Thousandeyes Cloud Agents IP addresses

[abdulbello5]

Looking at the Thousandeyes terraform documentation, there doesn't seem to a datasource available to pull cloud agent IP addresses. i.e We need to pull in the IP addresses of agent in Sao-paulo Brazil for example and then allow those IP's on our network firewall. so, something like the terraform code below to retreive the IP's:

data "te_agent_ip" "test" { id = "agent_name" value = [] }

Can this be provided?

[aggallim]

We need this too...... +1

[AJD-UK]

The TE equivalent of https://ip-ranges.amazonaws.com/ip-ranges.json would really help here

[sfreitas-te]

Currently we have this tool to obtain this information https://github.com/thousandeyes/te-iplist

[AJD-UK]

Currently we have this tool to obtain this information https://github.com/thousandeyes/te-iplist

Thanks @sfreitas-te Any way to raise feature requests to add explicit proxy support to the tool? Add an issue on GitHub?

[joaomper-TE]

Hey @AJD-UK ! We created an internal issue in our side to add this feature. We will keep you updated

[joaomper-TE]

@AJD-UK @abdulbello5 @aggallim instead of adding a new datasource, this PR uses the existing thousandeyes_agent datasource and adds a new output for the IP Address list. Is this okay for your use-cases?

Or do you instead want the public IP Addresses?

[AJD-UK]

Hi @joaomper-TE, thanks for following up on this.

We have two use cases really that are alluded to in this issue:

1) The ability to use a terraform data source to obtain the public IP addresses for Cloud Agent locations. Ideally this would be facilitated by a publicly available json file which lists the IP addresses for the sites defined at https://www.thousandeyes.com/product/cloud-agents. AWS and Zscaler for example publish their cloud locations in this manner (https://config.zscaler.com/api/zscaler.net/cenr/json). If there are reasons why access to this data needs to be authenticated, we can set the TE_TOKEN env variable for our orchestration systems in order to use the data source. Alternatively, if a public json file is published, we can do this outside of the TE provider using https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http

2) We currently have enterprise agents and other systems with the te-iplist tool installed, but they sit behind explicit proxy servers so it would be good if this tool honoured the HTTPS_PROXY env variables so we can make the appropriate API calls via the proxy.

The end goal is automating our firewalls in order to limit access to our endpoints to the IP range of the Cloud Agent locations we choose to use for monitoring. This is for Internet facing applications that we want to monitor using cloud agents but without having to open up the source IP addresses to "any". We program the firewalls using terraform and would like to obtain the source IP addresses using the TE or http terraform provider.

Hope that makes sense

[joaomper-TE]

Hey @AJD-UK and thanks for the detailed answer. Regarding point 1, it looks like this PR won't cut it and that you actually need the public IP Addresses and not the ipAddresses correct?

And since our /agents endpoint only returns the publicIpAddresses for Enterprise agents - not Cloud agents - this would require new development to the endpoint prior to actually having a Terraform Data source within this repo using that info.

Let me know if my assumptions are correct.

Thanks

[AJD-UK]

I think the PR is useful info @joaomper-TE. I could see Private IP Address, Public IP Address and Agent Version being useful attributes returned from a data source for Enterprise Agents.

Our main requirement is around Cloud Agents however.

[joaomper-TE]

Hey @AJD-UK , and sorry for the misunderstanding. The PR aforementioned will actually cut it for you, since it will output the IP Addresses for the cloud agents, which are the public ones.

In the future we may go even further and output the public IPs for Enterprise Agents, but for now I'll go ahead and merge the PR and close this issue if that's ok.

[joaomper-TE]

https://github.com/thousandeyes/terraform-provider-thousandeyes/pull/150 merged and you can test the new datasource using v2.0.5