Trouble Pulling attribute from collection of resources

I could really use some help. I am working with Terraform 1.0.10 and the OCI provider v4.52.0.
I am writing a customer network security group module that has 20+ rules, with each rule following the model rule001 (i.e. rule001, rule002, etc.). I am encountering problems in figuring out how to pull ALL of those oci_core_network_security_group_rule rules and pulling the description attribute. I have tried the following to no avail. I know I’m missing something but am fairly new to Terraform so just don’t know what I don’t know.

output "security_rule" {
    description = "Security rule descriptions"
    value = [for value in oci_core_network_security_group_security_rule[*]: value.description]
}
output "security_rule" {
    description = "Security rule descriptions"
    value = { for k, v in oci_core_network_security_group_security_rule.*.description : k => v }
}
output "security_rule" {
    description = "Security rule descriptions"
    value = { for k, v in oci_core_network_security_group_security_rule[*].description : k => v }
}

I know on the one immediately above that I need to somehow capture the wildcard/splat after the security_rule, but it won’t take in either event. Should I perhaps be converting this to a map of objects, then outputting the map? Not sure how I’d do that though. Thanks for any help someone can give.

I @ziondef,

The identifier for oci_core_network_security_group_security_rule is missing the name portion, which is why it’s not valid here. It would help to have a more complete example, so we can see what the data structures you are using look like. Can you show the configuration for the oci_core_network_security_group_security_rule?

I guess that’s the trouble I am having, that I don’t have the name, but I want to wild card the names to display the same attribute from ALL of those resource types in the config file. Below is a snippet of a few of the rules:

resource "oci_core_network_security_group_security_rule" "inrule001" {
    network_security_group_id = oci_core_network_security_group.example.id

    direction                 = "INGRESS"
    protocol                  = "all"
    description = "Allow all NSG-internal comms"
    destination = oci_core_network_security_group.example.id

    source      = oci_core_network_security_group_security_rule.inrule001.id

    source_type = "NETWORK_SECURITY_GROUP"

    stateless   = false
}

resource "oci_core_network_security_group_security_rule" "inrule002" {
    network_security_group_id = oci_core_network_security_group.example.id
    direction                 = "INGRESS"
    protocol                  = "6"

    description = "SSH from Other Subnet"
    source      = "172.19.0.0/16"
    source_type = "CIDR_BLOCK"
    stateless   = false
    tcp_options {
        destination_port_range {
            max = 22
            min = 22
        }
    }
}

What I want to do is something like this: oci_core_network_security_group_security_rule.*.description to show inrule001.description, inrule002.description. Any way to do that?

You cannot use a wildcard to reference some set of individual resources, so there is no way to fix the syntax here. What you can do however is restructure the oci_core_network_security_group_security_rule rules so that you can create them using for_each, which will allow you to collect all the descriptions in a single expression.

Unfortunately the for_each loop is not a great solution. There are multiple pieces which are dependent upon other elements of the configuration being applied, which is a constraint of the for_each meta argument. For instance, the NSG OCID referenced in the rules depends on the NSG being created first. Is there no way to pull all resources of a type made in a configuration?

Using for_each to declare the resource instances shouldn’t preclude you from referencing other resources in the configuration. It may however make things more cumbersome than its worth, but without a complete example it’s hard to say for sure. Perhaps grouping them into a few similar resource blocks could help.

It does come down to the fact though that if you create the resources in individual blocks in the configuration, you will need to reference them individually somewhere in the configuration.