Merge branch 'main' into topic_robesanc_jcs-13162

roberto-sanchez-herrera · roberto-sanchez-herrera · commit 445aecc9ac11 · 2022-11-28T13:36:03.000-06:00
diff --git a/builds/build_mp_bundles.sh b/builds/build_mp_bundles.sh
@@ -301,7 +301,7 @@ replace_byol_suite_14110_variables()
 }
 replace_ucm_suite_12214_variables()
 {  
-  export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_byol.tfvars
+  export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_ucm.tfvars
   get_mp_values
   sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf
   sed -i 's/default     = "EE"/default     = "SUITE"/' ${TMP_BUILD}/edition.tf
@@ -314,7 +314,7 @@ replace_ucm_suite_12214_variables()
 }
 replace_ucm_suite_14110_variables()
 { 
-  export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_byol.tfvars
+  export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_ucm.tfvars
   get_mp_values
   sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf
   sed -i 's/default     = "EE"/default     = "SUITE"/' ${TMP_BUILD}/edition.tf
diff --git a/terraform/data_sources.tf b/terraform/data_sources.tf
@@ -116,23 +116,14 @@ data "oci_file_storage_mount_targets" "mount_targets" {
   id                  = var.mount_target_id
 }
 
-
-data "oci_file_storage_mount_targets" "existing_mount_target" {
-  count = var.existing_fss_id != "" ? 1 : 0
-  #Required
-  availability_domain = local.fss_availability_domain
-  compartment_id      = var.mount_target_compartment_id
-  id                  = var.mount_target_id
-}
-
 data "oci_core_private_ip" "mount_target_private_ips" {
   count = var.existing_fss_id != "" ? 1 : 0
   #Required
-  private_ip_id = data.oci_file_storage_mount_targets.existing_mount_target[0].mount_targets[0].private_ip_ids[0]
+  private_ip_id = data.oci_file_storage_mount_targets.mount_targets[0].mount_targets[0].private_ip_ids[0]
 }
 
 data "oci_apm_apm_domain" "apm_domain" {
-  count = var.use_apm_service ? 1 : 0
+  count = local.use_apm_service ? 1 : 0
 
   #Required
   apm_domain_id = var.apm_domain_id
@@ -151,13 +142,6 @@ data "oci_core_subnet" "mount_target_existing_subnet" {
   subnet_id = data.oci_file_storage_mount_targets.mount_targets[0].mount_targets[0].subnet_id
 }
 
-data "oci_core_subnet" "mount_target_existing_subnet_by_fss" {
-  count = var.existing_fss_id == "" ? 0 : 1
-
-  #Required
-  subnet_id = data.oci_file_storage_mount_targets.existing_mount_target[0].mount_targets[0].subnet_id
-}
-
 data "oci_objectstorage_namespace" "object_namespace" {
 
   #Optional
diff --git a/terraform/locals.tf b/terraform/locals.tf
@@ -90,13 +90,16 @@ locals {
 
   assign_weblogic_public_ip = var.assign_weblogic_public_ip || var.subnet_type == "Use Public Subnet"
 
+  // Deploy sample-app only if the edition is not SE
+  deploy_sample_app = (var.deploy_sample_app && var.wls_edition != "SE")
+
   admin_ip_address      = local.assign_weblogic_public_ip ? module.compute.instance_public_ips[0] : module.compute.instance_private_ips[0]
   admin_console_app_url = format("https://%s:%s/console", local.admin_ip_address, var.wls_extern_ssl_admin_port)
   sample_app_protocol   = local.add_load_balancer ? "https" : "http"
-  sample_app_url_lb_ip  = var.deploy_sample_app && local.add_load_balancer ? format("%s://%s/sample-app", local.sample_app_protocol, local.lb_ip) : ""
-  sample_app_url_wls_ip = var.deploy_sample_app ? format("https://%s:%s/sample-app", local.admin_ip_address, var.wls_ms_extern_ssl_port) : ""
-  sample_app_url        = var.wls_edition != "SE" ? (var.deploy_sample_app && local.add_load_balancer ? local.sample_app_url_lb_ip : local.sample_app_url_wls_ip) : ""
-  sample_idcs_app_url = var.deploy_sample_app && local.add_load_balancer && var.is_idcs_selected ? format(
+  sample_app_url_lb_ip  = local.deploy_sample_app && local.add_load_balancer ? format("%s://%s/sample-app", local.sample_app_protocol, local.lb_ip) : ""
+  sample_app_url_wls_ip = local.deploy_sample_app ? format("https://%s:%s/sample-app", local.admin_ip_address, var.wls_ms_extern_ssl_port) : ""
+  sample_app_url        = local.deploy_sample_app ? (local.add_load_balancer ? local.sample_app_url_lb_ip : local.sample_app_url_wls_ip) : ""
+  sample_idcs_app_url = local.deploy_sample_app && local.add_load_balancer && var.is_idcs_selected ? format(
     "%s://%s/__protected/idcs-sample-app",
     local.sample_app_protocol,
     local.lb_ip,
@@ -145,7 +148,10 @@ locals {
     var.wls_extern_ssl_admin_port,
   ) : ""
 
