diff --git a/blueprints/cloud-operations/dns-fine-grained-iam/README.md b/blueprints/cloud-operations/dns-fine-grained-iam/README.md
index 6379495dd..db88b37b1 100644
--- a/blueprints/cloud-operations/dns-fine-grained-iam/README.md
+++ b/blueprints/cloud-operations/dns-fine-grained-iam/README.md
@@ -128,5 +128,5 @@ module "test1" {
project_create = true
project_id = "test"
}
-# tftest modules=9 resources=27
+# tftest modules=9 resources=28
```
diff --git a/blueprints/cloud-operations/dns-fine-grained-iam/main.tf b/blueprints/cloud-operations/dns-fine-grained-iam/main.tf
index c86774991..55e25e776 100644
--- a/blueprints/cloud-operations/dns-fine-grained-iam/main.tf
+++ b/blueprints/cloud-operations/dns-fine-grained-iam/main.tf
@@ -58,13 +58,16 @@ module "nat-a" {
}
module "dns-service-zone" {
- source = "../../../modules/dns"
- project_id = module.project.project_id
- type = "service-directory"
- name = var.name
- domain = var.zone_domain
- client_networks = [module.vpc.self_link]
- service_directory_namespace = module.service-directory.id
+ source = "../../../modules/dns"
+ project_id = module.project.project_id
+ name = var.name
+ zone_config = {
+ domain = var.zone_domain
+ private = {
+ client_networks = [module.vpc.self_link]
+ service_directory_namespace = module.service-directory.id
+ }
+ }
}
module "service-directory" {
diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md
index ed64d1de9..ad8d6125c 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/README.md
+++ b/blueprints/cloud-operations/dns-shared-vpc/README.md
@@ -51,5 +51,5 @@ module "test" {
shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default"
teams = ["team1", "team2"]
}
-# tftest modules=9 resources=16
+# tftest modules=9 resources=20
```
diff --git a/blueprints/cloud-operations/dns-shared-vpc/main.tf b/blueprints/cloud-operations/dns-shared-vpc/main.tf
index 4ade9476a..2c04e6dbb 100644
--- a/blueprints/cloud-operations/dns-shared-vpc/main.tf
+++ b/blueprints/cloud-operations/dns-shared-vpc/main.tf
@@ -39,24 +39,30 @@ module "vpc" {
}
module "dns-private" {
- source = "../../../modules/dns"
- for_each = local.projects
- project_id = each.value
- type = "private"
- name = each.key
- domain = "${each.key}.${var.dns_domain}."
- description = "DNS zone for ${each.key}"
- client_networks = [module.vpc[each.key].self_link]
+ source = "../../../modules/dns"
+ for_each = local.projects
+ project_id = each.value
+ name = each.key
+ description = "DNS zone for ${each.key}"
+ zone_config = {
+ domain = "${each.key}.${var.dns_domain}."
+ private = {
+ client_networks = [module.vpc[each.key].self_link]
+ }
+ }
}
module "dns-peering" {
- source = "../../../modules/dns"
- for_each = local.projects
- project_id = local.svpc_project_id
- name = "peering-${each.key}"
- domain = "${each.key}.${var.dns_domain}."
- description = "DNS peering for ${each.key}"
- type = "peering"
- peer_network = module.vpc[each.key].self_link
- client_networks = [var.shared_vpc_link]
+ source = "../../../modules/dns"
+ for_each = local.projects
+ project_id = local.svpc_project_id
+ name = "peering-${each.key}"
+ description = "DNS peering for ${each.key}"
+ zone_config = {
+ domain = "${each.key}.${var.dns_domain}."
+ peering = {
+ peer_network = module.vpc[each.key].self_link
+ client_networks = [var.shared_vpc_link]
+ }
+ }
}
diff --git a/blueprints/factories/project-factory/README.md b/blueprints/factories/project-factory/README.md
index 927edd73c..c121d2b26 100644
--- a/blueprints/factories/project-factory/README.md
+++ b/blueprints/factories/project-factory/README.md
@@ -76,7 +76,7 @@ module "projects" {
service_identities_iam = try(each.value.service_identities_iam, {})
vpc = try(each.value.vpc, null)
}
-# tftest modules=7 resources=34 inventory=example.yaml
+# tftest modules=7 resources=36 inventory=example.yaml
```
### Projects configuration
diff --git a/blueprints/factories/project-factory/main.tf b/blueprints/factories/project-factory/main.tf
index 9dbe1721f..f70684f9c 100644
--- a/blueprints/factories/project-factory/main.tf
+++ b/blueprints/factories/project-factory/main.tf
@@ -167,13 +167,16 @@ module "billing-alert" {
}
module "dns" {
- source = "../../../modules/dns"
- for_each = toset(var.dns_zones)
- project_id = coalesce(local.vpc.host_project, module.project.project_id)
- type = "private"
- name = each.value
- domain = "${each.value}.${var.defaults.environment_dns_zone}"
- client_networks = [var.defaults.shared_vpc_self_link]
+ source = "../../../modules/dns"
+ for_each = toset(var.dns_zones)
+ project_id = coalesce(local.vpc.host_project, module.project.project_id)
+ name = each.value
+ zone_config = {
+ domain = "${each.value}.${var.defaults.environment_dns_zone}"
+ private = {
+ client_networks = [var.defaults.shared_vpc_self_link]
+ }
+ }
}
module "project" {
diff --git a/blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
index 24e7ca4d5..c122e4545 100644
--- a/blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
+++ b/blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
@@ -157,12 +157,15 @@ module "nat2" {
################################################################################
module "dns-gcp" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "private"
- name = "gcp-example"
- domain = "gcp.example.org."
- client_networks = [module.vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "gcp-example"
+ zone_config = {
+ domain = "gcp.example.org."
+ private = {
+ client_networks = [module.vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A test-1" = { records = [module.vm-test1.internal_ip] }
@@ -171,12 +174,15 @@ module "dns-gcp" {
}
module "dns-api" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "private"
- name = "googleapis"
- domain = "googleapis.com."
- client_networks = [module.vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "googleapis"
+ zone_config = {
+ domain = "googleapis.com."
+ private = {
+ client_networks = [module.vpc.self_link]
+ }
+ }
recordsets = {
"CNAME *" = { records = ["private.googleapis.com."] }
"A private" = { records = local.vips.private }
@@ -185,14 +191,17 @@ module "dns-api" {
}
module "dns-onprem" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "forwarding"
- name = "onprem-example"
- domain = "onprem.example.org."
- client_networks = [module.vpc.self_link]
- forwarders = {
- "${cidrhost(var.ip_ranges.onprem, 3)}" = null
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "onprem-example"
+ zone_config = {
+ domain = "onprem.example.org."
+ forwarding = {
+ client_networks = [module.vpc.self_link]
+ forwarders = {
+ "${cidrhost(var.ip_ranges.onprem, 3)}" = null
+ }
+ }
}
}
diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md
index 2fd89640c..a4eea93f9 100644
--- a/blueprints/networking/decentralized-firewall/README.md
+++ b/blueprints/networking/decentralized-firewall/README.md
@@ -51,5 +51,5 @@ module "test" {
root_node = "organizations/0123456789"
}
-# tftest modules=9 resources=54
+# tftest modules=9 resources=56
```
diff --git a/blueprints/networking/decentralized-firewall/main.tf b/blueprints/networking/decentralized-firewall/main.tf
index a05a104ff..b994dc291 100644
--- a/blueprints/networking/decentralized-firewall/main.tf
+++ b/blueprints/networking/decentralized-firewall/main.tf
@@ -77,24 +77,30 @@ module "vpc-dev" {
###############################################################################
module "dns-api-prod" {
- source = "../../../modules/dns"
- project_id = module.project-host-prod.project_id
- type = "private"
- name = "googleapis"
- domain = "googleapis.com."
- client_networks = [module.vpc-prod.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project-host-prod.project_id
+ name = "googleapis"
+ zone_config = {
+ domain = "googleapis.com."
+ private = {
+ client_networks = [module.vpc-prod.self_link]
+ }
+ }
recordsets = {
"CNAME *" = { records = ["private.googleapis.com."] }
}
}
module "dns-api-dev" {
- source = "../../../modules/dns"
- project_id = module.project-host-dev.project_id
- type = "private"
- name = "googleapis"
- domain = "googleapis.com."
