Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IP Range Data #1216

Open
priyashpatil opened this issue Sep 22, 2024 · 0 comments
Open

IP Range Data #1216

priyashpatil opened this issue Sep 22, 2024 · 0 comments
Labels
do-api Depends on changes to the DigitalOcean API

Comments

@priyashpatil
Copy link

Is your feature request related to a problem? Please describe.

Currently, there is no easy way to programmatically access the IP ranges of DigitalOcean's uptime monitoring bots and app platform within Terraform configurations. This makes it challenging to configure external security groups, firewalls, or other network-related resources that require knowledge of these specific IP ranges.

Describe the solution you'd like

Add a new data source digitalocean_managed_services_ip_ranges to the DigitalOcean Terraform provider. This data source should return a list of IP ranges (both IPv4 and IPv6) used by DigitalOcean's managed services, with a specific focus on uptime monitoring bots and app platform.

The data source should:

  1. Fetch the latest IP ranges from DigitalOcean's API or a published list.
  2. Allow filtering by service type (e.g., uptime monitoring bots, app platform).
  3. Return the IP ranges in CIDR format.

Example usage:

data "digitalocean_managed_services_ip_ranges" "all" {}

data "digitalocean_managed_services_ip_ranges" "uptime" {
  service = "uptime"
}

data "digitalocean_managed_services_ip_ranges" "app_platform" {
  service = "app_platform"
}

resource "digitalocean_firewall" "example" {
  name = "allow-uptime-and-app-platform"

  inbound_rule {
    protocol         = "tcp"
    port_range       = "80"
    source_addresses = concat(
      data.digitalocean_managed_services_ip_ranges.uptime.ipv4_cidrs,
      data.digitalocean_managed_services_ip_ranges.app_platform.ipv4_cidrs
    )
  }
}

Describe alternatives you've considered

  1. Manually maintaining a list of IP ranges for app platform in the Terraform configuration, but this is error-prone and requires frequent updates as DigitalOcean may change these ranges.
  2. Using external data sources or local-exec provisioners to fetch the IP ranges, but this adds complexity and potential security risks to the Terraform workflow.
  3. Creating separate data sources for each service (e.g., digitalocean_uptime_ip_ranges and digitalocean_app_platform_ip_ranges), but this would lead to more data sources and potentially more complex provider code.

Additional context

DigitalOcean provides IP ranges for their services refer: https://www.digitalocean.com/community/questions/list-of-do-ip-ranges

This feature would be particularly useful for users who need to configure secure access to their resources while allowing DigitalOcean's uptime monitoring bots to check their services and app platform to deploy and manage applications. It would simplify the process of setting up firewalls and security groups that need to whitelist these specific DigitalOcean managed services.
@andrewsomething andrewsomething added the do-api Depends on changes to the DigitalOcean API label Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
do-api Depends on changes to the DigitalOcean API
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@andrewsomething @priyashpatil