# Google Cloud DNS Response Policy
This module allows management of a [Google Cloud DNS policy and its rules](https://cloud.google.com/dns/docs/zones/manage-response-policies). The policy can already exist and be referenced by name by setting the `policy_create` variable to `false`.
## Examples
### Manage policy and override resolution for specific names
This example shows how to create a policy with a single rule, that directs a specific Google API name to the restricted VIP addresses.
```hcl
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
networks = {
landing = var.vpc.self_link
}
rules = {
pubsub = {
dns_name = "pubsub.googleapis.com."
local_data = {
A = {
rrdatas = ["199.36.153.4", "199.36.153.5"]
}
}
}
}
}
# tftest modules=1 resources=2 inventory=simple.yaml
```
### Use existing policy and override resolution via wildcard with exceptions
This example shows how to create a policy with a single rule, that directs all Google API names except specific ones to the restricted VIP addresses.
```hcl
module "dns-policy" {
source = "./fabric/modules/dns-response-policy"
project_id = "myproject"
name = "googleapis"
policy_create = false
networks = {
landing = var.vpc.self_link
}
rules = {
default = {
dns_name = "*.googleapis.com."
local_data = {
CNAME = {
rrdatas = ["restricted.googleapis.com."]
}
}
}
pubsub = {
dns_name = "pubsub.googleapis.com."
}
restricted = {
dns_name = "restricted.googleapis.com."
local_data = {
A = {
rrdatas = ["199.36.153.4", "199.36.153.5"]
}
}
}
}
}
# tftest modules=1 resources=3 inventory=nocreate.yaml
```
## Variables
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
| [name](variables.tf#L30) | Policy name. | string
| ✓ | |
| [project_id](variables.tf#L49) | Project id for the zone. | string
| ✓ | |
| [clusters](variables.tf#L17) | Map of GKE clusters to which this policy is applied in name => id format. | map(string)
| | {}
|
| [description](variables.tf#L24) | Policy description. | string
| | "Terraform managed."
|
| [networks](variables.tf#L35) | Map of VPC self links to which this policy is applied in name => self link format. | map(string)
| | {}
|
| [policy_create](variables.tf#L42) | Set to false to use the existing policy matching name and only manage rules. | bool
| | true
|
| [rules](variables.tf#L54) | Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. | map(object({…}))
| | {}
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [id](outputs.tf#L17) | Policy id. | |
| [name](outputs.tf#L22) | Policy name. | |
| [policy](outputs.tf#L27) | Policy resource. | |