zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/dns-response-policy
History
Fawzi 4722efea40 bump provider versions 2023-04-11 22:18:31 +10:00
..
README.md DNS policy module fixes (#1278) 2023-03-26 18:39:07 +02:00
main.tf DNS Response Policy module (#1276) 2023-03-26 17:42:57 +02:00
outputs.tf DNS policy module fixes (#1278) 2023-03-26 18:39:07 +02:00
variables.tf DNS policy module fixes (#1278) 2023-03-26 18:39:07 +02:00
versions.tf bump provider versions 2023-04-11 22:18:31 +10:00

README.md

Google Cloud DNS Response Policy

This module allows management of a Google Cloud DNS policy and its rules. The policy can already exist and be referenced by name by setting the policy_create variable to false.

Examples

Manage policy and override resolution for specific names

This example shows how to create a policy with a single rule, that directs a specific Google API name to the restricted VIP addresses.

module "dns-policy" {
  source     = "./fabric/modules/dns-response-policy"
  project_id = "myproject"
  name       = "googleapis"
  networks = {
    landing = var.vpc.self_link
  }
  rules = {
    pubsub = {
      dns_name = "pubsub.googleapis.com."
      local_data = {
        A = {
          rrdatas = ["199.36.153.4", "199.36.153.5"]
        }
      }
    }
  }
}
# tftest modules=1 resources=2 inventory=simple.yaml

Use existing policy and override resolution via wildcard with exceptions

This example shows how to create a policy with a single rule, that directs all Google API names except specific ones to the restricted VIP addresses.

module "dns-policy" {
  source        = "./fabric/modules/dns-response-policy"
  project_id    = "myproject"
  name          = "googleapis"
  policy_create = false
  networks = {
    landing = var.vpc.self_link
  }
  rules = {
    default = {
      dns_name = "*.googleapis.com."
      local_data = {
        CNAME = {
          rrdatas = ["restricted.googleapis.com."]
        }
      }
    }
    pubsub = {
      dns_name = "pubsub.googleapis.com."
    }
    restricted = {
      dns_name = "restricted.googleapis.com."
      local_data = {
        A = {
          rrdatas = ["199.36.153.4", "199.36.153.5"]
        }
      }
    }
  }
}
# tftest modules=1 resources=3 inventory=nocreate.yaml

Variables

name description type required default
name Policy name. string ✓
project_id Project id for the zone. string ✓
clusters Map of GKE clusters to which this policy is applied in name => id format. map(string) {}
description Policy description. string "Terraform managed."
networks Map of VPC self links to which this policy is applied in name => self link format. map(string) {}
policy_create Set to false to use the existing policy matching name and only manage rules. bool true
rules Map of policy rules in name => rule format. Local data takes precedence over behavior and is in the form record type => attributes. map(object({…})) {}

Outputs

name description sensitive
id Policy id.
name Policy name.
policy Policy resource.