- client_networks = [module.vpc-dev.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project-host-dev.project_id
+ name = "googleapis"
+ zone_config = {
+ domain = "googleapis.com."
+ private = {
+ client_networks = [module.vpc-dev.self_link]
+ }
+ }
recordsets = {
"CNAME *" = { records = ["private.googleapis.com."] }
}
diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md
index dd9f05858..b3d90cefb 100644
--- a/blueprints/networking/filtering-proxy-psc/README.md
+++ b/blueprints/networking/filtering-proxy-psc/README.md
@@ -40,5 +40,5 @@ module "test" {
}
project_id = "test-project"
}
-# tftest modules=13 resources=41
+# tftest modules=13 resources=42
```
diff --git a/blueprints/networking/filtering-proxy-psc/consumer.tf b/blueprints/networking/filtering-proxy-psc/consumer.tf
index bac20db72..6668afb72 100644
--- a/blueprints/networking/filtering-proxy-psc/consumer.tf
+++ b/blueprints/networking/filtering-proxy-psc/consumer.tf
@@ -81,12 +81,15 @@ resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
###############################################################################
module "private-dns" {
- source = "../../../modules/dns"
- project_id = module.project.project_id
- type = "private"
- name = "${var.prefix}-internal"
- domain = "internal."
- client_networks = [module.vpc-consumer.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project.project_id
+ name = "${var.prefix}-internal"
+ zone_config = {
+ domain = "internal."
+ private = {
+ client_networks = [module.vpc-consumer.self_link]
+ }
+ }
recordsets = {
"A squid" = { ttl = 60, records = [google_compute_address.psc_endpoint_address.address] }
"CNAME proxy" = { ttl = 3600, records = ["squid.internal."] }
diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md
index 70dcf6df5..5ed64067c 100644
--- a/blueprints/networking/filtering-proxy/README.md
+++ b/blueprints/networking/filtering-proxy/README.md
@@ -47,7 +47,7 @@ module "test1" {
prefix = "fabric"
root_node = "folders/123456789"
}
-# tftest modules=14 resources=38
+# tftest modules=14 resources=39
```
```hcl
@@ -58,5 +58,5 @@ module "test2" {
prefix = "fabric"
root_node = "folders/123456789"
}
-# tftest modules=12 resources=32
+# tftest modules=12 resources=33
```
diff --git a/blueprints/networking/filtering-proxy/main.tf b/blueprints/networking/filtering-proxy/main.tf
index 127369320..d6fce6d0a 100644
--- a/blueprints/networking/filtering-proxy/main.tf
+++ b/blueprints/networking/filtering-proxy/main.tf
@@ -114,12 +114,15 @@ module "nat" {
}
module "private-dns" {
- source = "../../../modules/dns"
- project_id = module.project-host.project_id
- type = "private"
- name = "internal"
- domain = "internal."
- client_networks = [module.vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project-host.project_id
+ name = "internal"
+ zone_config = {
+ domain = "internal."
+ private = {
+ client_networks = [module.vpc.self_link]
+ }
+ }
recordsets = {
"A squid" = { ttl = 60, records = [local.squid_address] }
"CNAME proxy" = { ttl = 3600, records = ["squid.internal."] }
diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md
index d0f2d1f08..d16a53fbb 100644
--- a/blueprints/networking/hub-and-spoke-vpn/README.md
+++ b/blueprints/networking/hub-and-spoke-vpn/README.md
@@ -114,5 +114,5 @@ module "test" {
project_id = "project-1"
}
-# tftest modules=20 resources=79
+# tftest modules=20 resources=84
```
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
index f7cf84dba..d582a79f7 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-dev.tf
@@ -48,22 +48,28 @@ module "dev-firewall" {
}
module "dev-dns-peering" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "peering"
- name = "${var.prefix}-example-com-dev-peering"
- domain = "example.com."
- client_networks = [module.dev-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "${var.prefix}-example-com-dev-peering"
+ zone_config = {
+ domain = "example.com."
+ peering = {
+ client_networks = [module.dev-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
module "dev-dns-zone" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "private"
- name = "${var.prefix}-dev-example-com"
- domain = "dev.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "${var.prefix}-dev-example-com"
+ zone_config = {
+ domain = "dev.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A test-r2" = { records = [module.dev-r2-vm.internal_ip] }
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
index 31fdb8561..ad7315d4f 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-landing.tf
@@ -48,12 +48,15 @@ module "landing-firewall" {
}
module "landing-dns-zone" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "private"
- name = "${var.prefix}-example-com"
- domain = "example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "${var.prefix}-example-com"
+ zone_config = {
+ domain = "example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A test-r1" = { records = [module.landing-r1-vm.internal_ip] }
diff --git a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
index ec3260215..a76ac7789 100644
--- a/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
+++ b/blueprints/networking/hub-and-spoke-vpn/net-prod.tf
@@ -48,22 +48,28 @@ module "prod-firewall" {
}
module "prod-dns-peering" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "peering"
- name = "${var.prefix}-example-com-prd-peering"
- domain = "example.com."
- client_networks = [module.prod-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "${var.prefix}-example-com-prd-peering"
+ zone_config = {
+ domain = "example.com."
+ peering = {
+ client_networks = [module.prod-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
module "prod-dns-zone" {
- source = "../../../modules/dns"
- project_id = var.project_id
- type = "private"
- name = "${var.prefix}-prd-example-com"
- domain = "prd.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = var.project_id
+ name = "${var.prefix}-prd-example-com"
+ zone_config = {
+ domain = "prd.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A test-r1" = { records = [module.prod-r1-vm.internal_ip] }
diff --git a/blueprints/networking/private-cloud-function-from-onprem/README.md b/blueprints/networking/private-cloud-function-from-onprem/README.md
index 4951454f9..4bb9d4d98 100644
--- a/blueprints/networking/private-cloud-function-from-onprem/README.md
+++ b/blueprints/networking/private-cloud-function-from-onprem/README.md
@@ -45,5 +45,5 @@ module "test" {
}
project_id = "test-project"
}
-# tftest modules=11 resources=44
+# tftest modules=11 resources=45
```
diff --git a/blueprints/networking/private-cloud-function-from-onprem/main.tf b/blueprints/networking/private-cloud-function-from-onprem/main.tf
index 77b7dfb69..c44ac7858 100644
--- a/blueprints/networking/private-cloud-function-from-onprem/main.tf
+++ b/blueprints/networking/private-cloud-function-from-onprem/main.tf
@@ -199,12 +199,15 @@ module "function-hello" {
###############################################################################
module "private-dns-onprem" {
- source = "../../../modules/dns"
- project_id = module.project.project_id
- type = "private"
- name = var.name
- domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
- client_networks = [module.vpc-onprem.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project.project_id
+ name = var.name
+ zone_config = {
+ domain = "${var.region}-${module.project.project_id}.cloudfunctions.net."
+ private = {
+ client_networks = [module.vpc-onprem.self_link]
+ }
+ }
recordsets = {
"A " = { records = [module.addresses.psc_addresses[local.psc_name].address] }
}
diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md
index a60dea0c9..6aac2855f 100644
--- a/blueprints/networking/shared-vpc-gke/README.md
+++ b/blueprints/networking/shared-vpc-gke/README.md
@@ -80,5 +80,5 @@ module "test" {
prefix = "test"
root_node = "organizations/0123456789"
}
-# tftest modules=11 resources=45
+# tftest modules=11 resources=46
```
diff --git a/blueprints/networking/shared-vpc-gke/main.tf b/blueprints/networking/shared-vpc-gke/main.tf
index 3d7577b4a..dafb2704d 100644
--- a/blueprints/networking/shared-vpc-gke/main.tf
+++ b/blueprints/networking/shared-vpc-gke/main.tf
@@ -152,12 +152,15 @@ module "nat" {
################################################################################
module "host-dns" {
- source = "../../../modules/dns"
- project_id = module.project-host.project_id
- type = "private"
- name = "example"
- domain = "example.com."
