cloudflare terraform provider firewall creation with loop

Question

I am trying to work around a constraint where firewall creation is split into 2 sections, creating a filter and creating the rule based on the filter. Filter creation exposes a filter id that should be used in the fw rule creation. I cant wrap my head on how to properly iterate through the map that has values for filter and rule and include newly created filter. if i just use a simple map with name and expression, things work, but if i add rule priority things break here is my map

variable "fw_allowfilters1" {
  description = "list of expressions for firewall to be included in the allow rules"
  type = map(object({
  fvalue = string
  priority = number
}))

default = {
"office_filter1" = [
  {
    fvalue = "ip.geoip.asnum eq 111111"
    priority = 1

  }
]
 "office_filter2" = [
  {
    fvalue = "ip.src eq 8.8.8.8"
    priority = 3
  }
]
}
}

now here is my code for both filter and FW

resource "cloudflare_filter" "allow-filters1" {
for_each = var.fw_allowfilters1
zone_id = var.zoneid
expression = each.value.fvalue
description = each.key
//description = [for o in var.fw_allowfilters1: "Filter_${var.fw_allowfilters1.name}"]
//expression = [for o in var.fw_allowfilters1: var.fw_allowfilters1.value]
}

resource "cloudflare_firewall_rule" "whitelist-rule" {
for_each = cloudflare_filter.allow-filters1
action = "allow"
filter_id =  tostring(each.value.id)
zone_id = var.zoneid
description = [for p in var.fw_allowfilters1.name: p.name ]
priority = [for p in var.fw_allowfilters1.priority: p.priority  ]
}

now if i dont include priority, i can do the for_each on the filter output in firewall creation, using id output from the resource and key for descirption ( cf tf provider uses description as a name) however, if i need to add the key, i need to iterate through the map with values plus the id that is output of the filter creation and I am not sure how to properly map it. code currently does not work.

Answer 1

so i figured it out and it was not easy:) using locals helped me create proper iterators:

resource "cloudflare_filter" "filters1" {
for_each = var.fw_rules
zone_id = var.zoneid
description = "Filter_${tostring(each.key)}"
expression = tostring(each.value[0])
}
locals {
filterids = [for f in cloudflare_filter.filters1 : f.id] //putting filter 
IDs into a separate list for concat later
fwvalues = (values(var.fw_rules)) // putting values from the map of fwvalues into 
a separate list to use the index position of a particular value as an interator when 
creating commong object that has both filterid and fwvalues
fwkeys = (keys(var.fw_rules)) //putting keys into a separate list
//iterating over all elements in the allowfilters1, combining existing lists in the 
variable with the ID value and readding the key as an element in the list
withid3 = {for p in var.fw_rules : local.fwkeys[index(local.fwvalues, p.*)] => 
concat(p, list(local.filterids[index(local.fwvalues, 
p.*)]),list(local.fwkeys[index(local.fwvalues, p.*)]))} //working version
}

resource "cloudflare_firewall_rule" "fw-rules" {
for_each = local.withid3
action = each.value[2]
filter_id =  each.value[4]
paused = each.value[3]
zone_id = var.zoneid
description = "FW-${tostring(each.value[2])}-${tostring(each.key)}"
priority = each.value[1]
}

where varilable is this: // the syntax is the following: name of the rule(try to be precise = [ expression, priority,action, disabled - boolean] - all values should be strings, make sure to terminate the quotes correctly allowed values for the action are: block, challenge, js_challenge, allow, log, bypass list has to be maintained according to the rule priority

variable "fw_rules" {
  description = "list of expressions for firewall to be included in therules"
  type = map
  default = {
    office_allow = ["putexpressionhere","1","allow","false"],
    office_allow1 = ["putexpressionhere1","2","deny","false"]
  }