I am seeking help with iterating through lists within a map of objects.
This is my current map:
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
}
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
}
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
}
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
My end goal is to use a for each over each port in each lists.
I am using go templating in a terraform template file and this is what I currenlty have and it works for the index position of 0
%{ for key , value in tunnels }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.ports[0]} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}
any help would be greatly appreciated. I have been researching the merge function to see if its a good use case for this.
The end goal would be to have a separate dport rule for each port.
>Solution :
You have to flatten the tunnles, and merge can be used for that:
variable "tunnels" {
default = {
test125231-test-tunnel = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.122"
leftsubnet = "10.0.0.0/16"
peer_ip = "10.10.10.10"
ports = [
"7000",
"7001",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel"
},
test125231-test-tunnel-2 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "3.229.37.95"
leftsourceip = "10.0.1.234"
leftsubnet = "184.72.223.116/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-2"
},
test125231-test-tunnel-3 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "190.72.224.115/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-3"
},
test125231-test-tunnel-4 = {
authby = "secret"
auto = "ondemand"
customer_name = "test125231"
dh_ingress_ip = "10.0.1.71"
esp = "aes256-sha256-modp2048"
ike = "aes256-sha256-modp2048"
ikelifetime = 3600
ikev2 = "no"
keyexchange = "ike"
left = "%defaultroute"
leftid = "10.10.10.10"
leftsourceip = "10.0.1.234"
leftsubnet = "10.10.10.10/32"
peer_ip = "10.10.10.10"
ports = [
"7000",
]
right = "10.10.10.10"
rightid = "10.10.10.10"
rightsourceip = "10.41.0.191"
rightsubnet = "10.41.0.0/16"
salifetime = 3600
tunnel_name = "test-tunnel-4"
}
}
}
locals {
tunnels_flat = merge([
for tunnel_name, tunnel_details in var.tunnels:
{
for idx, port in tunnel_details.ports:
"${tunnel_name}-${port}" => merge({
port = port
}, tunnel_details)
}
]...)
}
Then you will iterate (psudo-code):
%{ for key , value in local.tunnels_flat }
-A PREROUTING -s ${value.leftsourceip} -p tcp --dport ${value.port} -j DNAT --to-destination 1.1.1.1:7000
%{ endfor ~}