Add support for forwarding path to dns module (#171)

* add support for forwarding path to dns module * update README
2020-11-20 08:35:58 +01:00 · 2020-11-20 08:35:58 +01:00 · 27aa0aa64c
parent db444be03b
commit 27aa0aa64c
6 changed files with 35 additions and 14 deletions
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@ -4,7 +4,9 @@ This module allows simple management of Google Cloud DNS zones and records. It s

 For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config).

-## Example
+## Examples
+
+### Private Zone

 ```hcl
 module "private-dns" {
@ -21,6 +23,21 @@ module "private-dns" {
 # tftest:modules=1:resources=2
 ```

+### Forwarding Zone
+
+```hcl
+module "private-dns" {
+  source          = "./modules/dns"
+  project_id      = "myproject"
+  type            = "forwarding"
+  name            = "test-example"
+  domain          = "test.example."
+  client_networks = [var.vpc.self_link]
+  forwarders      = { "10.0.1.1" = null, "1.2.3.4" = "private" }
+}
+# tftest:modules=1:resources=1
+```
+
 <!-- BEGIN TFDOC -->
 ## Variables

@ -34,7 +51,7 @@ module "private-dns" {
 | *default_key_specs_zone* | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | <code title="">any</code> |  | <code title="">{}</code> |
 | *description* | Domain description. | <code title="">string</code> |  | <code title="">Terraform managed.</code> |
 | *dnssec_config* | DNSSEC configuration: kind, non_existence, state. | <code title="">any</code> |  | <code title="">{}</code> |
-| *forwarders* | List of target name servers, only valid for 'forwarding' zone types. | <code title="list&#40;string&#41;">list(string)</code> |  | <code title="">[]</code> |
+| *forwarders* | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | <code title="map&#40;string&#41;">map(string)</code> |  | <code title="">{}</code> |
 | *peer_network* | Peering network self link, only valid for 'peering' zone types. | <code title="">string</code> |  | <code title="">null</code> |
 | *recordsets* | List of DNS record objects to manage. | <code title="list&#40;object&#40;&#123;&#10;name    &#61; string&#10;type &#61; string&#10;ttl     &#61; number&#10;records &#61; list&#40;string&#41;&#10;&#125;&#41;&#41;">list(object({...}))</code> |  | <code title="">[]</code> |
 | *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | <code title="">string</code> |  | <code title="">null</code> |
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@ -44,14 +44,19 @@ resource "google_dns_managed_zone" "non-public" {

  dynamic forwarding_config {
    for_each = (
-      var.type == "forwarding" && var.forwarders != null ? [""] : []
+      var.type == "forwarding" &&
+      var.forwarders != null &&
+      length(var.forwarders) > 0
+      ? [""]
+      : []
    )
    content {
      dynamic "target_name_servers" {
        for_each = var.forwarders
-        iterator = address
+        iterator = forwarder
        content {
-          ipv4_address = address.value
+          ipv4_address    = forwarder.key
+          forwarding_path = forwarder.value
        }
      }
    }
--- a/modules/dns/variables.tf
+++ b/modules/dns/variables.tf
@ -53,11 +53,10 @@ variable "domain" {
  type        = string
 }

-# TODO(ludoo): add support for forwarding path attribute
 variable "forwarders" {
-  description = "List of target name servers, only valid for 'forwarding' zone types."
-  type        = list(string)
-  default     = []
+  description = "Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default."
+  type        = map(string)
+  default     = {}
 }

 variable "name" {
--- a/networking/onprem-google-access-dns/main.tf
+++ b/networking/onprem-google-access-dns/main.tf
@ -152,7 +152,7 @@ module "dns-onprem" {
  name            = "onprem-example"
  domain          = "onprem.example.org."
  client_networks = [module.vpc.self_link]
-  forwarders      = [cidrhost(var.ip_ranges.onprem, 3)]
+  forwarders      = { cidrhost(var.ip_ranges.onprem, 3) = null }
 }

 resource "google_dns_policy" "inbound" {
--- a/tests/modules/dns/fixture/variables.tf
+++ b/tests/modules/dns/fixture/variables.tf
@ -15,8 +15,8 @@
 */

 variable "forwarders" {
-  type    = list(string)
-  default = null
+  type    = map(string)
+  default = {}
 }

 variable "peer_network" {
--- a/tests/modules/dns/test_plan.py
+++ b/tests/modules/dns/test_plan.py
@ -47,12 +47,12 @@ def test_forwarding(plan_runner):
  "Test forwarding zone with single forwarder."
  _, resources = plan_runner(
      FIXTURES_DIR, type='forwarding', recordsets='null',
-      forwarders='["dummy-vpc-self-link"]')
+      forwarders='{ "1.2.3.4" = null }')
  assert len(resources) == 1
  resource = resources[0]
  assert resource['type'] == 'google_dns_managed_zone'
  assert resource['values']['forwarding_config'] == [{'target_name_servers': [
-      {'forwarding_path': '', 'ipv4_address': 'dummy-vpc-self-link'}]}]
+      {'forwarding_path': '', 'ipv4_address': '1.2.3.4'}]}]


 def test_peering(plan_runner):