Hi all,
First of all i’ve been using terraform for a couple of years, mostly simpler usecases, i’ve run into a requirement that have me stumped. I’m using terraform to configure Cisco ACI.
Given the code below:
resource "aci_endpoint_security_group" "terraform_esg" {
for_each = var.esgs
application_profile_dn = var.apps[each.value.network].id
name = join("-", [trimprefix(var.tenants[each.value.tenant].name,"tnt-"), lower(each.value.application)])
description = join(" ", ["Endpoint Security Group for", each.value.application, "in Tenant", var.tenants[each.value.tenant].name])
pc_enf_pref = "unenforced"
pref_gr_memb = each.value.prefgr_member == "yes" ? "include" : "exclude"
relation_fv_rs_scope = var.vrfs[each.value.vrf].id
name_alias = each.key
relation_fv_rs_prov {
target_dn = var.contracts[each.value.p_contract].id
}
relation_fv_rs_cons {
target_dn = var.contracts[each.value.c_contract].id
}
}
and:
esgs = {
ESG1000 = {
tenant = "TEN2"
vrf = "VRF2"
network = "NETW2"
application = "Default"
epg = "NETW2"
prefgr_member = "yes"
p_contract = ""
c_contract = ""
infra_service = ""
}
ESG1001 = {
tenant = "TEN2"
vrf = "VRF2"
network = "NETW2"
application = "Astro_VMS-Common_Infra_AM"
epg = ""
prefgr_member = "yes"
p_contract = "CTR1000"
c_contract = "CTR1001"
infra_service = ""
}
}
how can i only provision the relation_fv_rs_prov if the p_contract is not empty and the same for relation_fv_rs_cons if c_contract is not empty