From 7c98257db52b8f675c671a5904c8092977ee3d4f Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 15 Nov 2022 14:31:37 -0800 Subject: [PATCH] gkeCluster added in dns_managed_zone and dns_response_policy (#6814) (#13048) Signed-off-by: Modular Magician Signed-off-by: Modular Magician --- .changelog/6814.txt | 6 ++ google/resource_dns_managed_zone.go | 73 ++++++++++++++ ...esource_dns_managed_zone_generated_test.go | 99 +++++++++++++++++++ google/resource_dns_managed_zone_test.go | 51 +++++++++- website/docs/r/dns_managed_zone.html.markdown | 93 +++++++++++++++++ .../docs/r/dns_response_policy.html.markdown | 66 +++++++++++++ 6 files changed, 387 insertions(+), 1 deletion(-) create mode 100644 .changelog/6814.txt diff --git a/.changelog/6814.txt b/.changelog/6814.txt new file mode 100644 index 0000000000..ea2077d872 --- /dev/null +++ b/.changelog/6814.txt @@ -0,0 +1,6 @@ +```release-note:enhancement +dns: added `gke_clusters` field to `google_dns_managed_zone` resource +``` +```release-note:enhancement +dns: added `gke_clusters` field to `google_dns_response_policy` resource +``` diff --git a/google/resource_dns_managed_zone.go b/google/resource_dns_managed_zone.go index b1c52a02a9..56a0507f3a 100644 --- a/google/resource_dns_managed_zone.go +++ b/google/resource_dns_managed_zone.go @@ -250,6 +250,22 @@ blocks in an update and then apply another update adding all of them back simult return hashcode(buf.String()) }, }, + "gke_clusters": { + Type: schema.TypeList, + Optional: true, + Description: `The list of Google Kubernetes Engine clusters that can see this zone.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "gke_cluster_name": { + Type: schema.TypeString, + Required: true, + Description: `The resource name of the cluster to bind this ManagedZone to. +This should be specified in the format like +'projects/*/locations/*/clusters/*'`, + }, + }, + }, + }, }, }, }, @@ -899,10 +915,34 @@ func flattenDNSManagedZonePrivateVisibilityConfig(v interface{}, d *schema.Resou return nil } transformed := make(map[string]interface{}) + transformed["gke_clusters"] = + flattenDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gkeClusters"], d, config) transformed["networks"] = flattenDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config) return []interface{}{transformed} } +func flattenDNSManagedZonePrivateVisibilityConfigGkeClusters(v interface{}, d *schema.ResourceData, config *Config) interface{} { + if v == nil { + return v + } + l := v.([]interface{}) + transformed := make([]interface{}, 0, len(l)) + for _, raw := range l { + original := raw.(map[string]interface{}) + if len(original) < 1 { + // Do not include empty json objects coming back from the api + continue + } + transformed = append(transformed, map[string]interface{}{ + "gke_cluster_name": flattenDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gkeClusterName"], d, config), + }) + } + return transformed +} +func flattenDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + func flattenDNSManagedZonePrivateVisibilityConfigNetworks(v interface{}, d *schema.ResourceData, config *Config) interface{} { if v == nil { return v @@ -1182,6 +1222,13 @@ func expandDNSManagedZonePrivateVisibilityConfig(v interface{}, d TerraformResou original := raw.(map[string]interface{}) transformed := make(map[string]interface{}) + transformedGkeClusters, err := expandDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gke_clusters"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedGkeClusters); val.IsValid() && !isEmptyValue(val) { + transformed["gkeClusters"] = transformedGkeClusters + } + transformedNetworks, err := expandDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config) if err != nil { return nil, err @@ -1215,6 +1262,28 @@ func expandDNSManagedZonePrivateVisibilityConfigNetworks(v interface{}, d Terraf return req, nil } +func expandDNSManagedZonePrivateVisibilityConfigGkeClusters(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + req := make([]interface{}, 0, len(l)) + for _, raw := range l { + if raw == nil { + continue + } + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedGkeClusterName, err := expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gke_cluster_name"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedGkeClusterName); val.IsValid() && !isEmptyValue(val) { + transformed["gkeClusterName"] = transformedGkeClusterName + } + + req = append(req, transformed) + } + return req, nil +} + func expandDNSManagedZonePrivateVisibilityConfigNetworksNetworkUrl(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { if v == nil || v.(string) == "" { return "", nil @@ -1228,6 +1297,10 @@ func expandDNSManagedZonePrivateVisibilityConfigNetworksNetworkUrl(v interface{} return ConvertSelfLinkToV1(url), nil } +func expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandDNSManagedZoneForwardingConfig(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { l := v.