Firewall Support for Dynamic IP Lists via data source

Question

Firewall Support for Dynamic IP Lists via data source

jeheyer opened this issue 10 months ago · 1 comments

TL;DR

Would be super handy to support dynamic IP lists for google-owned source IP lists. Common example are the GCP Healthcheck ranges: ["35.191.0.0/16" ,"130.211.0.0/22"]

Terraform Resources

google_compute_firewall
google_netblock_ip_ranges - https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/netblock_ip_ranges

Detailed design

Add new variable(s) `range_type` (string) or `range_types` (list(string))

Use the data source to get the current address values as a list

Additional information

Example if going with a list:

data "google_netblock_ip_ranges" "default" {
  for_each.     = toset(var.range_types) 
  range_type  = each.value
}
resource "google_compute_firewall" "default" {
  description       = "Allow Google Healthcheck ranges". 
  source_ranges = flatten([ for rt in var.range_types : google_netblock_ip_ranges.default[rt].cidr_blocks  ])
}

Answer 1 · 2023-11-28T13:29:04.000Z

@jeheyer can you plz create an Issue for the Provider.