Firewall droplet_id list

November 7, 2019 100 views
DigitalOcean API and CLI (doctl) Terraform

VERSION DETAILS

Terraform v0.12.13
+ provider.aws v2.29.0
+ provider.digitalocean v1.7.0
+ provider.null v2.1.2
+ provider.template v2.1.2

PROBLEM
I have the following terraform file which defined a DigitalOcean Cloud Firewall resource. It was previously written in the < 0.12 but has been converted to 0.12 syntax.

 resource "digitalocean_firewall" "web" {
  1   name = "only-22-80-and-443"
  2
  3   droplet_ids = [digitalocean_droplet.web.*.id, digitalocean_droplet.db.*.id]
  4
  5   inbound_rule {
  6     protocol         = "tcp"
  7     port_range       = "1-65535"
  8     source_addresses = ["10.0.0.0/8"]
  9   }
 10
 11   inbound_rule {
 12     protocol         = "udp"
 13     port_range       = "1-65535"
 14     source_addresses = ["10.0.0.0/8"]
 15   }
 16
 17   inbound_rule {
 18     protocol         = "tcp"
 19     port_range       = "80"
 20     source_addresses = ["0.0.0.0/0", "::/0"]
 21   }
 22
 23   inbound_rule {
 24     protocol         = "tcp"
 25     port_range       = "443"
 26     source_addresses = ["0.0.0.0/0", "::/0"]
 27   }
 28
 29   outbound_rule {
 30     protocol              = "tcp"
 31     port_range            = "53"
 32     destination_addresses = ["0.0.0.0/0", "::/0"]
 33   }
 34   outbound_rule {
 35     protocol              = "udp"
 36     port_range            = "53"
 37     destination_addresses = ["0.0.0.0/0", "::/0"]
 38   }
 39   outbound_rule {
 40     protocol              = "tcp"
 41     port_range            = "80"
 42     destination_addresses = ["0.0.0.0/0", "::/0"]
 43   }
 44   outbound_rule {
 45     protocol              = "tcp"
 46     port_range            = "443"
 47     destination_addresses = ["0.0.0.0/0", "::/0"]
 48   }
 49 }

Prior to the upgrade everything worked fine. The only line that changed was line 3. It seems to be causing issues It was previously.

 droplet_ids = ["${digitalocean_droplet.web.*.id}", "${digitalocean_droplet.db.*.id}"]

Running terraform plan returns:

Error: Incorrect attribute value type

  on do_firewall.tf line 4, in resource "digitalocean_firewall" "web":
   4:   droplet_ids = [digitalocean_droplet.staging_mongo.*.id, digitalocean_droplet.staging_swarm.*.id]

Inappropriate value for attribute "droplet_ids": element 0: number required.

I have tried:

droplet_ids = [digitalocean_droplet.web.[*].id, digitalocean_droplet.db.[*].id]

droplet_ids = digitalocean_droplet.web.[*].id, digitalocean_droplet.db.[*].id
droplet_ids = (digitalocean_droplet.web.[*].id, digitalocean_droplet.db.[*].id)

if I take away one of the resource groups and leave one - it works

droplet_ids = digitalocean_droplet.web.*.id

Any suggestions of how I can have both droplet resourcce groups?

1 Answer

The best way to combine to lists of attributes using Terraform >= 0.12 syntax is to use the concat function. From the docs:

concat takes two or more lists and combines them into a single list.

So that would look like:

droplet_ids = concat(digitalocean_droplet.web.*.id, digitalocean_droplet.db.*.id)
Have another answer? Share your knowledge.