Add vpc_ids to Firewall API sources/destinations

[houstonheat]

/v2/firewalls allows us to manage firewall rules with the help of sources and destinations (of direct addresses, droplet_ids , load_balancer_uids and tags ), meanwhile DO web interface provides all these sources + available VPCs (through api/v1 endpoint).

For now godo and DO terraform provider can't assign VPC to firewall rule by ID :(
I can try to provide PR's by myself if this request will be shipped: https://ideas.digitalocean.com/ideas/FWX-I-37

Sorry for offtop but I'm not sure where to post DO API feature request 🌚

[andrewsomething]

Hi @houstonheat,

I've passed this request onto our VPC team. I can't give you a timeline yet, but it is something they are hoping to support via the API as well. In the meantime, you should be able to work around this in Terraform using something like the config below. As you can pass a CIDR range to a firewall for both sources and destinations, you can reference the ip_range attribute of the VPC:

resource "digitalocean_vpc" "example" {
  name   = "example-project-network"
  region = "nyc3"
}

resource "digitalocean_firewall" "example" {
  name = "only-the-example-vpc"

  droplet_ids = [digitalocean_droplet.web.id]

  inbound_rule {
    protocol         = "tcp"
    port_range       = "8000"
    source_addresses = [digitalocean_vpc.example.ip_range]
  }

  outbound_rule {
    protocol              = "tcp"
    port_range            = "8000"
    destination_addresses = [digitalocean_vpc.example.ip_range]
  }
}

Thanks for the feedback!