Open raisedadead opened 3 weeks ago
andrewsomething
commented
3 weeks ago Hi @raisedadead,
Could you expand a bit on the problems you are facing? You can add or remove droplet_ids and the firewall will be updated in-place. Is your request to be able to add Droplets to an existing firewall that is not managed by Terraform?
raisedadead
commented
3 weeks ago Hi @andrewsomething, thanks for your response. That is correct I do want to add droplets to an existing firewall that maybe managed outside of Terraform workspace I created it in.
Here is an example:
Suppose I create resources like so in one Terraform workspace:
resource "digitalocean_droplet" "web" {
name = "web-1"
...
}
resource "digitalocean_firewall" "web" {
name = "ssh"
droplet_ids = [digitalocean_droplet.web.id]
inbound_rule {
...
}
}And someone in my team owns other workspaces:
resource "digitalocean_droplet" "app" {
name = "app-1"
...
}They do not have a way to add these droplets to the firewall I created earlier.
I believe a new resource for associations would be nice? Since the API and the endpoints are already available as seen in the CLI use?
Is your feature request related to a problem? Please describe.
As per the docs, assignments can be done via
droplet_ids(Optional) - The list of the IDs of the Droplets assigned to the Firewall.However this limits how I am adding droplets, for instance I have use Terraform dependency checks to prevent firewall creation before droplets are ready.
This also limits splitting up my code into different modules. I may have a firewall already and need to add more droplets to it.
Describe the solution you'd like
An additional resource that lets me associate droplets to existing firewalls.
Describe alternatives you've considered
CLI
doctl compute firewall add-dropletsand click ops.