terraform-provider-google icon indicating copy to clipboard operation
terraform-provider-google copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

data google_compute_addresses with filter

Open stephenc opened this issue 2 years ago • 2 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

In order to configure a kubernetes cluster with allowed networks, I need to know the status:IN_USE addresses of purpose:NAT_AUTO

the google_compute_address data source only fetches a single named address, but as these are AUTO_IP and created in a separate project, I cannot find them as I cannot predict what names they will have

New or Affected Resource(s)

  • google_compute_addresses

Potential Terraform Configuration

# The use case is where the project you want to query the addresses from is either
# managed by another team with their own separate terraform state or
# not managed by terraform :-(
# We assume that the user running terraform has read permissions for the network 
# addresses in the project they need to query... or they are impersonating a
# service account that has read permissions
#
# resolved value is a list of objects with the same format as "google_compute_address"
data "google_compute_addresses" "vpn-nat-addresses" {
  project = "the-project-that-has-the-vpn"
  filter = "purpose:'NAT_AUTO' AND status:'IN_USE'"
}

...

resource "google_container_cluster" "my-cluster" {
  ...
  master_authorized_networks_config {
    dynamic "cidr_blocks" {
      for_each = data.google_compute_addresses.vpn-nat-addresses
      content {
        cidr_block = "${cidr_blocks.value.address}/32"
      }
    }    
  }
  ...
}

References

  • gcloud compute addresses list --project ... -- filter ... returns the information required but gets ugly to wire up with an external provider if using service account impersonation

stephenc avatar Oct 01 '21 10:10 stephenc

See https://github.com/hashicorp/terraform-provider-google/issues/8255, this is blocked on that.

rileykarson avatar Oct 04 '21 19:10 rileykarson

b/243811404

melinath avatar Sep 15 '22 22:09 melinath