-  apm_domain_compartment_id = var.use_apm_service ? lookup(data.oci_apm_apm_domain.apm_domain[0], "compartment_id") : ""
+  use_apm_service = (var.use_apm_service || var.use_autoscaling)
+  apm_domain_compartment_id = local.use_apm_service ? lookup(data.oci_apm_apm_domain.apm_domain[0], "compartment_id") : ""
+
+
 
   ocir_namespace = data.oci_objectstorage_namespace.object_namespace.namespace
 
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -204,7 +204,7 @@ module "policies" {
   is_idcs_selected            = var.is_idcs_selected
   idcs_client_secret_id       = var.idcs_client_secret_id
   use_oci_logging             = var.use_oci_logging
-  use_apm_service             = var.use_apm_service
+  use_apm_service             = local.use_apm_service
   apm_domain_compartment_id   = local.apm_domain_compartment_id
   use_autoscaling             = var.use_autoscaling
   ocir_auth_token_id          = var.ocir_auth_token_id
@@ -403,7 +403,7 @@ module "validators" {
   use_oci_logging  = var.use_oci_logging
   dynamic_group_id = var.dynamic_group_id
 
-  use_apm_service           = var.use_apm_service
+  use_apm_service           = local.use_apm_service
   apm_domain_id             = var.apm_domain_id
   apm_private_data_key_name = var.apm_private_data_key_name
 
@@ -558,14 +558,16 @@ module "compute" {
   wls_domain_name               = format("%s_domain", local.service_name_prefix)
   wls_server_startup_args       = var.wls_server_startup_args
   wls_existing_vcn_id           = var.wls_existing_vcn_id
-  mount_vcn_id                  = var.mount_target_id != "" ? data.oci_core_subnet.mount_target_existing_subnet[0].vcn_id : (var.existing_fss_id != "" ? data.oci_core_subnet.mount_target_existing_subnet_by_fss[0].vcn_id : "")
+  mount_vcn_id                  = var.mount_target_id != "" ? data.oci_core_subnet.mount_target_existing_subnet[0].vcn_id : ""
   wls_vcn_cidr                  = var.wls_vcn_cidr != "" ? var.wls_vcn_cidr : element(concat(module.network-vcn.*.vcn_cidr, tolist([""])), 0)
   wls_version                   = var.wls_version
   wls_edition                   = var.wls_edition
   allow_manual_domain_extension = var.allow_manual_domain_extension
   num_vm_instances              = var.wls_node_count
   resource_name_prefix          = var.service_name
 
+  deploy_sample_app = local.deploy_sample_app
+
   is_bastion_instance_required = var.is_bastion_instance_required
 
   is_idcs_selected      = var.is_idcs_selected
@@ -610,7 +612,7 @@ module "compute" {
   log_group_id    = element(concat(module.observability-common[*].log_group_id, [""]), 0)
   use_oci_logging = var.use_oci_logging
 
-  use_apm_service           = var.use_apm_service
+  use_apm_service           = local.use_apm_service
   apm_domain_compartment_id = local.apm_domain_compartment_id
   apm_domain_id             = var.apm_domain_id
   apm_private_data_key_name = var.apm_private_data_key_name
diff --git a/terraform/modules/observability/autoscaling/local.tf b/terraform/modules/observability/autoscaling/local.tf
@@ -21,7 +21,7 @@ locals {
   function_config_map = zipmap(
     ["min_wls_node_count", "wlsc_email_notification_topic_id", "debug", "offline_ms1_from_lb"],
     [var.wls_node_count,
-      (var.subscription_endpoint != "" ? element(concat(oci_ons_notification_topic.wlsc_email_notification_topic.*.id, list("")), 0) : ""),
+      (var.subscription_endpoint != "" ? element(concat(oci_ons_notification_topic.wlsc_email_notification_topic.*.id, tolist([""])), 0) : ""),
       "false",
       "false"
   ])
diff --git a/terraform/modules/policies/locals.tf b/terraform/modules/policies/locals.tf
@@ -13,15 +13,15 @@ locals {
 
   # This policy with "use instances" verb is needed because there is code in the WebLogic for OCI compute image that updates metadata of the compute instance, when more than one VM nodes are created
   core_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use instances in compartment id ${var.compartment_id}"
-  core_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect volumes in compartment id ${var.compartment_id}"
-  core_policy_statement3 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect volume-attachments in compartment id ${var.compartment_id}"
+  core_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volumes in compartment id ${var.compartment_id}"
+  core_policy_statement3 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage volume-attachments in compartment id ${var.compartment_id}"
   # This policy with "inspect virtual-network-family" verb is needed to read VCN information like CIDR, etc, for VCN validation
   network_policy_statement1 = var.network_compartment_id != "" ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect virtual-network-family in compartment id ${var.network_compartment_id}" : ""
   secrets_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.wls_admin_password_id}'"
   secrets_policy_statement2 = (var.is_idcs_selected && var.idcs_client_secret_id != "") ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.idcs_client_secret_id}'" : ""
   atp_policy_statement1     = (var.atp_db.is_atp && var.atp_db.password_id != "") ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.atp_db.password_id}'" : ""
   # This policy with "use autonomous-transaction-processing-family" verb is needed to download ATP db wallet
-  atp_policy_statement2    = (var.atp_db.is_atp && var.atp_db.compartment_id != "") ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use autonomous-transaction-processing-family in compartment id ${var.atp_db.compartment_id}" : ""
+  atp_policy_statement2 = (var.atp_db.is_atp && var.atp_db.compartment_id != "") ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use autonomous-transaction-processing-family in compartment id ${var.atp_db.compartment_id}" : ""
   # This policy with "manage network-security-groups" verb is needed to add security rule in the ATP db (with private endpoint) NSG in the ATP db VCN
   atp_policy_statement3    = (var.atp_db.is_atp_with_private_endpoints && var.atp_db.existing_vcn_add_seclist && var.atp_db.network_compartment_id != "") ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to manage network-security-groups in compartment id ${var.atp_db.network_compartment_id} where request.operation = 'AddNetworkSecurityGroupSecurityRules'" : ""
   oci_db_policy_statement1 = var.oci_db.password_id != "" ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read secret-bundles in tenancy where target.secret.id = '${var.oci_db.password_id}'" : ""
@@ -36,7 +36,10 @@ locals {
   # This policy with "use load_balancer" verb is needed to create load balancer for new vcn
   lb_policy_statement = var.add_load_balancer ? length(oci_identity_dynamic_group.wlsc_instance_principal_group) > 0 ? "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to use load-balancers in compartment id ${var.network_compartment_id}" : "" : ""
 
-  service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2, local.atp_policy_statement1, local.atp_policy_statement2, local.atp_policy_statement3, local.oci_db_policy_statement1, local.oci_db_policy_statement2, local.logging_policy, local.apm_domain_policy_statement, local.lb_policy_statement])
+  service_statements = compact([local.core_policy_statement1, local.core_policy_statement2, local.core_policy_statement3, local.network_policy_statement1, local.secrets_policy_statement1, local.secrets_policy_statement2,
+    local.atp_policy_statement1, local.atp_policy_statement2, local.atp_policy_statement3, local.oci_db_policy_statement1, local.oci_db_policy_statement2, local.oci_db_policy_statement3, local.logging_policy,
+    local.apm_domain_policy_statement, local.lb_policy_statement
+  ])
 
   cloning_policy_statement1 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to read orm-stacks in compartment id ${var.compartment_id}"
   cloning_policy_statement2 = "Allow dynamic-group ${oci_identity_dynamic_group.wlsc_instance_principal_group.name} to inspect compartments in tenancy"
diff --git a/terraform/modules/validators/existing_load_balancer_validators.tf b/terraform/modules/validators/existing_load_balancer_validators.tf
@@ -10,17 +10,17 @@ locals {
   validate_existing_lb_must_use_existing_subnets = local.use_existing_load_balancer && !var.use_existing_subnets ? local.validators_msg_map[local.existing_lb_must_use_existing_subnets_msg] : null
 