([]interface{}) if len(l) == 0 || l[0] == nil { diff --git a/google/resource_dns_managed_zone_generated_test.go b/google/resource_dns_managed_zone_generated_test.go index f2a6a6aec6..ec904262ac 100644 --- a/google/resource_dns_managed_zone_generated_test.go +++ b/google/resource_dns_managed_zone_generated_test.go @@ -253,6 +253,105 @@ resource "google_compute_network" "network-2" { `, context) } +func TestAccDNSManagedZone_dnsManagedZonePrivateGkeExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckDNSManagedZoneDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDNSManagedZone_dnsManagedZonePrivateGkeExample(context), + }, + { + ResourceName: "google_dns_managed_zone.private-zone-gke", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccDNSManagedZone_dnsManagedZonePrivateGkeExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_dns_managed_zone" "private-zone-gke" { + name = "tf-test-private-zone%{random_suffix}" + dns_name = "private.example.com." + description = "Example private DNS zone" + labels = { + foo = "bar" + } + + visibility = "private" + + private_visibility_config { + networks { + network_url = google_compute_network.network-1.id + } + gke_clusters { + gke_cluster_name = google_container_cluster.cluster-1.id + } + } +} + +resource "google_compute_network" "network-1" { + name = "tf-test-network-1%{random_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork-1" { + name = google_compute_network.network-1.name + network = google_compute_network.network-1.name + ip_cidr_range = "10.0.36.0/24" + region = "us-central1" + private_ip_google_access = true + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.0.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.0.32.0/22" + } +} + +resource "google_container_cluster" "cluster-1" { + name = "tf-test-cluster-1%{random_suffix}" + location = "us-central1-c" + initial_node_count = 1 + + networking_mode = "VPC_NATIVE" + default_snat_status { + disabled = true + } + network = google_compute_network.network-1.name + subnetwork = google_compute_subnetwork.subnetwork-1.name + + private_cluster_config { + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "10.42.0.0/28" + master_global_access_config { + enabled = true + } + } + master_authorized_networks_config { + } + ip_allocation_policy { + cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name + services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name + } +} +`, context) +} + func TestAccDNSManagedZone_dnsManagedZonePrivatePeeringExample(t *testing.T) { t.Parallel() diff --git a/google/resource_dns_managed_zone_test.go b/google/resource_dns_managed_zone_test.go index 20f478d79a..98e8e4c20b 100644 --- a/google/resource_dns_managed_zone_test.go +++ b/google/resource_dns_managed_zone_test.go @@ -365,6 +365,9 @@ resource "google_dns_managed_zone" "private" { networks { network_url = google_compute_network.%s.self_link } + gke_clusters { + gke_cluster_name = google_container_cluster.cluster-1.id + } } } @@ -382,7 +385,53 @@ resource "google_compute_network" "network-3" { name = "tf-test-network-3-%s" auto_create_subnetworks = false } -`, suffix, first_network, second_network, suffix, suffix, suffix) + +resource "google_compute_subnetwork" "subnetwork-1" { + name = google_compute_network.network-1.name + network = google_compute_network.network-1.name + ip_cidr_range = "10.0.36.0/24" + region = "us-central1" + private_ip_google_access = true + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.0.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.0.32.0/22" + } +} + +resource "google_container_cluster" "cluster-1" { + name = "tf-test-cluster-1-%s" + location = "us-central1-c" + initial_node_count = 1 + + networking_mode = "VPC_NATIVE" + default_snat_status { + disabled = true + } + network = google_compute_network.network-1.name + subnetwork = google_compute_subnetwork.subnetwork-1.name + + private_cluster_config { + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "10.42.0.0/28" + master_global_access_config { + enabled = true + } + } + master_authorized_networks_config { + } + ip_allocation_policy { + cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name + services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name + } +} +`, suffix, first_network, second_network, suffix, suffix, suffix, suffix) } func testAccDnsManagedZone_privateForwardingUpdate(suffix, first_nameserver, second_nameserver, first_forwarding_path, second_forwarding_path string) string { diff --git a/website/docs/r/dns_managed_zone.html.markdown b/website/docs/r/dns_managed_zone.html.markdown index f24a657fae..a2eadcce4b 100644 --- a/website/docs/r/dns_managed_zone.html.markdown +++ b/website/docs/r/dns_managed_zone.html.markdown @@ -136,6 +136,86 @@ resource "google_compute_network" "network-2" { auto_create_subnetworks = false } ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Dns Managed Zone Private Gke + + +```hcl +resource "google_dns_managed_zone" "private-zone-gke" { + name = "private-zone" + dns_name = "private.example.com." + description = "Example private DNS zone" + labels = { + foo = "bar" + } + + visibility = "private" + + private_visibility_config { + networks { + network_url = google_compute_network.network-1.id + } + gke_clusters { + gke_cluster_name = google_container_cluster.cluster-1.id + } + } +} + +resource "google_compute_network" "network-1" { + name = "network-1" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork-1" { + name = google_compute_network.network-1.name + network = google_compute_network.network-1.name + ip_cidr_range = "10.0.36.0/24" + region = "us-central1" + private_ip_google_access = true + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.0.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.0.32.0/22" + } +} + +resource "google_container_cluster" "cluster-1" { + name = "cluster-1" + location = "us-central1-c" + initial_node_count = 1 + + networking_mode = "VPC_NATIVE" + default_snat_status { + disabled = true + } + network = google_compute_network.network-1.name + subnetwork = google_compute_subnetwork.subnetwork-1.name + + private_cluster_config { + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "10.42.0.0/28" + master_global_access_config { + enabled = true + } + } + master_authorized_networks_config { + } + ip_allocation_policy { + cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name + services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name + } +} +```
Open in Cloud Shell @@ -368,6 +448,11 @@ The following arguments are supported: The `private_visibility_config` block supports: +* `gke_clusters` - + (Optional) + The list of Google Kubernetes Engine clusters that can see this zone. + Structure is [documented below](#nested_gke_clusters). + * `networks` - (Required) The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you @@ -378,6 +463,14 @@ The following arguments are supported: Structure is [documented below](#nested_networks). +The `gke_clusters` block supports: + +* `gke_cluster_name` - + (Required) + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + `projects/*/locations/*/clusters/*` + The `networks` block supports: * `network_url` - diff --git a/website/docs/r/dns_response_policy.html.markdown b/website/docs/r/dns_response_policy.html.markdown index ac3b3aec5f..eac6df1238 100644 --- a/website/docs/r/dns_response_policy.html.markdown +++ b/website/docs/r/dns_response_policy.html.markdown @@ -51,6 +51,56 @@ resource "google_compute_network" "network-2" { auto_create_subnetworks = false } +resource "google_compute_subnetwork" "subnetwork-1" { + provider = google-beta + + name = google_compute_network.network-1.name + network = google_compute_network.network-1.name + ip_cidr_range = "10.0.36.0/24" + region = "us-central1" + private_ip_google_access = true + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.0.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.0.32.0/22" + } +} + +resource "google_container_cluster" "cluster-1" { + provider = google-beta + + name = "cluster-1" + location = "us-central1-c" + initial_node_count = 1 + + networking_mode = "VPC_NATIVE" + default_snat_status { + disabled = true + } + network = google_compute_network.network-1.name + subnetwork = google_compute_subnetwork.subnetwork-1.name + + private_cluster_config { + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "10.42.0.0/28" + master_global_access_config { + enabled = true + } + } + master_authorized_networks_config { + } + ip_allocation_policy { + cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name + services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name + } +} + resource "google_dns_response_policy" "example-response-policy" { provider = google-beta @@ -62,6 +112,9 @@ resource "google_dns_response_policy" "example-response-policy" { networks { network_url = google_compute_network.network-2.id } + gke_clusters { + gke_cluster_name = google_container_cluster.cluster-1.id + } } ``` @@ -87,6 +140,11 @@ The following arguments are supported: The list of network names specifying networks to which this policy is applied. Structure is [documented below](#nested_networks). +* `gke_clusters` - + (Optional) + The list of Google Kubernetes Engine clusters that can see this zone. + Structure is [documented below](#nested_gke_clusters). + * `project` - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. @@ -99,6 +157,14 @@ The following arguments are supported: This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` +The `gke_clusters` block supports: + +* `gke_cluster_name` - + (Required) + The resource name of the cluster to bind this ManagedZone to. + This should be specified in the format like + `projects/*/locations/*/clusters/*` + ## Attributes Reference In addition to the arguments listed above, the following computed attributes are exported: