I am attempting to generate security lists in OCI dynamically through a list of objects containing several nested list of objects. But when I execute I get an error saying an attribute hasn’t been defined, when it has !
What am I doing wrong?
Here is the resource file at ‘"./…/security_list"’
resource oci_core_security_list this {
compartment_id = var.security_list_compartment_ocid
vcn_id = var.security_list_vcn_ocid
display_name = var.security_list_name
dynamic "ingress_security_rules" {
for_each = var.icmp_ingress_security_rules
content {
stateless = ingress_security_rules.value.type_stateless
source_type = ingress_security_rules.value.source_type
source = ingress_security_rules.value.source
protocol = "1" #ICMP ("1")
icmp_options {
type = ingress_security_rules.value.icmp_type
code = ingress_security_rules.value.icmp_code
}
description = ingress_security_rules.value.description
}
}
dynamic "ingress_security_rules" {
for_each = var.tcp_ingress_security_rules
content {
stateless = ingress_security_rules.value.type_stateless
source_type = ingress_security_rules.value.source_type
source = ingress_security_rules.value.source
protocol = "6" #TCP ("6")
tcp_options {
#Optional
max = ingress_security_rules.value.destination_port_range_max
min = ingress_security_rules.value.destination_port_range_min
source_port_range {
#Required
max = ingress_security_rules.value.source_port_range_max
min = ingress_security_rules.value.source_port_range_min
}
}
description = ingress_security_rules.value.description
}
}
dynamic "ingress_security_rules" {
for_each = var.udp_ingress_security_rules
content {
stateless = ingress_security_rules.value.type_stateless
source_type = ingress_security_rules.value.source_type
source = ingress_security_rules.value.source
protocol = "17" #UDP ("17")
udp_options {
#Optional
max = ingress_security_rules.value.destination_port_range_max
min = ingress_security_rules.value.destination_port_range_min
source_port_range {
#Required
max = ingress_security_rules.value.source_port_range_max
min = ingress_security_rules.value.source_port_range_min
}
}
description = ingress_security_rules.value.description
}
}
dynamic "egress_security_rules" {
for_each = var.icmp_egress_security_rules
content {
stateless = egress_security_rules.value.type_stateless
destination_type = egress_security_rules.value.destination_type
destination = egress_security_rules.value.destination
protocol = "1" #ICMP ("1")
icmp_options {
type = egress_security_rules.value.icmp_type
code = egress_security_rules.value.icmp_code
}
description = egress_security_rules.value.description
}
}
dynamic "egress_security_rules" {
for_each = var.tcp_egress_security_rules
content {
stateless = egress_security_rules.value.type_stateless
destination_type = egress_security_rules.value.destination_type
destination = egress_security_rules.value.destination
protocol = "6" #TCP ("6")
tcp_options {
#Optional
max = egress_security_rules.value.destination_port_range_max
min = egress_security_rules.value.destination_port_range_min
source_port_range {
#Required
max = egress_security_rules.value.source_port_range_max
min = egress_security_rules.value.source_port_range_min
}
}
description = egress_security_rules.value.description
}
}
dynamic "egress_security_rules" {
for_each = var.udp_egress_security_rules
content {
stateless = egress_security_rules.value.type_stateless
destination_type = egress_security_rules.value.destination_type
destination = egress_security_rules.value.destination
protocol = "17" #UDP ("17")
udp_options {
#Optional
max = egress_security_rules.value.destination_port_range_max
min = egress_security_rules.value.destination_port_range_min
source_port_range {
#Required
max = egress_security_rules.value.source_port_range_max
min = egress_security_rules.value.source_port_range_min
}
}
description = egress_security_rules.value.description
}
}
}
Here is the Module which calls the above resource,
module security_list {
count = length(var.vcn_security_lists)
source = "./../security_list"
security_list_compartment_ocid = var.vcn_compartment_ocid
security_list_vcn_ocid = local.vcn_ocid
security_list_name = var.vcn_security_lists[count.index].security_list_name
icmp_ingress_security_rules = var.vcn_security_lists[count.index].icmp_ingress_security_rules
tcp_ingress_security_rules = var.vcn_security_lists[count.index].tcp_ingress_security_rules
udp_ingress_security_rules = var.vcn_security_lists[count.index].udp_ingress_security_rules
icmp_egress_security_rules = var.vcn_security_lists[count.index].icmp_egress_security_rules
tcp_egress_security_rules = var.vcn_security_lists[count.index].tcp_egress_security_rules
udp_egress_security_rules = var.vcn_security_lists[count.index].udp_egress_security_rules
}
Then here is the module in the main.tf which is run,
module fwall_vcn_dr {
source = "./../common/networking/vcn"
providers = {
oci = oci.dr
}
vcn_security_lists = var.fwall_security_lists
}
Here is my tfvars file,
fwall_security_lists =[
{
security_list_name : "SM-TST-VCN-SL-1",
subnet_name : "SM-TST-VCN-SL-1",
icmp_ingress_security_rules : [
{
type_stateless : false,
source_type : "CIDR_BLOCK",
source : "0.0.0.0/0",
icmp_code : "4",
icmp_type : "3",
description : "ICMP Ingress Rule #1"
}
],
tcp_ingress_security_rules : [
{
type_stateless : false,
source_type : "CIDR_BLOCK",
source : "0.0.0.0/0",
destination_port_range_max : "443",
destination_port_range_min : "3128",
source_port_range_max : "65",
source_port_range_min : "8128",
description : "TCP Ingress Rule #1"
}
],
udp_ingress_security_rules : [],
icmp_egress_security_rules : [],
tcp_egress_security_rules : [
{
type_stateless : false,
destination_type : "CIDR_BLOCK",
destination : "0.0.0.0/0",
destination_port_range_max : "443",
destination_port_range_min : "443",
source_port_range_max : "8128",
source_port_range_min : "8128",
description : "TCP Egress Rule #1"
},
{
type_stateless : false,
destination_type : "CIDR_BLOCK",
destination : "0.0.0.0/0",
destination_port_range_max : "82",
destination_port_range_min : "80",
source_port_range_max : "8082",
source_port_range_min : "8080",
description : "TCP Egress Rule #2"
}
],
udp_egress_security_rules : [],
}
]
and here is the error,
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "vcn_security_lists_displayname" is required, but no definition
was found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "tcp_ingress_security_rules" is required, but no definition was
found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "tcp_egress_security_rules" is required, but no definition was
found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "icmp_ingress_security_rules" is required, but no definition was
found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "udp_ingress_security_rules" is required, but no definition was
found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "udp_egress_security_rules" is required, but no definition was
found.
Error: Missing required argument
on main.tf line 37, in module "fwall_vcn_home"
37: module fwall_vcn_home {
The argument "icmp_egress_security_rules" is required, but no definition was
found.