terraform-google-modules / terraform-google-cloud-dns Goto Github PK

I tried to update my source code to use release 3.0.1 and noticed the changes were not applied to the package. If you look at the code, you'll see it still lacks some fixes that were committed, e.g.:

version 3.0.1:

resource "google_dns_managed_zone" "peering" {
  count       = var.type == "peering" ? 1 : 0
  provider    = google-beta
  project     = var.project_id
  name        = var.name
  dns_name    = var.domain
  description = "Terraform-managed zone." <====== without the fix
  visibility  = "private"

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): Update go modules and/or dev-tools (cft/developer-tools, github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test, go)
• chore(deps): Update Terraform terraform-google-modules/project-factory/google to v15

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Description

• Current GCP Environment supports enabling Cloud Logging via API / Console. However, it's not supported in Terraform Yet.
  

Terraform Resources

Resource is present https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone but I guess it's not even supported by provider.

Even Google API has a support for it https://cloud.google.com/dns/docs/reference/v1/managedZones

Detailed design

* Just need to add support for Cloud Logging Option

Additional information

No response

Hi,
I'm trying to use this module, to create a private managed zone, and I can't, because I get this error:

module.dns-private-zone.google_dns_managed_zone.private[0]: Creating...
╷
│ Error: Error creating ManagedZone: googleapi: Error 403: Forbidden, forbidden
│ 
│   with module.dns-private-zone.google_dns_managed_zone.private[0],
│   on .terraform/modules/dns-private-zone/main.tf line 74, in resource "google_dns_managed_zone" "private":
│   74: resource "google_dns_managed_zone" "private" {

My main.tf looks like this:

module "dns-private-zone" {
  source  = "terraform-google-modules/cloud-dns/google"
  version = "3.0.0"
  project_id = var.project_id
  type       = "private"
  name       = var.dns_zone_name
  domain     = var.dns_zone_domain

  private_visibility_config_networks = [
    "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/my-vpc"
  ]
}

I'm almost sure that the service account that im using have all the necesary permissions, granted with:

gcloud projects add-iam-policy-binding sdypp-framework --member=serviceAccount:[email protected] --role=roles/dns.admin

The strange thing is that when I apply the main.tf file, but with a "public" managed zone, it works.

module.dns-private-zone.google_dns_managed_zone.public[0]: Creating...
module.dns-private-zone.google_dns_managed_zone.public[0]: Creation complete after 3s [id=projects/sdypp-framework/managedZones/framework-services-gcp-com-ar]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Is this a bug? Or I'm doing something wrong,

Thank you very much

TL;DR

I separated subdomain from TLD into another DNS zone. After enabling the dnssec, I won't be able to grab subdomain's DS record or keys and add it to TLD. It would be great if there is an output that can obtain it.

Terraform Resources

google_dns_keys

Detailed design

No response

Additional information

No response

TL;DR

Google{-beta} terraform v5.x providers have been released. However trying to use this module with v5 will fail due to the pin in versions.tf (https://github.com/terraform-google-modules/terraform-google-cloud-dns/blob/master/versions.tf#L23):

│ Error: Failed to query available provider packages
│
│ Could not retrieve the list of available versions for provider
│ hashicorp/google-beta: no available releases match the given constraints >=
│ 4.40.0, ~> 5.0, < 5.0.0

Terraform Resources

No response

Detailed design

No response

Additional information

No response

TL;DR

It would be nice if this module supported the routing_policy block that's available with google_dns_record_set. I'm unable to use this module because some of my DNS records have a weighted round robin setup.

