terraform-provider-dynatrace icon indicating copy to clipboard operation
terraform-provider-dynatrace copied to clipboard

Published 20 hours ago verified publisher icon dynatrace-oss

dynatrace_web_application has a cumbersome way to add multiple IP addresses within monitoring_settings

Open nmarchini opened this issue 1 week ago • 0 comments

**Is your feature request related to a problem?

I want to exclude all the Dynatrace Public Synthetic locations from the Web Application Capturing, to do this in terraform I need to first use the API to query each locations to bring back the IP addresses and then construct a very ugly piece of code like this

  monitoring_settings {
    ip_address_restriction_settings {
      mode = "EXCLUDE"
      restrictions {
        range {
          address  = "1.1.1.1"
        }
        range {
          address  = "1.1.1.2"
        }
        range {
          address  = "1.1.1.3"
        }
        range {
          address  = "1.1.1.4"
        }
        range {
          address  = "1.1.1.5"
        }
        range {
          address  = "1.1.1.6"
        }
        range {
          address  = "1.1.1.2"
        }
        range {
          address  = "1.1.1.2"
        }
        range {
          address  = "1.1.1.2"
        }
        range {
          address  = "1.1.1.2"
        }
      }
    }

This cumbersome when the list of IP addresses is many, I have ~50 to account for

Describe the solution you'd like

  1. I would like to be able to pull all the IP addresses for a Dynatrace Public Synthetic location using the locaiton ID. Use the returned IP addresses in the code without having to type them out.
data "dynatrace_synthetic_locations" "all" {}

locals {
  synthetic_ips = flatten([
    for location in data.dynatrace_synthetic_locations.all.locations : location.ips
  ])
}

resource "dynatrace_web_application" "example" {
  name                                 = "example"
  type                                 = "AUTO_INJECTED"
  cost_control_user_session_percentage = 100
  load_action_key_performance_metric   = "VISUALLY_COMPLETE"
  real_user_monitoring_enabled         = true
  xhr_action_key_performance_metric    = "VISUALLY_COMPLETE"

  monitoring_settings {
    ip_address_restriction_settings {
      mode = "EXCLUDE"
      restrictions {
        range {
          for_each = toset(local.synthetic_ips)
          address  = each.value
        }
      }
    }
}
  1. Be able to use for_each within ip_address_restriction_settings that calls a list of IPs from locals if we have a lot of IPs to exclude that are not Dynatrace IPs
  2. Create a separate resource dynatrace_web_application_restricted_ips that allows us to use for_each on that resource
locals {
  synthetic_ips = [
    "157.175.133.173",
    "157.175.121.164",
    "157.175.6.178",
    "15.185.69.56",
    "15.185.49.140",
    "157.175.8.204",
    "15.185.79.211",
    "157.175.28.149"
  ]
}

resource "dynatrace_web_application_restricted_ips" "sephora_me_ips" {
  for_each = toset(local.synthetic_ips)
  web_application_id = dynatrace_web_application.sephora_me.id
  address            = each.value
}

Describe alternatives you've considered I have to write out each IP address manually and it's very ugly and I have to keep checking if the Dynatrace Synthetic Public Ip have changed

Additional context Add any other context or screenshots about the feature request here.

nmarchini avatar Feb 13 '25 10:02 nmarchini