hashicorp · modular-magician · Nov 15, 2022 · Nov 15, 2022
diff --git a/.changelog/6814.txt b/.changelog/6814.txt
@@ -0,0 +1,6 @@
+```release-note:enhancement
+dns: added `gke_clusters` field to `google_dns_managed_zone` resource
+```
+```release-note:enhancement
+dns: added `gke_clusters` field to `google_dns_response_policy` resource
+```
diff --git a/google/resource_dns_managed_zone.go b/google/resource_dns_managed_zone.go
@@ -250,6 +250,22 @@ blocks in an update and then apply another update adding all of them back simult
 								return hashcode(buf.String())
 							},
 						},
+						"gke_clusters": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The list of Google Kubernetes Engine clusters that can see this zone.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"gke_cluster_name": {
+										Type:     schema.TypeString,
+										Required: true,
+										Description: `The resource name of the cluster to bind this ManagedZone to.  
+This should be specified in the format like  
+'projects/*/locations/*/clusters/*'`,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -899,10 +915,34 @@ func flattenDNSManagedZonePrivateVisibilityConfig(v interface{}, d *schema.Resou
 		return nil
 	}
 	transformed := make(map[string]interface{})
+	transformed["gke_clusters"] =
+		flattenDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gkeClusters"], d, config)
 	transformed["networks"] =
 		flattenDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config)
 	return []interface{}{transformed}
 }
+func flattenDNSManagedZonePrivateVisibilityConfigGkeClusters(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return v
+	}
+	l := v.([]interface{})
+	transformed := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		original := raw.(map[string]interface{})
+		if len(original) < 1 {
+			// Do not include empty json objects coming back from the api
+			continue
+		}
+		transformed = append(transformed, map[string]interface{}{
+			"gke_cluster_name": flattenDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gkeClusterName"], d, config),
+		})
+	}
+	return transformed
+}
+func flattenDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenDNSManagedZonePrivateVisibilityConfigNetworks(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	if v == nil {
 		return v
@@ -1182,6 +1222,13 @@ func expandDNSManagedZonePrivateVisibilityConfig(v interface{}, d TerraformResou
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
+	transformedGkeClusters, err := expandDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gke_clusters"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedGkeClusters); val.IsValid() && !isEmptyValue(val) {
+		transformed["gkeClusters"] = transformedGkeClusters
+	}
+
 	transformedNetworks, err := expandDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config)
 	if err != nil {
 		return nil, err
@@ -1215,6 +1262,28 @@ func expandDNSManagedZonePrivateVisibilityConfigNetworks(v interface{}, d Terraf
 	return req, nil
 }
 
+func expandDNSManagedZonePrivateVisibilityConfigGkeClusters(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	req := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		if raw == nil {
+			continue
+		}
+		original := raw.(map[string]interface{})
+		transformed := make(map[string]interface{})
+
+		transformedGkeClusterName, err := expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gke_cluster_name"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedGkeClusterName); val.IsValid() && !isEmptyValue(val) {
+			transformed["gkeClusterName"] = transformedGkeClusterName
+		}
+
+		req = append(req, transformed)
+	}
+	return req, nil
+}
+
 func expandDNSManagedZonePrivateVisibilityConfigNetworksNetworkUrl(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	if v == nil || v.(string) == "" {
 		return "", nil
@@ -1228,6 +1297,10 @@ func expandDNSManagedZonePrivateVisibilityConfigNetworksNetworkUrl(v interface{}
 	return ConvertSelfLinkToV1(url), nil
 }
 
+func expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDNSManagedZoneForwardingConfig(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

diff --git a/google/resource_dns_managed_zone_generated_test.go b/google/resource_dns_managed_zone_generated_test.go
@@ -253,6 +253,105 @@ resource "google_compute_network" "network-2" {
 `, context)
 }
 
+func TestAccDNSManagedZone_dnsManagedZonePrivateGkeExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckDNSManagedZoneDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDNSManagedZone_dnsManagedZonePrivateGkeExample(context),
+			},
+			{
+				ResourceName:      "google_dns_managed_zone.private-zone-gke",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccDNSManagedZone_dnsManagedZonePrivateGkeExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_dns_managed_zone" "private-zone-gke" {
+  name        = "tf-test-private-zone%{random_suffix}"
+  dns_name    = "private.example.com."
+  description = "Example private DNS zone"
+  labels = {
+    foo = "bar"
+  }
+
+  visibility = "private"
+
+  private_visibility_config {
+    networks {
+      network_url = google_compute_network.network-1.id
+    }
+    gke_clusters {
+      gke_cluster_name = google_container_cluster.cluster-1.id
+    }
+  }
+}
+
+resource "google_compute_network" "network-1" {
+  name                    = "tf-test-network-1%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork-1" {
+  name                     = google_compute_network.network-1.name
+  network                  = google_compute_network.network-1.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+}
+
+resource "google_container_cluster" "cluster-1" {
+  name               = "tf-test-cluster-1%{random_suffix}"
+  location           = "us-central1-c"
+  initial_node_count = 1
+
+  networking_mode = "VPC_NATIVE"
+  default_snat_status {
+    disabled = true
+  }
+  network    = google_compute_network.network-1.name
+  subnetwork = google_compute_subnetwork.subnetwork-1.name
+
+  private_cluster_config {
+    enable_private_endpoint = true
+    enable_private_nodes    = true
+    master_ipv4_cidr_block  = "10.42.0.0/28"
+    master_global_access_config {
+      enabled = true
+	}
+  }
+  master_authorized_networks_config {
+  }
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
+  }
+}
+`, context)
+}
+
 func TestAccDNSManagedZone_dnsManagedZonePrivatePeeringExample(t *testing.T) {
 	t.Parallel()
 

diff --git a/google/resource_dns_managed_zone_test.go b/google/resource_dns_managed_zone_test.go
@@ -365,6 +365,9 @@ resource "google_dns_managed_zone" "private" {
     networks {
       network_url = google_compute_network.%s.self_link
     }
+    gke_clusters {
+		gke_cluster_name = google_container_cluster.cluster-1.id
+	}
   }
 }
 
@@ -382,7 +385,53 @@ resource "google_compute_network" "network-3" {
   name                    = "tf-test-network-3-%s"
   auto_create_subnetworks = false
 }
-`, suffix, first_network, second_network, suffix, suffix, suffix)
+
+resource "google_compute_subnetwork" "subnetwork-1" {
+  name                     = google_compute_network.network-1.name
+  network                  = google_compute_network.network-1.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+}
+
+resource "google_container_cluster" "cluster-1" {
+  name               = "tf-test-cluster-1-%s"
+  location           = "us-central1-c"
+  initial_node_count = 1
+
+  networking_mode = "VPC_NATIVE"
+  default_snat_status {
+    disabled = true
+  }
+  network    = google_compute_network.network-1.name
+  subnetwork = google_compute_subnetwork.subnetwork-1.name
+
+  private_cluster_config {
+    enable_private_endpoint = true
+    enable_private_nodes    = true
+    master_ipv4_cidr_block  = "10.42.0.0/28"
+    master_global_access_config {
+      enabled = true
+	}
+  }
+  master_authorized_networks_config {
+  }
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
+  }
+}
+`, suffix, first_network, second_network, suffix, suffix, suffix, suffix)
 }
 
 func testAccDnsManagedZone_privateForwardingUpdate(suffix, first_nameserver, second_nameserver, first_forwarding_path, second_forwarding_path string) string {