Skip to content

34.126.0.0/18 not showing up in google_netblock_ip_ranges for restricted-googleapis private-googleapis #22459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
woojae-highnote opened this issue Apr 22, 2025 · 0 comments · May be fixed by GoogleCloudPlatform/magic-modules#13783
Open

34.126.0.0/18 not showing up in google_netblock_ip_ranges for restricted-googleapis private-googleapis #22459

woojae-highnote opened this issue Apr 22, 2025 · 0 comments · May be fixed by GoogleCloudPlatform/magic-modules#13783
Labels
bug

Comments

@woojae-highnote
Copy link

Community Note

34.126.0.0/18 not showing up in google_netblock_ip_ranges for restricted-googleapis private-googleapis

https://cloud.google.com/vpc/docs/configure-private-google-access

restricted-googleapis ranges should be
199.36.153.4/30
34.126.0.0/18

but we are only getting the 199.36.153.4/30

As a result we are blocking lots of traffic to 34.126.0.0/18 which is trigger our security monitor. Security events started showing up after upgrading to gke 1.31.

data.google_netblock_ip_ranges.netblock: Reading...
data.google_netblock_ip_ranges.netblock: Read complete after 0s [id=netblock-ip-ranges-restricted-googleapis]

Changes to Outputs:
  + google_netblock_ip_ranges = {
      + cidr_blocks      = [
          + "199.36.153.4/30",
        ]
      + cidr_blocks_ipv4 = [
          + "199.36.153.4/30",
        ]
      + cidr_blocks_ipv6 = null
      + id               = "netblock-ip-ranges-restricted-googleapis"
      + range_type       = "restricted-googleapis"
    }

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

private-googleapis according this documentation is. https://cloud.google.com/vpc/docs/configure-private-google-access

should be
199.36.153.8/30
34.126.0.0/18

data.google_netblock_ip_ranges.netblock: Reading...
data.google_netblock_ip_ranges.netblock: Read complete after 0s [id=netblock-ip-ranges-private-googleapis]

Changes to Outputs:
  + google_netblock_ip_ranges = {
      + cidr_blocks      = [
          + "199.36.153.8/30",
        ]
      + cidr_blocks_ipv4 = [
          + "199.36.153.8/30",
        ]
      + cidr_blocks_ipv6 = null
      + id               = "netblock-ip-ranges-private-googleapis"
      + range_type       = "private-googleapis"
    }

https://cloud.google.com/vpc/docs/configure-private-google-access

Terraform Version & Provider Version(s)

Terraform 1.11.3
on x86 and Apple Silicon

  • provider registry.terraform.io/hashicorp/google v6.31.0
  • provider registry.terraform.io/hashicorp/google-beta v6.31.0

Affected Resource(s)

google_netblock_ip_ranges

Terraform Configuration

data "google_netblock_ip_ranges" "netblock" {
  range_type = "private-googleapis"
}

output "google_netblock_ip_ranges" {
  value = data.google_netblock_ip_ranges.netblock
}

Debug Output

data.google_netblock_ip_ranges.netblock: Reading...
data.google_netblock_ip_ranges.netblock: Read complete after 0s [id=netblock-ip-ranges-private-googleapis]

Changes to Outputs:
  + google_netblock_ip_ranges = {
      + cidr_blocks      = [
          + "199.36.153.8/30",
        ]
      + cidr_blocks_ipv4 = [
          + "199.36.153.8/30",
        ]
      + cidr_blocks_ipv6 = null
      + id               = "netblock-ip-ranges-private-googleapis"
      + range_type       = "private-googleapis"
    }

You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.

Expected Behavior

No response

Actual Behavior

No response

Steps to reproduce

  1. terraform apply

Important Factoids

No response

References

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

added IP address range for direct connectivity from GCE VM and IPv6 translucens/magic-modules
1 participant
@woojae-highnote