zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add validation rule for DNS module health check targets (#2205)

This commit is contained in:
Ludovico Magnocavallo 2024-04-08 13:30:42 +02:00 committed by GitHub
parent f0197c2662
commit b472722b05
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/dns/README.md
View File

@ -163,7 +163,7 @@ module "public-dns" {
| [force_destroy](variables.tf#L23) | Set this to true to delete all records in the zone upon zone destruction. | <code>bool</code> | | <code>null</code> |
| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> | | <code>null</code> |
| [recordsets](variables.tf#L45) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map&#40;object&#40;&#123;&#10; ttl &#61; optional&#40;number, 300&#41;&#10; records &#61; optional&#40;list&#40;string&#41;&#41;&#10; geo_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; location &#61; string&#10; records &#61; optional&#40;list&#40;string&#41;&#41;&#10; health_checked_targets &#61; optional&#40;list&#40;object&#40;&#123;&#10; load_balancer_type &#61; string&#10; ip_address &#61; string&#10; port &#61; string&#10; ip_protocol &#61; string&#10; network_url &#61; string&#10; project &#61; string&#10; region &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10; &#125;&#41;&#41;&#41;&#10; wrr_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10; weight &#61; number&#10; records &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> | | <code>&#123;&#125;</code> |
| [zone_config](variables.tf#L89) | DNS zone configuration. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; forwarding &#61; optional&#40;object&#40;&#123;&#10; forwarders &#61; optional&#40;map&#40;string&#41;&#41;&#10; client_networks &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; peering &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; peer_network &#61; string&#10; &#125;&#41;&#41;&#10; public &#61; optional&#40;object&#40;&#123;&#10; dnssec_config &#61; optional&#40;object&#40;&#123;&#10; non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10; state &#61; string&#10; key_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10; &#41;&#10; zone_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10; &#41;&#10; &#125;&#41;&#41;&#10; enable_logging &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; private &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; service_directory_namespace &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
| [zone_config](variables.tf#L102) | DNS zone configuration. | <code title="object&#40;&#123;&#10; domain &#61; string&#10; forwarding &#61; optional&#40;object&#40;&#123;&#10; forwarders &#61; optional&#40;map&#40;string&#41;&#41;&#10; client_networks &#61; list&#40;string&#41;&#10; &#125;&#41;&#41;&#10; peering &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; peer_network &#61; string&#10; &#125;&#41;&#41;&#10; public &#61; optional&#40;object&#40;&#123;&#10; dnssec_config &#61; optional&#40;object&#40;&#123;&#10; non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10; state &#61; string&#10; key_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10; &#41;&#10; zone_signing_key &#61; optional&#40;object&#40;&#10; &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10; &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10; &#41;&#10; &#125;&#41;&#41;&#10; enable_logging &#61; optional&#40;bool, false&#41;&#10; &#125;&#41;&#41;&#10; private &#61; optional&#40;object&#40;&#123;&#10; client_networks &#61; list&#40;string&#41;&#10; service_directory_namespace &#61; optional&#40;string&#41;&#10; &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | | <code>null</code> |
## Outputs

13
modules/dns/variables.tf
View File

@ -84,6 +84,19 @@ variable "recordsets" {
])
error_message = "Only one of records, wrr_routing or geo_routing can be defined for each recordset."
}
validation {
condition = alltrue(flatten([
for k, v in coalesce(var.recordsets, {}) : [
for r in try(v.geo_routing.health_checked_targets, []) : [
contains(
["regionalL4ilb", "regionalL7ilb", "globalL7ilb", null],
try(r.load_balancer_type, null)
)
]
]
]))
error_message = "Invalid load balancer type for health checked target."
}
}
variable "zone_config" {