- client_networks = [module.vpc-shared.self_link]
+ source = "../../../modules/dns"
+ project_id = module.project-host.project_id
+ name = "example"
+ zone_config = {
+ domain = "example.com."
+ private = {
+ client_networks = [module.vpc-shared.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A bastion" = { records = [module.vm-bastion.internal_ip] }
diff --git a/blueprints/serverless/cloud-run-corporate/README.md b/blueprints/serverless/cloud-run-corporate/README.md
index 93f98c549..5fabf182f 100644
--- a/blueprints/serverless/cloud-run-corporate/README.md
+++ b/blueprints/serverless/cloud-run-corporate/README.md
@@ -252,7 +252,7 @@ module "test" {
prj_onprem_id = "onprem-project-id"
}
-# tftest modules=15 resources=50
+# tftest modules=15 resources=52
```
```hcl
@@ -276,7 +276,7 @@ module "test" {
tf_identity = "user@example.org"
}
-# tftest modules=15 resources=36
+# tftest modules=15 resources=38
```
```hcl
@@ -295,5 +295,5 @@ module "test" {
custom_domain = "cloud-run-corporate.example.org"
}
-# tftest modules=14 resources=45
+# tftest modules=14 resources=47
```
diff --git a/blueprints/serverless/cloud-run-corporate/main.tf b/blueprints/serverless/cloud-run-corporate/main.tf
index aca41c284..196569a91 100644
--- a/blueprints/serverless/cloud-run-corporate/main.tf
+++ b/blueprints/serverless/cloud-run-corporate/main.tf
@@ -490,51 +490,63 @@ module "vm_test_svc1" {
###############################################################################
module "private_dns_main" {
- source = "../../../modules/dns"
- project_id = module.project_main.project_id
- type = "private"
- name = "dns-main"
- client_networks = [module.vpc_main.self_link]
- domain = local.cloud_run_domain
+ source = "../../../modules/dns"
+ project_id = module.project_main.project_id
+ name = "dns-main"
+ zone_config = {
+ domain = local.cloud_run_domain
+ private = {
+ client_networks = [module.vpc_main.self_link]
+ }
+ }
recordsets = {
"A *" = { records = [module.psc_addr_main.psc_addresses["psc-addr"].address] }
}
}
module "private_dns_main_custom" {
- source = "../../../modules/dns"
- count = var.custom_domain == null ? 0 : 1
- project_id = module.project_main.project_id
- type = "private"
- name = "dns-main-custom"
- client_networks = [module.vpc_main.self_link]
- domain = format("%s.", var.custom_domain)
+ source = "../../../modules/dns"
+ count = var.custom_domain == null ? 0 : 1
+ project_id = module.project_main.project_id
+ name = "dns-main-custom"
+ zone_config = {
+ domain = format("%s.", var.custom_domain)
+ private = {
+ client_networks = [module.vpc_main.self_link]
+ }
+ }
recordsets = {
"A " = { records = [module.ilb-l7[0].address] }
}
}
module "private_dns_onprem" {
- source = "../../../modules/dns"
- count = length(module.project_onprem)
- project_id = module.project_onprem[0].project_id
- type = "private"
- name = "dns-onprem"
- client_networks = [module.vpc_onprem[0].self_link]
- domain = local.cloud_run_domain
+ source = "../../../modules/dns"
+ count = length(module.project_onprem)
+ project_id = module.project_onprem[0].project_id
+ name = "dns-onprem"
+ zone_config = {
+ domain = local.cloud_run_domain
+ private = {
+ client_networks = [module.vpc_onprem[0].self_link]
+ }
+ }
recordsets = {
"A *" = { records = [module.psc_addr_main.psc_addresses["psc-addr"].address] }
}
}
module "private_dns_prj1" {
- source = "../../../modules/dns"
- count = length(module.project_prj1)
- project_id = module.project_prj1[0].project_id
- type = "private"
- name = "dns-prj1"
- client_networks = [module.vpc_prj1[0].self_link]
- domain = local.cloud_run_domain
+ source = "../../../modules/dns"
+ count = length(module.project_prj1)
+ project_id = module.project_prj1[0].project_id
+ name = "dns-prj1"
+ zone_config = {
+ domain = local.cloud_run_domain
+ private = {
+ client_networks = [module.vpc_prj1[0].self_link]
+ }
+ }
recordsets = {
"A *" = { records = [module.psc_addr_prj1[0].psc_addresses["psc-addr"].address] }
}
diff --git a/fast/stages/2-networking-a-peering/dns-dev.tf b/fast/stages/2-networking-a-peering/dns-dev.tf
index efeabeaec..f40281fb5 100644
--- a/fast/stages/2-networking-a-peering/dns-dev.tf
+++ b/fast/stages/2-networking-a-peering/dns-dev.tf
@@ -24,12 +24,15 @@ moved {
}
module "dev-dns-priv-example" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "private"
- name = "dev-gcp-example-com"
- domain = "dev.gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-gcp-example-com"
+ zone_config = {
+ domain = "dev.gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -43,13 +46,16 @@ moved {
}
module "dev-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-root-dns-peering"
- domain = "."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
moved {
@@ -58,11 +64,14 @@ moved {
}
module "dev-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-a-peering/dns-landing.tf b/fast/stages/2-networking-a-peering/dns-landing.tf
index e6a441a52..dcdb5cee3 100644
--- a/fast/stages/2-networking-a-peering/dns-landing.tf
+++ b/fast/stages/2-networking-a-peering/dns-landing.tf
@@ -24,13 +24,16 @@ moved {
}
module "landing-dns-fwd-onprem-example" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "forwarding"
- name = "example-com"
- domain = "onprem.example.com."
- client_networks = [module.landing-vpc.self_link]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "example-com"
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [module.landing-vpc.self_link]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -39,13 +42,16 @@ moved {
}
module "landing-dns-fwd-onprem-rev-10" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "forwarding"
- name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [module.landing-vpc.self_link]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "root-reverse-10"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [module.landing-vpc.self_link]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -54,12 +60,15 @@ moved {
}
module "landing-dns-priv-gcp" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "private"
- name = "gcp-example-com"
- domain = "gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "gcp-example-com"
+ zone_config = {
+ domain = "gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
diff --git a/fast/stages/2-networking-a-peering/dns-prod.tf b/fast/stages/2-networking-a-peering/dns-prod.tf
index 02fa8c239..6bd34be8f 100644
--- a/fast/stages/2-networking-a-peering/dns-prod.tf
+++ b/fast/stages/2-networking-a-peering/dns-prod.tf
@@ -24,12 +24,15 @@ moved {
}
module "prod-dns-priv-example" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "private"
- name = "prod-gcp-example-com"
- domain = "prod.gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-gcp-example-com"
+ zone_config = {
+ domain = "prod.gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -43,13 +46,16 @@ moved {
}
module "prod-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-root-dns-peering"
- domain = "."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
moved {
@@ -58,11 +64,14 @@ moved {
}
module "prod-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-b-vpn/dns-dev.tf b/fast/stages/2-networking-b-vpn/dns-dev.tf
index efeabeaec..f40281fb5 100644
--- a/fast/stages/2-networking-b-vpn/dns-dev.tf
+++ b/fast/stages/2-networking-b-vpn/dns-dev.tf
@@ -24,12 +24,15 @@ moved {
}
module "dev-dns-priv-example" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "private"
- name = "dev-gcp-example-com"
- domain = "dev.gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-gcp-example-com"
+ zone_config = {
+ domain = "dev.gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -43,13 +46,16 @@ moved {
}
module "dev-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-root-dns-peering"
- domain = "."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
moved {
@@ -58,11 +64,14 @@ moved {
}
module "dev-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-b-vpn/dns-landing.tf b/fast/stages/2-networking-b-vpn/dns-landing.tf
index e6a441a52..dcdb5cee3 100644
--- a/fast/stages/2-networking-b-vpn/dns-landing.tf
+++ b/fast/stages/2-networking-b-vpn/dns-landing.tf
@@ -24,13 +24,16 @@ moved {
}
module "landing-dns-fwd-onprem-example" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "forwarding"
- name = "example-com"
- domain = "onprem.example.com."