Terraform Resources

# Example record I grabbed from the Google provider's official documentation.
# As of today it does not appear possible to use the terraform-google-cloud-dns module to create a record like this

resource "google_dns_record_set" "wrr" {
  name         = "backend.${google_dns_managed_zone.prod.dns_name}"
  managed_zone = google_dns_managed_zone.prod.name
  type         = "A"
  ttl          = 300

  routing_policy {
    wrr {
      weight  = 0.8
      rrdatas =  ["10.128.1.1"]
    }

    wrr {
      weight  = 0.2
      rrdatas =  ["10.130.1.1"]
    }
  }

Detailed design

No response

Additional information

No response

TL;DR

It would be a time-saver at the parent module level to have some default values for DNS records. Specifically, for those of us who can't remember what the default TTL is, make it optional with a default value of 5 minutes. Also consider defaulting name to "" for wildcarding, and set record type to "A" since those would be the most common.

Terraform Resources

google_dns_record_set

Detailed design

variable "recordsets" {
  type = list(object({
    name    = optional(string, "")
    type    = optinoal(string, "A")
    ttl     = optional(number, 300)
  }))
}

Additional information

https://github.com/aws2gcp/gcp-network-terraform/blob/main/dns/dns_records.tf

Running into the following error when running terraform destroy:

on .terraform/modules/xpn-dev.env-dns-private-zone/outputs.tf line 25, in output "name":
  25:   value = element(
  26:
  27:
  28:
  29:
  30:
  31:
  32:
  33:
    |----------------
    | google_dns_managed_zone.forwarding is empty tuple
    | google_dns_managed_zone.peering is empty tuple
    | google_dns_managed_zone.private is empty tuple
    | google_dns_managed_zone.public is empty tuple

passing a user-defined description value doesnt make a difference as the description parameter string value is hardcoded in the main.tf of the module

The repository is "big" due to binaries files that were added by mistake.

I used script git_find_big.sh from https://support.atlassian.com/bitbucket-cloud/docs/maintain-a-git-repository/#Manually-reviewing-large-files-in-your-repository

All sizes are in kB's. The pack column is the size of the object, compressed, inside the pack file.
size   pack   SHA                                       location
51098  13520  226ac64685d2a07ccd9672f7db5e3904971bc5aa  examples/private-zone/.terraform/plugins/linux_amd64/terraform-provider-google_v2.8.0_x4
19896  6544   4c05313dcd3e0fbb33cb89a766aed4a782085db0  examples/private-zone/.terraform/plugins/linux_amd64/terraform-provider-null_v2.1.2_x4
17586  6428   a6a43b82c87aba3df9ffaa0f3ab6b6d9ed31e82e  examples/private-zone/.terraform/plugins/linux_amd64/terraform-provider-google-beta_v2.8.0_x4
....

Could you please remove those files for history ?
When I have such operation to do, I use BFG (check the upper article for procedure)

PS : make a backup of the repository before doing the operation ;)

Upstream resource dns_managed_zone supports force_destroy

Additional context on the requirement: hashicorp/terraform-provider-google#1572

TL;DR

Since Google Provider v.4.40 creates the functionality to use terraform to activate Logging on Managed DNS zones, it would be nice to have this feature in the module. Same as #35

Terraform Resources

resource "google_dns_managed_zone" "cloud-logging-enabled-zone" {
  name        = "cloud-logging-enabled-zone"
  dns_name    = "services.example.com."
  description = "Example cloud logging enabled DNS zone"
  labels = {
    foo = "bar"
  }

  cloud_logging_config {
    enable_logging = true
  }
}

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_managed_zone

Detailed design

No response

Additional information

No response

Tested in v3.0.1 for "private" type.
Apparently setting the description variable makes no difference. Value is set to "Terraform-managed zone." no matter what.

When trying to use this module in the latest version of terraform it fails with the following error:

│ Error: Error in function call
│
│ on .terraform/modules/foo/main.tf line 105, in resource "google_dns_managed_zone" "public":
│ 105: for_each = var.dnssec_config == {} ? [] : list(var.dnssec_config)
│ ├────────────────
│ │ var.dnssec_config is object with 1 attribute "state"
│
│ Call to function "list" failed: the "list" function was deprecated in Terraform v0.12 and is no longer available; use tolist([ ... ])
│ syntax to write a literal list.

TL;DR

A common mistake I make is confusing name with domain, and the subsequent name constraints around them:

name = name of the managed zone, must be lowercases chars and dashes
domain = DNS domain name, must end in .

Having some validations around these to detect them at the plan state would be great, or, better, yet, being able to essentially auto-correct these via string manipulation.

Terraform Resources

google_dns_managed_zone

Detailed design

variable "name" {
  description = "Zone name, must be unique within the project."
  type        = string
  default     = null
}

# Auto-generate name based on domain:
name      = lower(coalesce(var.name, trimsuffix(replace(var.domain, ".", "-"), "-")))

# Add a '.' to domain if required:
dns_name       = endswith(var.domain, ".") ? var.domain : "${var.domain}."

Additional information

https://github.com/aws2gcp/gcp-network-terraform/blob/main/dns/dns_zones.tf

Following is hard coded. Variable description is ignored
description = "Terraform-managed zone."

It should be
description = var.descriptioon

I am looking for a way to show the Managed Zones for a specific project. The current functionality is great if I know the zone I'm working with, but does not provide discoverability for finding what zones are available.

My use case is as follows: I have a project that hosts multiple private Cloud DNS zones. I have workflows that create new projects and would like those newly created projects to be able to be programmatically granted access to those private zones. Ideally I would like functionality similar to what I get from gcloud dns managed-zones list --project host-project.

Integration tests seem to be failing possible due to not setting network_self_links in private-zone

TL;DR

routing_policy change introduced in v5.2.0 does not looks like working and it's throwing error. It's also not compatible with previous versions..

module "dns" {
  source      = "terraform-google-modules/cloud-dns/google"
  project_id  = "xxx"
  type        = "private"
  name        = "dbs.local"
  domain      = "dbs.local."
  description = "dbs records"

  private_visibility_config_networks = [
  "https://www.googleapis.com/compute/v1/projects/xxx/global/networks/vpc-yyyy" 
    
  ]

  recordsets = [
    {
      name    = "dbs"
      type    = "A"
      ttl     = 300
      records = ["172.16.10.10"]
    }
  ]
}

thorwing following error

   on .terraform/modules/dns/main.tf line 194, in resource "google_dns_record_set" "cloud-static-records":
│  194: resource "google_dns_record_set" "cloud-static-records" {
│ 
│ "routing_policy": only one of `routing_policy,rrdatas` can be specified, but `routing_policy,rrdatas` were specified.
╵

Expected behavior

expected to create record set with rrdatas and not to have any issues because of those routing_policy change in v5.2.0

Observed behavior

╷
│ Error: Invalid combination of arguments
│ 
│   with module.dns.google_dns_record_set.cloud-static-records["dbs/A"],
│   on .terraform/modules/dns/main.tf line 194, in resource "google_dns_record_set" "cloud-static-records":
│  194: resource "google_dns_record_set" "cloud-static-records" {
│ 
│ "routing_policy": only one of `routing_policy,rrdatas` can be specified, but `routing_policy,rrdatas` were specified.
╵
╷
│ Error: Invalid combination of arguments
│ 
│   with module.dns.google_dns_record_set.cloud-static-records["dbs/A"],
│   on .terraform/modules/dns/main.tf line 207, in resource "google_dns_record_set" "cloud-static-records":
│  207:   rrdatas = each.value.records
│ 
│ "rrdatas": only one of `routing_policy,rrdatas` can be specified, but `routing_policy,rrdatas` were specified.
╵

Terraform Configuration

terraform {
  required_version = ">= 1.3.4"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = ">= 4.43"
    }
    google-beta = {
      source  = "hashicorp/google-beta"
      version = ">= 4.43"
    }
    null = {
      source  = "hashicorp/null"
      version = "~> 3.2"
    }
    random = {
      source  = "hashicorp/random"
      version = "~> 3.4"
    }
  }
}

Terraform Version

1.3.4

Additional information

No response

i passed
labels = {
foo = "bar"
}
It is unsupported argument. The readme file mentions the labels parameter.