zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dns_keys output added to the dns module (#97) 

* dns_keys output added to the dns module, so DNSSEC attributes like DS entry will be outputed if DNSSEC configuration is provided

* Fix confition for dns_keys data source
This commit is contained in:
Aleksandr Averbukh 2020-06-17 11:43:46 +02:00 committed by GitHub
parent 7a100d08d4
commit ddc2f9c20d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -6,6 +6,7 @@ All notable changes to this project will be documented in this file.
- **incompatible change** routes in the `net-vpc` module now interpolate the VPC name to ensure uniqueness, upgrading from a previous version will drop and recreate routes
- the top-level `docker-images` folder has been moved inside `modules/cloud-config-container/onprem`
- `dns_keys` output added to the `dns` module
## [2.0.0] - 2020-06-11

1
modules/dns/README.md
View File

@ -43,6 +43,7 @@ module "private-dns" {
| name | description | sensitive |
|---|---|:---:|
| dns_keys | DNSKEY and DS records of DNSSEC-signed managed zones. | |
| domain | The DNS zone domain. | |
| name | The DNS zone name. | |
| name_servers | The DNS zone name servers. | |

9
modules/dns/main.tf
View File

@ -15,7 +15,6 @@
*/
locals {
is_static_zone = var.type == "public" || var.type == "private"
recordsets = var.recordsets == null ? {} : {
for record in var.recordsets :
join("/", [record.name, record.type]) => record
@ -25,6 +24,9 @@ locals {
google_dns_managed_zone.public.0, null
)
)
dns_keys = try(
data.google_dns_keys.dns_keys.0, null
)
}
resource "google_dns_managed_zone" "non-public" {
@ -120,6 +122,11 @@ resource "google_dns_managed_zone" "public" {
}
data "google_dns_keys" "dns_keys" {
count = var.dnssec_config == {} || var.type != "public" ? 0 : 1
managed_zone = google_dns_managed_zone.public.0.id
}
resource "google_dns_record_set" "cloud-static-records" {
for_each = (
var.type == "public" || var.type == "private"

5
modules/dns/outputs.tf
View File

@ -38,3 +38,8 @@ output "name_servers" {
description = "The DNS zone name servers."
value = try(local.zone.name_servers, null)
}
output "dns_keys" {
description = "DNSKEY and DS records of DNSSEC-signed managed zones."
value = local.dns_keys
}

6
modules/dns/versions.tf
View File

@ -15,5 +15,9 @@
*/
terraform {
required_version = ">= 0.12.6"
required_version = ">= 0.12.20"
required_providers {
google = "~> 3.10"
google-beta = "~> 3.10"
}
}