- client_networks = [module.landing-vpc.self_link]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "example-com"
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [module.landing-vpc.self_link]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -39,13 +42,16 @@ moved {
}
module "landing-dns-fwd-onprem-rev-10" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "forwarding"
- name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [module.landing-vpc.self_link]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "root-reverse-10"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [module.landing-vpc.self_link]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -54,12 +60,15 @@ moved {
}
module "landing-dns-priv-gcp" {
- source = "../../../modules/dns"
- project_id = module.landing-project.project_id
- type = "private"
- name = "gcp-example-com"
- domain = "gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.landing-project.project_id
+ name = "gcp-example-com"
+ zone_config = {
+ domain = "gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
diff --git a/fast/stages/2-networking-b-vpn/dns-prod.tf b/fast/stages/2-networking-b-vpn/dns-prod.tf
index 02fa8c239..6bd34be8f 100644
--- a/fast/stages/2-networking-b-vpn/dns-prod.tf
+++ b/fast/stages/2-networking-b-vpn/dns-prod.tf
@@ -24,12 +24,15 @@ moved {
}
module "prod-dns-priv-example" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "private"
- name = "prod-gcp-example-com"
- domain = "prod.gcp.example.com."
- client_networks = [module.landing-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-gcp-example-com"
+ zone_config = {
+ domain = "prod.gcp.example.com."
+ private = {
+ client_networks = [module.landing-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -43,13 +46,16 @@ moved {
}
module "prod-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-root-dns-peering"
- domain = "."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
moved {
@@ -58,11 +64,14 @@ moved {
}
module "prod-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-c-nva/dns-dev.tf b/fast/stages/2-networking-c-nva/dns-dev.tf
index 98d56aa72..ccedee721 100644
--- a/fast/stages/2-networking-c-nva/dns-dev.tf
+++ b/fast/stages/2-networking-c-nva/dns-dev.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "dev-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "private"
- name = "dev-gcp-example-com"
- domain = "dev.gcp.example.com."
- client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-gcp-example-com"
+ zone_config = {
+ domain = "dev.gcp.example.com."
+ private = {
+ client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -38,13 +41,16 @@ moved {
}
module "dev-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-root-dns-peering"
- domain = "."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
moved {
@@ -53,11 +59,14 @@ moved {
}
module "dev-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-c-nva/dns-landing.tf b/fast/stages/2-networking-c-nva/dns-landing.tf
index 50b658901..5c8e17775 100644
--- a/fast/stages/2-networking-c-nva/dns-landing.tf
+++ b/fast/stages/2-networking-c-nva/dns-landing.tf
@@ -26,14 +26,17 @@ moved {
module "landing-dns-fwd-onprem-example" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "forwarding"
name = "example-com"
- domain = "onprem.example.com."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -44,14 +47,17 @@ moved {
module "landing-dns-fwd-onprem-rev-10" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "forwarding"
name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -62,13 +68,16 @@ moved {
module "landing-dns-priv-gcp" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "private"
name = "gcp-example-com"
- domain = "gcp.example.com."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
+ zone_config = {
+ domain = "gcp.example.com."
+ private = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
diff --git a/fast/stages/2-networking-c-nva/dns-prod.tf b/fast/stages/2-networking-c-nva/dns-prod.tf
index 5627e4386..62cfab03c 100644
--- a/fast/stages/2-networking-c-nva/dns-prod.tf
+++ b/fast/stages/2-networking-c-nva/dns-prod.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "prod-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "private"
- name = "prod-gcp-example-com"
- domain = "prod.gcp.example.com."
- client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-gcp-example-com"
+ zone_config = {
+ domain = "prod.gcp.example.com."
+ private = {
+ client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -38,13 +41,16 @@ moved {
}
module "prod-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-root-dns-peering"
- domain = "."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
moved {
@@ -53,11 +59,14 @@ moved {
}
module "prod-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-d-separate-envs/dns-dev.tf b/fast/stages/2-networking-d-separate-envs/dns-dev.tf
index 134b69cff..bad0db192 100644
--- a/fast/stages/2-networking-d-separate-envs/dns-dev.tf
+++ b/fast/stages/2-networking-d-separate-envs/dns-dev.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "dev-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "private"
- name = "dev-gcp-example-com"
- domain = "dev.gcp.example.com."
- client_networks = [module.dev-spoke-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-gcp-example-com"
+ zone_config = {
+ domain = "dev.gcp.example.com."
+ private = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -36,13 +39,16 @@ moved {
}
module "dev-dns-fwd-onprem-example" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "forwarding"
- name = "example-com"
- domain = "onprem.example.com."
- client_networks = [module.dev-spoke-vpc.self_link]
- forwarders = { for ip in var.dns.dev : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "example-com"
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ forwarders = { for ip in var.dns.dev : ip => null }
+ }
+ }
}
moved {
@@ -51,13 +57,16 @@ moved {
}
module "dev-dns-fwd-onprem-rev-10" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "forwarding"
- name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [module.dev-spoke-vpc.self_link]
- forwarders = { for ip in var.dns.dev : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "root-reverse-10"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ forwarders = { for ip in var.dns.dev : ip => null }
+ }
+ }
}
# Google APIs
diff --git a/fast/stages/2-networking-d-separate-envs/dns-prod.tf b/fast/stages/2-networking-d-separate-envs/dns-prod.tf
index 351db57f0..17d3d531b 100644
--- a/fast/stages/2-networking-d-separate-envs/dns-prod.tf
+++ b/fast/stages/2-networking-d-separate-envs/dns-prod.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "prod-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "private"
- name = "prod-gcp-example-com"
- domain = "prod.gcp.example.com."
- client_networks = [module.prod-spoke-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-gcp-example-com"
+ zone_config = {
+ domain = "prod.gcp.example.com."
+ private = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -36,13 +39,16 @@ moved {
}
module "prod-dns-fwd-onprem-example" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "forwarding"
- name = "example-com"
- domain = "onprem.example.com."
- client_networks = [module.prod-spoke-vpc.self_link]
- forwarders = { for ip in var.dns.prod : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "example-com"
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ forwarders = { for ip in var.dns.prod : ip => null }
+ }
+ }
}
moved {
@@ -51,13 +57,16 @@ moved {
}
module "prod-dns-fwd-onprem-rev-10" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "forwarding"
- name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [module.prod-spoke-vpc.self_link]
- forwarders = { for ip in var.dns.prod : ip => null }
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "root-reverse-10"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ forwarders = { for ip in var.dns.prod : ip => null }
+ }
+ }
}
# Google APIs
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
index 98d56aa72..ccedee721 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "dev-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "private"
- name = "dev-gcp-example-com"
- domain = "dev.gcp.example.com."
- client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-gcp-example-com"
+ zone_config = {
+ domain = "dev.gcp.example.com."
+ private = {
+ client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -38,13 +41,16 @@ moved {
}
module "dev-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-root-dns-peering"
- domain = "."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
moved {
@@ -53,11 +59,14 @@ moved {
}
module "dev-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.dev-spoke-project.project_id
- type = "peering"
- name = "dev-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.dev-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.dev-spoke-project.project_id
+ name = "dev-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.dev-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
index 50b658901..5c8e17775 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf
@@ -26,14 +26,17 @@ moved {
module "landing-dns-fwd-onprem-example" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "forwarding"
name = "example-com"
- domain = "onprem.example.com."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ zone_config = {
+ domain = "onprem.example.com."
+ forwarding = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -44,14 +47,17 @@ moved {
module "landing-dns-fwd-onprem-rev-10" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "forwarding"
name = "root-reverse-10"
- domain = "10.in-addr.arpa."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
- forwarders = { for ip in var.dns.onprem : ip => null }
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ forwarding = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ forwarders = { for ip in var.dns.onprem : ip => null }
+ }
+ }
}
moved {
@@ -62,13 +68,16 @@ moved {
module "landing-dns-priv-gcp" {
source = "../../../modules/dns"
project_id = module.landing-project.project_id
- type = "private"
name = "gcp-example-com"
- domain = "gcp.example.com."
- client_networks = [
- module.landing-untrusted-vpc.self_link,
- module.landing-trusted-vpc.self_link
- ]
+ zone_config = {
+ domain = "gcp.example.com."
+ private = {
+ client_networks = [
+ module.landing-untrusted-vpc.self_link,
+ module.landing-trusted-vpc.self_link
+ ]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
diff --git a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
index 5627e4386..62cfab03c 100644
--- a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
+++ b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf
@@ -19,12 +19,15 @@
# GCP-specific environment zone
module "prod-dns-private-zone" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "private"
- name = "prod-gcp-example-com"
- domain = "prod.gcp.example.com."
- client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-gcp-example-com"
+ zone_config = {
+ domain = "prod.gcp.example.com."
+ private = {
+ client_networks = [module.landing-trusted-vpc.self_link, module.landing-untrusted-vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
}
@@ -38,13 +41,16 @@ moved {
}
module "prod-dns-peer-landing-root" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-root-dns-peering"
- domain = "."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-root-dns-peering"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
moved {
@@ -53,11 +59,14 @@ moved {
}
module "prod-dns-peer-landing-rev-10" {
- source = "../../../modules/dns"
- project_id = module.prod-spoke-project.project_id
- type = "peering"
- name = "prod-reverse-10-dns-peering"
- domain = "10.in-addr.arpa."
- client_networks = [module.prod-spoke-vpc.self_link]
- peer_network = module.landing-trusted-vpc.self_link
+ source = "../../../modules/dns"
+ project_id = module.prod-spoke-project.project_id
+ name = "prod-reverse-10-dns-peering"
+ zone_config = {
+ domain = "10.in-addr.arpa."
+ peering = {
+ client_networks = [module.prod-spoke-vpc.self_link]
+ peer_network = module.landing-trusted-vpc.self_link
+ }
+ }
}
diff --git a/modules/dns/README.md b/modules/dns/README.md
index 6b3b5607a..4e9a882f5 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -10,12 +10,15 @@ For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https:
```hcl
module "private-dns" {
- source = "./fabric/modules/dns"
- project_id = "myproject"
- type = "private"
- name = "test-example"
- domain = "test.example."
- client_networks = [var.vpc.self_link]
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ name = "test-example"
+ zone_config = {
+ domain = "test.example."
+ private = {
+ client_networks = [var.vpc.self_link]
+ }
+ }
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
@@ -24,50 +27,58 @@ module "private-dns" {
"roles/dns.admin" = ["group:dns-administrators@myorg.com"]
}
}
-# tftest modules=1 resources=4 inventory=private-zone.yaml
+# tftest modules=1 resources=5 inventory=private-zone.yaml
```
### Forwarding Zone
```hcl
module "private-dns" {
- source = "./fabric/modules/dns"
- project_id = "myproject"
- type = "forwarding"
- name = "test-example"
- domain = "test.example."
- client_networks = [var.vpc.self_link]
- forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ name = "test-example"
+ zone_config = {
+ domain = "test.example."
+ forwarding = {
+ client_networks = [var.vpc.self_link]
+ forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
+ }
+ }
}
-# tftest modules=1 resources=1 inventory=forwarding-zone.yaml
+# tftest modules=1 resources=2 inventory=forwarding-zone.yaml
```
### Peering Zone
```hcl
module "private-dns" {
- source = "./fabric/modules/dns"
- project_id = "myproject"
- type = "peering"
- name = "test-example"
- domain = "."
- description = "Forwarding zone for ."
- client_networks = [var.vpc.self_link]
- peer_network = var.vpc2.self_link
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ name = "test-example"
+ zone_config = {
+ domain = "."
+ peering = {
+ client_networks = [var.vpc.self_link]
+ peer_network = var.vpc2.self_link
+ }
+ }
}
-# tftest modules=1 resources=1 inventory=peering-zone.yaml
+# tftest modules=1 resources=2 inventory=peering-zone.yaml
```
### Routing Policies
```hcl
module "private-dns" {
- source = "./fabric/modules/dns"
- project_id = "myproject"
- type = "private"
- name = "test-example"
- domain = "test.example."
- client_networks = [var.vpc.self_link]
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ name = "test-example"
+ zone_config = {
+ domain = "test.example."
+ private = {
+ client_networks = [var.vpc.self_link]
+ }
+ }
recordsets = {
"A regular" = { records = ["10.20.0.1"] }
"A geo" = {
@@ -88,21 +99,24 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=4 inventory=routing-policies.yaml
+# tftest modules=1 resources=5 inventory=routing-policies.yaml
```
### Reverse Lookup Zone
```hcl
module "private-dns" {
- source = "./fabric/modules/dns"
- project_id = "myproject"
- type = "reverse-managed"
- name = "test-example"
- domain = "0.0.10.in-addr.arpa."
- client_networks = [var.vpc.self_link]
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ name = "test-example"
+ zone_config = {
+ domain = "0.0.10.in-addr.arpa."
+ private = {
+ client_networks = [var.vpc.self_link]
+ }
+ }
}
-# tftest modules=1 resources=1 inventory=reverse-zone.yaml
+# tftest modules=1 resources=2 inventory=reverse-zone.yaml
```
### Public Zone
@@ -111,9 +125,11 @@ module "private-dns" {
module "public-dns" {
source = "./fabric/modules/dns"
project_id = "myproject"
- type = "public"
name = "example"
- domain = "example.com."
+ zone_config = {
+ domain = "example.com."
+ public = {}
+ }
recordsets = {
"A myhost" = { ttl = 300, records = ["127.0.0.1"] }
}
@@ -129,20 +145,12 @@ module "public-dns" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [domain](variables.tf#L54) | Zone domain, must end with a period. | string | ✓ | |
-| [name](variables.tf#L78) | Zone name, must be unique within the project. | string | ✓ | |
-| [project_id](variables.tf#L89) | Project id for the zone. | string | ✓ | |
-| [client_networks](variables.tf#L21) | List of VPC self links that can see this zone. | list(string) | | [] |
-| [description](variables.tf#L28) | Domain description. | string | | "Terraform managed." |
-| [dnssec_config](variables.tf#L34) | DNSSEC configuration for this zone. | object({…}) | | {…} |
-| [enable_logging](variables.tf#L59) | Enable query logging for this zone. | bool | | false |
-| [forwarders](variables.tf#L66) | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} |
-| [iam](variables.tf#L72) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | null |
-| [peer_network](variables.tf#L83) | Peering network self link, only valid for 'peering' zone types. | string | | null |
-| [recordsets](variables.tf#L94) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} |
-| [service_directory_namespace](variables.tf#L129) | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null |
-| [type](variables.tf#L135) | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'. | string | | "private" |
-| [zone_create](variables.tf#L145) | Create zone. When set to false, uses a data source to reference existing zone. | bool | | true |
+| [name](variables.tf#L33) | Zone name, must be unique within the project. | string | ✓ | |
+| [project_id](variables.tf#L38) | Project id for the zone. | string | ✓ | |
+| [description](variables.tf#L21) | Domain description. | string | | "Terraform managed." |
+| [iam](variables.tf#L27) | IAM bindings in {ROLE => [MEMBERS]} format. | map(list(string)) | | null |
+| [recordsets](variables.tf#L43) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | map(object({…})) | | {} |
+| [zone_config](variables.tf#L78) | DNS zone configuration. | object({…}) | | null |
## Outputs
@@ -153,7 +161,6 @@ module "public-dns" {
| [id](outputs.tf#L27) | Fully qualified zone id. | |
| [name](outputs.tf#L32) | The DNS zone name. | |
| [name_servers](outputs.tf#L37) | The DNS zone name servers. | |
-| [type](outputs.tf#L42) | The DNS zone type. | |
-| [zone](outputs.tf#L47) | DNS zone resource. | |
+| [zone](outputs.tf#L42) | DNS zone resource. | |
diff --git a/modules/dns/main.tf b/modules/dns/main.tf
index 217ccd441..d10b63199 100644
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@@ -15,77 +15,87 @@
*/
locals {
+ managed_zone = (var.zone_config == null ?
+ data.google_dns_managed_zone.dns_managed_zone.0
+ : google_dns_managed_zone.dns_managed_zone.0
+ )
# split record name and type and set as keys in a map
_recordsets_0 = {
for key, attrs in var.recordsets :
key => merge(attrs, zipmap(["type", "name"], split(" ", key)))
}
# compute the final resource name for the recordset
- _recordsets = {
+ recordsets = {
for key, attrs in local._recordsets_0 :
key => merge(attrs, {
resource_name = (
attrs.name == ""
- ? var.domain
+ ? local.managed_zone.dns_name
: (
substr(attrs.name, -1, 1) == "."
