parent
11d7edac64
commit
4ed738688a
|
@ -13,7 +13,7 @@ This example shows how to create a policy with a single rule, that directs a spe
|
||||||
```hcl
|
```hcl
|
||||||
module "dns-policy" {
|
module "dns-policy" {
|
||||||
source = "./fabric/modules/dns-response-policy"
|
source = "./fabric/modules/dns-response-policy"
|
||||||
project_id = "myproject"
|
project_id = var.project_id
|
||||||
name = "googleapis"
|
name = "googleapis"
|
||||||
networks = {
|
networks = {
|
||||||
landing = var.vpc.self_link
|
landing = var.vpc.self_link
|
||||||
|
@ -29,7 +29,7 @@ module "dns-policy" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=2 inventory=simple.yaml
|
# tftest modules=1 resources=2 inventory=simple.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
### Use existing policy and override resolution via wildcard with exceptions
|
### Use existing policy and override resolution via wildcard with exceptions
|
||||||
|
@ -39,8 +39,8 @@ This example shows how to create a policy with a single rule, that directs all G
|
||||||
```hcl
|
```hcl
|
||||||
module "dns-policy" {
|
module "dns-policy" {
|
||||||
source = "./fabric/modules/dns-response-policy"
|
source = "./fabric/modules/dns-response-policy"
|
||||||
project_id = "myproject"
|
project_id = var.project_id
|
||||||
name = "googleapis"
|
name = module.dns-response-policy.name
|
||||||
policy_create = false
|
policy_create = false
|
||||||
networks = {
|
networks = {
|
||||||
landing = var.vpc.self_link
|
landing = var.vpc.self_link
|
||||||
|
@ -80,7 +80,7 @@ module "dns-policy" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=4 inventory=complex.yaml
|
# tftest modules=2 resources=5 fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
### Define policy rules via a factory file
|
### Define policy rules via a factory file
|
||||||
|
@ -90,15 +90,15 @@ This example shows how to define rules in a factory file, that mirrors the rules
|
||||||
```hcl
|
```hcl
|
||||||
module "dns-policy" {
|
module "dns-policy" {
|
||||||
source = "./fabric/modules/dns-response-policy"
|
source = "./fabric/modules/dns-response-policy"
|
||||||
project_id = "myproject"
|
project_id = var.project_id
|
||||||
name = "googleapis"
|
name = module.dns-response-policy.name
|
||||||
policy_create = false
|
policy_create = false
|
||||||
networks = {
|
networks = {
|
||||||
landing = var.vpc.self_link
|
landing = var.vpc.self_link
|
||||||
}
|
}
|
||||||
rules_file = "config/rules.yaml"
|
rules_file = "config/rules.yaml"
|
||||||
}
|
}
|
||||||
# tftest modules=1 resources=4 files=rules-file inventory=complex.yaml
|
# tftest modules=2 resources=5 files=rules-file fixtures=fixtures/dns-response-policy.tf inventory=complex.yaml e2e
|
||||||
```
|
```
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -129,7 +129,6 @@ restricted:
|
||||||
# tftest-file id=rules-file path=config/rules.yaml
|
# tftest-file id=rules-file path=config/rules.yaml
|
||||||
```
|
```
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
| name | description | type | required | default |
|
| name | description | type | required | default |
|
||||||
|
@ -151,4 +150,7 @@ restricted:
|
||||||
| [name](outputs.tf#L22) | Policy name. | |
|
| [name](outputs.tf#L22) | Policy name. | |
|
||||||
| [policy](outputs.tf#L27) | Policy resource. | |
|
| [policy](outputs.tf#L27) | Policy resource. | |
|
||||||
|
|
||||||
|
## Fixtures
|
||||||
|
|
||||||
|
- [dns-response-policy.tf](../../tests/fixtures/dns-response-policy.tf)
|
||||||
<!-- END TFDOC -->
|
<!-- END TFDOC -->
|
||||||
|
|
|
@ -0,0 +1,22 @@
|
||||||
|
# Copyright 2024 Google LLC
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
module "dns-response-policy" {
|
||||||
|
source = "./fabric/modules/dns-response-policy"
|
||||||
|
project_id = var.project_id
|
||||||
|
name = "googleapis"
|
||||||
|
networks = {
|
||||||
|
landing = var.vpc.self_link
|
||||||
|
}
|
||||||
|
}
|
|
@ -23,21 +23,21 @@ values:
|
||||||
- restricted.googleapis.com.
