and came across an issue which I cannot find a solution so far.

I’ve declared a map variable with a list key called secgroups:

variable "instances" {
  description = "instances to be deployed"
      type        = map(object({
        ufqdn     = string
        fqdn      = string
        flavor    = string
        image     = string
        disk2     = number
        zone      = string
        ip        = string
        secgroups  = list(string)
      default = {
      "os1000" = {
        ufqdn     = "os1000.domain.com"
        fqdn      = "os1000.domain.com"
        flavor    = "1000" 
        image     = "43369c0b-...."
        disk2     = 1
        zone      = "BLAH"
        ip        = ""
        secgroups  = [

The secgroup IDs are being obtained from a remote state file, and the port definitions are shown below:

data "terraform_remote_state" "network" {
  backend = "local"
  config = {
     path  = "../../network/terraform.tfstate"

resource "openstack_networking_port_v2" "port_instance" {
  for_each           = var.instances
  name               = "port-${each.value.ufqdn}"
  network_id         = data.terraform_remote_state.network.outputs.network_id
  security_group_ids =  each.value.secgroups 

Whenever I try to apply the definitions, I’ve got the error below:

Error: Error updating OpenStack Neutron Port: Bad request with: [PUT 
https://openstack.000.com/v2.0/ports/0e28b16d-49ba-4994-8bbb-da1c797952e2], error 
message: {"NeutronError": {"message": "Invalid input for operation: 
'data.terraform_remote_state.network.outputs.secgroup_default' is not an integer or 
uuid.", "type": "InvalidInput", "detail": ""}}

on main.tf line 20, in resource "openstack_networking_port_v2" "port_instance":
20: resource "openstack_networking_port_v2" "port_instance" {

When I check the secgroups associated with the port on Openstack, it turns out that only the first secgroup is applied.

The apply command works fine when I set the secgroups directly on the code (rather than as variables):

resource "openstack_networking_port_v2" "port_instance" {
security_group_ids = [ 

I’ve tried different approaches, but no luck so far. Any ideas about what I’m doing wrong?

Thanks in advance.