ibm_is_vpc_routing_table resource missing private_ip_address

[powellquiring]

resource "ibm_is_vpc_routing_table" "transit_ingress_from_tgw" {
  name  = "transitfromtgw"
  vpc   = module.transits["transit"].vpc.id
  route_transit_gateway_ingress = true
}

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_vpn_gateway

resource is missing the private_ip_address and private_ip_address2. In order to use this resource as a next hop in the ibm_is_vpc_routing_table_route resource the private IP address is required.

#2270 is a closely related work item.

Here is the work around:

data "external" "transit_vpn_gateway_private_ip_address" {
  program = ["sh", "${path.module}/vpn_gateway_private_ip_address.sh"]

  query = {
    ibmcloud_api_key = var.ibmcloud_api_key
    region = var.region
    vpn_gateway_id = module.transits["transit"].vpn_gateway.id
  }
}

vpn_gateway_private_ip_address.sh

#!/bin/bash

# Exit if any of the intermediate steps fail
set -e

eval "$(jq -r '@sh "ibmcloud_api_key=\(.ibmcloud_api_key) region=\(.region) vpn_gateway_id=\(.vpn_gateway_id)"')"
echo $ibmcloud_api_key $region $vpn_gateway_id >> /tmp/oo


ibmcloud login --apikey $ibmcloud_api_key > /dev/null 2>&1
ibmcloud target -r $region > /dev/null 2>&1

# return string:
ibmcloud is vpn-gateway $vpn_gateway_id --output json | jq '.members[]|select(.role=="active")|.private_ip'

[powellquiring]

This may not be a viable solution to the ingress routing problem. The underlying VPN private IP addresses can change over time so statically assigning these in terraform might be the wrong approach.