Adds context support to peering zones (#3426)

modules/dns/main.tf

@@ -117,7 +117,9 @@ resource "google_dns_managed_zone" "dns_managed_zone" {
     for_each = try(var.zone_config.peering.peer_network, null) == null ? [] : [""]
     content {
       target_network {
-        network_url = var.zone_config.peering.peer_network
+        network_url = lookup(
+          local.ctx.networks, var.zone_config.peering.peer_network, var.zone_config.peering.peer_network
+        )
       }
     }
   }

tests/modules/dns/context-peering.tfvars

@@ -0,0 +1,31 @@
+context = {
+  custom_roles = {
+    myrole = "organizations/366118655033/roles/myRoleOne"
+  }
+  iam_principals = {
+    mygroup = "group:test-group@example.com"
+  }
+  networks = {
+    test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
+  }
+  project_ids = {
+    test = "foo-test-0"
+  }
+}
+project_id = "$project_ids:test"
+name       = "test-example"
+zone_config = {
+  domain = "test.example."
+  peering = {
+    peer_network    = "$networks:test"
+    client_networks = ["$networks:test"]
+  }
+}
+recordsets = {
+  "A localhost" = { records = ["127.0.0.1"] }
+  "A myhost"    = { ttl = 600, records = ["10.0.0.120"] }
+}
+iam = {
+  "$custom_roles:myrole" = ["$iam_principals:mygroup"]
+}
+

tests/modules/dns/context-peering.yaml

@@ -0,0 +1,71 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  google_dns_managed_zone.dns_managed_zone[0]:
+    cloud_logging_config:
+      - enable_logging: false
+    description: Terraform managed.
+    dns_name: test.example.
+    effective_labels:
+      goog-terraform-provisioned: "true"
+    force_destroy: false
+    forwarding_config: []
+    labels: null
+    name: test-example
+    peering_config:
+      - target_network:
+          - network_url: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
+    private_visibility_config:
+      - gke_clusters: []
+        networks:
+          - network_url: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
+    project: foo-test-0
+    reverse_lookup: false
+    service_directory_config: []
+    terraform_labels:
+      goog-terraform-provisioned: "true"
+    timeouts: null
+    visibility: private
+  google_dns_managed_zone_iam_binding.iam_bindings["$custom_roles:myrole"]:
+    condition: []
+    members:
+      - group:test-group@example.com
+    project: foo-test-0
+    role: organizations/366118655033/roles/myRoleOne
+  google_dns_record_set.dns_record_set["A localhost"]:
+    managed_zone: test-example
+    name: localhost.test.example.
+    project: foo-test-0
+    routing_policy: []
+    rrdatas:
+      - 127.0.0.1
+    ttl: 300
+    type: A
+  google_dns_record_set.dns_record_set["A myhost"]:
+    managed_zone: test-example
+    name: myhost.test.example.
+    project: foo-test-0
+    routing_policy: []
+    rrdatas:
+      - 10.0.0.120
+    ttl: 600
+    type: A
+
+counts:
+  google_dns_managed_zone: 1
+  google_dns_managed_zone_iam_binding: 1
+  google_dns_record_set: 2
+  modules: 0
+  resources: 4

tests/modules/dns/tftest.yaml

@@ -14,4 +14,5 @@
 
 module: modules/dns
 tests:
-  context:
+  context-private:
+  context-peering: