From 27aa0aa64c7d3c3f9d35b2a2d54f8e95860cb913 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Fri, 20 Nov 2020 08:35:58 +0100 Subject: [PATCH] Add support for forwarding path to dns module (#171) * add support for forwarding path to dns module * update README --- modules/dns/README.md | 21 +++++++++++++++++++-- modules/dns/main.tf | 11 ++++++++--- modules/dns/variables.tf | 7 +++---- networking/onprem-google-access-dns/main.tf | 2 +- tests/modules/dns/fixture/variables.tf | 4 ++-- tests/modules/dns/test_plan.py | 4 ++-- 6 files changed, 35 insertions(+), 14 deletions(-) diff --git a/modules/dns/README.md b/modules/dns/README.md index 6a39e891..74c18633 100644 --- a/modules/dns/README.md +++ b/modules/dns/README.md @@ -4,7 +4,9 @@ This module allows simple management of Google Cloud DNS zones and records. It s For DNSSEC configuration, refer to the [`dns_managed_zone` documentation](https://www.terraform.io/docs/providers/google/r/dns_managed_zone.html#dnssec_config). -## Example +## Examples + +### Private Zone ```hcl module "private-dns" { @@ -21,6 +23,21 @@ module "private-dns" { # tftest:modules=1:resources=2 ``` +### Forwarding Zone + +```hcl +module "private-dns" { + source = "./modules/dns" + project_id = "myproject" + type = "forwarding" + name = "test-example" + domain = "test.example." + client_networks = [var.vpc.self_link] + forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" } +} +# tftest:modules=1:resources=1 +``` + ## Variables @@ -34,7 +51,7 @@ module "private-dns" { | *default_key_specs_zone* | DNSSEC default zone signing specifications: algorithm, key_length, key_type, kind. | any | | {} | | *description* | Domain description. | string | | Terraform managed. | | *dnssec_config* | DNSSEC configuration: kind, non_existence, state. | any | | {} | -| *forwarders* | List of target name servers, only valid for 'forwarding' zone types. | list(string) | | [] | +| *forwarders* | Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default. | map(string) | | {} | | *peer_network* | Peering network self link, only valid for 'peering' zone types. | string | | null | | *recordsets* | List of DNS record objects to manage. | list(object({...})) | | [] | | *service_directory_namespace* | Service directory namespace id (URL), only valid for 'service-directory' zone types. | string | | null | diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 40a511cc..28a29ad5 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -44,14 +44,19 @@ resource "google_dns_managed_zone" "non-public" { dynamic forwarding_config { for_each = ( - var.type == "forwarding" && var.forwarders != null ? [""] : [] + var.type == "forwarding" && + var.forwarders != null && + length(var.forwarders) > 0 + ? [""] + : [] ) content { dynamic "target_name_servers" { for_each = var.forwarders - iterator = address + iterator = forwarder content { - ipv4_address = address.value + ipv4_address = forwarder.key + forwarding_path = forwarder.value } } } diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf index be32349b..42d87d6c 100644 --- a/modules/dns/variables.tf +++ b/modules/dns/variables.tf @@ -53,11 +53,10 @@ variable "domain" { type = string } -# TODO(ludoo): add support for forwarding path attribute variable "forwarders" { - description = "List of target name servers, only valid for 'forwarding' zone types." - type = list(string) - default = [] + description = "Map of {IPV4_ADDRESS => FORWARDING_PATH} for 'forwarding' zone types. Path can be 'default', 'private', or null for provider default." + type = map(string) + default = {} } variable "name" { diff --git a/networking/onprem-google-access-dns/main.tf b/networking/onprem-google-access-dns/main.tf index 2c24d72e..5474bd03 100644 --- a/networking/onprem-google-access-dns/main.tf +++ b/networking/onprem-google-access-dns/main.tf @@ -152,7 +152,7 @@ module "dns-onprem" { name = "onprem-example" domain = "onprem.example.org." client_networks = [module.vpc.self_link] - forwarders = [cidrhost(var.ip_ranges.onprem, 3)] + forwarders = { cidrhost(var.ip_ranges.onprem, 3) = null } } resource "google_dns_policy" "inbound" { diff --git a/tests/modules/dns/fixture/variables.tf b/tests/modules/dns/fixture/variables.tf index a00eaeae..9b40dbf0 100644 --- a/tests/modules/dns/fixture/variables.tf +++ b/tests/modules/dns/fixture/variables.tf @@ -15,8 +15,8 @@ */ variable "forwarders" { - type = list(string) - default = null + type = map(string) + default = {} } variable "peer_network" { diff --git a/tests/modules/dns/test_plan.py b/tests/modules/dns/test_plan.py index 135adc95..dd3d5b9f 100644 --- a/tests/modules/dns/test_plan.py +++ b/tests/modules/dns/test_plan.py @@ -47,12 +47,12 @@ def test_forwarding(plan_runner): "Test forwarding zone with single forwarder." _, resources = plan_runner( FIXTURES_DIR, type='forwarding', recordsets='null', - forwarders='["dummy-vpc-self-link"]') + forwarders='{ "1.2.3.4" = null }') assert len(resources) == 1 resource = resources[0] assert resource['type'] == 'google_dns_managed_zone' assert resource['values']['forwarding_config'] == [{'target_name_servers': [ - {'forwarding_path': '', 'ipv4_address': 'dummy-vpc-self-link'}]}] + {'forwarding_path': '', 'ipv4_address': '1.2.3.4'}]}] def test_peering(plan_runner):