   lb_subnet_1_id_from_datasource = [for subnet in data.oci_core_subnets.existing_vcn_subnets_data_source.subnets[*] : subnet.id if subnet.id == var.existing_lb_subnet_1_id]
-  # set to true if lb subnet_1 is present in the list of subnet for the existing vcn of the stack
-  valid_existing_lb_subnet_1 = local.use_existing_load_balancer && local.lb_subnet_1_id_from_datasource != "" ? local.lb_subnet_1_id_from_datasource != "" : false
+  # set to true if lb subnet_1 is present in the list of subnet for the existing vcn of the stack or if not using existing load balancer
+  valid_existing_lb_subnet_1 = local.use_existing_load_balancer ? length(local.lb_subnet_1_id_from_datasource) != 0 : true
 
   existing_lb_subnet_1_not_in_existing_vcn_of_stack_msg = "WLSC-ERROR: The load balancer [${var.existing_load_balancer_id}] subnet_1 [${var.existing_lb_subnet_1_id}] is not in the the existing vcn [${var.existing_vcn_id}] for the stack"
   validate_existing_lb_vcn_subnet_1                     = local.use_existing_load_balancer && !local.valid_existing_lb_subnet_1 ? local.validators_msg_map[local.existing_lb_subnet_1_not_in_existing_vcn_of_stack_msg] : null
 
   lb_subnet_2_id_from_datasource = [for subnet in data.oci_core_subnets.existing_vcn_subnets_data_source.subnets[*] : subnet.id if subnet.id == var.existing_lb_subnet_2_id]
-  # set to true if lb subnet_2 is present in the list of subnet for the existing vcn of the stack
-  valid_existing_lb_subnet_2 = local.use_existing_load_balancer && local.lb_subnet_2_id_from_datasource != "" ? local.lb_subnet_2_id_from_datasource != "" : false
+  # set to true if lb subnet_2 is present in the list of subnet for the existing vcn of the stack, or if is empty (for regional lb), or if not using existing load balancer
+  valid_existing_lb_subnet_2 = var.existing_lb_subnet_2_id == "" ? true : local.use_existing_load_balancer ? length(local.lb_subnet_2_id_from_datasource) != 0 : true
 
-  existing_lb_subnet_2_not_in_existing_vcn_of_stack_msg = "WLSC-ERROR: The load balancer [${var.existing_load_balancer_id}] subnet_2 [${var.existing_lb_subnet_2_id}] is not in the the existing vcn [${var.existing_vcn_id}] for the stack"
+  existing_lb_subnet_2_not_in_existing_vcn_of_stack_msg = "WLSC-ERROR: The load balancer [${var.existing_load_balancer_id}] subnet_2 [${var.existing_lb_subnet_2_id}] is not in the existing vcn [${var.existing_vcn_id}] for the stack"
   validate_existing_lb_vcn_subnet_2                     = local.use_existing_load_balancer && !local.valid_existing_lb_subnet_2 ? local.validators_msg_map[local.existing_lb_subnet_2_not_in_existing_vcn_of_stack_msg] : null
 
   # verify that the backend set name is non-empty
diff --git a/terraform/outputs.tf b/terraform/outputs.tf
@@ -18,7 +18,7 @@ output "fss_system_id" {
 }
 
 output "mount_target_id" {
-  value = var.mount_target_id != "" ? var.mount_target_id : var.existing_fss_id != "" ? data.oci_file_storage_mount_targets.existing_mount_target[0].mount_targets[0].id : (var.add_fss ? module.fss[0].mount_target_id : "")
+  value = var.add_fss? (var.mount_target_id != ""? var.mount_target_id: module.fss[0].mount_target_id):""
 }
 
 output "load_balancer_id" {
diff --git a/terraform/schema.yaml b/terraform/schema.yaml
@@ -1177,12 +1177,11 @@ variables:
             - eq:
                 - ${load_balancer_strategy_existing_subnet}
                 - "Use Existing Load Balancer"
-    type: oci:loadbalancer:loadbalancer:id
+    type: string
+    pattern: ^ocid1.loadbalancer.*$
     title: Existing Load Balancer ID
     description: The OCID of the existing load balancer. If you use an existing load balancer, the WebLogic Server nodes are added to the backend set of the existing load balancer.
     required: true
-    dependsOn:
-      compartmentId: ${network_compartment_id}
 
   backendset_name_for_existing_load_balancer:
     visible:
diff --git a/terraform/schema_14110.yaml b/terraform/schema_14110.yaml
@@ -1186,12 +1186,11 @@ variables:
             - eq:
                 - ${load_balancer_strategy_existing_subnet}
                 - "Use Existing Load Balancer"
-    type: oci:loadbalancer:loadbalancer:id
+    type: string
+    pattern: ^ocid1.loadbalancer.*$
     title: Existing Load Balancer ID
     description: The OCID of the existing load balancer. If you use an existing load balancer, the WebLogic Server nodes are added to the backend set of the existing load balancer.
     required: true
-    dependsOn:
-      compartmentId: ${network_compartment_id}
 
