Terraform Datasource for Terraform Cloud agents.

[bourbonfgiles]

Use-cases

When provisioning items with allow lists such as Azure Key Vaults, Terraform cloud can provision the Key Vault, but there is not an easily listable group of IPs for the agents. As such I cannot provision Key Vault secrets from Terraform cloud at present.

Attempted Solutions

Currently provisoning secrets manually in Key Vault

Proposal

Add an additional output to the following datasource exposing the agents of TF Cloud. https://registry.terraform.io/providers/hashicorp/tfe/latest/docs/data-sources/ip_ranges

[chrisarcand]

Hi!

You mention wanting IPs for TFC agents (a self-hosted Terraform runner for TFC), but also mention TFC's agents and the IP Ranges API, which makes me wonder which you're looking for here:

• If you're looking for the IP ranges used for workloads provisioned on Terraform Cloud's infrastructure (the remote execution mode), the IP Ranges API doesn't publish these ranges and thus they can't be added to this provider. For more on this topic, I suggest submitting a support ticket, but I believe the gist is that TFC is a multi-tenant platform and self-hosted TFC Agents are a preferable solution compared to exposing your infrastructure to workloads not scoped to your particular organization.

• If you're looking for the IPs of active TFC Agents in your current agent pools (the agent execution mode) that indeed is a resource which this provider doesn't currently provide a datasource for; that API is here: https://www.terraform.io/cloud-docs/api-docs/agents#list-agentshttps://www.terraform.io/cloud-docs/api-docs/agents#list-agents

The first case isn't really actionable here in the provider, but the second is; which are you looking for?

[bourbonfgiles]

Hi!

Thanks for the quick reply. I believe the second, so as when Terraform Cloud's agents try to provision a key vault secret I can include some form of data source about the agents in the key vault access policy.