Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add/edit datasource to output the list of public runner IPs. #197

Open
SanderBlom opened this issue Feb 11, 2024 · 1 comment
Open

feat: Add/edit datasource to output the list of public runner IPs. #197

SanderBlom opened this issue Feb 11, 2024 · 1 comment

Comments

@SanderBlom
Copy link

SanderBlom commented Feb 11, 2024
edited
Loading

Hi!

It would be very useful to have a data source that outputted the outgoing IPs for the public runners. This would be useful when whitelisting access to resources based on IP (Yes, I know this is not best practice). The list of IP's can be found here, in chapter Valid IP addresses for Bitbucket Pipelines build environments. This is currently possible to filter out using the bitbucket_ip_ranges data source, but it looks very messy (see example bellow).

Terraform Version

1.7.1

Affected Resource(s)

Please list the resources as a list, for example:

  • bitbucket_ip_ranges

Terraform Configuration Files

# How I solved it: 
data "bitbucket_ip_ranges" "public_runners" {}
resource "azurerm_mysql_flexible_server_firewall_rule" "bitbucket_runners" {
  for_each = { 
    for idx, range in data.bitbucket_ip_ranges.public_runners.ranges : "${range.network}-${range.mask_len}" => range
    if contains(range.directions, "egress") &&
       length(range.products) == 1 &&
       contains(range.products, "bitbucket") &&
       !strcontains(range.network, ":") // Exclude IPv6 addresses
  }

  name                = "bitbucket-${replace(each.value.network, ".", "-")}" 
  resource_group_name = data.azurerm_resource_group.deployment.name
  server_name         = azurerm_mysql_flexible_server.test.name
  start_ip_address    = each.value.network
  end_ip_address      = each.value.network
}

#How I would like it to be: 
data "bitbucket_ip_ranges" "public_runners" {}
resource "azurerm_mysql_flexible_server_firewall_rule" "bitbucket_runners" {
  for_each =  data.bitbucket_ip_ranges.public_runners.ranges.runners

  name                = "bitbucket-${each.key}" 
  resource_group_name = data.azurerm_resource_group.deployment.name
  server_name         = azurerm_mysql_flexible_server.test.name
  start_ip_address    = each.value
  end_ip_address      = each.value
}
@DrFaust92
Copy link
Owner

Hi SanderBlom, you are using it as intended, the bitbucket_ip_ranges datasource just lightly parses the public ip lists BB publish. ill try to maybe add something to to try making the parse outout more manageable but this is also how we use it in my company

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DrFaust92 @SanderBlom