? attrs.name
- : "${attrs.name}.${var.domain}"
+ : "${attrs.name}.${local.managed_zone.dns_name}"
)
)
})
}
- # split recordsets between regular, geo and wrr
- geo_recordsets = {
- for k, v in local._recordsets :
- k => v
- if v.geo_routing != null
- }
- regular_recordsets = {
- for k, v in local._recordsets :
- k => v
- if v.records != null
- }
- wrr_recordsets = {
- for k, v in local._recordsets :
- k => v
- if v.wrr_routing != null
- }
- zone = (
- var.zone_create
- ? try(
- google_dns_managed_zone.non-public.0, try(
- google_dns_managed_zone.public.0, null
- )
- )
- : try(data.google_dns_managed_zone.public.0, null)
+ client_networks = concat(
+ coalesce(try(var.zone_config.forwarding.client_networks, null), []),
+ coalesce(try(var.zone_config.peering.client_networks, null), []),
+ coalesce(try(var.zone_config.private.client_networks, null), [])
)
- dns_keys = try(
- data.google_dns_keys.dns_keys.0, null
+ visibility = (var.zone_config == null ?
+ null
+ : (var.zone_config.forwarding != null ||
+ var.zone_config.peering != null
+ || var.zone_config.private != null) ?
+ "private" :
+ "public"
)
}
-resource "google_dns_managed_zone" "non-public" {
- count = (var.zone_create && var.type != "public") ? 1 : 0
+resource "google_dns_managed_zone" "dns_managed_zone" {
+ count = (var.zone_config == null) ? 0 : 1
provider = google-beta
project = var.project_id
name = var.name
- dns_name = var.domain
+ dns_name = var.zone_config.domain
description = var.description
- visibility = "private"
- reverse_lookup = (var.type == "reverse-managed")
+ visibility = local.visibility
+ reverse_lookup = try(var.zone_config.private, null) != null && endswith(var.zone_config.domain, ".in-addr.arpa.")
+
+ dynamic "dnssec_config" {
+ for_each = try(var.zone_config.public.dnssec_config, null) == null ? [] : [""]
+ iterator = config
+ content {
+ kind = "dns#managedZoneDnsSecConfig"
+ non_existence = var.zone_config.public.dnssec_config.non_existence
+ state = var.zone_config.public.dnssec_config.state
+
+ default_key_specs {
+ algorithm = var.zone_config.public.dnssec_config.key_signing_key.algorithm
+ key_length = var.zone_config.public.dnssec_config.key_signing_key.key_length
+ key_type = "keySigning"
+ kind = "dns#dnsKeySpec"
+ }
+
+ default_key_specs {
+ algorithm = var.zone_config.public.dnssec_config.zone_signing_key.algorithm
+ key_length = var.zone_config.public.dnssec_config.zone_signing_key.key_length
+ key_type = "zoneSigning"
+ kind = "dns#dnsKeySpec"
+ }
+ }
+ }
dynamic "forwarding_config" {
- for_each = (
- var.type == "forwarding" &&
- var.forwarders != null &&
- length(var.forwarders) > 0
+ for_each = (length(coalesce(try(var.zone_config.forwarding.forwarders, null), {})) > 0
? [""]
: []
)
content {
dynamic "target_name_servers" {
- for_each = var.forwarders
+ for_each = var.zone_config.forwarding.forwarders
iterator = forwarder
content {
ipv4_address = forwarder.key
@@ -96,21 +106,19 @@ resource "google_dns_managed_zone" "non-public" {
}
dynamic "peering_config" {
- for_each = (
- var.type == "peering" && var.peer_network != null ? [""] : []
- )
+ for_each = try(var.zone_config.peering.peer_network, null) == null ? [] : [""]
content {
target_network {
- network_url = var.peer_network
+ network_url = var.zone_config.peering.peer_network
}
}
}
dynamic "private_visibility_config" {
- for_each = length(var.client_networks) > 0 ? [""] : []
+ for_each = length(local.client_networks) > 0 ? [""] : []
content {
dynamic "networks" {
- for_each = var.client_networks
+ for_each = local.client_networks
iterator = network
content {
network_url = network.value
@@ -120,85 +128,41 @@ resource "google_dns_managed_zone" "non-public" {
}
dynamic "service_directory_config" {
- for_each = (
- var.type == "service-directory" && var.service_directory_namespace != null
- ? [""]
- : []
+ for_each = (try(var.zone_config.private.service_directory_namespace, null) == null
+ ? []
+ : [""]
)
content {
namespace {
- namespace_url = var.service_directory_namespace
+ namespace_url = var.zone_config.private.service_directory_namespace
}
}
}
cloud_logging_config {
- enable_logging = var.enable_logging
+ enable_logging = try(var.zone_config.enable_logging, false)
}
}
-data "google_dns_managed_zone" "public" {
- count = var.zone_create ? 0 : 1
+data "google_dns_managed_zone" "dns_managed_zone" {
+ count = var.zone_config == null ? 1 : 0
project = var.project_id
name = var.name
}
-resource "google_dns_managed_zone" "public" {
- count = (var.zone_create && var.type == "public") ? 1 : 0
- project = var.project_id
- name = var.name
- dns_name = var.domain
- description = var.description
- visibility = "public"
-
- dynamic "dnssec_config" {
- for_each = var.dnssec_config == null ? [] : [1]
- iterator = config
- content {
- kind = "dns#managedZoneDnsSecConfig"
- non_existence = var.dnssec_config.non_existence
- state = var.dnssec_config.state
-
- default_key_specs {
- algorithm = var.dnssec_config.key_signing_key.algorithm
- key_length = var.dnssec_config.key_signing_key.key_length
- key_type = "keySigning"
- kind = "dns#dnsKeySpec"
- }
-
- default_key_specs {
- algorithm = var.dnssec_config.zone_signing_key.algorithm
- key_length = var.dnssec_config.zone_signing_key.key_length
- key_type = "zoneSigning"
- kind = "dns#dnsKeySpec"
- }
- }
- }
- cloud_logging_config {
- enable_logging = var.enable_logging
- }
-}
-
resource "google_dns_managed_zone_iam_binding" "iam_bindings" {
- for_each = coalesce(var.iam, {})
- project = var.project_id
- managed_zone = (var.type == "public"
- ? google_dns_managed_zone.public[0].name
- : google_dns_managed_zone.non-public[0].name)
- role = each.key
- members = each.value
+ for_each = coalesce(var.iam, {})
+ project = var.project_id
+ managed_zone = local.managed_zone.id
+ role = each.key
+ members = each.value
}
data "google_dns_keys" "dns_keys" {
- count = var.zone_create && (var.dnssec_config == {} || var.type != "public") ? 0 : 1
- managed_zone = local.zone.id
+ managed_zone = local.managed_zone.id
}
-resource "google_dns_record_set" "cloud-static-records" {
- for_each = (
- var.type == "public" || var.type == "private"
- ? local.regular_recordsets
- : {}
- )
+resource "google_dns_record_set" "dns_record_set" {
+ for_each = local.recordsets
project = var.project_id
managed_zone = var.name
name = each.value.resource_name
@@ -206,63 +170,27 @@ resource "google_dns_record_set" "cloud-static-records" {
ttl = each.value.ttl
rrdatas = each.value.records
- depends_on = [
- google_dns_managed_zone.non-public, google_dns_managed_zone.public
- ]
-}
-
-resource "google_dns_record_set" "cloud-geo-records" {
- for_each = (
- var.type == "public" || var.type == "private"
- ? local.geo_recordsets
- : {}
- )
- project = var.project_id
- managed_zone = var.name
- name = each.value.resource_name
- type = each.value.type
- ttl = each.value.ttl
-
- routing_policy {
- dynamic "geo" {
- for_each = each.value.geo_routing
- iterator = policy
- content {
- location = policy.value.location
- rrdatas = policy.value.records
+ dynamic "routing_policy" {
+ for_each = (each.value.geo_routing != null || each.value.wrr_routing != null) ? [""] : []
+ content {
+ dynamic "geo" {
+ for_each = coalesce(each.value.geo_routing, [])
+ content {
+ location = geo.value.location
+ rrdatas = geo.value.records
+ }
+ }
+ dynamic "wrr" {
+ for_each = coalesce(each.value.wrr_routing, [])
+ content {
+ weight = wrr.value.weight
+ rrdatas = wrr.value.records
+ }
}
}
}
depends_on = [
- google_dns_managed_zone.non-public, google_dns_managed_zone.public
+ google_dns_managed_zone.dns_managed_zone
]
-}
-
-resource "google_dns_record_set" "cloud-wrr-records" {
- for_each = (
- var.type == "public" || var.type == "private"
- ? local.wrr_recordsets
- : {}
- )
- project = var.project_id
- managed_zone = var.name
- name = each.value.resource_name
- type = each.value.type
- ttl = each.value.ttl
-
- routing_policy {
- dynamic "wrr" {
- for_each = each.value.wrr_routing
- iterator = policy
- content {
- weight = policy.value.weight
- rrdatas = policy.value.records
- }
- }
- }
-
- depends_on = [
- google_dns_managed_zone.non-public, google_dns_managed_zone.public
- ]
-}
+}
\ No newline at end of file
diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf
index ba87aea44..f8297d8be 100644
--- a/modules/dns/outputs.tf
+++ b/modules/dns/outputs.tf
@@ -16,35 +16,30 @@
output "dns_keys" {
description = "DNSKEY and DS records of DNSSEC-signed managed zones."