|
- restricted.googleapis.com.
|
||||||
ttl: null
|
ttl: null
|
||||||
type: CNAME
|
type: CNAME
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy: googleapis
|
response_policy: googleapis
|
||||||
rule_name: gcr
|
rule_name: gcr
|
||||||
timeouts: null
|
timeouts: null
|
||||||
module.dns-policy.google_dns_response_policy_rule.default["googleapis-all"]:
|
module.dns-policy.google_dns_response_policy_rule.default["googleapis-all"]:
|
||||||
behavior: null
|
behavior: null
|
||||||
dns_name: "*.googleapis.com."
|
dns_name: '*.googleapis.com.'
|
||||||
local_data:
|
local_data:
|
||||||
- local_datas:
|
- local_datas:
|
||||||
- name: "*.googleapis.com."
|
- name: '*.googleapis.com.'
|
||||||
rrdatas:
|
rrdatas:
|
||||||
- restricted.googleapis.com.
|
- restricted.googleapis.com.
|
||||||
ttl: null
|
ttl: null
|
||||||
type: CNAME
|
type: CNAME
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy: googleapis
|
response_policy: googleapis
|
||||||
rule_name: googleapis-all
|
rule_name: googleapis-all
|
||||||
timeouts: null
|
timeouts: null
|
||||||
|
@ -45,7 +45,7 @@ values:
|
||||||
behavior: bypassResponsePolicy
|
behavior: bypassResponsePolicy
|
||||||
dns_name: pubsub.googleapis.com.
|
dns_name: pubsub.googleapis.com.
|
||||||
local_data: []
|
local_data: []
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy: googleapis
|
response_policy: googleapis
|
||||||
rule_name: pubsub
|
rule_name: pubsub
|
||||||
timeouts: null
|
timeouts: null
|
||||||
|
@ -62,14 +62,13 @@ values:
|
||||||
- 199.36.153.7
|
- 199.36.153.7
|
||||||
ttl: null
|
ttl: null
|
||||||
type: A
|
type: A
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy: googleapis
|
response_policy: googleapis
|
||||||
rule_name: restricted
|
rule_name: restricted
|
||||||
timeouts: null
|
timeouts: null
|
||||||
|
|
||||||
counts:
|
counts:
|
||||||
|
google_dns_response_policy: 1
|
||||||
google_dns_response_policy_rule: 4
|
google_dns_response_policy_rule: 4
|
||||||
modules: 1
|
modules: 2
|
||||||
resources: 4
|
resources: 5
|
||||||
|
|
||||||
outputs: {}
|
|
|
@ -17,7 +17,7 @@ values:
|
||||||
gke_clusters: []
|
gke_clusters: []
|
||||||
networks:
|
networks:
|
||||||
- network_url: projects/xxx/global/networks/aaa
|
- network_url: projects/xxx/global/networks/aaa
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy_name: googleapis
|
response_policy_name: googleapis
|
||||||
module.dns-policy.google_dns_response_policy_rule.default["pubsub"]:
|
module.dns-policy.google_dns_response_policy_rule.default["pubsub"]:
|
||||||
behavior: null
|
behavior: null
|
||||||
|
@ -30,7 +30,7 @@ values:
|
||||||
- 199.36.153.5
|
- 199.36.153.5
|
||||||
ttl: null
|
ttl: null
|
||||||
type: A
|
type: A
|
||||||
project: myproject
|
project: project-id
|
||||||
response_policy: googleapis
|
response_policy: googleapis
|
||||||
rule_name: pubsub
|
rule_name: pubsub
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue