terraformfortigate

Terraform Define FortiOS VIP Group Member block from child module outputs

I am using Terraform to build Fortigate resources within a custom child module I've defined. Each instance of the child module will build 12 unique VIPs using the fortios_firewall_vip resource. Inside the root module, I'm attempting to define a VIP Group using the fortios_firewall_vipgrp resource, which would include ALL of the VIPs built from ALL instances of the child module. I seem to be struggling with how to build the member{} block within the vipgrp resource.

Here is a breakdown of the folder structure:

root/
| _
    fortinet.tf
    modules/instance
    | _
        main.tf
        outputs.tf

The main.tf file is where I'm building the 12 unique VIPs for each instance, and the outputs.tf file is where I'm saving all of the VIP names to reference in the fortinet.tf root file.

I've tried to save the VIP names as a list and as a map, but I'm not sure which is the better approach.

Example of list output:

output "vips" {
  value = [
    fortios_firewall_vip.vip1.name,
    fortios_firewall_vip.vip2.name,
    etc...
  ]
}

Example of map output:

output "vips" {
  value = {
    name = fortios_firewall_vip.vip1.name
    name = fortios_firewall_vip.vip2.name
    etc...
  }
}

In the root fortinet.tf file, I'm defining a single VIP Group with the member block and trying to "splat" all instances VIPs in there. I thought perhaps with the map outputs, I could simply merge them all into one giant block like so:

resource "fortios_firewall_vipgrp" "vipgrp" {
  name = "example-vipgrp"
  member = merge(module.instance[*].vips)
}

However, I'm receiving an error saying
An argument named "member" is not expected here. Did you mean to define a block of type "member"?

I'm a newb with Terraform, so I'm struggling with what terminology I should be Googling for assistance here... Is this even possible?

Any input would be extremely helpful. Thanks!

Solution

  • member is a block, not argument. So it should be:

    resource "fortios_firewall_vipgrp" "vipgrp" {
  name = "example-vipgrp"
  member {
     # this merge here probably also need changing, 
     # but my answer covers your error of missing member block, 
     # not whether your merge is correct or not.
     name = merge(module.instance[*].vips)
 }  
}