GoogleCloudPlatform · apichick · Jan 18, 2024 · Jan 18, 2024
diff --git a/modules/dns/README.md b/modules/dns/README.md
@@ -66,7 +66,7 @@ module "private-dns" {
 # tftest modules=1 resources=1 inventory=peering-zone.yaml
 ```
 
-### Routing Policies
+### Routing Policies 
 
 ```hcl
 module "private-dns" {
@@ -81,14 +81,37 @@ module "private-dns" {
   }
   recordsets = {
     "A regular" = { records = ["10.20.0.1"] }
-    "A geo" = {
+    "A geo1" = {
       geo_routing = [
         { location = "europe-west1", records = ["10.0.0.1"] },
         { location = "europe-west2", records = ["10.0.0.2"] },
         { location = "europe-west3", records = ["10.0.0.3"] }
       ]
     }
-
+    "A geo2" = {
+      geo_routing = [
+        { location = "europe-west1", health_checked_targets = [
+          {
+            load_balancer_type = "globalL7ilb",
+            ip_address         = "gil7-forwarding-rule-a",
+            port               = "80",
+            ip_protocol        = "tcp",
+            network_url        = var.vpc.self_link
+            project            = var.project_id
+          }
+        ] },
+        { location = "europe-west2", health_checked_targets = [
+          {
+            load_balancer_type = "globalL7ilb",
+            ip_address         = "gil7-forwarding-rule-b",
+            port               = "80",
+            ip_protocol        = "tcp",
+            network_url        = var.vpc.self_link
+            project            = var.project_id
+          }
+        ] },
+      ]
+    }
     "A wrr" = {
       ttl = 600
       wrr_routing = [
@@ -99,7 +122,7 @@ module "private-dns" {
     }
   }
 }
-# tftest modules=1 resources=4 inventory=routing-policies.yaml e2e
+# tftest modules=1 resources=5 inventory=routing-policies.yaml e2e
 ```
 
 ### Reverse Lookup Zone
@@ -148,8 +171,8 @@ module "public-dns" {
 | [project_id](variables.tf#L34) | Project id for the zone. | <code>string</code> | ✓ |  |
 | [description](variables.tf#L17) | Domain description. | <code>string</code> |  | <code>&#34;Terraform managed.&#34;</code> |
 | [iam](variables.tf#L23) | IAM bindings in {ROLE => [MEMBERS]} format. | <code>map&#40;list&#40;string&#41;&#41;</code> |  | <code>null</code> |
-| [recordsets](variables.tf#L39) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map&#40;object&#40;&#123;&#10;  ttl     &#61; optional&#40;number, 300&#41;&#10;  records &#61; optional&#40;list&#40;string&#41;&#41;&#10;  geo_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10;    location &#61; string&#10;    records  &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  wrr_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10;    weight  &#61; number&#10;    records &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
-| [zone_config](variables.tf#L74) | DNS zone configuration. | <code title="object&#40;&#123;&#10;  domain &#61; string&#10;  forwarding &#61; optional&#40;object&#40;&#123;&#10;    forwarders      &#61; optional&#40;map&#40;string&#41;&#41;&#10;    client_networks &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;  peering &#61; optional&#40;object&#40;&#123;&#10;    client_networks &#61; list&#40;string&#41;&#10;    peer_network    &#61; string&#10;  &#125;&#41;&#41;&#10;  public &#61; optional&#40;object&#40;&#123;&#10;    dnssec_config &#61; optional&#40;object&#40;&#123;&#10;      non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10;      state         &#61; string&#10;      key_signing_key &#61; optional&#40;object&#40;&#10;        &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10;        &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10;      &#41;&#10;      zone_signing_key &#61; optional&#40;object&#40;&#10;        &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10;        &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10;      &#41;&#10;    &#125;&#41;&#41;&#10;    enable_logging &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;  private &#61; optional&#40;object&#40;&#123;&#10;    client_networks             &#61; list&#40;string&#41;&#10;    service_directory_namespace &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
+| [recordsets](variables.tf#L39) | Map of DNS recordsets in \"type name\" => {ttl, [records]} format. | <code title="map&#40;object&#40;&#123;&#10;  ttl     &#61; optional&#40;number, 300&#41;&#10;  records &#61; optional&#40;list&#40;string&#41;&#41;&#10;  geo_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10;    location &#61; string&#10;    records  &#61; optional&#40;list&#40;string&#41;&#41;&#10;    health_checked_targets &#61; optional&#40;list&#40;object&#40;&#123;&#10;      load_balancer_type &#61; string&#10;      ip_address         &#61; string&#10;      port               &#61; string&#10;      ip_protocol        &#61; string&#10;      network_url        &#61; string&#10;      project            &#61; string&#10;      region             &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#41;&#10;  &#125;&#41;&#41;&#41;&#10;  wrr_routing &#61; optional&#40;list&#40;object&#40;&#123;&#10;    weight  &#61; number&#10;    records &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+| [zone_config](variables.tf#L83) | DNS zone configuration. | <code title="object&#40;&#123;&#10;  domain &#61; string&#10;  forwarding &#61; optional&#40;object&#40;&#123;&#10;    forwarders      &#61; optional&#40;map&#40;string&#41;&#41;&#10;    client_networks &#61; list&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;  peering &#61; optional&#40;object&#40;&#123;&#10;    client_networks &#61; list&#40;string&#41;&#10;    peer_network    &#61; string&#10;  &#125;&#41;&#41;&#10;  public &#61; optional&#40;object&#40;&#123;&#10;    dnssec_config &#61; optional&#40;object&#40;&#123;&#10;      non_existence &#61; optional&#40;string, &#34;nsec3&#34;&#41;&#10;      state         &#61; string&#10;      key_signing_key &#61; optional&#40;object&#40;&#10;        &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10;        &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 2048 &#125;&#10;      &#41;&#10;      zone_signing_key &#61; optional&#40;object&#40;&#10;        &#123; algorithm &#61; string, key_length &#61; number &#125;&#41;,&#10;        &#123; algorithm &#61; &#34;rsasha256&#34;, key_length &#61; 1024 &#125;&#10;      &#41;&#10;    &#125;&#41;&#41;&#10;    enable_logging &#61; optional&#40;bool, false&#41;&#10;  &#125;&#41;&#41;&#10;  private &#61; optional&#40;object&#40;&#123;&#10;    client_networks             &#61; list&#40;string&#41;&#10;    service_directory_namespace &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>null</code> |
 
 ## Outputs
 

diff --git a/modules/dns/main.tf b/modules/dns/main.tf
@@ -180,6 +180,23 @@ resource "google_dns_record_set" "dns_record_set" {
         content {
           location = geo.value.location
           rrdatas  = geo.value.records
+          dynamic "health_checked_targets" {
+            for_each = try(geo.value.health_checked_targets, null) == null ? [] : [""]
+            content {
+              dynamic "internal_load_balancers" {
+                for_each = geo.value.health_checked_targets
+                content {
+                  load_balancer_type = internal_load_balancers.value.load_balancer_type
+                  ip_address         = internal_load_balancers.value.ip_address
+                  port               = internal_load_balancers.value.port
+                  ip_protocol        = internal_load_balancers.value.ip_protocol
+                  network_url        = internal_load_balancers.value.network_url
+                  project            = internal_load_balancers.value.project
+                  region             = internal_load_balancers.value.region
+                }
+              }
+            }
+          }
         }
       }
       dynamic "wrr" {

diff --git a/modules/dns/variables.tf b/modules/dns/variables.tf
@@ -43,7 +43,16 @@ variable "recordsets" {
     records = optional(list(string))
     geo_routing = optional(list(object({
       location = string
-      records  = list(string)
+      records  = optional(list(string))
+      health_checked_targets = optional(list(object({
+        load_balancer_type = string
+        ip_address         = string
+        port               = string
+        ip_protocol        = string
+        network_url        = string
+        project            = string
+        region             = optional(string)
+      })))
     })))
     wrr_routing = optional(list(object({
       weight  = number

diff --git a/tests/modules/dns/examples/routing-policies.yaml b/tests/modules/dns/examples/routing-policies.yaml
@@ -14,12 +14,28 @@
 
 values:
   module.private-dns.google_dns_managed_zone.dns_managed_zone[0]:
+    cloud_logging_config:
+    - enable_logging: false
+    description: Terraform managed.
     dns_name: test.example.
+    dnssec_config: []
+    force_destroy: false
+    forwarding_config: []
+    labels: null
     name: test-example
+    peering_config: []
+    private_visibility_config:
+    - gke_clusters: []
+      networks:
+      - network_url: projects/xxx/global/networks/aaa
     project: project-id
-  module.private-dns.google_dns_record_set.dns_record_set["A geo"]:
+    reverse_lookup: false
+    service_directory_config: []
+    timeouts: null
+    visibility: private
+  module.private-dns.google_dns_record_set.dns_record_set["A geo1"]:
     managed_zone: test-example
-    name: geo.test.example.
+    name: geo1.test.example.
     project: project-id
     routing_policy:
     - enable_geo_fencing: null
@@ -41,6 +57,40 @@ values:
     rrdatas: null
     ttl: 300
     type: A
+  module.private-dns.google_dns_record_set.dns_record_set["A geo2"]:
+    managed_zone: test-example
+    name: geo2.test.example.
+    project: project-id
+    routing_policy:
+    - enable_geo_fencing: null
+      geo:
+      - health_checked_targets:
+        - internal_load_balancers:
+          - ip_address: gil7-forwarding-rule-a
+            ip_protocol: tcp
+            load_balancer_type: globalL7ilb
+            network_url: projects/xxx/global/networks/aaa
+            port: '80'
+            project: project-id
+            region: null
+        location: europe-west1
+        rrdatas: null
+      - health_checked_targets:
+        - internal_load_balancers:
+          - ip_address: gil7-forwarding-rule-b
+            ip_protocol: tcp
+            load_balancer_type: globalL7ilb
+            network_url: projects/xxx/global/networks/aaa
+            port: '80'
+            project: project-id
+            region: null
+        location: europe-west2
+        rrdatas: null
+      primary_backup: []
+      wrr: []
+    rrdatas: null
+    ttl: 300
+    type: A
   module.private-dns.google_dns_record_set.dns_record_set["A regular"]:
     managed_zone: test-example
     name: regular.test.example.
@@ -77,4 +127,6 @@ values:
 
 counts:
   google_dns_managed_zone: 1
-  google_dns_record_set: 3
+  google_dns_record_set: 4
+  modules: 1
+  resources: 5