Allow unmanaged reverse lookup zones
This commit is contained in:
Wiktor Niesiobędzki
committed by
Wiktor Niesiobędzki
Wiktor Niesiobędzki
parent
dda9002266
commit
6b6f5d86b2
@@ -10,6 +10,7 @@ For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https:
|
||||
- [Peering Zone](#peering-zone)
|
||||
- [Routing Policies](#routing-policies)
|
||||
- [Reverse Lookup Zone](#reverse-lookup-zone)
|
||||
- [Reverse Lookup Managed Zone](#reverse-lookup-managed-zone)
|
||||
- [Public Zone](#public-zone)
|
||||
- [Variables](#variables)
|
||||
- [Outputs](#outputs)
|
||||
@@ -138,8 +139,30 @@ module "private-dns" {
|
||||
client_networks = [var.vpc.self_link]
|
||||
}
|
||||
}
|
||||
recordsets = {
|
||||
"PTR 10.0.0.10.in-addr.arpa." = { ttl = 300, records = ["test.example.com."] }
|
||||
}
|
||||
}
|
||||
# tftest modules=1 resources=1 inventory=reverse-zone.yaml e2e
|
||||
# tftest inventory=reverse-zone.yaml e2e
|
||||
```
|
||||
|
||||
## Reverse Lookup Managed Zone
|
||||
A managed reverse lookup zone is a private zone with a special attribute that instructs Cloud DNS to perform a PTR lookup against Compute Engine DNS data
|
||||
|
||||
```hcl
|
||||
module "private-dns" {
|
||||
source = "./fabric/modules/dns"
|
||||
project_id = var.project_id
|
||||
name = "test-example"
|
||||
zone_config = {
|
||||
domain = "0.0.10.in-addr.arpa."
|
||||
private = {
|
||||
client_networks = [var.vpc.self_link]
|
||||
reverse_managed = true
|
||||
}
|
||||
}
|
||||
}
|
||||
# tftest inventory=reverse-zone-managed.yaml e2e
|
||||
```
|
||||
|
||||
## Public Zone
|
||||
@@ -173,7 +196,7 @@ module "public-dns" {
|
||||
| [force_destroy](variables.tf#L23) | Set this to true to delete all records in the zone upon zone destruction. | <code>bool</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>null</code> |
|
||||
| [recordsets](variables.tf#L45) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map(object({ ttl = optional(number, 300) records = optional(list(string)) geo_routing = optional(list(object({ location = string records = optional(list(string)) health_checked_targets = optional(list(object({ load_balancer_type = string ip_address = string port = string ip_protocol = string network_url = string project = string region = optional(string) }))) }))) wrr_routing = optional(list(object({ weight = number records = list(string) }))) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [zone_config](variables.tf#L102) | DNS zone configuration. | <code title="object({ domain = string forwarding = optional(object({ forwarders = optional(map(string)) client_networks = list(string) })) peering = optional(object({ client_networks = list(string) peer_network = string })) public = optional(object({ dnssec_config = optional(object({ non_existence = optional(string, "nsec3") state = string key_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 2048 } ) zone_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 1024 } ) })) enable_logging = optional(bool, false) })) private = optional(object({ client_networks = list(string) service_directory_namespace = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [zone_config](variables.tf#L102) | DNS zone configuration. | <code title="object({ domain = string forwarding = optional(object({ forwarders = optional(map(string)) client_networks = list(string) })) peering = optional(object({ client_networks = list(string) peer_network = string })) public = optional(object({ dnssec_config = optional(object({ non_existence = optional(string, "nsec3") state = string key_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 2048 } ) zone_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 1024 } ) })) enable_logging = optional(bool, false) })) private = optional(object({ client_networks = list(string) service_directory_namespace = optional(string) reverse_managed = optional(bool, false) })) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ resource "google_dns_managed_zone" "dns_managed_zone" {
|
||||
description = var.description
|
||||
force_destroy = var.force_destroy
|
||||
visibility = local.visibility
|
||||
reverse_lookup = try(var.zone_config.private, null) != null && endswith(var.zone_config.domain, ".in-addr.arpa.")
|
||||
reverse_lookup = var.zone_config.private == null ? false : var.zone_config.private.reverse_managed
|
||||
|
||||
dynamic "dnssec_config" {
|
||||
for_each = try(var.zone_config.public.dnssec_config, null) == null ? [] : [""]
|
||||
|
||||
@@ -129,6 +129,7 @@ variable "zone_config" {
|
||||
private = optional(object({
|
||||
client_networks = list(string)
|
||||
service_directory_namespace = optional(string)
|
||||
reverse_managed = optional(bool, false)
|
||||
}))
|
||||
})
|
||||
validation {
|
||||
@@ -142,5 +143,3 @@ variable "zone_config" {
|
||||
}
|
||||
default = null
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user