Cannot create an expression to be used with cloudflare_ruleset resource in terraform

I am trying to create an expression that would create a network firewall rule in cloudflare gateway. I cannot find expression builder in the dashboard as the documentation suggests and hence I did a lot of trial and error but unable to succeed.
Now I am using two lists one that contains and IP CIDR range and another that contains user emails.
I am trying to build an expression that checks for the ip.dst in the ip range and also if the email is “not” in the user email list.

After multiple trial and error I have created the following expression

expression = <<-EOT
ip.dst in {${join(“", "”, cloudflare_teams_list.cidr_list.items)}} and
${join(" or ", [
for email in cloudflare_teams_list.user_list.items : “http.request.uri.query contains ‘email=${email}’”

This gives me the following expression when I run terraform plan

expression = <<-EOT
ip.dst in {x.x.x.x/12} and
http.request.uri.query contains ‘[email protected]’ or http.request.uri.query contains ‘[email protected]’ or http.request.uri.query contains ‘[email protected]
Which means that my variables and all works but when I do a terraform apply and submit yes I get the following errors
1. ip.dst is an unknown identifier
2. invalid digit found in string while parsing with radix 16 - for the email

I referred to the documentation here Fields reference · Cloudflare Ruleset Engine docs which says that ip.dst is not available in standard fields.

Can anyone please help me build a correct expression since I really don’t want to manage the network firewall rules in Gateway manually.

Let me know if any other information is missing or required to help debug.

Can you try a resource declaration like this?

resource "cloudflare_teams_rule" "example" {
  action      = "block"
  filters     = ["http"]
  traffic     = <<-EOT
      http.conn.dst_ip[*] in {}
    and not(
      http.request.uri.query matches