Add vpc_ids to Firewall API sources/destinations

digitalocean / godo

DigitalOcean Go API client

https://pkg.go.dev/github.com/digitalocean/godo

Other

1.44k stars 299 forks source link

Add vpc_ids to Firewall API sources/destinations #445

Open houstonheat opened 3 years ago

houstonheat commented 3 years ago

/v2/firewalls allows us to manage firewall rules with the help of sources and destinations _(of direct addresses, droplet_ids , load_balancer_uids and tags ), meanwhile DO web interface provides all these sources + available VPCs (through api/v1 endpoint)_.

For now godo and DO terraform provider can't assign VPC to firewall rule by ID :( I can try to provide PR's by myself if this request will be shipped: https://ideas.digitalocean.com/ideas/FWX-I-37

Sorry for offtop but I'm not sure where to post DO API feature request 🌚

andrewsomething commented 3 years ago

Hi @houstonheat,

I've passed this request onto our VPC team. I can't give you a timeline yet, but it is something they are hoping to support via the API as well. In the meantime, you should be able to work around this in Terraform using something like the config below. As you can pass a CIDR range to a firewall for both sources and destinations, you can reference the ip_range attribute of the VPC:

resource "digitalocean_vpc" "example" {
  name   = "example-project-network"
  region = "nyc3"
}

resource "digitalocean_firewall" "example" {
  name = "only-the-example-vpc"

  droplet_ids = [digitalocean_droplet.web.id]

  inbound_rule {
    protocol         = "tcp"
    port_range       = "8000"
    source_addresses = [digitalocean_vpc.example.ip_range]
  }

  outbound_rule {
    protocol              = "tcp"
    port_range            = "8000"
    destination_addresses = [digitalocean_vpc.example.ip_range]
  }
}

Thanks for the feedback!