Allow adding resources after digitalocean_firewall is created

[raisedadead]

Is your feature request related to a problem? Please describe.

As per the docs, assignments can be done via

droplet_ids (Optional) - The list of the IDs of the Droplets assigned to the Firewall.

However this limits how I am adding droplets, for instance I have use Terraform dependency checks to prevent firewall creation before droplets are ready.

This also limits splitting up my code into different modules. I may have a firewall already and need to add more droplets to it.

Describe the solution you'd like

An additional resource that lets me associate droplets to existing firewalls.

Describe alternatives you've considered

CLI doctl compute firewall add-droplets and click ops.

[andrewsomething]

Hi @raisedadead,

Could you expand a bit on the problems you are facing? You can add or remove droplet_ids and the firewall will be updated in-place. Is your request to be able to add Droplets to an existing firewall that is not managed by Terraform?

[raisedadead]

Hi @andrewsomething, thanks for your response. That is correct I do want to add droplets to an existing firewall that maybe managed outside of Terraform workspace I created it in.

Here is an example:

Suppose I create resources like so in one Terraform workspace:

resource "digitalocean_droplet" "web" {
  name   = "web-1"
  ...
}

resource "digitalocean_firewall" "web" {
  name = "ssh"

  droplet_ids = [digitalocean_droplet.web.id]

  inbound_rule {
    ...
  }
}

And someone in my team owns other workspaces:

resource "digitalocean_droplet" "app" {
  name   = "app-1"
  ...
}

They do not have a way to add these droplets to the firewall I created earlier.

I believe a new resource for associations would be nice? Since the API and the endpoints are already available as seen in the CLI use?