From ecb9f1838c94a23f2658051f1df74f0ed413f6c5 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 7 Jan 2025 13:37:49 +0530 Subject: [PATCH 01/20] feat: dns records and zones inclusion --- README.md | 10 +++ examples/existing_vpc/main.tf | 4 + examples/existing_vpc/variables.tf | 22 +++++ examples/no-prefix/README.md | 2 +- .../specific-zone-with-dns-records/README.md | 8 ++ .../specific-zone-with-dns-records/main.tf | 66 ++++++++++++++ .../specific-zone-with-dns-records/outputs.tf | 54 ++++++++++++ .../provider.tf | 4 + .../variables.tf | 56 ++++++++++++ .../specific-zone-with-dns-records/version.tf | 10 +++ main.tf | 54 ++++++++++++ outputs.tf | 22 +++++ variables.tf | 86 +++++++++++++++++++ 13 files changed, 397 insertions(+), 1 deletion(-) create mode 100644 examples/specific-zone-with-dns-records/README.md create mode 100644 examples/specific-zone-with-dns-records/main.tf create mode 100644 examples/specific-zone-with-dns-records/outputs.tf create mode 100644 examples/specific-zone-with-dns-records/provider.tf create mode 100644 examples/specific-zone-with-dns-records/variables.tf create mode 100644 examples/specific-zone-with-dns-records/version.tf diff --git a/README.md b/README.md index 12478eb6..9f68293b 100644 --- a/README.md +++ b/README.md @@ -150,6 +150,8 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | +| [ibm_dns_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_record) | resource | +| [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_iam_authorization_policy.vpc_dns_resolution_auth_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_is_flow_log.flow_logs](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_flow_log) | resource | @@ -191,6 +193,10 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | +| [dns\_records](#input\_dns\_records) | Map of DNS record configurations | 
map(object({
    data               = string
    domain_id          = number
    expire             = optional(number)
    host               = string
    minimum_ttl        = optional(number)
    mx_priority        = optional(number, 0)
    refresh            = optional(number)
    responsible_person = string
    retry              = optional(number)
    tags               = optional(list(string))
    txt                = optional(string)
    ttl                = number
    type               = string
    # Below field are required for SRV records only
    protocol = optional(string)
    port     = optional(number)
    priority = optional(number)
    service  = optional(string)
    weight   = optional(number)
  }))
| `null` | no | +| [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `null` | no | +| [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `null` | no | +| [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | | [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no | | [enable\_hub\_vpc\_crn](#input\_enable\_hub\_vpc\_crn) | Indicates whether Hub VPC CRN is passed. | `bool` | `false` | no | | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | @@ -235,6 +241,10 @@ To attach access management tags to resources in this module, you need the follo | [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | +| [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | +| [dns\_zone](#output\_dns\_zone) | The ID of the DNS zone. The ID is composed of / | +| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the zone that is associated with the DNS zone. | +| [dns\_zone\_state](#output\_dns\_zone\_state) | The state of the DNS zone. | | [network\_acls](#output\_network\_acls) | List of shortnames and IDs of network ACLs | | [public\_gateways](#output\_public\_gateways) | Map of public gateways by zone | | [subnet\_detail\_list](#output\_subnet\_detail\_list) | A list of subnets containing names, CIDR blocks, and zones. | diff --git a/examples/existing_vpc/main.tf b/examples/existing_vpc/main.tf index 5132c99b..9de3d7b2 100644 --- a/examples/existing_vpc/main.tf +++ b/examples/existing_vpc/main.tf @@ -20,4 +20,8 @@ module "slz_vpc" { name = var.name public_gateway_name = var.public_gateway_name existing_subnets = [for id in var.subnet_ids : { "id" : id, "public_gateway" : false }] + dns_records = var.dns_records + dns_zone_name = var.dns_zone_name + # dns_zone_description = var.dns_zone_description + # dns_zone_label = var.dns_zone_label } diff --git a/examples/existing_vpc/variables.tf b/examples/existing_vpc/variables.tf index 4e46e0a4..86f4a182 100644 --- a/examples/existing_vpc/variables.tf +++ b/examples/existing_vpc/variables.tf @@ -33,3 +33,25 @@ variable "name" { description = "The string is used as a prefix for the naming of VPC resources." type = string } + +variable "dns_records" { + description = "List of DNS records to create" + type = list(object({ + name = string + type = string + rdata = string + ttl = optional(number) + preference = optional(number) + priority = optional(number) + port = optional(number) + protocol = optional(string) + service = optional(string) + weight = optional(number) + })) +} + +variable "dns_zone_name" { + description = "The name of the DNS zone to be created." + type = string +} + diff --git a/examples/no-prefix/README.md b/examples/no-prefix/README.md index 715e0eaa..0047fe5d 100644 --- a/examples/no-prefix/README.md +++ b/examples/no-prefix/README.md @@ -7,4 +7,4 @@ The following resources are provisioned by this example: * A new resource group, if an existing one is not passed in. * An IBM Virtual Private Cloud (VPC). * An IBM Cloud Object Storage Instance -* An IBMM Cloud Storage Bucket +* An IBM Cloud Storage Bucket diff --git a/examples/specific-zone-with-dns-records/README.md b/examples/specific-zone-with-dns-records/README.md new file mode 100644 index 00000000..1da76489 --- /dev/null +++ b/examples/specific-zone-with-dns-records/README.md @@ -0,0 +1,8 @@ +# Specific Zone Only Example + +A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (VPC) in a specific zone other than Zone 1. Also, shows how to use public gateways with a specific zone. In this example Zone 2 is used. A network ACL is specifically defined to allow all internet traffic. + +The following resources are provisioned by this example: + +* A new resource group, if an existing one is not passed in. +* An IBM Virtual Private Cloud (VPC) with a publicly exposed subnet. diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/specific-zone-with-dns-records/main.tf new file mode 100644 index 00000000..49891a52 --- /dev/null +++ b/examples/specific-zone-with-dns-records/main.tf @@ -0,0 +1,66 @@ +############################################################################## +# Resource Group +############################################################################## + +module "resource_group" { + source = "terraform-ibm-modules/resource-group/ibm" + version = "1.1.6" + # if an existing resource group is not set (null) create a new one using prefix + resource_group_name = var.resource_group == null ? "${var.prefix}-resource-group" : null + existing_resource_group_name = var.resource_group +} + +############################################################################# +# Provision VPC +############################################################################# + +module "slz_vpc" { + source = "../../" + resource_group_id = module.resource_group.resource_group_id + region = var.region + name = var.name + prefix = var.prefix + tags = var.resource_tags + subnets = { + zone-1 = [] + zone-2 = [ + { + name = "subnet-a" + cidr = "10.10.10.0/24" + public_gateway = true + acl_name = "${var.prefix}-acl" + } + ] + } + use_public_gateways = { + zone-1 = false + zone-2 = true + zone-3 = false + } + network_acls = [{ + name = "${var.prefix}-acl" + add_ibm_cloud_internal_rules = false + add_vpc_connectivity_rules = false + prepend_ibm_rules = false + rules = [{ + name = "inbound" + action = "allow" + source = "0.0.0.0/0" + destination = "0.0.0.0/0" + direction = "inbound" + }, + { + name = "outbound" + action = "allow" + source = "0.0.0.0/0" + destination = "0.0.0.0/0" + direction = "outbound" + } + ] + } + ] + dns_records = var.dns_records + dns_zone_name = var.dns_zone_name + # dns_zone_description = var.dns_zone_description + # dns_zone_label = var.dns_zone_label +} diff --git a/examples/specific-zone-with-dns-records/outputs.tf b/examples/specific-zone-with-dns-records/outputs.tf new file mode 100644 index 00000000..c9847b10 --- /dev/null +++ b/examples/specific-zone-with-dns-records/outputs.tf @@ -0,0 +1,54 @@ +############################################################################## +# Outputs +############################################################################## + +output "vpc_id" { + value = module.slz_vpc.vpc_id + description = "VPC id" +} + +output "vpc_crn" { + value = module.slz_vpc.vpc_crn + description = "VPC crn" +} + +output "network_acls" { + value = module.slz_vpc.network_acls + description = "VPC network ACLs" +} + +output "public_gateways" { + value = module.slz_vpc.public_gateways + description = "VPC public gateways" +} + +output "subnet_zone_list" { + value = module.slz_vpc.subnet_zone_list + description = "VPC subnet zone list" +} + +output "subnet_detail_map" { + value = module.slz_vpc.subnet_detail_map + description = "VPC subnet detail map" +} + +############### + +output "dns_zone_state" { + description = "The state of the DNS zone." + value = module.slz_vpc.dns_zone_state +} + +output "dns_zone" { + description = "The ID of the DNS zone. The ID is composed of /" + value = module.slz_vpc.dns_zone +} + +output "dns_zone_id" { + description = "The ID of the zone that is associated with the DNS zone." + value = module.slz_vpc.dns_zone_id +} +output "dns_record_ids" { + description = "List of all the domain resource records." + value = module.slz_vpc.dns_record_ids +} \ No newline at end of file diff --git a/examples/specific-zone-with-dns-records/provider.tf b/examples/specific-zone-with-dns-records/provider.tf new file mode 100644 index 00000000..df45ef50 --- /dev/null +++ b/examples/specific-zone-with-dns-records/provider.tf @@ -0,0 +1,4 @@ +provider "ibm" { + ibmcloud_api_key = var.ibmcloud_api_key + region = var.region +} diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/specific-zone-with-dns-records/variables.tf new file mode 100644 index 00000000..8aed38cc --- /dev/null +++ b/examples/specific-zone-with-dns-records/variables.tf @@ -0,0 +1,56 @@ +variable "ibmcloud_api_key" { + description = "APIkey that's associated with the account to provision resources to" + type = string + sensitive = true +} + +variable "region" { + description = "The region to which to deploy the VPC" + type = string + default = "us-south" +} + +variable "prefix" { + description = "The prefix that you would like to append to your resources" + type = string + default = "lz-vpc-with-dns" +} + +variable "name" { + description = "The name of the vpc" + type = string + default = "vpc-with-dns" +} + +variable "resource_group" { + type = string + description = "An existing resource group name to use for this example, if unset a new resource group will be created" + default = null +} + +variable "resource_tags" { + description = "List of Tags for the resource created" + type = list(string) + default = null +} +######## +variable "dns_records" { + description = "List of DNS records to create" + type = list(object({ + name = string + type = string + rdata = string + ttl = optional(number) + preference = optional(number) + priority = optional(number) + port = optional(number) + protocol = optional(string) + service = optional(string) + weight = optional(number) + })) +} + +variable "dns_zone_name" { + description = "The name of the DNS zone to be created." + type = string +} diff --git a/examples/specific-zone-with-dns-records/version.tf b/examples/specific-zone-with-dns-records/version.tf new file mode 100644 index 00000000..fa870dd3 --- /dev/null +++ b/examples/specific-zone-with-dns-records/version.tf @@ -0,0 +1,10 @@ +terraform { + required_version = ">= 1.3.0" + required_providers { + # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works + ibm = { + source = "IBM-Cloud/ibm" + version = "1.59.0" + } + } +} diff --git a/main.tf b/main.tf index efe70e1a..46dcc22d 100644 --- a/main.tf +++ b/main.tf @@ -57,6 +57,60 @@ locals { vpc_crn = var.create_vpc ? resource.ibm_is_vpc.vpc[0].crn : data.ibm_is_vpc.vpc.crn } +############################################################################## +# DNS ZONE +############################################################################## + +resource "ibm_dns_zone" "dns_zone" { + name = var.dns_zone_name + instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null + # instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + description = var.dns_zone_description + label = var.dns_zone_label +} + +############################################################################## +# DNS Records +############################################################################## + +# resource "ibm_dns_record" "dns_record" { +# for_each = var.dns_records +# data = each.value.data +# domain_id = each.value.domain_id +# host = each.value.host +# responsible_person = replace(each.value.responsible_person, "@", ".") +# ttl = each.value.ttl +# type = each.value.type +# expire = each.value.expire +# minimum_ttl = each.value.minimum_ttl +# mx_priority = each.value.mx_priority +# protocol = each.value.protocol +# port = each.value.port +# priority = each.value.priority +# refresh = each.value.refresh +# retry = each.value.retry +# service = each.value.service +# tags = each.value.tags +# # txt = each.value.txt #TODO: This is present in doc but gives error.Check. +# weight = each.value.weight +# } + +resource "ibm_dns_resource_record" "dns_record" { + count = length(var.dns_records) # Loop through a list of DNS records + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above + name = var.dns_records[count.index].name + type = var.dns_records[count.index].type + rdata = var.dns_records[count.index].rdata + ttl = var.dns_records[count.index].ttl + preference = var.dns_records[count.index].preference + priority = var.dns_records[count.index].priority + port = var.dns_records[count.index].port + protocol = var.dns_records[count.index].protocol + service = var.dns_records[count.index].service + weight = var.dns_records[count.index].weight +} + ############################################################################## # Create new VPC ############################################################################## diff --git a/outputs.tf b/outputs.tf index 5403ea26..8b9a3626 100644 --- a/outputs.tf +++ b/outputs.tf @@ -176,3 +176,25 @@ output "dns_custom_resolver_id" { description = "The ID of the DNS Custom Resolver." value = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? one(ibm_dns_custom_resolver.custom_resolver_hub[*].instance_id) : null } + +## DNS Zone and Records +output "dns_zone_state" { + description = "The state of the DNS zone." + value = ibm_dns_zone.dns_zone.state +} + +output "dns_zone" { + description = "The ID of the DNS zone. The ID is composed of /" + value = ibm_dns_zone.dns_zone.id +} + +output "dns_zone_id" { + description = "The ID of the zone that is associated with the DNS zone." + value = ibm_dns_zone.dns_zone.zone_id +} + +output "dns_record_ids" { + description = "List of all the domain resource records." + # value = [for record in ibm_dns_record.dns_record : record.id] + value = [for record in ibm_dns_resource_record.dns_record : record.id] +} diff --git a/variables.tf b/variables.tf index ac7a8114..6ad50f74 100644 --- a/variables.tf +++ b/variables.tf @@ -637,3 +637,89 @@ variable "dns_plan" { error_message = "`dns_plan` can either be standard-dns or free-plan." } } + +variable "dns_zone_name" { + description = "The name of the DNS zone to be created." + default = null + type = string +} + +# variable "instance_id" { +# description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." +# type = string +# } + +variable "dns_zone_description" { + description = "The description of the DNS zone." + type = string + default = "Default DNS Zone" +} + +variable "dns_zone_label" { + description = "Label associated with the DNS zone." + type = string + default = "dns-zone" +} + +# variable "dns_records" { +# description = "Map of DNS record configurations" +# default = null +# type = map(object({ +# data = string +# domain_id = number +# expire = optional(number) +# host = string # check this is like name? +# minimum_ttl = optional(number) +# mx_priority = optional(number, 0) +# refresh = optional(number) +# responsible_person = string +# retry = optional(number) +# tags = optional(list(string)) +# txt = optional(string) +# ttl = number +# type = string +# # Below field are required for SRV records only +# protocol = optional(string, "udp") +# port = optional(number, 1) # 1 is default in UI +# priority = optional(number,1) # 1 is default in UI # this is seen in case of MX +# service = optional(string) # service_name +# weight = optional(number,1) # 1 is default in UI +# })) + +# validation { +# condition = var.dns_records == null || alltrue([for record in var.dns_records != null ? var.dns_records : {} : (contains(["a", "aaaa", "cname", "mx", "ns", "ptr", "spf", "txt", "soa", "srv"], record.type))]) +# error_message = "Invalid domain resource record type is provided." +# } + +# validation { +# condition = var.dns_records == null || alltrue([ +# for record in var.dns_records != null ? var.dns_records : {} : ( +# record.type != "srv" || ( +# record.protocol != null && contains(["tcp", "udp", "tls"], lower(record.protocol)) && +# record.service != null && +# record.priority != null && +# record.weight != null +# ) +# ) +# ]) +# error_message = "Invalid DNS record configuration. For 'srv' records, 'protocol' must be 'tcp', 'udp' or 'tls' , and 'service', 'priority', and 'weight' must not be null." +# } + +# } + +variable "dns_records" { + description = "List of DNS records to create" + type = list(object({ + name = string + type = string + rdata = string + ttl = optional(number) + preference = optional(number) + priority = optional(number) + port = optional(number) + protocol = optional(string) + service = optional(string) + weight = optional(number) + })) + default = [] +} From 9ccda69743c07c58aafa7fa8b8dbcd51fbcd78e1 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 7 Jan 2025 19:56:07 +0530 Subject: [PATCH 02/20] fix: modified changes around the resource used --- README.md | 9 ++-- examples/existing_vpc/main.tf | 4 +- examples/existing_vpc/variables.tf | 1 - .../specific-zone-with-dns-records/main.tf | 7 ++- .../specific-zone-with-dns-records/outputs.tf | 4 +- .../variables.tf | 5 ++ main.tf | 53 ++++++------------- 7 files changed, 35 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index 9f68293b..23b2d07d 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,7 @@ This module creates the following IBM Cloud® Virtual Private Cloud (VPC) net * [Landing Zone example](./examples/landing_zone) * [No Prefix Example](./examples/no-prefix) * [Specific Zone Only Example](./examples/specific-zone-only) + * [Specific Zone Only Example](./examples/specific-zone-with-dns-records) * [Contributing](#contributing) @@ -150,7 +151,7 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | -| [ibm_dns_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_record) | resource | +| [ibm_dns_resource_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_resource_record) | resource | | [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_iam_authorization_policy.vpc_dns_resolution_auth_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | @@ -193,9 +194,9 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | -| [dns\_records](#input\_dns\_records) | Map of DNS record configurations | 
map(object({
    data               = string
    domain_id          = number
    expire             = optional(number)
    host               = string
    minimum_ttl        = optional(number)
    mx_priority        = optional(number, 0)
    refresh            = optional(number)
    responsible_person = string
    retry              = optional(number)
    tags               = optional(list(string))
    txt                = optional(string)
    ttl                = number
    type               = string
    # Below field are required for SRV records only
    protocol = optional(string)
    port     = optional(number)
    priority = optional(number)
    service  = optional(string)
    weight   = optional(number)
  }))
| `null` | no | -| [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `null` | no | -| [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `null` | no | +| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name       = string
    type       = string
    rdata      = string
    ttl        = optional(number)
    preference = optional(number)
    priority   = optional(number)
    port       = optional(number)
    protocol   = optional(string)
    service    = optional(string)
    weight     = optional(number)
  }))
| `[]` | no | +| [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | +| [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | | [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | | [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no | | [enable\_hub\_vpc\_crn](#input\_enable\_hub\_vpc\_crn) | Indicates whether Hub VPC CRN is passed. | `bool` | `false` | no | diff --git a/examples/existing_vpc/main.tf b/examples/existing_vpc/main.tf index 9de3d7b2..a70a11b1 100644 --- a/examples/existing_vpc/main.tf +++ b/examples/existing_vpc/main.tf @@ -20,8 +20,8 @@ module "slz_vpc" { name = var.name public_gateway_name = var.public_gateway_name existing_subnets = [for id in var.subnet_ids : { "id" : id, "public_gateway" : false }] - dns_records = var.dns_records - dns_zone_name = var.dns_zone_name + dns_records = var.dns_records + dns_zone_name = var.dns_zone_name # dns_zone_description = var.dns_zone_description # dns_zone_label = var.dns_zone_label } diff --git a/examples/existing_vpc/variables.tf b/examples/existing_vpc/variables.tf index 86f4a182..ae9a1daf 100644 --- a/examples/existing_vpc/variables.tf +++ b/examples/existing_vpc/variables.tf @@ -54,4 +54,3 @@ variable "dns_zone_name" { description = "The name of the DNS zone to be created." type = string } - diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/specific-zone-with-dns-records/main.tf index 49891a52..3b2f54d7 100644 --- a/examples/specific-zone-with-dns-records/main.tf +++ b/examples/specific-zone-with-dns-records/main.tf @@ -59,8 +59,11 @@ module "slz_vpc" { ] } ] - dns_records = var.dns_records - dns_zone_name = var.dns_zone_name + enable_hub = true + use_existing_dns_instance = true + existing_dns_instance_id = var.existing_dns_instance_id + dns_records = var.dns_records + dns_zone_name = var.dns_zone_name # dns_zone_description = var.dns_zone_description # dns_zone_label = var.dns_zone_label } diff --git a/examples/specific-zone-with-dns-records/outputs.tf b/examples/specific-zone-with-dns-records/outputs.tf index c9847b10..c7baa19b 100644 --- a/examples/specific-zone-with-dns-records/outputs.tf +++ b/examples/specific-zone-with-dns-records/outputs.tf @@ -50,5 +50,5 @@ output "dns_zone_id" { } output "dns_record_ids" { description = "List of all the domain resource records." - value = module.slz_vpc.dns_record_ids -} \ No newline at end of file + value = module.slz_vpc.dns_record_ids +} diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/specific-zone-with-dns-records/variables.tf index 8aed38cc..cbae07f1 100644 --- a/examples/specific-zone-with-dns-records/variables.tf +++ b/examples/specific-zone-with-dns-records/variables.tf @@ -54,3 +54,8 @@ variable "dns_zone_name" { description = "The name of the DNS zone to be created." type = string } + +variable "existing_dns_instance_id" { + description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." + type = string +} diff --git a/main.tf b/main.tf index 46dcc22d..8adca9d5 100644 --- a/main.tf +++ b/main.tf @@ -63,8 +63,9 @@ locals { resource "ibm_dns_zone" "dns_zone" { name = var.dns_zone_name - instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null - # instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null + instance_id = var.existing_dns_instance_id + # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid description = var.dns_zone_description label = var.dns_zone_label } @@ -73,42 +74,20 @@ resource "ibm_dns_zone" "dns_zone" { # DNS Records ############################################################################## -# resource "ibm_dns_record" "dns_record" { -# for_each = var.dns_records -# data = each.value.data -# domain_id = each.value.domain_id -# host = each.value.host -# responsible_person = replace(each.value.responsible_person, "@", ".") -# ttl = each.value.ttl -# type = each.value.type -# expire = each.value.expire -# minimum_ttl = each.value.minimum_ttl -# mx_priority = each.value.mx_priority -# protocol = each.value.protocol -# port = each.value.port -# priority = each.value.priority -# refresh = each.value.refresh -# retry = each.value.retry -# service = each.value.service -# tags = each.value.tags -# # txt = each.value.txt #TODO: This is present in doc but gives error.Check. -# weight = each.value.weight -# } - resource "ibm_dns_resource_record" "dns_record" { - count = length(var.dns_records) # Loop through a list of DNS records - instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above - name = var.dns_records[count.index].name - type = var.dns_records[count.index].type - rdata = var.dns_records[count.index].rdata - ttl = var.dns_records[count.index].ttl - preference = var.dns_records[count.index].preference - priority = var.dns_records[count.index].priority - port = var.dns_records[count.index].port - protocol = var.dns_records[count.index].protocol - service = var.dns_records[count.index].service - weight = var.dns_records[count.index].weight + for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above + name = each.value.name + type = each.value.type + rdata = each.value.rdata + ttl = each.value.ttl + preference = each.value.preference + priority = each.value.priority + port = each.value.port + protocol = each.value.protocol + service = each.value.service + weight = each.value.weight } ############################################################################## From 81b60930be71ef52c1dd120dddee0706fe38e8e4 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 18:54:24 +0530 Subject: [PATCH 03/20] test: tmp reverted changes --- .../specific-zone-with-dns-records/main.tf | 10 ++-- .../specific-zone-with-dns-records/outputs.tf | 36 +++++++-------- .../variables.tf | 46 +++++++++---------- main.tf | 1 + 4 files changed, 47 insertions(+), 46 deletions(-) diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/specific-zone-with-dns-records/main.tf index 3b2f54d7..2320516c 100644 --- a/examples/specific-zone-with-dns-records/main.tf +++ b/examples/specific-zone-with-dns-records/main.tf @@ -59,11 +59,11 @@ module "slz_vpc" { ] } ] - enable_hub = true - use_existing_dns_instance = true - existing_dns_instance_id = var.existing_dns_instance_id - dns_records = var.dns_records - dns_zone_name = var.dns_zone_name + # enable_hub = true + # use_existing_dns_instance = true + # existing_dns_instance_id = var.existing_dns_instance_id + # dns_records = var.dns_records + # dns_zone_name = var.dns_zone_name # dns_zone_description = var.dns_zone_description # dns_zone_label = var.dns_zone_label } diff --git a/examples/specific-zone-with-dns-records/outputs.tf b/examples/specific-zone-with-dns-records/outputs.tf index c7baa19b..2478efee 100644 --- a/examples/specific-zone-with-dns-records/outputs.tf +++ b/examples/specific-zone-with-dns-records/outputs.tf @@ -34,21 +34,21 @@ output "subnet_detail_map" { ############### -output "dns_zone_state" { - description = "The state of the DNS zone." - value = module.slz_vpc.dns_zone_state -} - -output "dns_zone" { - description = "The ID of the DNS zone. The ID is composed of /" - value = module.slz_vpc.dns_zone -} - -output "dns_zone_id" { - description = "The ID of the zone that is associated with the DNS zone." - value = module.slz_vpc.dns_zone_id -} -output "dns_record_ids" { - description = "List of all the domain resource records." - value = module.slz_vpc.dns_record_ids -} +# output "dns_zone_state" { +# description = "The state of the DNS zone." +# value = module.slz_vpc.dns_zone_state +# } + +# output "dns_zone" { +# description = "The ID of the DNS zone. The ID is composed of /" +# value = module.slz_vpc.dns_zone +# } + +# output "dns_zone_id" { +# description = "The ID of the zone that is associated with the DNS zone." +# value = module.slz_vpc.dns_zone_id +# } +# output "dns_record_ids" { +# description = "List of all the domain resource records." +# value = module.slz_vpc.dns_record_ids +# } diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/specific-zone-with-dns-records/variables.tf index cbae07f1..a6a606f3 100644 --- a/examples/specific-zone-with-dns-records/variables.tf +++ b/examples/specific-zone-with-dns-records/variables.tf @@ -34,28 +34,28 @@ variable "resource_tags" { default = null } ######## -variable "dns_records" { - description = "List of DNS records to create" - type = list(object({ - name = string - type = string - rdata = string - ttl = optional(number) - preference = optional(number) - priority = optional(number) - port = optional(number) - protocol = optional(string) - service = optional(string) - weight = optional(number) - })) -} +# variable "dns_records" { +# description = "List of DNS records to create" +# type = list(object({ +# name = string +# type = string +# rdata = string +# ttl = optional(number) +# preference = optional(number) +# priority = optional(number) +# port = optional(number) +# protocol = optional(string) +# service = optional(string) +# weight = optional(number) +# })) +# } -variable "dns_zone_name" { - description = "The name of the DNS zone to be created." - type = string -} +# variable "dns_zone_name" { +# description = "The name of the DNS zone to be created." +# type = string +# } -variable "existing_dns_instance_id" { - description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." - type = string -} +# variable "existing_dns_instance_id" { +# description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." +# type = string +# } diff --git a/main.tf b/main.tf index 8adca9d5..88020ea6 100644 --- a/main.tf +++ b/main.tf @@ -75,6 +75,7 @@ resource "ibm_dns_zone" "dns_zone" { ############################################################################## resource "ibm_dns_resource_record" "dns_record" { + depends_on = [ibm_dns_zone.dns_zone] for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above From 293f0cf55893e130af0e654dc2f23209a0feb9d2 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 19:08:51 +0530 Subject: [PATCH 04/20] test: tmp reverted changes --- README.md | 10 ----- examples/existing_vpc/main.tf | 4 -- examples/existing_vpc/variables.tf | 21 --------- main.tf | 48 ++++++++++----------- outputs.tf | 40 +++++++++--------- variables.tf | 68 +++++++++++++++--------------- 6 files changed, 78 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index 23b2d07d..7a6949b5 100644 --- a/README.md +++ b/README.md @@ -151,8 +151,6 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | -| [ibm_dns_resource_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_resource_record) | resource | -| [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_iam_authorization_policy.vpc_dns_resolution_auth_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_is_flow_log.flow_logs](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_flow_log) | resource | @@ -194,10 +192,6 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | -| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name       = string
    type       = string
    rdata      = string
    ttl        = optional(number)
    preference = optional(number)
    priority   = optional(number)
    port       = optional(number)
    protocol   = optional(string)
    service    = optional(string)
    weight     = optional(number)
  }))
| `[]` | no | -| [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | -| [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | -| [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | | [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no | | [enable\_hub\_vpc\_crn](#input\_enable\_hub\_vpc\_crn) | Indicates whether Hub VPC CRN is passed. | `bool` | `false` | no | | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | @@ -242,10 +236,6 @@ To attach access management tags to resources in this module, you need the follo | [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | -| [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | -| [dns\_zone](#output\_dns\_zone) | The ID of the DNS zone. The ID is composed of / | -| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the zone that is associated with the DNS zone. | -| [dns\_zone\_state](#output\_dns\_zone\_state) | The state of the DNS zone. | | [network\_acls](#output\_network\_acls) | List of shortnames and IDs of network ACLs | | [public\_gateways](#output\_public\_gateways) | Map of public gateways by zone | | [subnet\_detail\_list](#output\_subnet\_detail\_list) | A list of subnets containing names, CIDR blocks, and zones. | diff --git a/examples/existing_vpc/main.tf b/examples/existing_vpc/main.tf index a70a11b1..5132c99b 100644 --- a/examples/existing_vpc/main.tf +++ b/examples/existing_vpc/main.tf @@ -20,8 +20,4 @@ module "slz_vpc" { name = var.name public_gateway_name = var.public_gateway_name existing_subnets = [for id in var.subnet_ids : { "id" : id, "public_gateway" : false }] - dns_records = var.dns_records - dns_zone_name = var.dns_zone_name - # dns_zone_description = var.dns_zone_description - # dns_zone_label = var.dns_zone_label } diff --git a/examples/existing_vpc/variables.tf b/examples/existing_vpc/variables.tf index ae9a1daf..4e46e0a4 100644 --- a/examples/existing_vpc/variables.tf +++ b/examples/existing_vpc/variables.tf @@ -33,24 +33,3 @@ variable "name" { description = "The string is used as a prefix for the naming of VPC resources." type = string } - -variable "dns_records" { - description = "List of DNS records to create" - type = list(object({ - name = string - type = string - rdata = string - ttl = optional(number) - preference = optional(number) - priority = optional(number) - port = optional(number) - protocol = optional(string) - service = optional(string) - weight = optional(number) - })) -} - -variable "dns_zone_name" { - description = "The name of the DNS zone to be created." - type = string -} diff --git a/main.tf b/main.tf index 88020ea6..0c95614b 100644 --- a/main.tf +++ b/main.tf @@ -61,35 +61,35 @@ locals { # DNS ZONE ############################################################################## -resource "ibm_dns_zone" "dns_zone" { - name = var.dns_zone_name - # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null - instance_id = var.existing_dns_instance_id - # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - description = var.dns_zone_description - label = var.dns_zone_label -} +# resource "ibm_dns_zone" "dns_zone" { +# name = var.dns_zone_name +# # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null +# instance_id = var.existing_dns_instance_id +# # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid +# description = var.dns_zone_description +# label = var.dns_zone_label +# } ############################################################################## # DNS Records ############################################################################## -resource "ibm_dns_resource_record" "dns_record" { - depends_on = [ibm_dns_zone.dns_zone] - for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records - instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above - name = each.value.name - type = each.value.type - rdata = each.value.rdata - ttl = each.value.ttl - preference = each.value.preference - priority = each.value.priority - port = each.value.port - protocol = each.value.protocol - service = each.value.service - weight = each.value.weight -} +# resource "ibm_dns_resource_record" "dns_record" { +# depends_on = [ibm_dns_zone.dns_zone] +# for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records +# instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid +# zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above +# name = each.value.name +# type = each.value.type +# rdata = each.value.rdata +# ttl = each.value.ttl +# preference = each.value.preference +# priority = each.value.priority +# port = each.value.port +# protocol = each.value.protocol +# service = each.value.service +# weight = each.value.weight +# } ############################################################################## # Create new VPC diff --git a/outputs.tf b/outputs.tf index 8b9a3626..8183b70d 100644 --- a/outputs.tf +++ b/outputs.tf @@ -178,23 +178,23 @@ output "dns_custom_resolver_id" { } ## DNS Zone and Records -output "dns_zone_state" { - description = "The state of the DNS zone." - value = ibm_dns_zone.dns_zone.state -} - -output "dns_zone" { - description = "The ID of the DNS zone. The ID is composed of /" - value = ibm_dns_zone.dns_zone.id -} - -output "dns_zone_id" { - description = "The ID of the zone that is associated with the DNS zone." - value = ibm_dns_zone.dns_zone.zone_id -} - -output "dns_record_ids" { - description = "List of all the domain resource records." - # value = [for record in ibm_dns_record.dns_record : record.id] - value = [for record in ibm_dns_resource_record.dns_record : record.id] -} +# output "dns_zone_state" { +# description = "The state of the DNS zone." +# value = ibm_dns_zone.dns_zone.state +# } + +# output "dns_zone" { +# description = "The ID of the DNS zone. The ID is composed of /" +# value = ibm_dns_zone.dns_zone.id +# } + +# output "dns_zone_id" { +# description = "The ID of the zone that is associated with the DNS zone." +# value = ibm_dns_zone.dns_zone.zone_id +# } + +# output "dns_record_ids" { +# description = "List of all the domain resource records." +# # value = [for record in ibm_dns_record.dns_record : record.id] +# value = [for record in ibm_dns_resource_record.dns_record : record.id] +# } diff --git a/variables.tf b/variables.tf index 6ad50f74..4da52965 100644 --- a/variables.tf +++ b/variables.tf @@ -638,28 +638,28 @@ variable "dns_plan" { } } -variable "dns_zone_name" { - description = "The name of the DNS zone to be created." - default = null - type = string -} - -# variable "instance_id" { -# description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." +# variable "dns_zone_name" { +# description = "The name of the DNS zone to be created." +# default = null # type = string # } -variable "dns_zone_description" { - description = "The description of the DNS zone." - type = string - default = "Default DNS Zone" -} +# # variable "instance_id" { +# # description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." +# # type = string +# # } -variable "dns_zone_label" { - description = "Label associated with the DNS zone." - type = string - default = "dns-zone" -} +# variable "dns_zone_description" { +# description = "The description of the DNS zone." +# type = string +# default = "Default DNS Zone" +# } + +# variable "dns_zone_label" { +# description = "Label associated with the DNS zone." +# type = string +# default = "dns-zone" +# } # variable "dns_records" { # description = "Map of DNS record configurations" @@ -707,19 +707,19 @@ variable "dns_zone_label" { # } -variable "dns_records" { - description = "List of DNS records to create" - type = list(object({ - name = string - type = string - rdata = string - ttl = optional(number) - preference = optional(number) - priority = optional(number) - port = optional(number) - protocol = optional(string) - service = optional(string) - weight = optional(number) - })) - default = [] -} +# variable "dns_records" { +# description = "List of DNS records to create" +# type = list(object({ +# name = string +# type = string +# rdata = string +# ttl = optional(number) +# preference = optional(number) +# priority = optional(number) +# port = optional(number) +# protocol = optional(string) +# service = optional(string) +# weight = optional(number) +# })) +# default = [] +# } From 309aa6ea2e6d45cdd7ec1d0d952a1955f25a57f2 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 19:25:03 +0530 Subject: [PATCH 05/20] test: dns changes added back --- README.md | 10 +++ .../specific-zone-with-dns-records/main.tf | 10 +-- .../specific-zone-with-dns-records/outputs.tf | 36 +++++----- .../variables.tf | 46 ++++++------- main.tf | 48 ++++++------- outputs.tf | 40 +++++------ variables.tf | 68 +++++++++---------- 7 files changed, 134 insertions(+), 124 deletions(-) diff --git a/README.md b/README.md index 7a6949b5..23b2d07d 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,8 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | +| [ibm_dns_resource_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_resource_record) | resource | +| [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_iam_authorization_policy.vpc_dns_resolution_auth_policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | | [ibm_is_flow_log.flow_logs](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/is_flow_log) | resource | @@ -192,6 +194,10 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | +| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name       = string
    type       = string
    rdata      = string
    ttl        = optional(number)
    preference = optional(number)
    priority   = optional(number)
    port       = optional(number)
    protocol   = optional(string)
    service    = optional(string)
    weight     = optional(number)
  }))
| `[]` | no | +| [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | +| [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | +| [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | | [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no | | [enable\_hub\_vpc\_crn](#input\_enable\_hub\_vpc\_crn) | Indicates whether Hub VPC CRN is passed. | `bool` | `false` | no | | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | @@ -236,6 +242,10 @@ To attach access management tags to resources in this module, you need the follo | [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | +| [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | +| [dns\_zone](#output\_dns\_zone) | The ID of the DNS zone. The ID is composed of / | +| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the zone that is associated with the DNS zone. | +| [dns\_zone\_state](#output\_dns\_zone\_state) | The state of the DNS zone. | | [network\_acls](#output\_network\_acls) | List of shortnames and IDs of network ACLs | | [public\_gateways](#output\_public\_gateways) | Map of public gateways by zone | | [subnet\_detail\_list](#output\_subnet\_detail\_list) | A list of subnets containing names, CIDR blocks, and zones. | diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/specific-zone-with-dns-records/main.tf index 2320516c..3b2f54d7 100644 --- a/examples/specific-zone-with-dns-records/main.tf +++ b/examples/specific-zone-with-dns-records/main.tf @@ -59,11 +59,11 @@ module "slz_vpc" { ] } ] - # enable_hub = true - # use_existing_dns_instance = true - # existing_dns_instance_id = var.existing_dns_instance_id - # dns_records = var.dns_records - # dns_zone_name = var.dns_zone_name + enable_hub = true + use_existing_dns_instance = true + existing_dns_instance_id = var.existing_dns_instance_id + dns_records = var.dns_records + dns_zone_name = var.dns_zone_name # dns_zone_description = var.dns_zone_description # dns_zone_label = var.dns_zone_label } diff --git a/examples/specific-zone-with-dns-records/outputs.tf b/examples/specific-zone-with-dns-records/outputs.tf index 2478efee..c7baa19b 100644 --- a/examples/specific-zone-with-dns-records/outputs.tf +++ b/examples/specific-zone-with-dns-records/outputs.tf @@ -34,21 +34,21 @@ output "subnet_detail_map" { ############### -# output "dns_zone_state" { -# description = "The state of the DNS zone." -# value = module.slz_vpc.dns_zone_state -# } - -# output "dns_zone" { -# description = "The ID of the DNS zone. The ID is composed of /" -# value = module.slz_vpc.dns_zone -# } - -# output "dns_zone_id" { -# description = "The ID of the zone that is associated with the DNS zone." -# value = module.slz_vpc.dns_zone_id -# } -# output "dns_record_ids" { -# description = "List of all the domain resource records." -# value = module.slz_vpc.dns_record_ids -# } +output "dns_zone_state" { + description = "The state of the DNS zone." + value = module.slz_vpc.dns_zone_state +} + +output "dns_zone" { + description = "The ID of the DNS zone. The ID is composed of /" + value = module.slz_vpc.dns_zone +} + +output "dns_zone_id" { + description = "The ID of the zone that is associated with the DNS zone." + value = module.slz_vpc.dns_zone_id +} +output "dns_record_ids" { + description = "List of all the domain resource records." + value = module.slz_vpc.dns_record_ids +} diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/specific-zone-with-dns-records/variables.tf index a6a606f3..cbae07f1 100644 --- a/examples/specific-zone-with-dns-records/variables.tf +++ b/examples/specific-zone-with-dns-records/variables.tf @@ -34,28 +34,28 @@ variable "resource_tags" { default = null } ######## -# variable "dns_records" { -# description = "List of DNS records to create" -# type = list(object({ -# name = string -# type = string -# rdata = string -# ttl = optional(number) -# preference = optional(number) -# priority = optional(number) -# port = optional(number) -# protocol = optional(string) -# service = optional(string) -# weight = optional(number) -# })) -# } +variable "dns_records" { + description = "List of DNS records to create" + type = list(object({ + name = string + type = string + rdata = string + ttl = optional(number) + preference = optional(number) + priority = optional(number) + port = optional(number) + protocol = optional(string) + service = optional(string) + weight = optional(number) + })) +} -# variable "dns_zone_name" { -# description = "The name of the DNS zone to be created." -# type = string -# } +variable "dns_zone_name" { + description = "The name of the DNS zone to be created." + type = string +} -# variable "existing_dns_instance_id" { -# description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." -# type = string -# } +variable "existing_dns_instance_id" { + description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." + type = string +} diff --git a/main.tf b/main.tf index 0c95614b..88020ea6 100644 --- a/main.tf +++ b/main.tf @@ -61,35 +61,35 @@ locals { # DNS ZONE ############################################################################## -# resource "ibm_dns_zone" "dns_zone" { -# name = var.dns_zone_name -# # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null -# instance_id = var.existing_dns_instance_id -# # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid -# description = var.dns_zone_description -# label = var.dns_zone_label -# } +resource "ibm_dns_zone" "dns_zone" { + name = var.dns_zone_name + # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null + instance_id = var.existing_dns_instance_id + # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + description = var.dns_zone_description + label = var.dns_zone_label +} ############################################################################## # DNS Records ############################################################################## -# resource "ibm_dns_resource_record" "dns_record" { -# depends_on = [ibm_dns_zone.dns_zone] -# for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records -# instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid -# zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above -# name = each.value.name -# type = each.value.type -# rdata = each.value.rdata -# ttl = each.value.ttl -# preference = each.value.preference -# priority = each.value.priority -# port = each.value.port -# protocol = each.value.protocol -# service = each.value.service -# weight = each.value.weight -# } +resource "ibm_dns_resource_record" "dns_record" { + depends_on = [ibm_dns_zone.dns_zone] + for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above + name = each.value.name + type = each.value.type + rdata = each.value.rdata + ttl = each.value.ttl + preference = each.value.preference + priority = each.value.priority + port = each.value.port + protocol = each.value.protocol + service = each.value.service + weight = each.value.weight +} ############################################################################## # Create new VPC diff --git a/outputs.tf b/outputs.tf index 8183b70d..8b9a3626 100644 --- a/outputs.tf +++ b/outputs.tf @@ -178,23 +178,23 @@ output "dns_custom_resolver_id" { } ## DNS Zone and Records -# output "dns_zone_state" { -# description = "The state of the DNS zone." -# value = ibm_dns_zone.dns_zone.state -# } - -# output "dns_zone" { -# description = "The ID of the DNS zone. The ID is composed of /" -# value = ibm_dns_zone.dns_zone.id -# } - -# output "dns_zone_id" { -# description = "The ID of the zone that is associated with the DNS zone." -# value = ibm_dns_zone.dns_zone.zone_id -# } - -# output "dns_record_ids" { -# description = "List of all the domain resource records." -# # value = [for record in ibm_dns_record.dns_record : record.id] -# value = [for record in ibm_dns_resource_record.dns_record : record.id] -# } +output "dns_zone_state" { + description = "The state of the DNS zone." + value = ibm_dns_zone.dns_zone.state +} + +output "dns_zone" { + description = "The ID of the DNS zone. The ID is composed of /" + value = ibm_dns_zone.dns_zone.id +} + +output "dns_zone_id" { + description = "The ID of the zone that is associated with the DNS zone." + value = ibm_dns_zone.dns_zone.zone_id +} + +output "dns_record_ids" { + description = "List of all the domain resource records." + # value = [for record in ibm_dns_record.dns_record : record.id] + value = [for record in ibm_dns_resource_record.dns_record : record.id] +} diff --git a/variables.tf b/variables.tf index 4da52965..6ad50f74 100644 --- a/variables.tf +++ b/variables.tf @@ -638,28 +638,28 @@ variable "dns_plan" { } } -# variable "dns_zone_name" { -# description = "The name of the DNS zone to be created." -# default = null -# type = string -# } - -# # variable "instance_id" { -# # description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." -# # type = string -# # } +variable "dns_zone_name" { + description = "The name of the DNS zone to be created." + default = null + type = string +} -# variable "dns_zone_description" { -# description = "The description of the DNS zone." +# variable "instance_id" { +# description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." # type = string -# default = "Default DNS Zone" # } -# variable "dns_zone_label" { -# description = "Label associated with the DNS zone." -# type = string -# default = "dns-zone" -# } +variable "dns_zone_description" { + description = "The description of the DNS zone." + type = string + default = "Default DNS Zone" +} + +variable "dns_zone_label" { + description = "Label associated with the DNS zone." + type = string + default = "dns-zone" +} # variable "dns_records" { # description = "Map of DNS record configurations" @@ -707,19 +707,19 @@ variable "dns_plan" { # } -# variable "dns_records" { -# description = "List of DNS records to create" -# type = list(object({ -# name = string -# type = string -# rdata = string -# ttl = optional(number) -# preference = optional(number) -# priority = optional(number) -# port = optional(number) -# protocol = optional(string) -# service = optional(string) -# weight = optional(number) -# })) -# default = [] -# } +variable "dns_records" { + description = "List of DNS records to create" + type = list(object({ + name = string + type = string + rdata = string + ttl = optional(number) + preference = optional(number) + priority = optional(number) + port = optional(number) + protocol = optional(string) + service = optional(string) + weight = optional(number) + })) + default = [] +} From b69a5d3ed0d692ae5fcf6b5964942c32e20d12d2 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 20:19:57 +0530 Subject: [PATCH 06/20] test: added permitted nw --- main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/main.tf b/main.tf index 88020ea6..b9fd7030 100644 --- a/main.tf +++ b/main.tf @@ -70,6 +70,14 @@ resource "ibm_dns_zone" "dns_zone" { label = var.dns_zone_label } +## + +resource "ibm_dns_permitted_network" "dns-permitted-nw" { + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone.id + vpc_crn = local.vpc_crn +} +## ############################################################################## # DNS Records ############################################################################## From a6f3061178b1fd8eef20ac3511dc182fa0cb506a Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 20:21:03 +0530 Subject: [PATCH 07/20] test: added permitted nw --- main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/main.tf b/main.tf index b9fd7030..37f85d4b 100644 --- a/main.tf +++ b/main.tf @@ -73,6 +73,7 @@ resource "ibm_dns_zone" "dns_zone" { ## resource "ibm_dns_permitted_network" "dns-permitted-nw" { + depends_on = [ibm_dns_zone.dns_zone] instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid zone_id = ibm_dns_zone.dns_zone.id vpc_crn = local.vpc_crn From 7dc7386737c0340b9f0eea22029d53ae9ba661a9 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 10 Jan 2025 20:32:16 +0530 Subject: [PATCH 08/20] test: modified zone-id --- main.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/main.tf b/main.tf index 37f85d4b..14d878ab 100644 --- a/main.tf +++ b/main.tf @@ -75,7 +75,7 @@ resource "ibm_dns_zone" "dns_zone" { resource "ibm_dns_permitted_network" "dns-permitted-nw" { depends_on = [ibm_dns_zone.dns_zone] instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.id + zone_id = ibm_dns_zone.dns_zone.zone_id vpc_crn = local.vpc_crn } ## @@ -84,10 +84,10 @@ resource "ibm_dns_permitted_network" "dns-permitted-nw" { ############################################################################## resource "ibm_dns_resource_record" "dns_record" { - depends_on = [ibm_dns_zone.dns_zone] + depends_on = [ibm_dns_zone.dns_zone, ibm_dns_permitted_network.dns-permitted-nw] for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.id # Reference to the zone created above + zone_id = ibm_dns_zone.dns_zone.zone_id # Reference to the zone created above name = each.value.name type = each.value.type rdata = each.value.rdata From 9c12aa2a5073b12f53d9a9d1a992284402829ddc Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 21 Jan 2025 20:06:31 +0530 Subject: [PATCH 09/20] fix: modified changes around DNS to include the correct rdata type --- examples/specific-zone-with-dns-records/main.tf | 13 ++++++------- .../specific-zone-with-dns-records/variables.tf | 5 +++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/specific-zone-with-dns-records/main.tf index 3b2f54d7..7ee1666c 100644 --- a/examples/specific-zone-with-dns-records/main.tf +++ b/examples/specific-zone-with-dns-records/main.tf @@ -59,11 +59,10 @@ module "slz_vpc" { ] } ] - enable_hub = true - use_existing_dns_instance = true - existing_dns_instance_id = var.existing_dns_instance_id - dns_records = var.dns_records - dns_zone_name = var.dns_zone_name - # dns_zone_description = var.dns_zone_description - # dns_zone_label = var.dns_zone_label + enable_hub = true + # skip_custom_resolver_hub_creation = false # TODO: Remove (default value) + # use_existing_dns_instance = true #TODO: Remove after verifying existing instance. + dns_zone_name = var.dns_zone_name + # existing_dns_instance_id = var.existing_dns_instance_id #TODO: Remove after verifying existing instance. + dns_records = var.dns_records } diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/specific-zone-with-dns-records/variables.tf index cbae07f1..5e8c618b 100644 --- a/examples/specific-zone-with-dns-records/variables.tf +++ b/examples/specific-zone-with-dns-records/variables.tf @@ -1,5 +1,5 @@ variable "ibmcloud_api_key" { - description = "APIkey that's associated with the account to provision resources to" + description = "APIkey that's associated with the account to provision resources." type = string sensitive = true } @@ -13,7 +13,7 @@ variable "region" { variable "prefix" { description = "The prefix that you would like to append to your resources" type = string - default = "lz-vpc-with-dns" + default = "sz-vpc-with-dns" } variable "name" { @@ -58,4 +58,5 @@ variable "dns_zone_name" { variable "existing_dns_instance_id" { description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." type = string + default = null } From 47c45a23def8a53f197ced367ebf54d0c1b0b4d5 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 21 Jan 2025 20:06:52 +0530 Subject: [PATCH 10/20] fix: modified changes around DNS to include the correct rdata type --- README.md | 3 +- main.tf | 121 +++++++++++++++++++++++++++++++++------------------ outputs.tf | 6 +-- variables.tf | 87 +++++++++++++----------------------- 4 files changed, 114 insertions(+), 103 deletions(-) diff --git a/README.md b/README.md index 23b2d07d..6e670e14 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,7 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | +| [ibm_dns_permitted_network.dns_permitted_nw](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_permitted_network) | resource | | [ibm_dns_resource_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_resource_record) | resource | | [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | @@ -194,7 +195,7 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | -| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name       = string
    type       = string
    rdata      = string
    ttl        = optional(number)
    preference = optional(number)
    priority   = optional(number)
    port       = optional(number)
    protocol   = optional(string)
    service    = optional(string)
    weight     = optional(number)
  }))
| `[]` | no | +| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name  = string
    type  = string
    ttl   = number
    rdata = any
    # preference     = optional(number,null)
    service  = optional(string, null)
    protocol = optional(string, null)
    # priority       = optional(number, null)
    # weight         = optional(number, null)
    # port           = optional(number, null)
  }))
| `[]` | no | | [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | | [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | | [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | diff --git a/main.tf b/main.tf index 14d878ab..b9ddb8e4 100644 --- a/main.tf +++ b/main.tf @@ -57,49 +57,6 @@ locals { vpc_crn = var.create_vpc ? resource.ibm_is_vpc.vpc[0].crn : data.ibm_is_vpc.vpc.crn } -############################################################################## -# DNS ZONE -############################################################################## - -resource "ibm_dns_zone" "dns_zone" { - name = var.dns_zone_name - # instance_id = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null - instance_id = var.existing_dns_instance_id - # var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - description = var.dns_zone_description - label = var.dns_zone_label -} - -## - -resource "ibm_dns_permitted_network" "dns-permitted-nw" { - depends_on = [ibm_dns_zone.dns_zone] - instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.zone_id - vpc_crn = local.vpc_crn -} -## -############################################################################## -# DNS Records -############################################################################## - -resource "ibm_dns_resource_record" "dns_record" { - depends_on = [ibm_dns_zone.dns_zone, ibm_dns_permitted_network.dns-permitted-nw] - for_each = { for idx, record in var.dns_records : idx => record } # Loop through a list of DNS records - instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid - zone_id = ibm_dns_zone.dns_zone.zone_id # Reference to the zone created above - name = each.value.name - type = each.value.type - rdata = each.value.rdata - ttl = each.value.ttl - preference = each.value.preference - priority = each.value.priority - port = each.value.port - protocol = each.value.protocol - service = each.value.service - weight = each.value.weight -} - ############################################################################## # Create new VPC ############################################################################## @@ -398,3 +355,81 @@ resource "ibm_is_flow_log" "flow_logs" { } ############################################################################## +# DNS ZONE +# ############################################################################## +#TODO: PRATEEK - remove after finalizing the type (fixing type error) +# locals { +# rdata_map = { +# A = "ipv4_address" +# AAAA = "ipv6_address" +# CNAME = "canonical_name" +# MX = "mail_server" +# TXT = "content" +# SRV = "target" +# } +# } +resource "ibm_dns_zone" "dns_zone" { + count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 + name = var.dns_zone_name + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + description = var.dns_zone_description + label = var.dns_zone_label +} + +############################################################################## +# DNS PERMITTED NETWORK +############################################################################## + +resource "ibm_dns_permitted_network" "dns_permitted_nw" { + count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone[0].zone_id + vpc_crn = local.vpc_crn + type = "vpc" +} + +############################################################################## +# DNS Records +############################################################################## +# resource "ibm_dns_resource_record" "dns_record" { +# # count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 +# for_each = { for idx, record in var.dns_records : idx => record } +# instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid +# zone_id = ibm_dns_zone.dns_zone[0].zone_id +# name = each.value.type != "ptr" ? each.value.name : null +# type = each.value.type +# ttl = each.value.ttl +# # rdata = try(each.value[lookup(local.rdata_map, each.value.type, "")], "") +# rdata = each.value.type == "A" ? each.value.ipv4_address : each.value.type == "AAAA" ? each.value.ipv6_address : each.value.type == "CNAME" ? each.value.canonical_name : each.value.type == "MX" ? each.value.mail_server : each.value.type == "TXT" ? each.value.content : each.value.type == "SRV" ? each.value.target : "" +# preference = each.value.type == "MX" ? each.value.preference : null +# priority = each.value.type == "SRV" ? each.value.priority : null +# port = each.value.type == "SRV" ? each.value.port : null +# protocol = each.value.type == "SRV" ? startswith(each.value.protocol, "_") ? each.value.protocol : "_${each.value.protocol}" : null +# service = each.value.type == "SRV" ? startswith(each.value.service, "_") ? each.value.service : "_${each.value.service}" : null +# weight = each.value.type == "SRV" ? each.value.weight : null +# } + +resource "ibm_dns_resource_record" "dns_record" { + for_each = { for idx, record in var.dns_records : idx => record } + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid + zone_id = ibm_dns_zone.dns_zone[0].zone_id + + # Set name to null for PTR records + name = each.value.type != "PTR" ? each.value.name : null + type = each.value.type + ttl = each.value.ttl + protocol = each.value.type == "SRV" ? each.value.protocol : null + service = each.value.type == "SRV" ? each.value.service : null + # Dynamically set rdata based on record type + rdata = each.value.type == "A" || each.value.type == "AAAA" ? each.value.rdata["ip"] : each.value.type == "CNAME" ? each.value.rdata["cname"] : each.value.type == "MX" ? { + exchange = each.value.rdata["exchange"] + preference = each.value.rdata["preference"] + } : each.value.type == "TXT" ? each.value.rdata["txtdata"] : each.value.type == "SRV" ? { + priority = each.value.rdata["priority"] + weight = each.value.rdata["weight"] + port = each.value.rdata["port"] + target = each.value.rdata["target"] + } : each.value.type == "PTR" ? each.value.rdata["ptrdname"] : null +} + +############################################################################## diff --git a/outputs.tf b/outputs.tf index 8b9a3626..f8dca051 100644 --- a/outputs.tf +++ b/outputs.tf @@ -180,17 +180,17 @@ output "dns_custom_resolver_id" { ## DNS Zone and Records output "dns_zone_state" { description = "The state of the DNS zone." - value = ibm_dns_zone.dns_zone.state + value = ibm_dns_zone.dns_zone[0].state } output "dns_zone" { description = "The ID of the DNS zone. The ID is composed of /" - value = ibm_dns_zone.dns_zone.id + value = ibm_dns_zone.dns_zone[0].id } output "dns_zone_id" { description = "The ID of the zone that is associated with the DNS zone." - value = ibm_dns_zone.dns_zone.zone_id + value = ibm_dns_zone.dns_zone[0].zone_id } output "dns_record_ids" { diff --git a/variables.tf b/variables.tf index 6ad50f74..00ad8ea7 100644 --- a/variables.tf +++ b/variables.tf @@ -644,6 +644,7 @@ variable "dns_zone_name" { type = string } +#TODO: Remove after validation # variable "instance_id" { # description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." # type = string @@ -661,65 +662,39 @@ variable "dns_zone_label" { default = "dns-zone" } -# variable "dns_records" { -# description = "Map of DNS record configurations" -# default = null -# type = map(object({ -# data = string -# domain_id = number -# expire = optional(number) -# host = string # check this is like name? -# minimum_ttl = optional(number) -# mx_priority = optional(number, 0) -# refresh = optional(number) -# responsible_person = string -# retry = optional(number) -# tags = optional(list(string)) -# txt = optional(string) -# ttl = number -# type = string -# # Below field are required for SRV records only -# protocol = optional(string, "udp") -# port = optional(number, 1) # 1 is default in UI -# priority = optional(number,1) # 1 is default in UI # this is seen in case of MX -# service = optional(string) # service_name -# weight = optional(number,1) # 1 is default in UI -# })) - -# validation { -# condition = var.dns_records == null || alltrue([for record in var.dns_records != null ? var.dns_records : {} : (contains(["a", "aaaa", "cname", "mx", "ns", "ptr", "spf", "txt", "soa", "srv"], record.type))]) -# error_message = "Invalid domain resource record type is provided." -# } - -# validation { -# condition = var.dns_records == null || alltrue([ -# for record in var.dns_records != null ? var.dns_records : {} : ( -# record.type != "srv" || ( -# record.protocol != null && contains(["tcp", "udp", "tls"], lower(record.protocol)) && -# record.service != null && -# record.priority != null && -# record.weight != null -# ) -# ) -# ]) -# error_message = "Invalid DNS record configuration. For 'srv' records, 'protocol' must be 'tcp', 'udp' or 'tls' , and 'service', 'priority', and 'weight' must not be null." -# } - -# } - variable "dns_records" { description = "List of DNS records to create" type = list(object({ - name = string - type = string - rdata = string - ttl = optional(number) - preference = optional(number) - priority = optional(number) - port = optional(number) - protocol = optional(string) - service = optional(string) - weight = optional(number) + name = string + type = string + ttl = number + rdata = any + # preference = optional(number,null) + service = optional(string, null) + protocol = optional(string, null) + # priority = optional(number, null) + # weight = optional(number, null) + # port = optional(number, null) })) default = [] + validation { + condition = var.dns_records == [] || alltrue([for record in var.dns_records != null ? var.dns_records : [] : (contains(["A", "AAAA", "CNAME", "MX", "PTR", "TXT", "SRV"], record.type))]) + error_message = "Invalid domain resource record type is provided." + } + #TODO: Prateek - correct the validation, as of now error is not clear + # validation { + # condition = var.dns_records == [] || alltrue([ + # for record in var.dns_records != null ? var.dns_records : [] : ( + # record.type != "SRV" || ( + # # (record.protocol != null && contains(["tcp", "udp", "tls"], record.protocol)) && + # # (record.protocol == null || contains(["tcp", "udp", "tls"], lower(record.protocol))) && + # contains(["tcp", "udp", "tls"], lower(coalesce(record.protocol, ""))) && + # record.service != null && + # record.priority != null && + # record.weight != null + # ) + # ) + # ]) + # error_message = "Invalid DNS record configuration. For 'SRV' records, 'protocol' must be 'tcp', 'udp' or 'tls' , and 'service', 'priority', and 'weight' must not be null." + # } } From 30ca03b3ac2cbad9c4923ddc788be64fa63b18d8 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 04:36:52 +0530 Subject: [PATCH 11/20] fix: made changes for dns records --- README.md | 4 +- .../specific-zone-with-dns-records/README.md | 8 --- examples/with-dns-records/README.md | 17 +++++ .../main.tf | 72 ++++++++----------- .../outputs.tf | 0 .../provider.tf | 0 .../variables.tf | 0 .../version.tf | 0 main.tf | 60 +++++----------- variables.tf | 66 +++++++++-------- 10 files changed, 95 insertions(+), 132 deletions(-) delete mode 100644 examples/specific-zone-with-dns-records/README.md create mode 100644 examples/with-dns-records/README.md rename examples/{specific-zone-with-dns-records => with-dns-records}/main.tf (51%) rename examples/{specific-zone-with-dns-records => with-dns-records}/outputs.tf (100%) rename examples/{specific-zone-with-dns-records => with-dns-records}/provider.tf (100%) rename examples/{specific-zone-with-dns-records => with-dns-records}/variables.tf (100%) rename examples/{specific-zone-with-dns-records => with-dns-records}/version.tf (100%) diff --git a/README.md b/README.md index 6e670e14..d6c86c95 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This module creates the following IBM Cloud® Virtual Private Cloud (VPC) net * [Landing Zone example](./examples/landing_zone) * [No Prefix Example](./examples/no-prefix) * [Specific Zone Only Example](./examples/specific-zone-only) - * [Specific Zone Only Example](./examples/specific-zone-with-dns-records) + * [Specific Zone Only Example](./examples/with-dns-records) * [Contributing](#contributing) @@ -195,7 +195,7 @@ To attach access management tags to resources in this module, you need the follo | [dns\_instance\_name](#input\_dns\_instance\_name) | The name to give the provisioned DNS instance. If not set, the module generates a name based on the `prefix` and `name` variables. | `string` | `null` | no | | [dns\_location](#input\_dns\_location) | The target location or environment for the DNS instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"global"` | no | | [dns\_plan](#input\_dns\_plan) | The plan for the DNS resource instance created to host the custom resolver in a hub-spoke DNS resolution topology. Only used if enable\_hub is true and skip\_custom\_resolver\_hub\_creation is false (defaults). | `string` | `"standard-dns"` | no | -| [dns\_records](#input\_dns\_records) | List of DNS records to create | 
list(object({
    name  = string
    type  = string
    ttl   = number
    rdata = any
    # preference     = optional(number,null)
    service  = optional(string, null)
    protocol = optional(string, null)
    # priority       = optional(number, null)
    # weight         = optional(number, null)
    # port           = optional(number, null)
  }))
| `[]` | no | +| [dns\_records](#input\_dns\_records) | List of DNS records to be created. | 
list(object({
    name       = string
    type       = string
    ttl        = number
    rdata      = string
    preference = optional(number, null)
    service    = optional(string, null)
    protocol   = optional(string, null)
    priority   = optional(number, null)
    weight     = optional(number, null)
    port       = optional(number, null)
  }))
| `[]` | no | | [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | | [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | | [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | diff --git a/examples/specific-zone-with-dns-records/README.md b/examples/specific-zone-with-dns-records/README.md deleted file mode 100644 index 1da76489..00000000 --- a/examples/specific-zone-with-dns-records/README.md +++ /dev/null @@ -1,8 +0,0 @@ -# Specific Zone Only Example - -A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (VPC) in a specific zone other than Zone 1. Also, shows how to use public gateways with a specific zone. In this example Zone 2 is used. A network ACL is specifically defined to allow all internet traffic. - -The following resources are provisioned by this example: - -* A new resource group, if an existing one is not passed in. -* An IBM Virtual Private Cloud (VPC) with a publicly exposed subnet. diff --git a/examples/with-dns-records/README.md b/examples/with-dns-records/README.md new file mode 100644 index 00000000..db1cda74 --- /dev/null +++ b/examples/with-dns-records/README.md @@ -0,0 +1,17 @@ +# Specific Zone Only Example + +A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (`VPC`) in two zones (Zone1 and Zone2). Allows creation of Domain Name System (`DNS`) `Zones` and `Records` linking the created `VPC` as a permitted network to the `DNS.` + +The following resources are provisioned by this example: + +* A new `resource group`, if an existing one is not passed in. + +* An IBM `Virtual Private Cloud (VPC)` with a publicly exposed subnet. + +* Private `DNS zone` which can only be resolved from IBM Cloud's private network. + +* `DNS permitted network` - [DNS Service](https://cloud.ibm.com/docs/dns-svcs/getting-started.html) is a global service, hence the permitted networks (for example, a `VPC`) should be added from any IBM Cloud region. This adds the network to the DNS zone, giving the network access to the zone. Maximum of 10 permitted networks can be added to a `DNS zone`. [Learn more](https://cloud.ibm.com/docs/dns-svcs?topic=dns-svcs-managing-permitted-networks&interface=ui) + +* `DNS Records` - `DNS Records` make the connection between human-readable names and IP addresses. + +> Note: To create a `PTR` type record, you must have an existing `A` or `AAAA` record that is not already associated with another `PTR` record. [Learn More](https://cloud.ibm.com/docs/dns-svcs?topic=dns-svcs-managing-dns-records&interface=ui#ptr-record) diff --git a/examples/specific-zone-with-dns-records/main.tf b/examples/with-dns-records/main.tf similarity index 51% rename from examples/specific-zone-with-dns-records/main.tf rename to examples/with-dns-records/main.tf index 7ee1666c..f039ba73 100644 --- a/examples/specific-zone-with-dns-records/main.tf +++ b/examples/with-dns-records/main.tf @@ -11,58 +11,42 @@ module "resource_group" { } ############################################################################# -# Provision VPC +# Locals ############################################################################# - -module "slz_vpc" { - source = "../../" - resource_group_id = module.resource_group.resource_group_id - region = var.region - name = var.name - prefix = var.prefix - tags = var.resource_tags +locals { subnets = { - zone-1 = [] - zone-2 = [ + zone-1 = [ { name = "subnet-a" cidr = "10.10.10.0/24" public_gateway = true - acl_name = "${var.prefix}-acl" + acl_name = "vpc-acl" } - ] - } - use_public_gateways = { - zone-1 = false - zone-2 = true - zone-3 = false - } - network_acls = [{ - name = "${var.prefix}-acl" - add_ibm_cloud_internal_rules = false - add_vpc_connectivity_rules = false - prepend_ibm_rules = false - rules = [{ - name = "inbound" - action = "allow" - source = "0.0.0.0/0" - destination = "0.0.0.0/0" - direction = "inbound" - }, + ], + zone-2 = [ { - name = "outbound" - action = "allow" - source = "0.0.0.0/0" - destination = "0.0.0.0/0" - direction = "outbound" + name = "subnet-b" + cidr = "10.20.10.0/24" + public_gateway = false + acl_name = "vpc-acl" } ] - } - ] - enable_hub = true - # skip_custom_resolver_hub_creation = false # TODO: Remove (default value) - # use_existing_dns_instance = true #TODO: Remove after verifying existing instance. - dns_zone_name = var.dns_zone_name - # existing_dns_instance_id = var.existing_dns_instance_id #TODO: Remove after verifying existing instance. - dns_records = var.dns_records + } +} + +############################################################################# +# Provision VPC +############################################################################# + +module "slz_vpc" { + source = "../../" + resource_group_id = module.resource_group.resource_group_id + region = var.region + name = var.name + prefix = var.prefix + tags = var.resource_tags + enable_hub = true + dns_zone_name = var.dns_zone_name + dns_records = var.dns_records + subnets = local.subnets } diff --git a/examples/specific-zone-with-dns-records/outputs.tf b/examples/with-dns-records/outputs.tf similarity index 100% rename from examples/specific-zone-with-dns-records/outputs.tf rename to examples/with-dns-records/outputs.tf diff --git a/examples/specific-zone-with-dns-records/provider.tf b/examples/with-dns-records/provider.tf similarity index 100% rename from examples/specific-zone-with-dns-records/provider.tf rename to examples/with-dns-records/provider.tf diff --git a/examples/specific-zone-with-dns-records/variables.tf b/examples/with-dns-records/variables.tf similarity index 100% rename from examples/specific-zone-with-dns-records/variables.tf rename to examples/with-dns-records/variables.tf diff --git a/examples/specific-zone-with-dns-records/version.tf b/examples/with-dns-records/version.tf similarity index 100% rename from examples/specific-zone-with-dns-records/version.tf rename to examples/with-dns-records/version.tf diff --git a/main.tf b/main.tf index b9ddb8e4..5ed162d1 100644 --- a/main.tf +++ b/main.tf @@ -357,17 +357,7 @@ resource "ibm_is_flow_log" "flow_logs" { ############################################################################## # DNS ZONE # ############################################################################## -#TODO: PRATEEK - remove after finalizing the type (fixing type error) -# locals { -# rdata_map = { -# A = "ipv4_address" -# AAAA = "ipv6_address" -# CNAME = "canonical_name" -# MX = "mail_server" -# TXT = "content" -# SRV = "target" -# } -# } + resource "ibm_dns_zone" "dns_zone" { count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 name = var.dns_zone_name @@ -391,45 +381,27 @@ resource "ibm_dns_permitted_network" "dns_permitted_nw" { ############################################################################## # DNS Records ############################################################################## -# resource "ibm_dns_resource_record" "dns_record" { -# # count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 -# for_each = { for idx, record in var.dns_records : idx => record } -# instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid -# zone_id = ibm_dns_zone.dns_zone[0].zone_id -# name = each.value.type != "ptr" ? each.value.name : null -# type = each.value.type -# ttl = each.value.ttl -# # rdata = try(each.value[lookup(local.rdata_map, each.value.type, "")], "") -# rdata = each.value.type == "A" ? each.value.ipv4_address : each.value.type == "AAAA" ? each.value.ipv6_address : each.value.type == "CNAME" ? each.value.canonical_name : each.value.type == "MX" ? each.value.mail_server : each.value.type == "TXT" ? each.value.content : each.value.type == "SRV" ? each.value.target : "" -# preference = each.value.type == "MX" ? each.value.preference : null -# priority = each.value.type == "SRV" ? each.value.priority : null -# port = each.value.type == "SRV" ? each.value.port : null -# protocol = each.value.type == "SRV" ? startswith(each.value.protocol, "_") ? each.value.protocol : "_${each.value.protocol}" : null -# service = each.value.type == "SRV" ? startswith(each.value.service, "_") ? each.value.service : "_${each.value.service}" : null -# weight = each.value.type == "SRV" ? each.value.weight : null -# } resource "ibm_dns_resource_record" "dns_record" { + for_each = { for idx, record in var.dns_records : idx => record } instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid zone_id = ibm_dns_zone.dns_zone[0].zone_id - - # Set name to null for PTR records - name = each.value.type != "PTR" ? each.value.name : null - type = each.value.type - ttl = each.value.ttl + name = each.value.name + type = each.value.type + # Setting the default TTL to 15 mins as seen in UI. This is not mentioned in the documentation. + ttl = try(each.value.ttl, 900) + rdata = each.value.rdata + + # SRV values + port = each.value.type == "SRV" ? each.value.port : null + priority = each.value.type == "SRV" ? each.value.priority : null protocol = each.value.type == "SRV" ? each.value.protocol : null - service = each.value.type == "SRV" ? each.value.service : null - # Dynamically set rdata based on record type - rdata = each.value.type == "A" || each.value.type == "AAAA" ? each.value.rdata["ip"] : each.value.type == "CNAME" ? each.value.rdata["cname"] : each.value.type == "MX" ? { - exchange = each.value.rdata["exchange"] - preference = each.value.rdata["preference"] - } : each.value.type == "TXT" ? each.value.rdata["txtdata"] : each.value.type == "SRV" ? { - priority = each.value.rdata["priority"] - weight = each.value.rdata["weight"] - port = each.value.rdata["port"] - target = each.value.rdata["target"] - } : each.value.type == "PTR" ? each.value.rdata["ptrdname"] : null + service = each.value.type == "SRV" ? startswith(each.value.service, "_") ? each.value.service : "_${each.value.service}" : null + weight = each.value.type == "SRV" ? each.value.weight : null + + # MX record + preference = each.value.type == "MX" ? each.value.preference : null } ############################################################################## diff --git a/variables.tf b/variables.tf index 00ad8ea7..5c6cb665 100644 --- a/variables.tf +++ b/variables.tf @@ -644,12 +644,6 @@ variable "dns_zone_name" { type = string } -#TODO: Remove after validation -# variable "instance_id" { -# description = "The GUID of the IBM Cloud DNS service instance where DNS zone will be created." -# type = string -# } - variable "dns_zone_description" { description = "The description of the DNS zone." type = string @@ -663,38 +657,42 @@ variable "dns_zone_label" { } variable "dns_records" { - description = "List of DNS records to create" + description = "List of DNS records to be created." type = list(object({ - name = string - type = string - ttl = number - rdata = any - # preference = optional(number,null) - service = optional(string, null) - protocol = optional(string, null) - # priority = optional(number, null) - # weight = optional(number, null) - # port = optional(number, null) + name = string + type = string + ttl = number + rdata = string + preference = optional(number, null) + service = optional(string, null) + protocol = optional(string, null) + priority = optional(number, null) + weight = optional(number, null) + port = optional(number, null) })) default = [] validation { - condition = var.dns_records == [] || alltrue([for record in var.dns_records != null ? var.dns_records : [] : (contains(["A", "AAAA", "CNAME", "MX", "PTR", "TXT", "SRV"], record.type))]) + condition = length(var.dns_records) == 0 || alltrue([for record in var.dns_records != null ? var.dns_records : [] : (contains(["A", "AAAA", "CNAME", "MX", "PTR", "TXT", "SRV"], record.type))]) error_message = "Invalid domain resource record type is provided." } - #TODO: Prateek - correct the validation, as of now error is not clear - # validation { - # condition = var.dns_records == [] || alltrue([ - # for record in var.dns_records != null ? var.dns_records : [] : ( - # record.type != "SRV" || ( - # # (record.protocol != null && contains(["tcp", "udp", "tls"], record.protocol)) && - # # (record.protocol == null || contains(["tcp", "udp", "tls"], lower(record.protocol))) && - # contains(["tcp", "udp", "tls"], lower(coalesce(record.protocol, ""))) && - # record.service != null && - # record.priority != null && - # record.weight != null - # ) - # ) - # ]) - # error_message = "Invalid DNS record configuration. For 'SRV' records, 'protocol' must be 'tcp', 'udp' or 'tls' , and 'service', 'priority', and 'weight' must not be null." - # } + + validation { + condition = length(var.dns_records) == 0 || alltrue([ + for record in var.dns_records == null ? [] : var.dns_records : ( + record.type != "SRV" || ( + record.protocol != null && record.port != null && + record.service != null && record.priority != null && record.weight != null + ) + ) + ]) + error_message = "Invalid SRV record configuration. For 'SRV' records, 'protocol' , 'service', 'priority', 'port' and 'weight' values must be provided." + } + validation { + condition = length(var.dns_records) == 0 || alltrue([ + for record in var.dns_records == null ? [] : var.dns_records : ( + record.type != "MX" || record.preference != null + ) + ]) + error_message = "Invalid MX record configuration. For 'MX' records, value for 'preference' must be provided." + } } From fd302e58f2e4a7db2a845e909b28b7b18ef9fc2f Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 05:11:41 +0530 Subject: [PATCH 12/20] test\: added test for dns records --- README.md | 2 +- .../README.md | 2 +- .../main.tf | 0 .../outputs.tf | 0 .../provider.tf | 0 .../variables.tf | 0 .../version.tf | 0 main.tf | 3 +- tests/other_test.go | 30 +++++++++++++++++++ tests/pr_test.go | 1 + 10 files changed, 35 insertions(+), 3 deletions(-) rename examples/{with-dns-records => vpc-with-dns}/README.md (97%) rename examples/{with-dns-records => vpc-with-dns}/main.tf (100%) rename examples/{with-dns-records => vpc-with-dns}/outputs.tf (100%) rename examples/{with-dns-records => vpc-with-dns}/provider.tf (100%) rename examples/{with-dns-records => vpc-with-dns}/variables.tf (100%) rename examples/{with-dns-records => vpc-with-dns}/version.tf (100%) diff --git a/README.md b/README.md index d6c86c95..69de45c4 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This module creates the following IBM Cloud® Virtual Private Cloud (VPC) net * [Landing Zone example](./examples/landing_zone) * [No Prefix Example](./examples/no-prefix) * [Specific Zone Only Example](./examples/specific-zone-only) - * [Specific Zone Only Example](./examples/with-dns-records) + * [VPC with DNS example](./examples/vpc-with-dns) * [Contributing](#contributing) diff --git a/examples/with-dns-records/README.md b/examples/vpc-with-dns/README.md similarity index 97% rename from examples/with-dns-records/README.md rename to examples/vpc-with-dns/README.md index db1cda74..f6358769 100644 --- a/examples/with-dns-records/README.md +++ b/examples/vpc-with-dns/README.md @@ -1,4 +1,4 @@ -# Specific Zone Only Example +# VPC with DNS example A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (`VPC`) in two zones (Zone1 and Zone2). Allows creation of Domain Name System (`DNS`) `Zones` and `Records` linking the created `VPC` as a permitted network to the `DNS.` diff --git a/examples/with-dns-records/main.tf b/examples/vpc-with-dns/main.tf similarity index 100% rename from examples/with-dns-records/main.tf rename to examples/vpc-with-dns/main.tf diff --git a/examples/with-dns-records/outputs.tf b/examples/vpc-with-dns/outputs.tf similarity index 100% rename from examples/with-dns-records/outputs.tf rename to examples/vpc-with-dns/outputs.tf diff --git a/examples/with-dns-records/provider.tf b/examples/vpc-with-dns/provider.tf similarity index 100% rename from examples/with-dns-records/provider.tf rename to examples/vpc-with-dns/provider.tf diff --git a/examples/with-dns-records/variables.tf b/examples/vpc-with-dns/variables.tf similarity index 100% rename from examples/with-dns-records/variables.tf rename to examples/vpc-with-dns/variables.tf diff --git a/examples/with-dns-records/version.tf b/examples/vpc-with-dns/version.tf similarity index 100% rename from examples/with-dns-records/version.tf rename to examples/vpc-with-dns/version.tf diff --git a/main.tf b/main.tf index 5ed162d1..41e4d2f8 100644 --- a/main.tf +++ b/main.tf @@ -389,7 +389,8 @@ resource "ibm_dns_resource_record" "dns_record" { zone_id = ibm_dns_zone.dns_zone[0].zone_id name = each.value.name type = each.value.type - # Setting the default TTL to 15 mins as seen in UI. This is not mentioned in the documentation. + + # Default ttl is 15 minutes [Refer](https://cloud.ibm.com/docs/dns-svcs?topic=dns-svcs-managing-dns-records&interface=ui) ttl = try(each.value.ttl, 900) rdata = each.value.rdata diff --git a/tests/other_test.go b/tests/other_test.go index 8027efdb..bb98921f 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -9,6 +9,16 @@ import ( "github.com/stretchr/testify/assert" ) +// To verify DNS records creation +var dnsRecordsMap = []map[string]interface{}{ + {"name": "testA", "type": "A", "rdata": "1.2.3.4", "ttl": 3600}, + {"name": "testAAAA", "type": "AAAA", "rdata": "2001:0db8:0012:0001:3c5e:7354:0000:5db5"}, + {"name": "testTXT", "type": "TXT", "rdata": "textinformation", "ttl": 900}, + {"name": "testCNAME", "type": "CNAME", "rdata": "test.com"}, + {"name": "testMX", "type": "MX", "rdata": "mailserver.test.com", "preference": 10}, + {"name": "testSRV", "type": "SRV", "rdata": "tester.com", "priority": 100, "weight": 100, "port": 8000, "service": "_sip", "protocol": "udp"}, +} + func TestRunBasicExample(t *testing.T) { t.Parallel() @@ -54,3 +64,23 @@ func TestRunSpecificZoneExample(t *testing.T) { assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } + +func TestRunVpcWithDnsExample(t *testing.T) { + t.Parallel() + + options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ + Testing: t, + TerraformDir: vpcWithDnsExampleTerraformDir, + Prefix: "dns-slz", + ResourceGroup: resourceGroup, + Region: "us-south", + }) + options.TerraformVars = map[string]interface{}{ + "dns_records": dnsRecordsMap, + "name": "test-dns", + "dns_zone_name": "slz.com", + } + output, err := options.RunTestConsistency() + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") +} diff --git a/tests/pr_test.go b/tests/pr_test.go index 35fe1f95..600ba9ed 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -25,6 +25,7 @@ const hubAndSpokeDelegatedExampleTerraformDir = "examples/hub-spoke-delegated-re const existingVPCExampleTerraformDir = "examples/existing_vpc" const specificZoneExampleTerraformDir = "examples/specific-zone-only" const noprefixExampleTerraformDir = "examples/no-prefix" +const vpcWithDnsExampleTerraformDir = "examples/vpc-with-dns" const resourceGroup = "geretain-test-resources" // Define a struct with fields that match the structure of the YAML data From 2d1c058daf49a9b340b66f0fd5db1694aa4e4405 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 05:12:34 +0530 Subject: [PATCH 13/20] test: added test for dns records --- tests/other_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/other_test.go b/tests/other_test.go index bb98921f..29f131ed 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -13,8 +13,8 @@ import ( var dnsRecordsMap = []map[string]interface{}{ {"name": "testA", "type": "A", "rdata": "1.2.3.4", "ttl": 3600}, {"name": "testAAAA", "type": "AAAA", "rdata": "2001:0db8:0012:0001:3c5e:7354:0000:5db5"}, - {"name": "testTXT", "type": "TXT", "rdata": "textinformation", "ttl": 900}, {"name": "testCNAME", "type": "CNAME", "rdata": "test.com"}, + {"name": "testTXT", "type": "TXT", "rdata": "textinformation", "ttl": 900}, {"name": "testMX", "type": "MX", "rdata": "mailserver.test.com", "preference": 10}, {"name": "testSRV", "type": "SRV", "rdata": "tester.com", "priority": 100, "weight": 100, "port": 8000, "service": "_sip", "protocol": "udp"}, } From e28517a5797630e0a0ef91c2d1edfc6a8efe4918 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 12:38:29 +0530 Subject: [PATCH 14/20] fix: precommit errors --- examples/vpc-with-dns/outputs.tf | 2 -- examples/vpc-with-dns/variables.tf | 12 +++--------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/examples/vpc-with-dns/outputs.tf b/examples/vpc-with-dns/outputs.tf index c7baa19b..7a32b87d 100644 --- a/examples/vpc-with-dns/outputs.tf +++ b/examples/vpc-with-dns/outputs.tf @@ -32,8 +32,6 @@ output "subnet_detail_map" { description = "VPC subnet detail map" } -############### - output "dns_zone_state" { description = "The state of the DNS zone." value = module.slz_vpc.dns_zone_state diff --git a/examples/vpc-with-dns/variables.tf b/examples/vpc-with-dns/variables.tf index 5e8c618b..93a9f0b4 100644 --- a/examples/vpc-with-dns/variables.tf +++ b/examples/vpc-with-dns/variables.tf @@ -13,13 +13,13 @@ variable "region" { variable "prefix" { description = "The prefix that you would like to append to your resources" type = string - default = "sz-vpc-with-dns" + default = "dns" } variable "name" { description = "The name of the vpc" type = string - default = "vpc-with-dns" + default = "sz-vpc" } variable "resource_group" { @@ -33,7 +33,7 @@ variable "resource_tags" { type = list(string) default = null } -######## + variable "dns_records" { description = "List of DNS records to create" type = list(object({ @@ -54,9 +54,3 @@ variable "dns_zone_name" { description = "The name of the DNS zone to be created." type = string } - -variable "existing_dns_instance_id" { - description = "Id of an existing dns instance in which the custom resolver is created. Only relevant if enable_hub is set to true." - type = string - default = null -} From 7048db6ded782858384844be39c67af2d4d183e1 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 14:22:13 +0530 Subject: [PATCH 15/20] fix: precommit errors --- outputs.tf | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/outputs.tf b/outputs.tf index f8dca051..97c32cc9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -180,21 +180,20 @@ output "dns_custom_resolver_id" { ## DNS Zone and Records output "dns_zone_state" { description = "The state of the DNS zone." - value = ibm_dns_zone.dns_zone[0].state + value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].state : null } output "dns_zone" { description = "The ID of the DNS zone. The ID is composed of /" - value = ibm_dns_zone.dns_zone[0].id + value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].id : null } output "dns_zone_id" { description = "The ID of the zone that is associated with the DNS zone." - value = ibm_dns_zone.dns_zone[0].zone_id + value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].zone_id : null } output "dns_record_ids" { description = "List of all the domain resource records." - # value = [for record in ibm_dns_record.dns_record : record.id] value = [for record in ibm_dns_resource_record.dns_record : record.id] } From b13cb7db101b7583ddcc1c1b4840ccd98bdf9520 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Wed, 5 Feb 2025 14:30:35 +0530 Subject: [PATCH 16/20] fix: pre-commit error --- outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/outputs.tf b/outputs.tf index 97c32cc9..c31d7117 100644 --- a/outputs.tf +++ b/outputs.tf @@ -195,5 +195,5 @@ output "dns_zone_id" { output "dns_record_ids" { description = "List of all the domain resource records." - value = [for record in ibm_dns_resource_record.dns_record : record.id] + value = [for record in ibm_dns_resource_record.dns_record : record.id] } From f7c6c9b5b732eb4a49dd8785527972bfebb2377a Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 11 Feb 2025 00:39:45 +0530 Subject: [PATCH 17/20] fix: resolved review comments --- README.md | 7 +++---- examples/vpc-with-dns/README.md | 2 +- examples/vpc-with-dns/outputs.tf | 7 +------ examples/vpc-with-dns/variables.tf | 33 +++++++++++++++++++++++++++++- main.tf | 5 ++++- outputs.tf | 9 ++------ variables.tf | 2 +- 7 files changed, 44 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 69de45c4..bffb298f 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ To attach access management tags to resources in this module, you need the follo | Name | Type | |------|------| | [ibm_dns_custom_resolver.custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_custom_resolver) | resource | -| [ibm_dns_permitted_network.dns_permitted_nw](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_permitted_network) | resource | +| [ibm_dns_permitted_network.dns_permitted_network](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_permitted_network) | resource | | [ibm_dns_resource_record.dns_record](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_resource_record) | resource | | [ibm_dns_zone.dns_zone](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/dns_zone) | resource | | [ibm_iam_authorization_policy.policy](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/iam_authorization_policy) | resource | @@ -198,7 +198,7 @@ To attach access management tags to resources in this module, you need the follo | [dns\_records](#input\_dns\_records) | List of DNS records to be created. | 
list(object({
    name       = string
    type       = string
    ttl        = number
    rdata      = string
    preference = optional(number, null)
    service    = optional(string, null)
    protocol   = optional(string, null)
    priority   = optional(number, null)
    weight     = optional(number, null)
    port       = optional(number, null)
  }))
| `[]` | no | | [dns\_zone\_description](#input\_dns\_zone\_description) | The description of the DNS zone. | `string` | `"Default DNS Zone"` | no | | [dns\_zone\_label](#input\_dns\_zone\_label) | Label associated with the DNS zone. | `string` | `"dns-zone"` | no | -| [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `null` | no | +| [dns\_zone\_name](#input\_dns\_zone\_name) | The name of the DNS zone to be created. | `string` | `"slz.com"` | no | | [enable\_hub](#input\_enable\_hub) | Indicates whether this VPC is enabled as a DNS name resolution hub. | `bool` | `false` | no | | [enable\_hub\_vpc\_crn](#input\_enable\_hub\_vpc\_crn) | Indicates whether Hub VPC CRN is passed. | `bool` | `false` | no | | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | @@ -244,8 +244,7 @@ To attach access management tags to resources in this module, you need the follo | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | | [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | -| [dns\_zone](#output\_dns\_zone) | The ID of the DNS zone. The ID is composed of / | -| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the zone that is associated with the DNS zone. | +| [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS zone. | | [dns\_zone\_state](#output\_dns\_zone\_state) | The state of the DNS zone. | | [network\_acls](#output\_network\_acls) | List of shortnames and IDs of network ACLs | | [public\_gateways](#output\_public\_gateways) | Map of public gateways by zone | diff --git a/examples/vpc-with-dns/README.md b/examples/vpc-with-dns/README.md index f6358769..8d515466 100644 --- a/examples/vpc-with-dns/README.md +++ b/examples/vpc-with-dns/README.md @@ -1,6 +1,6 @@ # VPC with DNS example -A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (`VPC`) in two zones (Zone1 and Zone2). Allows creation of Domain Name System (`DNS`) `Zones` and `Records` linking the created `VPC` as a permitted network to the `DNS.` +A simple example demonstrating the provisioning of a `Secure Landing Zone (SLZ) Virtual Private Cloud (VPC)` across two zones (`Zone 1` and `Zone 2`). This setup includes the creation of `Domain Name System (DNS) Zones and Records`, linking the provisioned VPC as a permitted network for DNS operations. The following resources are provisioned by this example: diff --git a/examples/vpc-with-dns/outputs.tf b/examples/vpc-with-dns/outputs.tf index 7a32b87d..cb54729e 100644 --- a/examples/vpc-with-dns/outputs.tf +++ b/examples/vpc-with-dns/outputs.tf @@ -37,13 +37,8 @@ output "dns_zone_state" { value = module.slz_vpc.dns_zone_state } -output "dns_zone" { - description = "The ID of the DNS zone. The ID is composed of /" - value = module.slz_vpc.dns_zone -} - output "dns_zone_id" { - description = "The ID of the zone that is associated with the DNS zone." + description = "The ID of the DNS zone." value = module.slz_vpc.dns_zone_id } output "dns_record_ids" { diff --git a/examples/vpc-with-dns/variables.tf b/examples/vpc-with-dns/variables.tf index 93a9f0b4..3861e898 100644 --- a/examples/vpc-with-dns/variables.tf +++ b/examples/vpc-with-dns/variables.tf @@ -19,7 +19,7 @@ variable "prefix" { variable "name" { description = "The name of the vpc" type = string - default = "sz-vpc" + default = "slz-vpc" } variable "resource_group" { @@ -48,9 +48,40 @@ variable "dns_records" { service = optional(string) weight = optional(number) })) + default = [ + { + name = "testA" + type = "A" + rdata = "1.2.3.4" + ttl = 3600 + }, + { + name = "testMX" + type = "MX" + rdata = "mailserver.test.com" + preference = 10 + }, + { + type = "SRV" + name = "testSRV" + rdata = "tester.com" + priority = 100 + weight = 100 + port = 8000 + service = "_sip" + protocol = "udp" + }, + { + name = "testTXT" + type = "TXT" + rdata = "textinformation" + ttl = 900 + } + ] } variable "dns_zone_name" { description = "The name of the DNS zone to be created." type = string + default = "dns-example.com" } diff --git a/main.tf b/main.tf index 41e4d2f8..eca47ede 100644 --- a/main.tf +++ b/main.tf @@ -370,7 +370,7 @@ resource "ibm_dns_zone" "dns_zone" { # DNS PERMITTED NETWORK ############################################################################## -resource "ibm_dns_permitted_network" "dns_permitted_nw" { +resource "ibm_dns_permitted_network" "dns_permitted_network" { count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid zone_id = ibm_dns_zone.dns_zone[0].zone_id @@ -382,6 +382,9 @@ resource "ibm_dns_permitted_network" "dns_permitted_nw" { # DNS Records ############################################################################## +locals { + record_ids = [for record in ibm_dns_resource_record.dns_record : element(split("/", record.id), 2)] +} resource "ibm_dns_resource_record" "dns_record" { for_each = { for idx, record in var.dns_records : idx => record } diff --git a/outputs.tf b/outputs.tf index c31d7117..0d8af480 100644 --- a/outputs.tf +++ b/outputs.tf @@ -183,17 +183,12 @@ output "dns_zone_state" { value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].state : null } -output "dns_zone" { - description = "The ID of the DNS zone. The ID is composed of /" - value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].id : null -} - output "dns_zone_id" { - description = "The ID of the zone that is associated with the DNS zone." + description = "The ID of the DNS zone." value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].zone_id : null } output "dns_record_ids" { description = "List of all the domain resource records." - value = [for record in ibm_dns_resource_record.dns_record : record.id] + value = length(ibm_dns_resource_record.dns_record) > 0 ? local.record_ids : null } diff --git a/variables.tf b/variables.tf index 5c6cb665..12c85cd6 100644 --- a/variables.tf +++ b/variables.tf @@ -640,7 +640,7 @@ variable "dns_plan" { variable "dns_zone_name" { description = "The name of the DNS zone to be created." - default = null + default = "slz.com" type = string } From fb7bc50821b956f0ed63896cac940f06d42b1586 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Fri, 14 Feb 2025 00:07:00 +0530 Subject: [PATCH 18/20] fix: resolved review comments --- README.md | 1 + examples/vpc-with-dns/outputs.tf | 5 +++++ main.tf | 7 ++++--- outputs.tf | 5 +++++ variables.tf | 16 ++++++++++++++++ 5 files changed, 31 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index bffb298f..bfca1efc 100644 --- a/README.md +++ b/README.md @@ -244,6 +244,7 @@ To attach access management tags to resources in this module, you need the follo | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | | [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | +| [dns\_zone](#output\_dns\_zone) | A map representing DNS zone information. | | [dns\_zone\_id](#output\_dns\_zone\_id) | The ID of the DNS zone. | | [dns\_zone\_state](#output\_dns\_zone\_state) | The state of the DNS zone. | | [network\_acls](#output\_network\_acls) | List of shortnames and IDs of network ACLs | diff --git a/examples/vpc-with-dns/outputs.tf b/examples/vpc-with-dns/outputs.tf index cb54729e..61f18453 100644 --- a/examples/vpc-with-dns/outputs.tf +++ b/examples/vpc-with-dns/outputs.tf @@ -45,3 +45,8 @@ output "dns_record_ids" { description = "List of all the domain resource records." value = module.slz_vpc.dns_record_ids } + +output "dns_zone" { + description = "A map representing DNS zone information." + value = module.slz_vpc.dns_zone +} diff --git a/main.tf b/main.tf index eca47ede..33e94f80 100644 --- a/main.tf +++ b/main.tf @@ -382,9 +382,6 @@ resource "ibm_dns_permitted_network" "dns_permitted_network" { # DNS Records ############################################################################## -locals { - record_ids = [for record in ibm_dns_resource_record.dns_record : element(split("/", record.id), 2)] -} resource "ibm_dns_resource_record" "dns_record" { for_each = { for idx, record in var.dns_records : idx => record } @@ -408,4 +405,8 @@ resource "ibm_dns_resource_record" "dns_record" { preference = each.value.type == "MX" ? each.value.preference : null } +locals { + record_ids = [for record in ibm_dns_resource_record.dns_record : element(split("/", record.id), 2)] +} + ############################################################################## diff --git a/outputs.tf b/outputs.tf index 0d8af480..a99031fa 100644 --- a/outputs.tf +++ b/outputs.tf @@ -188,6 +188,11 @@ output "dns_zone_id" { value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0].zone_id : null } +output "dns_zone" { + description = "A map representing DNS zone information." + value = length(ibm_dns_zone.dns_zone) > 0 ? ibm_dns_zone.dns_zone[0] : null +} + output "dns_record_ids" { description = "List of all the domain resource records." value = length(ibm_dns_resource_record.dns_record) > 0 ? local.record_ids : null diff --git a/variables.tf b/variables.tf index 12c85cd6..597f6673 100644 --- a/variables.tf +++ b/variables.tf @@ -642,6 +642,22 @@ variable "dns_zone_name" { description = "The name of the DNS zone to be created." default = "slz.com" type = string + validation { + condition = !contains([ + "ibm.com", + "softlayer.com", + "bluemix.net", + "softlayer.local", + "mybluemix.net", + "networklayer.com", + "ibmcloud.com", + "pdnsibm.net", + "appdomain.cloud", + "compass.cobaltiron.com" + ], var.dns_zone_name) + + error_message = "The specified DNS zone name is not permitted. Please choose a different domain name. [Learn more](https://cloud.ibm.com/docs/dns-svcs?topic=dns-svcs-managing-dns-zones&interface=ui#restricted-dns-zone-names)" + } } variable "dns_zone_description" { From 921b887b58d6530efdbc71e766bdea547cb3ac8d Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Mon, 17 Feb 2025 21:55:26 +0530 Subject: [PATCH 19/20] fix: addressed review changes --- main.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/main.tf b/main.tf index 33e94f80..28a46692 100644 --- a/main.tf +++ b/main.tf @@ -383,8 +383,7 @@ resource "ibm_dns_permitted_network" "dns_permitted_network" { ############################################################################## resource "ibm_dns_resource_record" "dns_record" { - - for_each = { for idx, record in var.dns_records : idx => record } + for_each = length(ibm_dns_zone.dns_zone) > 0 ? { for idx, record in var.dns_records : idx => record } : {} instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid zone_id = ibm_dns_zone.dns_zone[0].zone_id name = each.value.name From ada55637dd40129e0169c45fab13c45436ef4942 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 18 Feb 2025 17:22:27 +0530 Subject: [PATCH 20/20] refactor: moved test to pr_test --- tests/other_test.go | 30 ------------------------------ tests/pr_test.go | 30 ++++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/other_test.go b/tests/other_test.go index 29f131ed..8027efdb 100644 --- a/tests/other_test.go +++ b/tests/other_test.go @@ -9,16 +9,6 @@ import ( "github.com/stretchr/testify/assert" ) -// To verify DNS records creation -var dnsRecordsMap = []map[string]interface{}{ - {"name": "testA", "type": "A", "rdata": "1.2.3.4", "ttl": 3600}, - {"name": "testAAAA", "type": "AAAA", "rdata": "2001:0db8:0012:0001:3c5e:7354:0000:5db5"}, - {"name": "testCNAME", "type": "CNAME", "rdata": "test.com"}, - {"name": "testTXT", "type": "TXT", "rdata": "textinformation", "ttl": 900}, - {"name": "testMX", "type": "MX", "rdata": "mailserver.test.com", "preference": 10}, - {"name": "testSRV", "type": "SRV", "rdata": "tester.com", "priority": 100, "weight": 100, "port": 8000, "service": "_sip", "protocol": "udp"}, -} - func TestRunBasicExample(t *testing.T) { t.Parallel() @@ -64,23 +54,3 @@ func TestRunSpecificZoneExample(t *testing.T) { assert.Nil(t, err, "This should not have errored") assert.NotNil(t, output, "Expected some output") } - -func TestRunVpcWithDnsExample(t *testing.T) { - t.Parallel() - - options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ - Testing: t, - TerraformDir: vpcWithDnsExampleTerraformDir, - Prefix: "dns-slz", - ResourceGroup: resourceGroup, - Region: "us-south", - }) - options.TerraformVars = map[string]interface{}{ - "dns_records": dnsRecordsMap, - "name": "test-dns", - "dns_zone_name": "slz.com", - } - output, err := options.RunTestConsistency() - assert.Nil(t, err, "This should not have errored") - assert.NotNil(t, output, "Expected some output") -} diff --git a/tests/pr_test.go b/tests/pr_test.go index 600ba9ed..242ddbdd 100644 --- a/tests/pr_test.go +++ b/tests/pr_test.go @@ -33,6 +33,16 @@ const yamlLocation = "../common-dev-assets/common-go-assets/common-permanent-res var permanentResources map[string]interface{} +// To verify DNS records creation +var dnsRecordsMap = []map[string]interface{}{ + {"name": "testA", "type": "A", "rdata": "1.2.3.4", "ttl": 3600}, + {"name": "testAAAA", "type": "AAAA", "rdata": "2001:0db8:0012:0001:3c5e:7354:0000:5db5"}, + {"name": "testCNAME", "type": "CNAME", "rdata": "test.com"}, + {"name": "testTXT", "type": "TXT", "rdata": "textinformation", "ttl": 900}, + {"name": "testMX", "type": "MX", "rdata": "mailserver.test.com", "preference": 10}, + {"name": "testSRV", "type": "SRV", "rdata": "tester.com", "priority": 100, "weight": 100, "port": 8000, "service": "_sip", "protocol": "udp"}, +} + func TestMain(m *testing.M) { // Read the YAML file contents var err error @@ -172,3 +182,23 @@ func TestRunExistingVPCExample(t *testing.T) { logger.Log(t, "END: Destroy (existing resources)") } } + +func TestRunVpcWithDnsExample(t *testing.T) { + t.Parallel() + + options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{ + Testing: t, + TerraformDir: vpcWithDnsExampleTerraformDir, + Prefix: "dns-slz", + ResourceGroup: resourceGroup, + Region: "us-south", + }) + options.TerraformVars = map[string]interface{}{ + "dns_records": dnsRecordsMap, + "name": "test-dns", + "dns_zone_name": "slz.com", + } + output, err := options.RunTestConsistency() + assert.Nil(t, err, "This should not have errored") + assert.NotNil(t, output, "Expected some output") +}