Skip to content

Commit

Permalink
gkeCluster added in dns_managed_zone and dns_response_policy (GoogleC…
Browse files Browse the repository at this point in the history 
…loudPlatform#6814)
  • Loading branch information
@sanghaniJ @googlerjk
sanghaniJ authored and googlerjk committed Nov 21, 2022
1 parent 0a01cfe commit 3c4dda2
Show file tree
Hide file tree
Showing 9 changed files with 326 additions and 18 deletions.
24 changes: 24 additions & 0 deletions mmv1/products/dns/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,18 @@ objects:
resources that the zone is visible from.
send_empty_value: true
properties:
- !ruby/object:Api::Type::Array
name: 'gkeClusters'
description: 'The list of Google Kubernetes Engine clusters that can see this zone.'
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'gkeClusterName'
description: |
The resource name of the cluster to bind this ManagedZone to.
This should be specified in the format like
`projects/*/locations/*/clusters/*`
required: true
- !ruby/object:Api::Type::Array
name: 'networks'
description: 'The list of VPC networks that can see this zone.'
Expand Down Expand Up @@ -547,6 +559,18 @@ objects:
The fully qualified URL of the VPC network to bind to.
This should be formatted like
`https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`
- !ruby/object:Api::Type::Array
name: 'gkeClusters'
description: 'The list of Google Kubernetes Engine clusters that can see this zone.'
item_type: !ruby/object:Api::Type::NestedObject
properties:
- !ruby/object:Api::Type::String
name: 'gkeClusterName'
description: |
The resource name of the cluster to bind this ManagedZone to.
This should be specified in the format like
`projects/*/locations/*/clusters/*`
required: true
- !ruby/object:Api::Resource
name: 'ResponsePolicyRule'
kind: 'dns#responsePolicyRule'
Expand Down
11 changes: 10 additions & 1 deletion mmv1/products/dns/terraform.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,13 @@ overrides: !ruby/object:Overrides::ResourceOverrides
zone_name: "private-zone"
network_1_name: "network-1"
network_2_name: "network-2"
- !ruby/object:Provider::Terraform::Examples
name: "dns_managed_zone_private_gke"
primary_resource_id: "private-zone-gke"
vars:
zone_name: "private-zone"
network_1_name: "network-1"
cluster_1_name: "cluster-1"
- !ruby/object:Provider::Terraform::Examples
name: "dns_managed_zone_private_peering"
primary_resource_id: "peering-zone"
Expand Down Expand Up @@ -226,14 +233,15 @@ overrides: !ruby/object:Overrides::ResourceOverrides
response_policy_name: "example-response-policy"
network_1_name: "network-1"
network_2_name: "network-2"
cluster_1_name: "cluster-1"
properties:
id: !ruby/object:Overrides::Terraform::PropertyOverride
exclude: true
networks.networkUrl: !ruby/object:Overrides::Terraform::PropertyOverride
custom_expand: templates/terraform/custom_expand/network_full_url.erb
diff_suppress_func: 'compareSelfLinkOrResourceName'
custom_code: !ruby/object:Provider::Terraform::CustomCode
pre_delete: templates/terraform/pre_delete/response_policy_detach_network.erb
pre_delete: templates/terraform/pre_delete/response_policy_detach_network_gke.erb
ResponsePolicyRule: !ruby/object:Overrides::Terraform::ResourceOverride
id_format: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}'
import_format: ["projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}"]
Expand All @@ -245,6 +253,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
response_policy_name: "example-response-policy"
network_1_name: "network-1"
network_2_name: "network-2"
cluster_1_name: "cluster-1"
response_policy_rule_name: "example-rule"
# This is for copying files over
files: !ruby/object:Provider::Config::Files
Expand Down
32 changes: 32 additions & 0 deletions mmv1/templates/terraform/custom_expand/dns_managed_zone_private_visibility_config.go.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d T
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedGkeClusters, err := expandDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gke_clusters"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedGkeClusters); val.IsValid() && !isEmptyValue(val) {
transformed["gkeClusters"] = transformedGkeClusters
}

transformedNetworks, err := expandDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config)
if err != nil {
return nil, err
Expand Down Expand Up @@ -58,6 +65,28 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>Networks(v interfac
return req, nil
}

func expand<%= prefix -%><%= titlelize_property(property) -%>GkeClusters(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
l := v.([]interface{})
req := make([]interface{}, 0, len(l))
for _, raw := range l {
if raw == nil {
continue
}
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedGkeClusterName, err := expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gke_cluster_name"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedGkeClusterName); val.IsValid() && !isEmptyValue(val) {
transformed["gkeClusterName"] = transformedGkeClusterName
}

req = append(req, transformed)
}
return req, nil
}

func expand<%= prefix -%><%= titlelize_property(property) -%>NetworksNetworkUrl(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
if v == nil || v.(string) == "" {
return "", nil
Expand All @@ -71,3 +100,6 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>NetworksNetworkUrl(
return ConvertSelfLinkToV1(url), nil
}

func expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
return v, nil
}
72 changes: 72 additions & 0 deletions mmv1/templates/terraform/examples/dns_managed_zone_private_gke.tf.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# [START dns_managed_zone_private_gke]
resource "google_dns_managed_zone" "<%= ctx[:primary_resource_id] %>" {
name = "<%= ctx[:vars]['zone_name'] %>"
dns_name = "private.example.com."
description = "Example private DNS zone"
labels = {
foo = "bar"
}

visibility = "private"

private_visibility_config {
networks {
network_url = google_compute_network.network-1.id
}
gke_clusters {
gke_cluster_name = google_container_cluster.cluster-1.id
}
}
}

resource "google_compute_network" "network-1" {
name = "<%= ctx[:vars]['network_1_name'] %>"
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "subnetwork-1" {
name = google_compute_network.network-1.name
network = google_compute_network.network-1.name
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true

secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}

secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}

resource "google_container_cluster" "cluster-1" {
name = "<%= ctx[:vars]['cluster_1_name'] %>"
location = "us-central1-c"
initial_node_count = 1

networking_mode = "VPC_NATIVE"
default_snat_status {
disabled = true
}
network = google_compute_network.network-1.name
subnetwork = google_compute_subnetwork.subnetwork-1.name

private_cluster_config {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "10.42.0.0/28"
master_global_access_config {
enabled = true
}
}
master_authorized_networks_config {
}
ip_allocation_policy {
cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
}
}
# [END dns_managed_zone_private_gke]
53 changes: 53 additions & 0 deletions mmv1/templates/terraform/examples/dns_response_policy_basic.tf.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,56 @@ resource "google_compute_network" "network-2" {
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "subnetwork-1" {
provider = google-beta

name = google_compute_network.network-1.name
network = google_compute_network.network-1.name
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true

secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}

secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}

resource "google_container_cluster" "cluster-1" {
provider = google-beta

name = "<%= ctx[:vars]['cluster_1_name'] %>"
location = "us-central1-c"
initial_node_count = 1

networking_mode = "VPC_NATIVE"
default_snat_status {
disabled = true
}
network = google_compute_network.network-1.name
subnetwork = google_compute_subnetwork.subnetwork-1.name

private_cluster_config {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "10.42.0.0/28"
master_global_access_config {
enabled = true
}
}
master_authorized_networks_config {
}
ip_allocation_policy {
cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
}
}

resource "google_dns_response_policy" "<%= ctx[:primary_resource_id] %>" {
provider = google-beta

Expand All @@ -24,5 +74,8 @@ resource "google_dns_response_policy" "<%= ctx[:primary_resource_id] %>" {
networks {
network_url = google_compute_network.network-2.id
}
gke_clusters {
gke_cluster_name = google_container_cluster.cluster-1.id
}
}
# [END dns_response_policy_basic]
15 changes: 0 additions & 15 deletions mmv1/templates/terraform/pre_delete/response_policy_detach_network.erb
View file

This file was deleted.

31 changes: 31 additions & 0 deletions mmv1/templates/terraform/pre_delete/response_policy_detach_network_gke.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// if gke clusters are attached, they need to be detached before the response policy can be deleted
if d.Get("gke_clusters.#").(int) > 0 {
patched := make(map[string]interface{})
patched["gkeClusters"] = nil

url, err := replaceVars(d, config, "{{DNSBasePath}}projects/{{project}}/responsePolicies/{{response_policy_name}}")
if err != nil {
return err
}

_, err = sendRequestWithTimeout(config, "PATCH", project, url, userAgent, patched, d.Timeout(schema.TimeoutUpdate)<%= object.error_retry_predicates ? ", " + object.error_retry_predicates.join(',') : "" -%>)
if err != nil {
return fmt.Errorf("Error updating Policy %q: %s", d.Id(), err)
}
}

// if networks are attached, they need to be detached before the response policy can be deleted
if d.Get("networks.#").(int) > 0 {
patched := make(map[string]interface{})
patched["networks"] = nil

url, err := replaceVars(d, config, "{{DNSBasePath}}projects/{{project}}/responsePolicies/{{response_policy_name}}")
if err != nil {
return err
}

_, err = sendRequestWithTimeout(config, "PATCH", project, url, userAgent, patched, d.Timeout(schema.TimeoutUpdate)<%= object.error_retry_predicates ? ", " + object.error_retry_predicates.join(',') : "" -%>)
if err != nil {
return fmt.Errorf("Error updating Policy %q: %s", d.Id(), err)
}
}
51 changes: 50 additions & 1 deletion mmv1/third_party/terraform/tests/resource_dns_managed_zone_test.go.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,6 +390,9 @@ resource "google_dns_managed_zone" "private" {
networks {
network_url = google_compute_network.%s.self_link
}
gke_clusters {
gke_cluster_name = google_container_cluster.cluster-1.id
}
}
}

Expand All @@ -407,7 +410,53 @@ resource "google_compute_network" "network-3" {
name = "tf-test-network-3-%s"
auto_create_subnetworks = false
}
`, suffix, first_network, second_network, suffix, suffix, suffix)

resource "google_compute_subnetwork" "subnetwork-1" {
name = google_compute_network.network-1.name
network = google_compute_network.network-1.name
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true

secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}

secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}

resource "google_container_cluster" "cluster-1" {
name = "tf-test-cluster-1-%s"
location = "us-central1-c"
initial_node_count = 1

networking_mode = "VPC_NATIVE"
default_snat_status {
disabled = true
}
network = google_compute_network.network-1.name
subnetwork = google_compute_subnetwork.subnetwork-1.name

private_cluster_config {
enable_private_endpoint = true
enable_private_nodes = true
master_ipv4_cidr_block = "10.42.0.0/28"
master_global_access_config {
enabled = true
}
}
master_authorized_networks_config {
}
ip_allocation_policy {
cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
}
}
`, suffix, first_network, second_network, suffix, suffix, suffix, suffix)
}

func testAccDnsManagedZone_privateForwardingUpdate(suffix, first_nameserver, second_nameserver, first_forwarding_path, second_forwarding_path string) string {
Expand Down

0 comments on commit 3c4dda2

Please sign in to comment.