zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dns reponse policy e2e changes (#1994) 

dns reponse policy e2e changes
This commit is contained in:
dibaskar-google 2024-01-20 19:47:02 +01:00 committed by GitHub
parent 11d7edac64
commit 4ed738688a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 64 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/dns-response-policy/README.md
View File

@ -13,7 +13,7 @@ This example shows how to create a policy with a single rule, that directs a spe
```hcl
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
project_id = var.project_id
name = "googleapis"
networks = {
landing = var.vpc.self_link
@ -29,7 +29,7 @@ module "dns-policy" {
}
}
}
# tftest modules=1 resources=2 inventory=simple.yaml
# tftest modules=1 resources=2 inventory=simple.yaml e2e
```
### Use existing policy and override resolution via wildcard with exceptions
@ -39,8 +39,8 @@ This example shows how to create a policy with a single rule, that directs all G
```hcl
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
project_id = var.project_id
name = module.dns-response-policy.name
policy_create = false
networks = {
landing = var.vpc.self_link
@ -80,7 +80,7 @@ module "dns-policy" {
}
}
}
# tftest modules=1 resources=4 inventory=complex.yaml
# tftest modules=2 resources=5 fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e
```
### Define policy rules via a factory file
@ -90,15 +90,15 @@ This example shows how to define rules in a factory file, that mirrors the rules
```hcl
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
project_id = var.project_id
name = module.dns-response-policy.name
policy_create = false
networks = {
landing = var.vpc.self_link
}
rules_file = "config/rules.yaml"
}
# tftest modules=1 resources=4 files=rules-file inventory=complex.yaml
# tftest modules=2 resources=5 files=rules-file fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e
```
```yaml
@ -129,7 +129,6 @@ restricted:
# tftest-file id=rules-file path=config/rules.yaml
```
<!-- BEGIN TFDOC -->
## Variables
| name | description | type | required | default |
@ -151,4 +150,7 @@ restricted:
| [name](outputs.tf#L22) | Policy name. | |
| [policy](outputs.tf#L27) | Policy resource. | |
## Fixtures
- [dns-response-policy.tf](../../tests/fixtures/dns-response-policy.tf)
<!-- END TFDOC -->

22
tests/fixtures/dns-response-policy.tf vendored Normal file
View File

@ -0,0 +1,22 @@
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module "dns-response-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = var.project_id
name = "googleapis"
networks = {
landing = var.vpc.self_link
}
}

59
tests/modules/dns_response_policy/examples/complex.yaml
View File

@ -17,27 +17,27 @@ values:
behavior: null
dns_name: gcr.io.
local_data:
- local_datas:
- name: gcr.io.
rrdatas:
- restricted.googleapis.com.
ttl: null
type: CNAME
project: myproject
- local_datas:
- name: gcr.io.
rrdatas:
- restricted.googleapis.com.
ttl: null
type: CNAME
project: project-id
response_policy: googleapis
rule_name: gcr
timeouts: null
module.dns-policy.google_dns_response_policy_rule.default["googleapis-all"]:
behavior: null
dns_name: "*.googleapis.com."
dns_name: '*.googleapis.com.'
local_data:
- local_datas:
- name: "*.googleapis.com."
rrdatas:
- restricted.googleapis.com.
ttl: null
type: CNAME
project: myproject
- local_datas:
- name: '*.googleapis.com.'
rrdatas:
- restricted.googleapis.com.
ttl: null
type: CNAME
project: project-id
response_policy: googleapis
rule_name: googleapis-all
timeouts: null
@ -45,7 +45,7 @@ values:
behavior: bypassResponsePolicy
dns_name: pubsub.googleapis.com.
local_data: []
project: myproject
project: project-id
response_policy: googleapis
rule_name: pubsub
timeouts: null
@ -53,23 +53,22 @@ values:
behavior: null
dns_name: restricted.googleapis.com.
local_data:
- local_datas:
- name: restricted.googleapis.com.
rrdatas:
- 199.36.153.4
- 199.36.153.5
- 199.36.153.6
- 199.36.153.7
ttl: null
type: A
project: myproject
- local_datas:
- name: restricted.googleapis.com.
rrdatas:
- 199.36.153.4
- 199.36.153.5
- 199.36.153.6
- 199.36.153.7
ttl: null
type: A
project: project-id
response_policy: googleapis
rule_name: restricted
timeouts: null
counts:
google_dns_response_policy: 1
google_dns_response_policy_rule: 4
modules: 1
resources: 4
outputs: {}
modules: 2
resources: 5

4
tests/modules/dns_response_policy/examples/simple.yaml
View File

@ -17,7 +17,7 @@ values:
gke_clusters: []
networks:
- network_url: projects/xxx/global/networks/aaa
project: myproject
project: project-id
response_policy_name: googleapis
module.dns-policy.google_dns_response_policy_rule.default["pubsub"]:
behavior: null
@ -30,7 +30,7 @@ values:
- 199.36.153.5
ttl: null
type: A
project: myproject
project: project-id
response_policy: googleapis
rule_name: pubsub