add validation rule for DNS module health check targets (#2205)
This commit is contained in:
parent
f0197c2662
commit
b472722b05
|
@ -163,7 +163,7 @@ module "public-dns" {
|
|||
| [force_destroy](variables.tf#L23) | Set this to true to delete all records in the zone upon zone destruction. | <code>bool</code> | | <code>null</code> |
|
||||
| [iam](variables.tf#L29) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map(list(string))</code> | | <code>null</code> |
|
||||
| [recordsets](variables.tf#L45) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map(object({ ttl = optional(number, 300) records = optional(list(string)) geo_routing = optional(list(object({ location = string records = optional(list(string)) health_checked_targets = optional(list(object({ load_balancer_type = string ip_address = string port = string ip_protocol = string network_url = string project = string region = optional(string) }))) }))) wrr_routing = optional(list(object({ weight = number records = list(string) }))) }))">map(object({…}))</code> | | <code>{}</code> |
|
||||
| [zone_config](variables.tf#L89) | DNS zone configuration. | <code title="object({ domain = string forwarding = optional(object({ forwarders = optional(map(string)) client_networks = list(string) })) peering = optional(object({ client_networks = list(string) peer_network = string })) public = optional(object({ dnssec_config = optional(object({ non_existence = optional(string, "nsec3") state = string key_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 2048 } ) zone_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 1024 } ) })) enable_logging = optional(bool, false) })) private = optional(object({ client_networks = list(string) service_directory_namespace = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
| [zone_config](variables.tf#L102) | DNS zone configuration. | <code title="object({ domain = string forwarding = optional(object({ forwarders = optional(map(string)) client_networks = list(string) })) peering = optional(object({ client_networks = list(string) peer_network = string })) public = optional(object({ dnssec_config = optional(object({ non_existence = optional(string, "nsec3") state = string key_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 2048 } ) zone_signing_key = optional(object( { algorithm = string, key_length = number }), { algorithm = "rsasha256", key_length = 1024 } ) })) enable_logging = optional(bool, false) })) private = optional(object({ client_networks = list(string) service_directory_namespace = optional(string) })) })">object({…})</code> | | <code>null</code> |
|
||||
|
||||
## Outputs
|
||||
|
||||
|
|
|
@ -84,6 +84,19 @@ variable "recordsets" {
|
|||
])
|
||||
error_message = "Only one of records, wrr_routing or geo_routing can be defined for each recordset."
|
||||
}
|
||||
validation {
|
||||
condition = alltrue(flatten([
|
||||
for k, v in coalesce(var.recordsets, {}) : [
|
||||
for r in try(v.geo_routing.health_checked_targets, []) : [
|
||||
contains(
|
||||
["regionalL4ilb", "regionalL7ilb", "globalL7ilb", null],
|
||||
try(r.load_balancer_type, null)
|
||||
)
|
||||
]
|
||||
]
|
||||
]))
|
||||
error_message = "Invalid load balancer type for health checked target."
|
||||
}
|
||||
}
|
||||
|
||||
variable "zone_config" {
|
||||
|
|
Loading…
Reference in New Issue