zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/dns/main.tf

216 lines
6.7 KiB
HCL
Raw Permalink Blame History

/**
* Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
locals {
managed_zone = (var.zone_config == null ?
data.google_dns_managed_zone.dns_managed_zone.0
: google_dns_managed_zone.dns_managed_zone.0
)
# split record name and type and set as keys in a map
_recordsets_0 = {
for key, attrs in var.recordsets :
key => merge(attrs, zipmap(["type", "name"], split(" ", key)))
}
# compute the final resource name for the recordset
recordsets = {
for key, attrs in local._recordsets_0 :
key => merge(attrs, {
resource_name = (
attrs.name == ""
? local.managed_zone.dns_name
: (
substr(attrs.name, -1, 1) == "."
? attrs.name
: "${attrs.name}.${local.managed_zone.dns_name}"
)
)
})
}
client_networks = concat(
coalesce(try(var.zone_config.forwarding.client_networks, null), []),
coalesce(try(var.zone_config.peering.client_networks, null), []),
coalesce(try(var.zone_config.private.client_networks, null), [])
)
visibility = (var.zone_config == null ?
null
: (var.zone_config.forwarding != null ||
var.zone_config.peering != null
|| var.zone_config.private != null) ?
"private" :
"public"
)
}
resource "google_dns_managed_zone" "dns_managed_zone" {
count = (var.zone_config == null) ? 0 : 1
provider = google-beta
project = var.project_id
name = var.name
dns_name = var.zone_config.domain
description = var.description
visibility = local.visibility
reverse_lookup = try(var.zone_config.private, null) != null && endswith(var.zone_config.domain, ".in-addr.arpa.")
dynamic "dnssec_config" {
for_each = try(var.zone_config.public.dnssec_config, null) == null ? [] : [""]
iterator = config
content {
kind = "dns#managedZoneDnsSecConfig"
non_existence = var.zone_config.public.dnssec_config.non_existence
state = var.zone_config.public.dnssec_config.state
default_key_specs {
algorithm = var.zone_config.public.dnssec_config.key_signing_key.algorithm
key_length = var.zone_config.public.dnssec_config.key_signing_key.key_length
key_type = "keySigning"
kind = "dns#dnsKeySpec"
}
default_key_specs {
algorithm = var.zone_config.public.dnssec_config.zone_signing_key.algorithm
key_length = var.zone_config.public.dnssec_config.zone_signing_key.key_length
key_type = "zoneSigning"
kind = "dns#dnsKeySpec"
}
}
}
dynamic "forwarding_config" {
for_each = (length(coalesce(try(var.zone_config.forwarding.forwarders, null), {})) > 0
? [""]
: []
)
content {
dynamic "target_name_servers" {
for_each = var.zone_config.forwarding.forwarders
iterator = forwarder
content {
ipv4_address = forwarder.key
forwarding_path = forwarder.value
}
}
}
}
dynamic "peering_config" {
for_each = try(var.zone_config.peering.peer_network, null) == null ? [] : [""]
content {
target_network {
network_url = var.zone_config.peering.peer_network
}
}
}
dynamic "private_visibility_config" {
for_each = length(local.client_networks) > 0 ? [""] : []
content {
dynamic "networks" {
for_each = local.client_networks
iterator = network
content {
network_url = network.value
}
}
}
}
dynamic "service_directory_config" {
for_each = (try(var.zone_config.private.service_directory_namespace, null) == null
? []
: [""]
)
content {
namespace {
namespace_url = var.zone_config.private.service_directory_namespace
}
}
}
cloud_logging_config {
enable_logging = try(var.zone_config.public.enable_logging, false)
}
}
data "google_dns_managed_zone" "dns_managed_zone" {
count = var.zone_config == null ? 1 : 0
project = var.project_id
name = var.name
}
resource "google_dns_managed_zone_iam_binding" "iam_bindings" {
for_each = coalesce(var.iam, {})
project = var.project_id
managed_zone = local.managed_zone.id
role = each.key
members = each.value
}
data "google_dns_keys" "dns_keys" {
count = try(var.zone_config.public.dnssec_config.state, "off") != "off" ? 1 : 0
managed_zone = local.managed_zone.id
project = var.project_id
}
resource "google_dns_record_set" "dns_record_set" {
for_each = local.recordsets
project = var.project_id
managed_zone = var.name
name = each.value.resource_name
type = each.value.type
ttl = each.value.ttl
rrdatas = each.value.records
dynamic "routing_policy" {
for_each = (each.value.geo_routing != null || each.value.wrr_routing != null) ? [""] : []
content {
dynamic "geo" {
for_each = coalesce(each.value.geo_routing, [])
content {
location = geo.value.location
rrdatas = geo.value.records
dynamic "health_checked_targets" {
for_each = try(geo.value.health_checked_targets, null) == null ? [] : [""]
content {
dynamic "internal_load_balancers" {
for_each = geo.value.health_checked_targets
content {
load_balancer_type = internal_load_balancers.value.load_balancer_type
ip_address = internal_load_balancers.value.ip_address
port = internal_load_balancers.value.port
ip_protocol = internal_load_balancers.value.ip_protocol
network_url = internal_load_balancers.value.network_url
project = internal_load_balancers.value.project
region = internal_load_balancers.value.region
}
}
}
}
}
}
dynamic "wrr" {
for_each = coalesce(each.value.wrr_routing, [])
content {
weight = wrr.value.weight
rrdatas = wrr.value.records
}
}
}
}
depends_on = [
google_dns_managed_zone.dns_managed_zone
]
}
Reference in New Issue View Git Blame Copy Permalink