Terraform: concat within cidr_blocks

Created on 23 Mar 2017 · 8Comments · Source: hashicorp/terraform

Terraform version: 0.9.1

I'm trying to merge two lists within the cidr_blocks of a aws_security_group resource, something like this:

resource "aws_security_group" "fs-prod-loadbalancer-elb" {
  name = "fs-prod-loadbalancer-elb"
  description = "fs-prod-loadbalancer-elb"
  vpc_id = "${aws_vpc.prod.id}"
  ingress {
      from_port = 80
      to_port = 80
      protocol = "tcp"
      cidr_blocks = [
        "${aws_eip.fs-infra-jumphost.private_ip}/32",
        "${aws_eip.fs-infra-jumphost.public_ip}/32",
        "${var.fs-prod_office_ips}",
        "0.0.0.0/0"
      ]
  }
}

variable "fs-prod_office_ips" {
  description = "Office IPs. Needed to access jumphost."
  type = "list"
  # xx.xx.xx.xx = Fullscreen office
  default = [" xx.xx.xx.x/32"]
}

I tried to use concat but I'm not sure why it's not working:

resource "aws_security_group" "fs-prod-loadbalancer-elb" {
  name = "fs-prod-loadbalancer-elb"
  description = "fs-prod-loadbalancer-elb"
  vpc_id = "${aws_vpc.prod.id}"
  ingress {
      from_port = 80
      to_port = 80
      protocol = "tcp"
      cidr_blocks = concat([
        "${aws_eip.fs-infra-jumphost.private_ip}/32",
        "${aws_eip.fs-infra-jumphost.public_ip}/32",
        "0.0.0.0/0"], "${var.fs-prod_office_ips}")
  }
}

Error:

Failed to load root config module: Error parsing /Users/scalp/fullscreen/terraform/configs/fs-prod_loadbalancer.tf: At 58:21: Unknown token: 58:21 IDENT concat

core question

Source

scalp42

Most helpful comment

Hey @scalp42, got a working solution for ya.

variable "private_ip" {
  default = "172.10.0.0/16"
}

variable "public_ip" {
  default = "8.8.8.8"
}

variable "office_ips" {
  default = ["8.8.4.4", "192.168.0.1"]
  type = "list"
}

resource "aws_security_group" "load_balancer" {
  name        = "load-balancer-jake"
  description = "testing-jake-gh-issue-12996"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = "${concat(list("${var.private_ip}", "${var.public_ip}"), "${var.office_ips}")}"
  }
}

The two variables, aws_eip.fs-infra-jumphost.private_ip and public_ip are string variables, not list variables. They need to be joined into a list before being added to the concat() interpolation function.

There is, however, a current core issue with validation in a list from using variables from different sources. I believe this will effect you as well, and you'll be able to see if your concat() function is written correctly if you get a validation error on plan instead of a parse error.
We're actively diving deep into the list validation issue, and should have a fix out soon for that. Thanks!

grubernaut on 24 Mar 2017

👍2

All 8 comments

Hello @scalp42, thanks for the issue!

concat is an interpolation function, as such it needs to be placed within quotes as such:

cidr_blocks = "${concat()}"

Please let me know if this solves the issue for you. Thanks!

grubernaut on 23 Mar 2017

Thanks for the help @grubernaut. Tried couple ways but cant get it to work unfortunately:

        cidr_blocks = "${concat([
          "${aws_eip.fs-infra-jumphost.private_ip}/32",
          "${aws_eip.fs-infra-jumphost.public_ip}/32",
          "0.0.0.0/0"], "${var.fs-prod_office_ips}")}"

scalp42 on 23 Mar 2017

@scalp42 are you getting any different errors now? There's an open issue on validation with security group cidr_blocks you may be hitting even if the concat works as it should.

grubernaut on 23 Mar 2017

Sorry, yeah the error is different:

Failed to load root config module: Error loading /Users/scalp/fullscreen/terraform/configs/fs-prod_loadbalancer.tf: Error reading config for aws_security_group[fs-prod-loadbalancer-elb]: parse error at 1:10: expected expression but found "["

If I remove the [, problem is that concat requires a list so I'm not sure how to merge two (or more) lists together within the cidr_blocks.

scalp42 on 23 Mar 2017

Could be related to #13034

scalp42 on 24 Mar 2017

Hey @scalp42, got a working solution for ya.

variable "private_ip" {
  default = "172.10.0.0/16"
}

variable "public_ip" {
  default = "8.8.8.8"
}

variable "office_ips" {
  default = ["8.8.4.4", "192.168.0.1"]
  type = "list"
}

resource "aws_security_group" "load_balancer" {
  name        = "load-balancer-jake"
  description = "testing-jake-gh-issue-12996"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = "${concat(list("${var.private_ip}", "${var.public_ip}"), "${var.office_ips}")}"
  }
}

grubernaut on 24 Mar 2017

👍2

@scalp42 going to close for now, happy to discuss further if the problem persists! Thanks!

grubernaut on 27 Mar 2017

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.