From eac6a1ad5d7b3a8edc436ecc7a773fd1bd9a8db4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dani=20M=C3=B6ller?= <daniel@calidae.com>
Date: Fri, 10 Mar 2023 19:37:15 +0100
Subject: [PATCH] Adapt former Atlassian provider to Google Cloud

---
 .gitignore   |  1 +
 README.md    | 45 ++++++++-------------------------------------
 main.tf      | 15 +++++++--------
 output.tf    | 19 ++-----------------
 variables.tf |  3 +++
 versions.tf  |  4 ++--
 6 files changed, 23 insertions(+), 64 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 variables.tf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..66df410
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.terraform*
\ No newline at end of file
diff --git a/README.md b/README.md
index fb565b8..25d4980 100644
--- a/README.md
+++ b/README.md
@@ -1,15 +1,15 @@
-# Bitbucket Whitelist IP Addresses
+# Google Cloud IP Addresses
 
-This module provides both an IPv4 and IPv6 list of IP Addresses from Bitbucket, useful for whitelisting and security
-groups.
+This module provides both an IPv4 and IPv6 list of Google Cloud 
+IP Addresses fetched from https://www.gstatic.com/ipranges/cloud.json
 
 ## Example usages
 
 ### AWS Security group
 
 ```
-module "bitbucket_ips" {
-  source = "calidae/ip-addresses/bitbucket"
+module "gcloud" {
+  source = "calidae/google-cloud-ip-ranges/http"
 }
 
 resource "aws_security_group" "example" {
@@ -20,38 +20,9 @@ resource "aws_security_group" "example" {
     from_port        = 443
     to_port          = 443
     protocol         = "tcp"
-    cidr_blocks      = module.bitbucket_ips.ipv4_range
-    ipv6_cidr_blocks = module.bitbucket_ips.ipv6_range
-    description      = "Webhooks from Atlassian public IP range"
-  }
-}
-```
-
-### AWS Policy
-
-```
-module "bitbucket_ips" {
-  source = "calidae/ip-addresses/bitbucket"
-}
-
-data "aws_iam_policy_document" "example" {
-  statement {
-    effect  = "Allow"
-    actions = ["sts:AssumeRoleWithWebIdentity"]
-    principals {
-      type        = "Federated"
-      identifiers = ["arn:aws:iam::XXXXXXXXXXXX:oidc-provider/api.bitbucket.org/2.0/workspaces/mywspace/pipelines-config/identity/oidc"]
-    }
-    condition {
-      test     = "StringEquals"
-      variable = "api.bitbucket.org/2.0/workspaces/mywspace/pipelines-config/identity/oidc:aud"
-      values   = ["ari:cloud:bitbucket::workspace/mywspace_uuid"]
-    }
-    condition {
-      test     = "IpAddress"
-      variable = "aws:SourceIp"
-      values   = module.bitbucket_ips.ipv4_range
-    }
+    cidr_blocks      = module.gcloud.ipv4_range
+    ipv6_cidr_blocks = module.gcloud.ipv6_range
+    description      = "Connections from Google Cloud"
   }
 }
 ```
diff --git a/main.tf b/main.tf
index 582cf62..88c488e 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,5 @@
-# Get the JSON list of IP Addresses from Bitbucket.
-data "http" "bitbucket_ips" {
-  url = "https://ip-ranges.atlassian.com/"
+data "http" "this" {
+  url = var.url
 
   request_headers = {
     "Accept" = "application/json"
@@ -8,13 +7,13 @@ data "http" "bitbucket_ips" {
 }
 
 locals {
-  ip_range = tolist(jsondecode(data.http.bitbucket_ips.response_body).items[*].cidr)
+  _prefixes = tolist(jsondecode(data.http.this.response_body).prefixes)
   ipv4_range = compact([
-    for cidr in local.ip_range :
-    replace(cidr, "/.*[:].*/", "")
+    for p in local._prefixes :
+    contains(keys(p), "ipv4Prefix") ? p.ipv4Prefix : null
   ])
   ipv6_range = compact([
-    for cidr in local.ip_range :
-    replace(cidr, "/.*[.].*/", "")
+    for p in local._prefixes :
+    contains(keys(p), "ipv6Prefix") ? p.ipv6Prefix : null
   ])
 }
diff --git a/output.tf b/output.tf
index bf1597b..bd03b26 100644
--- a/output.tf
+++ b/output.tf
@@ -1,24 +1,9 @@
-output "ip_range" {
-  description = "A list of IPv4 and IPv6 Addresses for outbound connections from Bitbucket's services."
-  value       = local.ip_range
-}
-
 output "ipv4_range" {
-  description = "A list of IPv4 Addresses for outbound connections from Bitbucket's services."
+  description = "A list of IPv4 Addresses for outbound connections from Google Cloud."
   value       = local.ipv4_range
 }
 
 output "ipv6_range" {
-  description = "A list of IPv6 Addresses for outbound connections from Bitbucket's services."
-  value       = local.ipv6_range
-}
-
-output "ipv4_ip_addresses" {
-  description = "Alias to ipv4_range"
-  value       = local.ipv4_range
-}
-
-output "ipv6_ip_addresses" {
-  description = "Alias to ipv6_range"
+  description = "A list of IPv6 Addresses for outbound connections from Google Cloud."
   value       = local.ipv6_range
 }
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..7d83ab3
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,3 @@
+variable "url" {
+  default = "https://www.gstatic.com/ipranges/cloud.json"
+}
diff --git a/versions.tf b/versions.tf
index b107f08..70e1e92 100644
--- a/versions.tf
+++ b/versions.tf
@@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 0.12"
+  required_version = ">= 1"
   required_providers {
     http = {
       source  = "hashicorp/http"
-      version = ">= 2.2.0, < 4.0.0"
+      version = ">= 3"
     }
   }
 }