kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify DNSSEC config

Browse Source
This commit is contained in:
Julio Castillo
2022-10-25 11:47:10 +02:00
parent ab11920bee
commit 3b89d370a1
2 changed files with 34 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/dns/main.tf
View File

@@ -99,9 +99,6 @@ resource "google_dns_managed_zone" "non-public" {
}
}
cloud_logging_config {
enable_logging = var.enable_logging
}
}
data "google_dns_managed_zone" "public" {
@@ -119,24 +116,25 @@ resource "google_dns_managed_zone" "public" {
visibility = "public"
dynamic "dnssec_config" {
for_each = var.dnssec_config == {} ? [] : tolist([var.dnssec_config])
for_each = var.dnssec_config == null ? [] : [1]
iterator = config
content {
kind = lookup(config.value, "kind", "dns#managedZoneDnsSecConfig")
non_existence = lookup(config.value, "non_existence", "nsec3")
state = lookup(config.value, "state", "off")
kind = "dns#managedZoneDnsSecConfig"
non_existence = var.dnssec_config.non_existence
state = var.dnssec_config.state
default_key_specs {
algorithm = lookup(var.default_key_specs_key, "algorithm", "rsasha256")
key_length = lookup(var.default_key_specs_key, "key_length", 2048)
key_type = lookup(var.default_key_specs_key, "key_type", "keySigning")
kind = lookup(var.default_key_specs_key, "kind", "dns#dnsKeySpec")
algorithm = var.dnssec_config.key_signing_key.algorithm
key_length = var.dnssec_config.key_signing_key.key_length
key_type = "keySigning"
kind = "dns#dnsKeySpec"
}
default_key_specs {
algorithm = lookup(var.default_key_specs_zone, "algorithm", "rsasha256")
key_length = lookup(var.default_key_specs_zone, "key_length", 1024)
key_type = lookup(var.default_key_specs_zone, "key_type", "zoneSigning")
kind = lookup(var.default_key_specs_zone, "kind", "dns#dnsKeySpec")
algorithm = var.dnssec_config.zone_signing_key.algorithm
key_length = var.dnssec_config.zone_signing_key.key_length
key_type = "zoneSigning"
kind = "dns#dnsKeySpec"
}
}
}