Skip to content

Commit

Permalink
New range types supported on google_netblock_ip_ranges (#4121)
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <magic-modules@google.com>
  • Loading branch information
modular-magician authored and paddycarver committed Aug 12, 2019
1 parent 151d063 commit da5d339
Show file tree
Hide file tree
Showing 3 changed files with 249 additions and 25 deletions.
81 changes: 70 additions & 11 deletions google/data_source_google_netblock_ip_ranges.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@ func dataSourceGoogleNetblockIpRanges() *schema.Resource {
Read: dataSourceGoogleNetblockIpRangesRead,

Schema: map[string]*schema.Schema{
"range_type": {
Type: schema.TypeString,
Optional: true,
Default: "cloud-netblocks",
},
"cidr_blocks": {
Type: schema.TypeList,
Elem: &schema.Schema{Type: schema.TypeString},
Expand All @@ -33,18 +38,73 @@ func dataSourceGoogleNetblockIpRanges() *schema.Resource {
}

func dataSourceGoogleNetblockIpRangesRead(d *schema.ResourceData, meta interface{}) error {
d.SetId("netblock-ip-ranges")

// https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges
CidrBlocks, err := getCidrBlocks()
rt := d.Get("range_type").(string)
CidrBlocks := make(map[string][]string)

if err != nil {
return err
switch rt {
// Dynamic ranges
case "cloud-netblocks":
// https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges
const CLOUD_NETBLOCK_DNS = "_cloud-netblocks.googleusercontent.com"
CidrBlocks, err := getCidrBlocks(CLOUD_NETBLOCK_DNS)

if err != nil {
return err
}
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
d.Set("cidr_blocks_ipv6", CidrBlocks["cidr_blocks_ipv6"])
case "google-netblocks":
// https://support.google.com/a/answer/33786?hl=en
const GOOGLE_NETBLOCK_DNS = "_spf.google.com"
CidrBlocks, err := getCidrBlocks(GOOGLE_NETBLOCK_DNS)

if err != nil {
return err
}
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
d.Set("cidr_blocks_ipv6", CidrBlocks["cidr_blocks_ipv6"])
// Static ranges
case "restricted-googleapis":
// https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "199.36.153.4/30")
CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
case "dns-forwarders":
// https://cloud.google.com/dns/zones/#creating-forwarding-zones
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "35.199.192.0/19")
CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
case "iap-forwarders":
// https://cloud.google.com/iap/docs/using-tcp-forwarding
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "35.235.240.0/20")
CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
case "health-checkers":
// https://cloud.google.com/load-balancing/docs/health-checks#fw-ruleh
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "35.191.0.0/16")
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "130.211.0.0/22")
CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
case "legacy-health-checkers":
// https://cloud.google.com/load-balancing/docs/health-check#fw-netlbs
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "35.191.0.0/16")
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "209.85.152.0/22")
CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "209.85.204.0/22")
CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
default:
return fmt.Errorf("Unknown range_type: %s", rt)
}

d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
d.Set("cidr_blocks_ipv6", CidrBlocks["cidr_blocks_ipv6"])
d.SetId("netblock-ip-ranges-" + rt)

return nil
}
Expand All @@ -66,12 +126,11 @@ func netblock_request(name string) (string, error) {
return string(body), nil
}

func getCidrBlocks() (map[string][]string, error) {
const INITIAL_NETBLOCK_DNS = "_cloud-netblocks.googleusercontent.com"
func getCidrBlocks(netblock string) (map[string][]string, error) {
var dnsNetblockList []string
cidrBlocks := make(map[string][]string)

response, err := netblock_request(INITIAL_NETBLOCK_DNS)
response, err := netblock_request(netblock)

if err != nil {
return nil, err
Expand Down
134 changes: 127 additions & 7 deletions google/data_source_google_netblock_ip_ranges_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,24 +15,144 @@ func TestAccDataSourceGoogleNetblockIpRanges_basic(t *testing.T) {
{
Config: testAccNetblockIpRangesConfig,
Check: resource.ComposeTestCheckFunc(
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
// Cloud netblocks
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks_ipv4.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks_ipv6.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.some",
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.cloud",
"cidr_blocks_ipv6.0", regexp.MustCompile("^(?:[0-9a-fA-F]{1,4}:){1,2}.*/[0-9]{1,3}$")),
),
},
{
Config: testAccNetblockIpRangesConfig_google,
Check: resource.ComposeTestCheckFunc(
// Google netblocks
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks_ipv4.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks_ipv6.#", regexp.MustCompile(("^[1-9]+[0-9]*$"))),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.google",
"cidr_blocks_ipv6.0", regexp.MustCompile("^(?:[0-9a-fA-F]{1,4}:){1,2}.*/[0-9]{1,3}$")),
),
},
{
Config: testAccNetblockIpRangesConfig_restricted,
Check: resource.ComposeTestCheckFunc(
// Private Google Access Restricted VIP
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.restricted", "cidr_blocks.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.restricted",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.restricted", "cidr_blocks_ipv4.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.restricted",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.restricted", "cidr_blocks_ipv6.#", "0"),
),
},
{
Config: testAccNetblockIpRangesConfig_dns,
Check: resource.ComposeTestCheckFunc(
// DNS outbound forwarding
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.dns", "cidr_blocks.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.dns",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.dns", "cidr_blocks_ipv4.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.dns",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.dns", "cidr_blocks_ipv6.#", "0"),
),
},
{
Config: testAccNetblockIpRangesConfig_iap,
Check: resource.ComposeTestCheckFunc(
// IAP sources
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.iap", "cidr_blocks.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.iap",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.iap", "cidr_blocks_ipv4.#", "1"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.iap",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.iap", "cidr_blocks_ipv6.#", "0"),
),
},
{
Config: testAccNetblockIpRangesConfig_hc,
Check: resource.ComposeTestCheckFunc(
// Modern health checkers
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.hc", "cidr_blocks.#", "2"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.hc",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.hc", "cidr_blocks_ipv4.#", "2"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.hc",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.hc", "cidr_blocks_ipv6.#", "0"),
),
},
{
Config: testAccNetblockIpRangesConfig_lhc,
Check: resource.ComposeTestCheckFunc(
// Legacy health checkers
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.lhc", "cidr_blocks.#", "3"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.lhc",
"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.lhc", "cidr_blocks_ipv4.#", "3"),
resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.lhc",
"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.lhc", "cidr_blocks_ipv6.#", "0"),
),
},
},
})
}

const testAccNetblockIpRangesConfig = `
data "google_netblock_ip_ranges" "some" {}
data "google_netblock_ip_ranges" "cloud" {}
`

const testAccNetblockIpRangesConfig_google = `
data "google_netblock_ip_ranges" "google" {
range_type = "google-netblocks"
}
`

const testAccNetblockIpRangesConfig_restricted = `
data "google_netblock_ip_ranges" "restricted" {
range_type = "restricted-googleapis"
}
`

const testAccNetblockIpRangesConfig_dns = `
data "google_netblock_ip_ranges" "dns" {
range_type = "dns-forwarders"
}
`

const testAccNetblockIpRangesConfig_iap = `
data "google_netblock_ip_ranges" "iap" {
range_type = "iap-forwarders"
}
`

const testAccNetblockIpRangesConfig_hc = `
data "google_netblock_ip_ranges" "hc" {
range_type = "health-checkers"
}
`

const testAccNetblockIpRangesConfig_lhc = `
data "google_netblock_ip_ranges" "lhc" {
range_type = "legacy-health-checkers"
}
`
59 changes: 52 additions & 7 deletions website/docs/d/datasource_google_netblock_ip_ranges.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,14 @@ layout: "google"
page_title: "Google: google_netblock_ip_ranges"
sidebar_current: "docs-google-datasource-netblock-ip-ranges"
description: |-
Use this data source to get the IP ranges from the sender policy framework (SPF) record of \_cloud-netblocks.googleusercontent.com
Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform.
---

# google_netblock_ip_ranges

Use this data source to get the IP ranges from the sender policy framework (SPF) record of \_cloud-netblocks.googleusercontent
Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform.

https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges

## Example Usage
## Example Usage - Cloud Ranges

```tf
data "google_netblock_ip_ranges" "netblock" {}
Expand All @@ -30,10 +28,57 @@ output "cidr_blocks_ipv6" {
}
```

## Example Usage - Allow Health Checks

```tf
data "google_netblock_ip_ranges" "legacy-hcs" {
range_type = "legacy-health-checkers"
}
resource "google_compute_firewall" "allow-hcs" {
name = "allow-hcs"
network = "${google_compute_network.default.name}"
allow {
protocol = "tcp"
ports = ["80"]
}
source_ranges = ["${data.google_netblock_ip_ranges.legacy-hcs.cidr_blocks_ipv4}"]
}
resource "google_compute_network" "default" {
name = "test-network"
}
```

## Argument Reference

The following arguments are supported:

* `range_type` (Optional) - The type of range for which to provide results.

Defaults to `cloud-netblocks`. The following `range_type`s are supported:

* `cloud-netblocks` - Corresponds to the IP addresses used for resources on Google Cloud Platform. [More details.](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)

* `google-netblocks` - Corresponds to IP addresses used for Google services. [More details.](https://support.google.com/a/answer/33786?hl=en)

* `restricted-googleapis` - Corresponds to the IP addresses used for Private Google Access and/or VPC Service Controls API access. [More details.](https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid)

* `dns-forwarders` - Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. [More details.](https://cloud.google.com/dns/zones/#creating-forwarding-zones)

* `iap-forwarders` - Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. [More details.](https://cloud.google.com/iap/docs/using-tcp-forwarding)

* `health-checkers` - Corresponds to the IP addresses used for health checking in Cloud Load Balancing. [More details.](https://cloud.google.com/load-balancing/docs/health-checks)

* `legacy-health-checkers` - Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). [ More details.](https://cloud.google.com/load-balancing/docs/health-checks)


## Attributes Reference

* `cidr_blocks` - Retrieve list of all CIDR blocks.

* `cidr_blocks_ipv4` - Retrieve list of the IP4 CIDR blocks
* `cidr_blocks_ipv4` - Retrieve list of the IPv4 CIDR blocks

* `cidr_blocks_ipv6` - Retrieve list of the IP6 CIDR blocks.
* `cidr_blocks_ipv6` - Retrieve list of the IPv6 CIDR blocks, if available.

0 comments on commit da5d339

Please sign in to comment.