Fetch Google netblock from JSON on gstatic domain (#3689)

third_party/terraform/data_sources/data_source_google_netblock_ip_ranges.go

@@ -1,13 +1,26 @@
 package google
 
 import (
+	"encoding/json"
 	"fmt"
-	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	"io/ioutil"
 	"net/http"
 	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 )
 
+type googRanges struct {
+	SyncToken    string     `json:"syncToken"`
+	CreationTime string     `json:"creationTime"`
+	Prefixes     []prefixes `json:"prefixes"`
+}
+
+type prefixes struct {
+	Ipv4Prefix string `json:"ipv4Prefix"`
+	Ipv6Prefix string `json:"ipv6Prefix"`
+}
+
 func dataSourceGoogleNetblockIpRanges() *schema.Resource {
 	return &schema.Resource{
 		Read: dataSourceGoogleNetblockIpRangesRead,
@@ -47,7 +60,7 @@ func dataSourceGoogleNetblockIpRangesRead(d *schema.ResourceData, meta interface
 	case "cloud-netblocks":
 		// https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges
 		const CLOUD_NETBLOCK_DNS = "_cloud-netblocks.googleusercontent.com"
-		CidrBlocks, err := getCidrBlocks(CLOUD_NETBLOCK_DNS)
+		CidrBlocks, err := getCidrBlocksFromDns(CLOUD_NETBLOCK_DNS)
 
 		if err != nil {
 			return err
@@ -56,9 +69,9 @@ func dataSourceGoogleNetblockIpRangesRead(d *schema.ResourceData, meta interface
 		d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
 		d.Set("cidr_blocks_ipv6", CidrBlocks["cidr_blocks_ipv6"])
 	case "google-netblocks":
-		// https://support.google.com/a/answer/33786?hl=en
-		const GOOGLE_NETBLOCK_DNS = "_spf.google.com"
-		CidrBlocks, err := getCidrBlocks(GOOGLE_NETBLOCK_DNS)
+		// https://cloud.google.com/vpc/docs/configure-private-google-access?hl=en#ip-addr-defaults
+		const GOOGLE_NETBLOCK_URL = "http://www.gstatic.com/ipranges/goog.json"
+		CidrBlocks, err := getCidrBlocksFromUrl(GOOGLE_NETBLOCK_URL)
 
 		if err != nil {
 			return err
@@ -132,7 +145,7 @@ func netblock_request(name string) (string, error) {
 	return string(body), nil
 }
 
-func getCidrBlocks(netblock string) (map[string][]string, error) {
+func getCidrBlocksFromDns(netblock string) (map[string][]string, error) {
 	var dnsNetblockList []string
 	cidrBlocks := make(map[string][]string)
 
@@ -186,3 +199,40 @@ func getCidrBlocks(netblock string) (map[string][]string, error) {
 
 	return cidrBlocks, nil
 }
+
+func getCidrBlocksFromUrl(url string) (map[string][]string, error) {
+	cidrBlocks := make(map[string][]string)
+
+	response, err := http.Get(url)
+
+	if err != nil {
+		return nil, fmt.Errorf("Error: %s", err)
+	}
+
+	defer response.Body.Close()
+	body, err := ioutil.ReadAll(response.Body)
+
+	if err != nil {
+		return nil, fmt.Errorf("Error to retrieve the CIDR list: %s", err)
+	}
+
+	ranges := googRanges{}
+	jsonErr := json.Unmarshal(body, &ranges)
+	if jsonErr != nil {
+		return nil, fmt.Errorf("Error reading JSON list: %s", jsonErr)
+	}
+
+	for _, element := range ranges.Prefixes {
+
+		if len(element.Ipv4Prefix) > 0 {
+			cidrBlocks["cidr_blocks_ipv4"] = append(cidrBlocks["cidr_blocks_ipv4"], element.Ipv4Prefix)
+			cidrBlocks["cidr_blocks"] = append(cidrBlocks["cidr_blocks"], element.Ipv4Prefix)
+		} else if len(element.Ipv6Prefix) > 0 {
+			cidrBlocks["cidr_blocks_ipv6"] = append(cidrBlocks["cidr_blocks_ipv6"], element.Ipv6Prefix)
+			cidrBlocks["cidr_blocks"] = append(cidrBlocks["cidr_blocks"], element.Ipv6Prefix)
+		}
+
+	}
+
+	return cidrBlocks, nil
+}

third_party/terraform/website/docs/d/datasource_google_netblock_ip_ranges.html.markdown

@@ -64,7 +64,7 @@ The following arguments are supported:
 
   * `cloud-netblocks` - Corresponds to the IP addresses used for resources on Google Cloud Platform. [More details.](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)
 
-  * `google-netblocks` - Corresponds to IP addresses used for Google services. [More details.](https://support.google.com/a/answer/33786?hl=en)
+  * `google-netblocks` - Corresponds to IP addresses used for Google services. [More details.](https://cloud.google.com/compute/docs/faq#where_can_i_find_product_name_short_ip_ranges)
 
   * `restricted-googleapis` - Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. [More details.](https://cloud.google.com/vpc/docs/private-access-options#domain-vips)