As far as I can tell this should work, though I’m getting an error I am unsure how to troubleshoot. I am working with the panos provider for palo alto configuration, though that should be irrelevant based on my understanding; so I’ve left that detail absent from below.
Any guidance would be greatly appreciated. 
“Root” main.tf variable declaration in a local block:
nat_rules = [
{
name = "egress"
type = "ipv4"
original_packet = {
source_zones = ["Trust"]
destination_zone = "Untrust"
destination_interface = "ethernet1/1"
source_addresses = ["any"]
destination_addresses = ["any"]
service = "any"
}
translated_packet = {
source = {
dynamic_ip_and_port = {
interface_address = {
interface = "ethernet1/1"
}
}
}
destination = {
static_translation = {
address = "10.2.0.20"
port = 80
}
}
}
}
]
variable definition in module:
variable "nat_rules" {
description = "List of NAT rules to create."
type = list(object({
name = string
type = string
original_packet = object({
source_zones = list(string)
destination_zone = string
destination_interface = string
source_addresses = list(string)
destination_addresses = list(string)
service = string
})
translated_packet = object({
source = object({
dynamic_ip_and_port = object({
interface_address = object({
interface = string
})
})
})
destination = object({
static_translation = object({
address = string
port = number
})
})
})
}))
}
resource definition in module:
resource "panos_nat_rule_group" "default" {
dynamic "rule" {
for_each = var.nat_rules
content {
name = rule.value.name
type = rule.value.type
original_packet {
source_zones = rule.value.original_packet.source_zones
destination_zone = rule.value.original_packet.destination_zone
destination_interface = rule.value.original_packet.destination_interface
source_addresses = rule.value.original_packet.source_addresses
destination_addresses = rule.value.original_packet.destination_addresses
service = rule.value.original_packet.service
}
translated_packet {
source {
dynamic_ip_and_port {
interface_address {
interface = rule.value.translated_packet.source.dynamic_ip_and_port.interface_address.interface
}
}
}
destination {
dynamic "static_translation" {
for_each = rule.value.translated_packet.destination.static_translation
content {
address = static_translation.value.address
port = static_translation.value.port
}
}
}
}
}
}
}
Error returned post-refresh from a plan:
------------------------------------------------------------------------
Error: Unsupported attribute
on ../modules/terraform-panos-cep/main.tf line 131, in resource "panos_nat_rule_group" "default":
131: address = static_translation.value.address
|----------------
| static_translation.value is "10.2.0.20"
This value does not have any attributes.
Error: Unsupported attribute
on ../modules/terraform-panos-cep/main.tf line 131, in resource "panos_nat_rule_group" "default":
131: address = static_translation.value.address
|----------------
| static_translation.value is 80
This value does not have any attributes.
Error: Unsupported attribute
on ../modules/terraform-panos-cep/main.tf line 132, in resource "panos_nat_rule_group" "default":
132: port = static_translation.value.port
|----------------
| static_translation.value is "10.2.0.20"
This value does not have any attributes.
Error: Unsupported attribute
on ../modules/terraform-panos-cep/main.tf line 132, in resource "panos_nat_rule_group" "default":
132: port = static_translation.value.port
|----------------
| static_translation.value is 80
This value does not have any attributes.11 posts - 2 participants