The given value is not suitable for ...variables.tf:283,1-44: element types must all match for conversion to list.

[l3rady]

Describe the Bug

Lets say you are building up your ip_set rules like so:

ip_set_reference = [
  {
    name     = "rule-1"
    priority = 1
    action   = "block"

    statement = {
      arn = data.aws_wafv2_ip_set.marex_known_bad_ipv4_cidrs.arn
    }

    visibility_config = {
      cloudwatch_metrics_enabled = true
      metric_name                = "${local.waf_name}-rule-1-ip-set"
      sampled_requests_enabled   = true
    }
  },
  {
    name     = "rule-20"
    priority = 20
    action   = "allow"

    statement = {
      ip_set = {
        addresses          = var.config.ipv4_cidrs_allow
        description        = "IPv4 allow list for ${local.waf_name}"
        ip_address_version = "IPV4"
      }
    }

    visibility_config = {
      cloudwatch_metrics_enabled = true
      metric_name                = "${local.waf_name}-rule-20-ip-set"
      sampled_requests_enabled   = true
    }
  }
]

This ruleset produces an error because the statement map is structurally different and when placed in a list TF doesn't like it.

│ Error: Invalid value for input variable
│ 
│   on /home/scott/Infra/terraform-modules/terraform-aws-wafv2/main.tf line 18, in module "wafv2":
│   18:   ip_set_reference_statement_rules            = local.ip_set_reference
│ 
│ The given value is not suitable for module.terraform-aws-wafv2.module.wafv2.var.ip_set_reference_statement_rules declared at .terraform/modules/terraform-aws-wafv2.wafv2/variables.tf:283,1-44: element types must all match for conversion to list.
╵

Expected Behavior

I expect the module to create the rules and account for different statement maps.

Steps to Reproduce

See example above

Screenshots

No response

Environment

No response

Additional Context

No response