Search code examples
terraformterraform0.12+terraform-provider-kubernetes

Argument or block definition required

I am using kubernetes_network_policy resource. I have around ten network poilices and each of them is different. I want the from cidr block to be executed only when I pass a value to ingress_to_cidr. When I am trying execute terragrunt apply it errors out saying failed to expand IPBlock: null or empty input but terragrunt plan works fine. So I am trying to use if statement around the from cidr block, to see if I surpass the IPblock issue when I don't pass any value to ingress_to_cidr

│ Error: Argument or block definition required
│
│   on main.tf line 37, in resource "kubernetes_network_policy" "example-policy":
│   37:         length(var.ingress_to_cidr) != 0 ? 0 : from {
│
│ An argument or block definition is required here. To set an argument, use
│ the equals sign "=" to introduce the argument value.
╵
ERRO[0004] 1 error occurred:
    * exit status 1

My resource


resource "kubernetes_network_policy" "example-policy" {
  for_each = var.inputs
  metadata {
    name      = each.value.name
    namespace = each.value.namespace
  }
  spec {
    pod_selector {
      match_labels = {
        app = each.value.selector
      }
    }
    policy_types = each.value.policy
    dynamic "ingress" {
        
        for_each = each.value.egress_number == null ? [] :range(length(each.value.ingress_number))
        
        content {
            ports {
                port     = each.value.ingress_number[ingress.value]
                protocol = each.value.ingress_protocol[ingress.value]
            }
            
            length(var.ingress_to_cidr) == null ? [] : from {
            ip_block {
               cidr = each.value.ingress_to_cidr
          }
        }
      }       
    }      
    dynamic "egress" {
        
        for_each = each.value.egress_number == null ? [] : range(length(each.value.egress_number))
        
        content {
            ports {
                port     = each.value.egress_number[egress.value]
                protocol = each.value.egress_protocol[egress.value]
            }
            
           length(var.ingress_to_cidr) == null ? [] : to {
            ip_block {
               cidr = each.value.egress_to_cidr
          }
        }
      }       
    }    
  }
}
Solution

  • You can nest dynamic blocks. So I think in your case it should be:

    resource "kubernetes_network_policy" "example-policy" {
  for_each = var.inputs
  metadata {
    name      = each.value.name
    namespace = each.value.namespace
  }
  spec {
    pod_selector {
      match_labels = {
        app = each.value.selector
      }
    }
    policy_types = each.value.policy
    dynamic "ingress" {
        
        for_each = each.value.egress_number == null ? [] : range(length(each.value.ingress_number))
        
        content {
            ports {
                port     = each.value.ingress_number[ingress.value]
                protocol = each.value.ingress_protocol[ingress.value]
            }
            
            dynamic "from" {
              for_each = each.value.ingress_to_cidr == null ? [] : [each.value.ingress_to_cidr]
              content {
                ip_block {
                    cidr = from.value
                }              
              }              
           }
       }       
    }      
    dynamic "egress" {
        
        for_each = each.value.egress_number == null ? [] : range(length(each.value.egress_number))
        
        content {
            ports {
                port     = each.value.egress_number[egress.value]
                protocol = each.value.egress_protocol[egress.value]
            }
            
            dynamic "from" {
              for_each = each.value.egress_to_cidr == null ? [] : [each.value.egress_to_cidr]
              content {
                ip_block {
                    cidr = from.value
                }              
              }              
           }
      }       
    }    
  }
}