   backendset_name_for_existing_load_balancer:
     visible:
diff --git a/utils/create_nsg.sh b/utils/create_nsg.sh
@@ -396,6 +396,37 @@ EOF
       echo -e "Adding IDCS Security Rule to access CLOUD GATE port in Managed Server Network Security Group $managed_server_nsg_ocid..."
       oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$IDCS_RULES_FILE
     fi
+
+    # Create security rule for IDCS - Open CLOUDGATE GATE PORT from LB AD subnet2 in MANAGED SERVER NSG
+    if [[ -n $lbsubnet_availability_domain  && $is_private_lb = false ]]
+    then
+       if [[ -n ${LB_SUBNET2_OCID} ]]
+       then
+         lbsubnet2_cidr_block=$(oci network subnet get --subnet-id "${LB_SUBNET2_OCID}" | jq -r '.data["cidr-block"]')
+         IDCS_RULES_FILE2=$(mktemp)
+         cat > ${IDCS_RULES_FILE2} << EOF
+         [{
+           "description": "TCP traffic for cloudgate port",
+           "direction": "INGRESS",
+           "isStateless": "false",
+           "protocol": "6",
+           "sourceType": "CIDR_BLOCK",
+           "source": "$lbsubnet2_cidr_block",
+           "tcpOptions": {
+             "destinationPortRange": {
+               "min": "$CLOUDGATE_PORT",
+               "max": "$CLOUDGATE_PORT"
+             }
+           }
+         }]
+EOF
+         if [[ -n $managed_server_nsg_ocid ]]
+         then
+           echo -e "Adding IDCS Security Rule to access CLOUD GATE port in Managed Server Network Security Group $managed_server_nsg_ocid..."
+           oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$IDCS_RULES_FILE2
+         fi
+       fi
+    fi
   fi
   # Load Balancer NSG
   network_security_group_name="load_balancer_nsg"
@@ -450,7 +481,7 @@ EOF
                     }]
 EOF
               echo -e "Adding LB Security Rules to access MS HTTP port for AD subnet in Admin Server Network Security Group $admin_server_nsg_ocid..."
-              oci network nsg rules add --nsg-id $admin_server_nsg_ocid --security-rules file://$WLS_MS_RULES_FILE2
+              oci network nsg rules add --nsg-id $managed_server_nsg_ocid --security-rules file://$WLS_MS_RULES_FILE2
             fi
         fi
     fi

Original file line number	Diff line number	Diff line change
`@@ -301,7 +301,7 @@ replace_byol_suite_14110_variables()`
`301`	`301`	`}`
`302`	`302`	`replace_ucm_suite_12214_variables()`
`303`	`303`	`{`
`304`		`- export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_byol.tfvars`
	`304`	`+ export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_ucm.tfvars`
`305`	`305`	`get_mp_values`
`306`	`306`	`sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf`
`307`	`307`	`sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf`
`@@ -314,7 +314,7 @@ replace_ucm_suite_12214_variables()`
`314`	`314`	`}`
`315`	`315`	`replace_ucm_suite_14110_variables()`
`316`	`316`	`{`
`317`		`- export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_byol.tfvars`
	`317`	`+ export TF_VAR_FILE=${SCRIPT_DIR}/../terraform/inputs/mp_image_suite_ucm.tfvars`
`318`	`318`	`get_mp_values`
`319`	`319`	`sed -i '/variable "tf_script_version" {/!b;n;n;n;cdefault = '"$tf_script_version"'' ${TMP_BUILD}/variables.tf`
`320`	`320`	`sed -i 's/default = "EE"/default = "SUITE"/' ${TMP_BUILD}/edition.tf`
Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ output "fss_system_id" {`
`18`	`18`	`}`
`19`	`19`
`20`	`20`	`output "mount_target_id" {`
`21`		`- value = var.mount_target_id != "" ? var.mount_target_id : var.existing_fss_id != "" ? data.oci_file_storage_mount_targets.existing_mount_target[0].mount_targets[0].id : (var.add_fss ? module.fss[0].mount_target_id : "")`
	`21`	`+ value = var.add_fss? (var.mount_target_id != ""? var.mount_target_id: module.fss[0].mount_target_id):""`
`22`	`22`	`}`
`23`	`23`
`24`	`24`	`output "load_balancer_id" {`