- value = local.dns_keys
+ value = data.google_dns_keys.dns_keys
}
output "domain" {
description = "The DNS zone domain."
- value = try(local.zone.dns_name, null)
+ value = local.managed_zone.dns_name
}
output "id" {
description = "Fully qualified zone id."
- value = try(local.zone.id, null)
+ value = local.managed_zone.id
}
output "name" {
description = "The DNS zone name."
- value = try(local.zone.name, null)
+ value = local.managed_zone.name
}
output "name_servers" {
description = "The DNS zone name servers."
- value = try(local.zone.name_servers, null)
-}
-
-output "type" {
- description = "The DNS zone type."
- value = var.type
+ value = local.managed_zone.name_servers
}
output "zone" {
description = "DNS zone resource."
- value = local.zone
+ value = local.managed_zone
}
diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
index 18a4187ee..1a9acf02c 100644
--- a/modules/dns/variables.tf
+++ b/modules/dns/variables.tf
@@ -18,57 +18,12 @@
# zone variables #
###############################################################################
-variable "client_networks" {
- description = "List of VPC self links that can see this zone."
- type = list(string)
- default = []
- nullable = false
-}
-
variable "description" {
description = "Domain description."
type = string
default = "Terraform managed."
}
-variable "dnssec_config" {
- description = "DNSSEC configuration for this zone."
- type = object({
- non_existence = optional(string, "nsec3")
- state = string
- key_signing_key = optional(object(
- { algorithm = string, key_length = number }),
- { algorithm = "rsasha256", key_length = 2048 }
- )
- zone_signing_key = optional(object(
- { algorithm = string, key_length = number }),
- { algorithm = "rsasha256", key_length = 1024 }
- )
- })
- default = {
- state = "off"
- }
- nullable = false
-}
-
-variable "domain" {
- description = "Zone domain, must end with a period."
- type = string
-}
-
-variable "enable_logging" {
- description = "Enable query logging for this zone."
- type = bool
- default = false
- nullable = false
-}
-
-variable "forwarders" {
- description = "Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default."
- type = map(string)
- default = {}
-}
-
variable "iam" {
description = "IAM bindings in {ROLE => [MEMBERS]} format."
type = map(list(string))
@@ -80,12 +35,6 @@ variable "name" {
type = string
}
-variable "peer_network" {
- description = "Peering network self link, only valid for 'peering' zone types."
- type = string
- default = null
-}
-
variable "project_id" {
description = "Project id for the zone."
type = string
@@ -126,27 +75,48 @@ variable "recordsets" {
}
}
-variable "service_directory_namespace" {
- description = "Service directory namespace id (URL), only valid for 'service-directory' zone types."
- type = string
- default = null
-}
-
-variable "type" {
- description = "Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'."
- type = string
- default = "private"
+variable "zone_config" {
+ description = "DNS zone configuration."
+ type = object({
+ domain = string
+ enable_logging = optional(bool, false)
+ forwarding = optional(object({
+ forwarders = optional(map(string))
+ client_networks = list(string)
+ }))
+ peering = optional(object({
+ client_networks = list(string)
+ peer_network = string
+ }))
+ public = optional(object({
+ dnssec_config = optional(object({
+ non_existence = optional(string, "nsec3")
+ state = string
+ key_signing_key = optional(object(
+ { algorithm = string, key_length = number }),
+ { algorithm = "rsasha256", key_length = 2048 }
+ )
+ zone_signing_key = optional(object(
+ { algorithm = string, key_length = number }),
+ { algorithm = "rsasha256", key_length = 1024 }
+ )
+ }))
+ }))
+ private = optional(object({
+ client_networks = list(string)
+ service_directory_namespace = optional(string)
+ }))
+ })
validation {
- condition = contains(["public", "private", "forwarding", "peering", "service-directory", "reverse-managed"], var.type)
- error_message = "Zone must be one of 'public', 'private', 'forwarding', 'peering', 'service-directory','reverse-managed'."
+ condition = (
+ (try(var.zone_config.forwarding, null) == null ? 0 : 1) +
+ (try(var.zone_config.peering, null) == null ? 0 : 1) +
+ (try(var.zone_config.public, null) == null ? 0 : 1) +
+ (try(var.zone_config.private, null) == null ? 0 : 1) <= 1
+ )
+ error_message = "Only one type of zone can be configured at a time."
}
-}
-
-variable "zone_create" {
- description = "Create zone. When set to false, uses a data source to reference existing zone."
- type = bool
- default = true
+ default = null
}
-
diff --git a/modules/service-directory/README.md b/modules/service-directory/README.md
index ee8323e48..d79c53043 100644
--- a/modules/service-directory/README.md
+++ b/modules/service-directory/README.md
@@ -77,15 +77,18 @@ module "service-directory" {
}
module "dns-sd" {
- source = "./fabric/modules/dns"
- project_id = "my-project"
- type = "service-directory"
- name = "apps"
- domain = "apps.example.org."
- client_networks = [var.vpc.self_link]
- service_directory_namespace = module.service-directory.id
+ source = "./fabric/modules/dns"
+ project_id = "my-project"
+ name = "apps"
+ zone_config = {
+ domain = "apps.example.org."
+ private = {
+ client_networks = [var.vpc.self_link]
+ service_directory_namespace = module.service-directory.id
+ }
+ }
}
-# tftest modules=2 resources=5 inventory=dns.yaml
+# tftest modules=2 resources=6 inventory=dns.yaml
```
diff --git a/tests/blueprints/factories/project_factory/examples/example.yaml b/tests/blueprints/factories/project_factory/examples/example.yaml
index f8396ef1d..ee4a1b489 100644
--- a/tests/blueprints/factories/project_factory/examples/example.yaml
+++ b/tests/blueprints/factories/project_factory/examples/example.yaml
@@ -65,7 +65,7 @@ values:
project: test1-project
sensitive_labels: []
type: email
- module.projects["project"].module.dns["ipsum"].google_dns_managed_zone.non-public[0]:
+ module.projects["project"].module.dns["ipsum"].google_dns_managed_zone.dns_managed_zone[0]:
dns_name: ipsum.dev.example.org
name: ipsum
private_visibility_config:
@@ -74,7 +74,7 @@ values:
- network_url: projects/foo/networks/bar
project: fast-dev-net-spoke-0
visibility: private
- module.projects["project"].module.dns["lorem"].google_dns_managed_zone.non-public[0]:
+ module.projects["project"].module.dns["lorem"].google_dns_managed_zone.dns_managed_zone[0]:
dns_name: lorem.dev.example.org
name: lorem
private_visibility_config:
diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml
index ae14f3cf4..9a16a6b44 100644
--- a/tests/fast/stages/s2_networking_a_peering/stage.yaml
+++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 27
- resources: 142
+ resources: 151
diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
index 1d0b86ef9..70c5c30ae 100644
--- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml
+++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 29
- resources: 179
+ resources: 188
diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml
index a17963260..e2d1aaf6f 100644
--- a/tests/fast/stages/s2_networking_c_nva/stage.yaml
+++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 41
- resources: 188
+ resources: 197
diff --git a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
index a11e2d06e..4b24b4128 100644
--- a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
+++ b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 20
- resources: 162
+ resources: 168
diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
index 7e911d036..ffde4a399 100644
--- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
+++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml
@@ -14,4 +14,4 @@
counts:
modules: 35
- resources: 201
+ resources: 210
diff --git a/tests/modules/dns/examples/forwarding-zone.yaml b/tests/modules/dns/examples/forwarding-zone.yaml
index 4a09114ee..fc1bc2c8e 100644
--- a/tests/modules/dns/examples/forwarding-zone.yaml
+++ b/tests/modules/dns/examples/forwarding-zone.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- module.private-dns.google_dns_managed_zone.non-public[0]:
+ module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
dns_name: test.example.
