terraform-provider-google
terraform-provider-google copied to clipboard
data google_compute_addresses with filter
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.
Description
In order to configure a kubernetes cluster with allowed networks, I need to know the status:IN_USE
addresses of purpose:NAT_AUTO
the google_compute_address
data source only fetches a single named address, but as these are AUTO_IP and created in a separate project, I cannot find them as I cannot predict what names they will have
New or Affected Resource(s)
- google_compute_addresses
Potential Terraform Configuration
# The use case is where the project you want to query the addresses from is either
# managed by another team with their own separate terraform state or
# not managed by terraform :-(
# We assume that the user running terraform has read permissions for the network
# addresses in the project they need to query... or they are impersonating a
# service account that has read permissions
#
# resolved value is a list of objects with the same format as "google_compute_address"
data "google_compute_addresses" "vpn-nat-addresses" {
project = "the-project-that-has-the-vpn"
filter = "purpose:'NAT_AUTO' AND status:'IN_USE'"
}
...
resource "google_container_cluster" "my-cluster" {
...
master_authorized_networks_config {
dynamic "cidr_blocks" {
for_each = data.google_compute_addresses.vpn-nat-addresses
content {
cidr_block = "${cidr_blocks.value.address}/32"
}
}
}
...
}
References
-
gcloud compute addresses list --project ... -- filter ...
returns the information required but gets ugly to wire up with an external provider if using service account impersonation
See https://github.com/hashicorp/terraform-provider-google/issues/8255, this is blocked on that.
b/243811404