From 92d91ef22bd38023ab82fd835517ef47bbd5141a Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Tue, 3 Oct 2023 19:14:10 +0200 Subject: [PATCH 1/3] Fix dnssec keys lookup --- modules/dns/main.tf | 4 +++- modules/dns/outputs.tf | 4 ++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/dns/main.tf b/modules/dns/main.tf index 2c4c823031..5fec4f8494 100644 --- a/modules/dns/main.tf +++ b/modules/dns/main.tf @@ -158,7 +158,9 @@ resource "google_dns_managed_zone_iam_binding" "iam_bindings" { } data "google_dns_keys" "dns_keys" { + count = try(var.zone_config.public.dnssec_config, null) != null ? 1 : 0 managed_zone = local.managed_zone.id + project = var.project_id } resource "google_dns_record_set" "dns_record_set" { @@ -193,4 +195,4 @@ resource "google_dns_record_set" "dns_record_set" { depends_on = [ google_dns_managed_zone.dns_managed_zone ] -} \ No newline at end of file +} diff --git a/modules/dns/outputs.tf b/modules/dns/outputs.tf index f8297d8be6..7493b4cf71 100644 --- a/modules/dns/outputs.tf +++ b/modules/dns/outputs.tf @@ -1,5 +1,5 @@ /** - * Copyright 2022 Google LLC + * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,7 +16,7 @@ output "dns_keys" { description = "DNSKEY and DS records of DNSSEC-signed managed zones." - value = data.google_dns_keys.dns_keys + value = try(data.google_dns_keys.dns_keys, null) } output "domain" { From daea1277b5a242ebfa8cffa74a6882ff2f6e66b7 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Tue, 3 Oct 2023 20:39:33 +0200 Subject: [PATCH 2/3] Fix DNS examples --- modules/dns/README.md | 12 ++++++------ modules/service-directory/README.md | 2 +- tests/modules/dns/examples/peering-zone.yaml | 2 -- tests/modules/dns/examples/public-zone.yaml | 5 ----- tests/modules/dns/examples/reverse-zone.yaml | 2 -- 5 files changed, 7 insertions(+), 16 deletions(-) diff --git a/modules/dns/README.md b/modules/dns/README.md index 5b293768ea..11499326d4 100644 --- a/modules/dns/README.md +++ b/modules/dns/README.md @@ -27,7 +27,7 @@ module "private-dns" { "roles/dns.admin" = ["group:dns-administrators@myorg.com"] } } -# tftest modules=1 resources=5 inventory=private-zone.yaml +# tftest modules=1 resources=4 inventory=private-zone.yaml ``` ### Forwarding Zone @@ -45,7 +45,7 @@ module "private-dns" { } } } -# tftest modules=1 resources=2 inventory=forwarding-zone.yaml +# tftest modules=1 resources=1 inventory=forwarding-zone.yaml ``` ### Peering Zone @@ -63,7 +63,7 @@ module "private-dns" { } } } -# tftest modules=1 resources=2 inventory=peering-zone.yaml +# tftest modules=1 resources=1 inventory=peering-zone.yaml ``` ### Routing Policies @@ -99,7 +99,7 @@ module "private-dns" { } } } -# tftest modules=1 resources=5 inventory=routing-policies.yaml +# tftest modules=1 resources=4 inventory=routing-policies.yaml ``` ### Reverse Lookup Zone @@ -116,7 +116,7 @@ module "private-dns" { } } } -# tftest modules=1 resources=2 inventory=reverse-zone.yaml +# tftest modules=1 resources=1 inventory=reverse-zone.yaml ``` ### Public Zone @@ -137,7 +137,7 @@ module "public-dns" { "roles/dns.admin" = ["group:dns-administrators@myorg.com"] } } -# tftest modules=1 resources=4 inventory=public-zone.yaml +# tftest modules=1 resources=3 inventory=public-zone.yaml ``` ## Variables diff --git a/modules/service-directory/README.md b/modules/service-directory/README.md index d79c53043f..3b16cbeb10 100644 --- a/modules/service-directory/README.md +++ b/modules/service-directory/README.md @@ -88,7 +88,7 @@ module "dns-sd" { } } } -# tftest modules=2 resources=6 inventory=dns.yaml +# tftest modules=2 resources=5 inventory=dns.yaml ``` diff --git a/tests/modules/dns/examples/peering-zone.yaml b/tests/modules/dns/examples/peering-zone.yaml index ea3996ed0c..f9ab8494a3 100644 --- a/tests/modules/dns/examples/peering-zone.yaml +++ b/tests/modules/dns/examples/peering-zone.yaml @@ -30,5 +30,3 @@ values: counts: google_dns_managed_zone: 1 - -outputs: {} diff --git a/tests/modules/dns/examples/public-zone.yaml b/tests/modules/dns/examples/public-zone.yaml index 69f275998e..e47660840a 100644 --- a/tests/modules/dns/examples/public-zone.yaml +++ b/tests/modules/dns/examples/public-zone.yaml @@ -29,11 +29,6 @@ values: type: A counts: - google_dns_keys: 1 google_dns_managed_zone: 1 google_dns_record_set: 1 google_dns_managed_zone_iam_binding: 1 - modules: 1 - resources: 4 - -outputs: {} diff --git a/tests/modules/dns/examples/reverse-zone.yaml b/tests/modules/dns/examples/reverse-zone.yaml index 9798ced98c..8d0b246507 100644 --- a/tests/modules/dns/examples/reverse-zone.yaml +++ b/tests/modules/dns/examples/reverse-zone.yaml @@ -23,5 +23,3 @@ values: counts: google_dns_managed_zone: 1 - -outputs: {} From d5efbbc1b1f47ddd2c6f1ed8bf4c3fcade2aaf77 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Tue, 3 Oct 2023 20:49:37 +0200 Subject: [PATCH 3/3] Fix FAST and blueprints resource counts --- blueprints/cloud-operations/dns-fine-grained-iam/README.md | 2 +- blueprints/cloud-operations/dns-shared-vpc/README.md | 2 +- blueprints/networking/decentralized-firewall/README.md | 2 +- blueprints/networking/filtering-proxy-psc/README.md | 2 +- blueprints/networking/filtering-proxy/README.md | 4 ++-- blueprints/networking/hub-and-spoke-vpn/README.md | 2 +- .../networking/private-cloud-function-from-onprem/README.md | 2 +- blueprints/networking/shared-vpc-gke/README.md | 2 +- blueprints/serverless/cloud-run-corporate/README.md | 6 +++--- tests/fast/stages/s2_networking_a_peering/stage.yaml | 4 ++-- tests/fast/stages/s2_networking_b_vpn/stage.yaml | 2 +- tests/fast/stages/s2_networking_c_nva/stage.yaml | 2 +- tests/fast/stages/s2_networking_d_separate_envs/stage.yaml | 2 +- tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml | 2 +- 14 files changed, 18 insertions(+), 18 deletions(-) diff --git a/blueprints/cloud-operations/dns-fine-grained-iam/README.md b/blueprints/cloud-operations/dns-fine-grained-iam/README.md index db88b37b11..6379495ddb 100644 --- a/blueprints/cloud-operations/dns-fine-grained-iam/README.md +++ b/blueprints/cloud-operations/dns-fine-grained-iam/README.md @@ -128,5 +128,5 @@ module "test1" { project_create = true project_id = "test" } -# tftest modules=9 resources=28 +# tftest modules=9 resources=27 ``` diff --git a/blueprints/cloud-operations/dns-shared-vpc/README.md b/blueprints/cloud-operations/dns-shared-vpc/README.md index ad8d6125c7..ed64d1de95 100644 --- a/blueprints/cloud-operations/dns-shared-vpc/README.md +++ b/blueprints/cloud-operations/dns-shared-vpc/README.md @@ -51,5 +51,5 @@ module "test" { shared_vpc_link = "https://www.googleapis.com/compute/v1/projects/test-dns/global/networks/default" teams = ["team1", "team2"] } -# tftest modules=9 resources=20 +# tftest modules=9 resources=16 ``` diff --git a/blueprints/networking/decentralized-firewall/README.md b/blueprints/networking/decentralized-firewall/README.md index a4eea93f92..2fd89640c1 100644 --- a/blueprints/networking/decentralized-firewall/README.md +++ b/blueprints/networking/decentralized-firewall/README.md @@ -51,5 +51,5 @@ module "test" { root_node = "organizations/0123456789" } -# tftest modules=9 resources=56 +# tftest modules=9 resources=54 ``` diff --git a/blueprints/networking/filtering-proxy-psc/README.md b/blueprints/networking/filtering-proxy-psc/README.md index b3d90cefb9..dd9f058582 100644 --- a/blueprints/networking/filtering-proxy-psc/README.md +++ b/blueprints/networking/filtering-proxy-psc/README.md @@ -40,5 +40,5 @@ module "test" { } project_id = "test-project" } -# tftest modules=13 resources=42 +# tftest modules=13 resources=41 ``` diff --git a/blueprints/networking/filtering-proxy/README.md b/blueprints/networking/filtering-proxy/README.md index 5ed64067c9..70dcf6df5b 100644 --- a/blueprints/networking/filtering-proxy/README.md +++ b/blueprints/networking/filtering-proxy/README.md @@ -47,7 +47,7 @@ module "test1" { prefix = "fabric" root_node = "folders/123456789" } -# tftest modules=14 resources=39 +# tftest modules=14 resources=38 ``` ```hcl @@ -58,5 +58,5 @@ module "test2" { prefix = "fabric" root_node = "folders/123456789" } -# tftest modules=12 resources=33 +# tftest modules=12 resources=32 ``` diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md index d16a53fbbe..d0f2d1f08b 100644 --- a/blueprints/networking/hub-and-spoke-vpn/README.md +++ b/blueprints/networking/hub-and-spoke-vpn/README.md @@ -114,5 +114,5 @@ module "test" { project_id = "project-1" } -# tftest modules=20 resources=84 +# tftest modules=20 resources=79 ``` diff --git a/blueprints/networking/private-cloud-function-from-onprem/README.md b/blueprints/networking/private-cloud-function-from-onprem/README.md index 4bb9d4d984..4951454f93 100644 --- a/blueprints/networking/private-cloud-function-from-onprem/README.md +++ b/blueprints/networking/private-cloud-function-from-onprem/README.md @@ -45,5 +45,5 @@ module "test" { } project_id = "test-project" } -# tftest modules=11 resources=45 +# tftest modules=11 resources=44 ``` diff --git a/blueprints/networking/shared-vpc-gke/README.md b/blueprints/networking/shared-vpc-gke/README.md index 6aac2855f6..a60dea0c9e 100644 --- a/blueprints/networking/shared-vpc-gke/README.md +++ b/blueprints/networking/shared-vpc-gke/README.md @@ -80,5 +80,5 @@ module "test" { prefix = "test" root_node = "organizations/0123456789" } -# tftest modules=11 resources=46 +# tftest modules=11 resources=45 ``` diff --git a/blueprints/serverless/cloud-run-corporate/README.md b/blueprints/serverless/cloud-run-corporate/README.md index 5fabf182fe..93f98c5491 100644 --- a/blueprints/serverless/cloud-run-corporate/README.md +++ b/blueprints/serverless/cloud-run-corporate/README.md @@ -252,7 +252,7 @@ module "test" { prj_onprem_id = "onprem-project-id" } -# tftest modules=15 resources=52 +# tftest modules=15 resources=50 ``` ```hcl @@ -276,7 +276,7 @@ module "test" { tf_identity = "user@example.org" } -# tftest modules=15 resources=38 +# tftest modules=15 resources=36 ``` ```hcl @@ -295,5 +295,5 @@ module "test" { custom_domain = "cloud-run-corporate.example.org" } -# tftest modules=14 resources=47 +# tftest modules=14 resources=45 ``` diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml index 85b123afb5..7c9212b61e 100644 --- a/tests/fast/stages/s2_networking_a_peering/stage.yaml +++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -14,4 +14,4 @@ counts: modules: 28 - resources: 154 + resources: 145 diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml index 831bcd500c..3c65fddf2f 100644 --- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml +++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 30 - resources: 191 + resources: 182 diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml index ff699bf95f..4313644822 100644 --- a/tests/fast/stages/s2_networking_c_nva/stage.yaml +++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 42 - resources: 201 + resources: 192 diff --git a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml index fe8ab2d6be..701e186af1 100644 --- a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml +++ b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 21 - resources: 171 + resources: 165 diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml index 2c1d072ec0..66338505f8 100644 --- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml +++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 36 - resources: 212 + resources: 203