forwarding_config:
- target_name_servers:
diff --git a/tests/modules/dns/examples/peering-zone.yaml b/tests/modules/dns/examples/peering-zone.yaml
index 9f16adab6..ea3996ed0 100644
--- a/tests/modules/dns/examples/peering-zone.yaml
+++ b/tests/modules/dns/examples/peering-zone.yaml
@@ -13,8 +13,8 @@
# limitations under the License.
values:
- module.private-dns.google_dns_managed_zone.non-public[0]:
- description: Forwarding zone for .
+ module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
+ description: Terraform managed.
dns_name: .
forwarding_config: []
name: test-example
diff --git a/tests/modules/dns/examples/private-zone.yaml b/tests/modules/dns/examples/private-zone.yaml
index c82f97923..30e59c9f3 100644
--- a/tests/modules/dns/examples/private-zone.yaml
+++ b/tests/modules/dns/examples/private-zone.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- module.private-dns.google_dns_managed_zone.non-public[0]:
+ module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
description: Terraform managed.
dns_name: test.example.
force_destroy: false
@@ -26,7 +26,7 @@ values:
- network_url: projects/xxx/global/networks/aaa
project: myproject
visibility: private
- module.private-dns.google_dns_record_set.cloud-static-records["A localhost"]:
+ module.private-dns.google_dns_record_set.dns_record_set["A localhost"]:
managed_zone: test-example
name: localhost.test.example.
project: myproject
@@ -35,7 +35,7 @@ values:
- 127.0.0.1
ttl: 300
type: A
- module.private-dns.google_dns_record_set.cloud-static-records["A myhost"]:
+ module.private-dns.google_dns_record_set.dns_record_set["A myhost"]:
managed_zone: test-example
name: myhost.test.example.
project: myproject
diff --git a/tests/modules/dns/examples/public-zone.yaml b/tests/modules/dns/examples/public-zone.yaml
index 904d347e8..69f275998 100644
--- a/tests/modules/dns/examples/public-zone.yaml
+++ b/tests/modules/dns/examples/public-zone.yaml
@@ -13,12 +13,12 @@
# limitations under the License.
values:
- module.public-dns.google_dns_managed_zone.public[0]:
+ module.public-dns.google_dns_managed_zone.dns_managed_zone[0]:
dns_name: example.com.
name: example
project: myproject
visibility: public
- module.public-dns.google_dns_record_set.cloud-static-records["A myhost"]:
+ module.public-dns.google_dns_record_set.dns_record_set["A myhost"]:
managed_zone: example
name: myhost.example.com.
project: myproject
diff --git a/tests/modules/dns/examples/reverse-zone.yaml b/tests/modules/dns/examples/reverse-zone.yaml
index 17e76a12c..9798ced98 100644
--- a/tests/modules/dns/examples/reverse-zone.yaml
+++ b/tests/modules/dns/examples/reverse-zone.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- module.private-dns.google_dns_managed_zone.non-public[0]:
+ module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
description: Terraform managed.
dns_name: 0.0.10.in-addr.arpa.
name: test-example
diff --git a/tests/modules/dns/examples/routing-policies.yaml b/tests/modules/dns/examples/routing-policies.yaml
index 45b19276c..e5315bb74 100644
--- a/tests/modules/dns/examples/routing-policies.yaml
+++ b/tests/modules/dns/examples/routing-policies.yaml
@@ -13,11 +13,11 @@
# limitations under the License.
values:
- module.private-dns.google_dns_managed_zone.non-public[0]:
+ module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
dns_name: test.example.
name: test-example
project: myproject
- module.private-dns.google_dns_record_set.cloud-geo-records["A geo"]:
+ module.private-dns.google_dns_record_set.dns_record_set["A geo"]:
managed_zone: test-example
name: geo.test.example.
project: myproject
@@ -41,7 +41,7 @@ values:
rrdatas: null
ttl: 300
type: A
- module.private-dns.google_dns_record_set.cloud-static-records["A regular"]:
+ module.private-dns.google_dns_record_set.dns_record_set["A regular"]:
managed_zone: test-example
name: regular.test.example.
project: myproject
@@ -50,7 +50,7 @@ values:
- 10.20.0.1
ttl: 300
type: A
- module.private-dns.google_dns_record_set.cloud-wrr-records["A wrr"]:
+ module.private-dns.google_dns_record_set.dns_record_set["A wrr"]:
managed_zone: test-example
name: wrr.test.example.
project: myproject
diff --git a/tests/modules/dns/no_clients.tfvars b/tests/modules/dns/no_clients.tfvars
deleted file mode 100644
index 97b722734..000000000
--- a/tests/modules/dns/no_clients.tfvars
+++ /dev/null
@@ -1,5 +0,0 @@
-type = "private"
-domain = "test.example."
-name = "test"
-project_id = "my-project"
-client_networks = []
diff --git a/tests/modules/dns/no_clients.yaml b/tests/modules/dns/no_clients.yaml
deleted file mode 100644
index 42f628c9c..000000000
--- a/tests/modules/dns/no_clients.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
- google_dns_managed_zone.non-public[0]:
- dns_name: test.example.
- name: test
- private_visibility_config: []
- visibility: private
-
-counts:
- google_dns_managed_zone: 1
- modules: 0
- resources: 1
diff --git a/tests/modules/dns/null_forwarders.tfvars b/tests/modules/dns/null_forwarders.tfvars
deleted file mode 100644
index 4514d6395..000000000
--- a/tests/modules/dns/null_forwarders.tfvars
+++ /dev/null
@@ -1,4 +0,0 @@
-type = "forwarding"
-domain = "test.example."
-name = "test"
-project_id = "my-project"
diff --git a/tests/modules/dns/null_forwarders.yaml b/tests/modules/dns/null_forwarders.yaml
deleted file mode 100644
index bbe637fc2..000000000
--- a/tests/modules/dns/null_forwarders.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
- google_dns_managed_zone.non-public[0]:
- forwarding_config: []
-
-counts:
- google_dns_managed_zone: 1
diff --git a/tests/modules/dns/tftest.yaml b/tests/modules/dns/tftest.yaml
deleted file mode 100644
index 5172a013b..000000000
--- a/tests/modules/dns/tftest.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-# Copyright 2023 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module: modules/dns
-
-tests:
- no_clients:
- null_forwarders:
diff --git a/tests/modules/service_directory/examples/dns.yaml b/tests/modules/service_directory/examples/dns.yaml
index 57d49fbb3..42ace7074 100644
--- a/tests/modules/service_directory/examples/dns.yaml
+++ b/tests/modules/service_directory/examples/dns.yaml
@@ -13,7 +13,7 @@
# limitations under the License.
values:
- module.dns-sd.google_dns_managed_zone.non-public[0]:
+ module.dns-sd.google_dns_managed_zone.dns_managed_zone[0]:
dns_name: apps.example.org.
visibility: private
module.service-directory.google_service_directory_endpoint.default["app1/one"]: