From c6b030ada5e761e25251950b7c14c2f1d2c6734a Mon Sep 17 00:00:00 2001 From: Ludo Date: Sat, 3 Feb 2024 07:27:52 +0100 Subject: [PATCH 1/2] revert #2023 --- fast/stages/2-networking-a-peering/README.md | 8 ++++---- fast/stages/2-networking-a-peering/dns-dev.tf | 12 ------------ fast/stages/2-networking-a-peering/dns-landing.tf | 12 ------------ fast/stages/2-networking-a-peering/dns-prod.tf | 12 ------------ fast/stages/2-networking-a-peering/variables.tf | 4 ++-- fast/stages/2-networking-b-vpn/README.md | 8 ++++---- fast/stages/2-networking-b-vpn/dns-dev.tf | 12 ------------ fast/stages/2-networking-b-vpn/dns-landing.tf | 12 ------------ fast/stages/2-networking-b-vpn/dns-prod.tf | 12 ------------ fast/stages/2-networking-b-vpn/variables.tf | 4 ++-- fast/stages/2-networking-c-nva/README.md | 8 ++++---- fast/stages/2-networking-c-nva/dns-dev.tf | 13 ------------- fast/stages/2-networking-c-nva/dns-landing.tf | 15 --------------- fast/stages/2-networking-c-nva/dns-prod.tf | 12 ------------ fast/stages/2-networking-c-nva/variables.tf | 4 ++-- .../stages/2-networking-d-separate-envs/README.md | 6 +++--- .../2-networking-d-separate-envs/dns-dev.tf | 12 ------------ .../2-networking-d-separate-envs/dns-prod.tf | 12 ------------ .../2-networking-d-separate-envs/variables.tf | 4 ++-- fast/stages/2-networking-e-nva-bgp/README.md | 8 ++++---- fast/stages/2-networking-e-nva-bgp/dns-dev.tf | 13 ------------- fast/stages/2-networking-e-nva-bgp/dns-landing.tf | 15 --------------- fast/stages/2-networking-e-nva-bgp/dns-prod.tf | 12 ------------ fast/stages/2-networking-e-nva-bgp/variables.tf | 4 ++-- .../stages/s2_networking_a_peering/stage.yaml | 2 +- tests/fast/stages/s2_networking_b_vpn/stage.yaml | 2 +- tests/fast/stages/s2_networking_c_nva/stage.yaml | 2 +- .../s2_networking_d_separate_envs/stage.yaml | 2 +- .../stages/s2_networking_e_nva_bgp/stage.yaml | 2 +- 29 files changed, 34 insertions(+), 210 deletions(-) diff --git a/fast/stages/2-networking-a-peering/README.md b/fast/stages/2-networking-a-peering/README.md index 84208067e3..44ceddabf3 100644 --- a/fast/stages/2-networking-a-peering/README.md +++ b/fast/stages/2-networking-a-peering/README.md @@ -366,9 +366,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | name | description | modules | resources | |---|---|---|---| -| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy | -| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | -| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy | +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | +| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | | | [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | @@ -394,7 +394,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L146) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L120) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-a-peering/dns-dev.tf b/fast/stages/2-networking-a-peering/dns-dev.tf index c91e959b54..4a021f3adc 100644 --- a/fast/stages/2-networking-a-peering/dns-dev.tf +++ b/fast/stages/2-networking-a-peering/dns-dev.tf @@ -75,15 +75,3 @@ module "dev-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "dev-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.dev-spoke-project.project_id - enable_logging = true - networks { - network_url = module.dev-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-a-peering/dns-landing.tf b/fast/stages/2-networking-a-peering/dns-landing.tf index 25fa33e4d0..2eefbc86d8 100644 --- a/fast/stages/2-networking-a-peering/dns-landing.tf +++ b/fast/stages/2-networking-a-peering/dns-landing.tf @@ -87,15 +87,3 @@ module "landing-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "landing-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.landing-project.project_id - enable_logging = true - networks { - network_url = module.landing-vpc.id - } -} diff --git a/fast/stages/2-networking-a-peering/dns-prod.tf b/fast/stages/2-networking-a-peering/dns-prod.tf index f09e16f9ec..8b376bb098 100644 --- a/fast/stages/2-networking-a-peering/dns-prod.tf +++ b/fast/stages/2-networking-a-peering/dns-prod.tf @@ -75,15 +75,3 @@ module "prod-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "prod-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.prod-spoke-project.project_id - enable_logging = true - networks { - network_url = module.prod-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-a-peering/variables.tf b/fast/stages/2-networking-a-peering/variables.tf index b1f51b4c74..717aae44a0 100644 --- a/fast/stages/2-networking-a-peering/variables.tf +++ b/fast/stages/2-networking-a-peering/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + # enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-b-vpn/README.md b/fast/stages/2-networking-b-vpn/README.md index 19251ad2a1..d73016e501 100644 --- a/fast/stages/2-networking-b-vpn/README.md +++ b/fast/stages/2-networking-b-vpn/README.md @@ -388,9 +388,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | name | description | modules | resources | |---|---|---|---| -| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy | -| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | -| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy | +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | +| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | | | [monitoring-vpn.tf](./monitoring-vpn.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | @@ -418,7 +418,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L146) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L120) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-b-vpn/dns-dev.tf b/fast/stages/2-networking-b-vpn/dns-dev.tf index c91e959b54..4a021f3adc 100644 --- a/fast/stages/2-networking-b-vpn/dns-dev.tf +++ b/fast/stages/2-networking-b-vpn/dns-dev.tf @@ -75,15 +75,3 @@ module "dev-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "dev-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.dev-spoke-project.project_id - enable_logging = true - networks { - network_url = module.dev-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-b-vpn/dns-landing.tf b/fast/stages/2-networking-b-vpn/dns-landing.tf index 25fa33e4d0..2eefbc86d8 100644 --- a/fast/stages/2-networking-b-vpn/dns-landing.tf +++ b/fast/stages/2-networking-b-vpn/dns-landing.tf @@ -87,15 +87,3 @@ module "landing-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "landing-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.landing-project.project_id - enable_logging = true - networks { - network_url = module.landing-vpc.id - } -} diff --git a/fast/stages/2-networking-b-vpn/dns-prod.tf b/fast/stages/2-networking-b-vpn/dns-prod.tf index f09e16f9ec..8b376bb098 100644 --- a/fast/stages/2-networking-b-vpn/dns-prod.tf +++ b/fast/stages/2-networking-b-vpn/dns-prod.tf @@ -75,15 +75,3 @@ module "prod-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "prod-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.prod-spoke-project.project_id - enable_logging = true - networks { - network_url = module.prod-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-b-vpn/variables.tf b/fast/stages/2-networking-b-vpn/variables.tf index b1f51b4c74..717aae44a0 100644 --- a/fast/stages/2-networking-b-vpn/variables.tf +++ b/fast/stages/2-networking-b-vpn/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + # enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md index 60ecf02cda..89b00cc1d7 100644 --- a/fast/stages/2-networking-c-nva/README.md +++ b/fast/stages/2-networking-c-nva/README.md @@ -436,9 +436,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | name | description | modules | resources | |---|---|---|---| -| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy | -| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | -| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy | +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | +| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | | | [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | @@ -463,7 +463,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L169) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [gcp_ranges](variables.tf#L120) | GCP address ranges in name => range format. | map(string) | | {…} | | diff --git a/fast/stages/2-networking-c-nva/dns-dev.tf b/fast/stages/2-networking-c-nva/dns-dev.tf index 11c721fea6..fb43d68ec5 100644 --- a/fast/stages/2-networking-c-nva/dns-dev.tf +++ b/fast/stages/2-networking-c-nva/dns-dev.tf @@ -70,16 +70,3 @@ module "dev-dns-peer-landing-rev-10" { } } } - - -# DNS policy to enable query logging - -resource "google_dns_policy" "dev-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.dev-spoke-project.project_id - enable_logging = true - networks { - network_url = module.dev-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-c-nva/dns-landing.tf b/fast/stages/2-networking-c-nva/dns-landing.tf index b93fc08a42..e18114fa7f 100644 --- a/fast/stages/2-networking-c-nva/dns-landing.tf +++ b/fast/stages/2-networking-c-nva/dns-landing.tf @@ -97,18 +97,3 @@ module "landing-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "landing-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.landing-project.project_id - enable_logging = true - networks { - network_url = module.landing-trusted-vpc.id - } - networks { - network_url = module.landing-untrusted-vpc.id - } -} diff --git a/fast/stages/2-networking-c-nva/dns-prod.tf b/fast/stages/2-networking-c-nva/dns-prod.tf index ea0d3a5d3c..dc162e55c4 100644 --- a/fast/stages/2-networking-c-nva/dns-prod.tf +++ b/fast/stages/2-networking-c-nva/dns-prod.tf @@ -70,15 +70,3 @@ module "prod-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "prod-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.prod-spoke-project.project_id - enable_logging = true - networks { - network_url = module.prod-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-c-nva/variables.tf b/fast/stages/2-networking-c-nva/variables.tf index 9d100143af..45caff9eed 100644 --- a/fast/stages/2-networking-c-nva/variables.tf +++ b/fast/stages/2-networking-c-nva/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + # enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-d-separate-envs/README.md b/fast/stages/2-networking-d-separate-envs/README.md index 0febb156a7..ec9f9e2aa6 100644 --- a/fast/stages/2-networking-d-separate-envs/README.md +++ b/fast/stages/2-networking-d-separate-envs/README.md @@ -313,8 +313,8 @@ Regions are defined via the `regions` variable which sets up a mapping between t | name | description | modules | resources | |---|---|---|---| -| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | -| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns · dns-response-policy | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns · dns-response-policy | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | | | [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | @@ -337,7 +337,7 @@ Regions are defined via the `regions` variable which sets up a mapping between t | [prefix](variables.tf#L147) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L83) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L90) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L121) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-d-separate-envs/dns-dev.tf b/fast/stages/2-networking-d-separate-envs/dns-dev.tf index cb50147aa8..018b2391b6 100644 --- a/fast/stages/2-networking-d-separate-envs/dns-dev.tf +++ b/fast/stages/2-networking-d-separate-envs/dns-dev.tf @@ -82,15 +82,3 @@ module "dev-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "dev-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.dev-spoke-project.project_id - enable_logging = true - networks { - network_url = module.dev-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-d-separate-envs/dns-prod.tf b/fast/stages/2-networking-d-separate-envs/dns-prod.tf index c293196c64..0c86e476e8 100644 --- a/fast/stages/2-networking-d-separate-envs/dns-prod.tf +++ b/fast/stages/2-networking-d-separate-envs/dns-prod.tf @@ -82,15 +82,3 @@ module "prod-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "prod-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.prod-spoke-project.project_id - enable_logging = true - networks { - network_url = module.prod-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-d-separate-envs/variables.tf b/fast/stages/2-networking-d-separate-envs/variables.tf index a105750afe..be8048bb5a 100644 --- a/fast/stages/2-networking-d-separate-envs/variables.tf +++ b/fast/stages/2-networking-d-separate-envs/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - dev_resolvers = optional(list(string), []) - enable_logging = optional(bool, true) + dev_resolvers = optional(list(string), []) + # enable_logging = optional(bool, true) prod_resolvers = optional(list(string), []) }) default = {} diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md index 7e56b3b4e9..e12bba4431 100644 --- a/fast/stages/2-networking-e-nva-bgp/README.md +++ b/fast/stages/2-networking-e-nva-bgp/README.md @@ -461,9 +461,9 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | name | description | modules | resources | |---|---|---|---| -| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | google_dns_policy | -| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | google_dns_policy | -| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | google_dns_policy | +| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | | +| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | | +| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | | | [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | | | [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy | | [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard | @@ -489,7 +489,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L180) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [gcp_ranges](variables.tf#L120) | GCP address ranges in name => range format. | map(string) | | {…} | | diff --git a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf index 11c721fea6..fb43d68ec5 100644 --- a/fast/stages/2-networking-e-nva-bgp/dns-dev.tf +++ b/fast/stages/2-networking-e-nva-bgp/dns-dev.tf @@ -70,16 +70,3 @@ module "dev-dns-peer-landing-rev-10" { } } } - - -# DNS policy to enable query logging - -resource "google_dns_policy" "dev-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.dev-spoke-project.project_id - enable_logging = true - networks { - network_url = module.dev-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf index b93fc08a42..e18114fa7f 100644 --- a/fast/stages/2-networking-e-nva-bgp/dns-landing.tf +++ b/fast/stages/2-networking-e-nva-bgp/dns-landing.tf @@ -97,18 +97,3 @@ module "landing-dns-policy-googleapis" { } rules_file = var.factories_config.dns_policy_rules_file } - -# DNS policy to enable query logging - -resource "google_dns_policy" "landing-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.landing-project.project_id - enable_logging = true - networks { - network_url = module.landing-trusted-vpc.id - } - networks { - network_url = module.landing-untrusted-vpc.id - } -} diff --git a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf index ea0d3a5d3c..dc162e55c4 100644 --- a/fast/stages/2-networking-e-nva-bgp/dns-prod.tf +++ b/fast/stages/2-networking-e-nva-bgp/dns-prod.tf @@ -70,15 +70,3 @@ module "prod-dns-peer-landing-rev-10" { } } } - -# DNS policy to enable query logging - -resource "google_dns_policy" "prod-dns-logging-policy" { - name = "logging-policy" - count = var.dns.enable_logging ? 1 : 0 - project = module.prod-spoke-project.project_id - enable_logging = true - networks { - network_url = module.prod-spoke-vpc.id - } -} diff --git a/fast/stages/2-networking-e-nva-bgp/variables.tf b/fast/stages/2-networking-e-nva-bgp/variables.tf index 3a47e0958c..03d8c98a9e 100644 --- a/fast/stages/2-networking-e-nva-bgp/variables.tf +++ b/fast/stages/2-networking-e-nva-bgp/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + # enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml index a6dad52d26..3ee8b9901e 100644 --- a/tests/fast/stages/s2_networking_a_peering/stage.yaml +++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 29 - resources: 154 + resources: 151 diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml index 712fe3ee4f..af6e5cac7b 100644 --- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml +++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 31 - resources: 191 + resources: 188 diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml index 8b78556772..01527c9995 100644 --- a/tests/fast/stages/s2_networking_c_nva/stage.yaml +++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 43 - resources: 202 + resources: 199 diff --git a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml index 6df5c894d3..1c560f7678 100644 --- a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml +++ b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 22 - resources: 174 + resources: 172 diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml index afc9acd5bb..dad424208a 100644 --- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml +++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 37 - resources: 213 + resources: 210 From 7e63b92d46ee2af763c221dd90bdfab4cb50d956 Mon Sep 17 00:00:00 2001 From: Ludo Date: Sat, 3 Feb 2024 07:47:16 +0100 Subject: [PATCH 2/2] leverage net vpc module for dns logging in fast --- fast/stages/2-networking-a-peering/README.md | 2 +- fast/stages/2-networking-a-peering/net-dev.tf | 3 +++ fast/stages/2-networking-a-peering/net-landing.tf | 1 + fast/stages/2-networking-a-peering/net-prod.tf | 3 +++ fast/stages/2-networking-a-peering/variables.tf | 4 ++-- fast/stages/2-networking-b-vpn/README.md | 2 +- fast/stages/2-networking-b-vpn/net-dev.tf | 3 +++ fast/stages/2-networking-b-vpn/net-landing.tf | 1 + fast/stages/2-networking-b-vpn/net-prod.tf | 3 +++ fast/stages/2-networking-b-vpn/variables.tf | 4 ++-- fast/stages/2-networking-c-nva/README.md | 2 +- fast/stages/2-networking-c-nva/net-dev.tf | 3 +++ fast/stages/2-networking-c-nva/net-landing.tf | 4 ++-- fast/stages/2-networking-c-nva/net-prod.tf | 3 +++ fast/stages/2-networking-c-nva/variables.tf | 4 ++-- fast/stages/2-networking-d-separate-envs/README.md | 2 +- fast/stages/2-networking-d-separate-envs/net-dev.tf | 3 +++ fast/stages/2-networking-d-separate-envs/net-prod.tf | 3 +++ fast/stages/2-networking-d-separate-envs/variables.tf | 4 ++-- fast/stages/2-networking-e-nva-bgp/README.md | 2 +- fast/stages/2-networking-e-nva-bgp/net-dev.tf | 3 +++ fast/stages/2-networking-e-nva-bgp/net-landing.tf | 4 ++-- fast/stages/2-networking-e-nva-bgp/net-prod.tf | 3 +++ fast/stages/2-networking-e-nva-bgp/variables.tf | 4 ++-- tests/fast/stages/s2_networking_a_peering/stage.yaml | 2 +- tests/fast/stages/s2_networking_b_vpn/stage.yaml | 2 +- tests/fast/stages/s2_networking_c_nva/stage.yaml | 2 +- tests/fast/stages/s2_networking_d_separate_envs/stage.yaml | 2 +- tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml | 2 +- 29 files changed, 56 insertions(+), 24 deletions(-) diff --git a/fast/stages/2-networking-a-peering/README.md b/fast/stages/2-networking-a-peering/README.md index 44ceddabf3..d5e234f5d9 100644 --- a/fast/stages/2-networking-a-peering/README.md +++ b/fast/stages/2-networking-a-peering/README.md @@ -394,7 +394,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L146) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L120) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-a-peering/net-dev.tf b/fast/stages/2-networking-a-peering/net-dev.tf index c9e1d09dd2..bce5883c1d 100644 --- a/fast/stages/2-networking-a-peering/net-dev.tf +++ b/fast/stages/2-networking-a-peering/net-dev.tf @@ -70,6 +70,9 @@ module "dev-spoke-vpc" { project_id = module.dev-spoke-project.project_id name = "dev-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/dev" } diff --git a/fast/stages/2-networking-a-peering/net-landing.tf b/fast/stages/2-networking-a-peering/net-landing.tf index c8239e4c16..5e646bdde3 100644 --- a/fast/stages/2-networking-a-peering/net-landing.tf +++ b/fast/stages/2-networking-a-peering/net-landing.tf @@ -49,6 +49,7 @@ module "landing-vpc" { mtu = 1500 dns_policy = { inbound = true + logging = var.dns.enable_logging } # set explicit routes for googleapis in case the default route is deleted create_googleapis_routes = { diff --git a/fast/stages/2-networking-a-peering/net-prod.tf b/fast/stages/2-networking-a-peering/net-prod.tf index 72937b44ad..66236c2bee 100644 --- a/fast/stages/2-networking-a-peering/net-prod.tf +++ b/fast/stages/2-networking-a-peering/net-prod.tf @@ -68,6 +68,9 @@ module "prod-spoke-vpc" { project_id = module.prod-spoke-project.project_id name = "prod-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/prod" } diff --git a/fast/stages/2-networking-a-peering/variables.tf b/fast/stages/2-networking-a-peering/variables.tf index 717aae44a0..b1f51b4c74 100644 --- a/fast/stages/2-networking-a-peering/variables.tf +++ b/fast/stages/2-networking-a-peering/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - # enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-b-vpn/README.md b/fast/stages/2-networking-b-vpn/README.md index d73016e501..6cd4a9ba95 100644 --- a/fast/stages/2-networking-b-vpn/README.md +++ b/fast/stages/2-networking-b-vpn/README.md @@ -418,7 +418,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L146) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L120) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-b-vpn/net-dev.tf b/fast/stages/2-networking-b-vpn/net-dev.tf index c9e1d09dd2..bce5883c1d 100644 --- a/fast/stages/2-networking-b-vpn/net-dev.tf +++ b/fast/stages/2-networking-b-vpn/net-dev.tf @@ -70,6 +70,9 @@ module "dev-spoke-vpc" { project_id = module.dev-spoke-project.project_id name = "dev-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/dev" } diff --git a/fast/stages/2-networking-b-vpn/net-landing.tf b/fast/stages/2-networking-b-vpn/net-landing.tf index c8239e4c16..5e646bdde3 100644 --- a/fast/stages/2-networking-b-vpn/net-landing.tf +++ b/fast/stages/2-networking-b-vpn/net-landing.tf @@ -49,6 +49,7 @@ module "landing-vpc" { mtu = 1500 dns_policy = { inbound = true + logging = var.dns.enable_logging } # set explicit routes for googleapis in case the default route is deleted create_googleapis_routes = { diff --git a/fast/stages/2-networking-b-vpn/net-prod.tf b/fast/stages/2-networking-b-vpn/net-prod.tf index 72937b44ad..66236c2bee 100644 --- a/fast/stages/2-networking-b-vpn/net-prod.tf +++ b/fast/stages/2-networking-b-vpn/net-prod.tf @@ -68,6 +68,9 @@ module "prod-spoke-vpc" { project_id = module.prod-spoke-project.project_id name = "prod-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/prod" } diff --git a/fast/stages/2-networking-b-vpn/variables.tf b/fast/stages/2-networking-b-vpn/variables.tf index 717aae44a0..b1f51b4c74 100644 --- a/fast/stages/2-networking-b-vpn/variables.tf +++ b/fast/stages/2-networking-b-vpn/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - # enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md index 89b00cc1d7..a4aae565a3 100644 --- a/fast/stages/2-networking-c-nva/README.md +++ b/fast/stages/2-networking-c-nva/README.md @@ -463,7 +463,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L169) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [gcp_ranges](variables.tf#L120) | GCP address ranges in name => range format. | map(string) | | {…} | | diff --git a/fast/stages/2-networking-c-nva/net-dev.tf b/fast/stages/2-networking-c-nva/net-dev.tf index 98c4038b7c..d676da7bce 100644 --- a/fast/stages/2-networking-c-nva/net-dev.tf +++ b/fast/stages/2-networking-c-nva/net-dev.tf @@ -69,6 +69,9 @@ module "dev-spoke-vpc" { project_id = module.dev-spoke-project.project_id name = "dev-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/dev" } diff --git a/fast/stages/2-networking-c-nva/net-landing.tf b/fast/stages/2-networking-c-nva/net-landing.tf index 86230a0b8b..1cf6492ab4 100644 --- a/fast/stages/2-networking-c-nva/net-landing.tf +++ b/fast/stages/2-networking-c-nva/net-landing.tf @@ -50,8 +50,8 @@ module "landing-untrusted-vpc" { name = "prod-untrusted-landing-0" mtu = 1500 dns_policy = { - inbound = false - logging = false + inbound = true + logging = var.dns.enable_logging } create_googleapis_routes = null factories_config = { diff --git a/fast/stages/2-networking-c-nva/net-prod.tf b/fast/stages/2-networking-c-nva/net-prod.tf index 91353c970f..a08ca0c4f6 100644 --- a/fast/stages/2-networking-c-nva/net-prod.tf +++ b/fast/stages/2-networking-c-nva/net-prod.tf @@ -67,6 +67,9 @@ module "prod-spoke-vpc" { project_id = module.prod-spoke-project.project_id name = "prod-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/prod" } diff --git a/fast/stages/2-networking-c-nva/variables.tf b/fast/stages/2-networking-c-nva/variables.tf index 45caff9eed..9d100143af 100644 --- a/fast/stages/2-networking-c-nva/variables.tf +++ b/fast/stages/2-networking-c-nva/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - # enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/fast/stages/2-networking-d-separate-envs/README.md b/fast/stages/2-networking-d-separate-envs/README.md index ec9f9e2aa6..75fc109f34 100644 --- a/fast/stages/2-networking-d-separate-envs/README.md +++ b/fast/stages/2-networking-d-separate-envs/README.md @@ -337,7 +337,7 @@ Regions are defined via the `regions` variable which sets up a mapping between t | [prefix](variables.tf#L147) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L83) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L90) | Configuration for network resource factories. | object({…}) | | {…} | | | [groups](variables.tf#L121) | Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. | object({…}) | | {} | 0-bootstrap | diff --git a/fast/stages/2-networking-d-separate-envs/net-dev.tf b/fast/stages/2-networking-d-separate-envs/net-dev.tf index 753a6a4e01..24c9d4fa3f 100644 --- a/fast/stages/2-networking-d-separate-envs/net-dev.tf +++ b/fast/stages/2-networking-d-separate-envs/net-dev.tf @@ -70,6 +70,9 @@ module "dev-spoke-vpc" { project_id = module.dev-spoke-project.project_id name = "dev-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/dev" } diff --git a/fast/stages/2-networking-d-separate-envs/net-prod.tf b/fast/stages/2-networking-d-separate-envs/net-prod.tf index 920d3fce81..eea26bf132 100644 --- a/fast/stages/2-networking-d-separate-envs/net-prod.tf +++ b/fast/stages/2-networking-d-separate-envs/net-prod.tf @@ -68,6 +68,9 @@ module "prod-spoke-vpc" { project_id = module.prod-spoke-project.project_id name = "prod-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/prod" } diff --git a/fast/stages/2-networking-d-separate-envs/variables.tf b/fast/stages/2-networking-d-separate-envs/variables.tf index be8048bb5a..a105750afe 100644 --- a/fast/stages/2-networking-d-separate-envs/variables.tf +++ b/fast/stages/2-networking-d-separate-envs/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - dev_resolvers = optional(list(string), []) - # enable_logging = optional(bool, true) + dev_resolvers = optional(list(string), []) + enable_logging = optional(bool, true) prod_resolvers = optional(list(string), []) }) default = {} diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md index e12bba4431..04db384dd6 100644 --- a/fast/stages/2-networking-e-nva-bgp/README.md +++ b/fast/stages/2-networking-e-nva-bgp/README.md @@ -489,7 +489,7 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS | [prefix](variables.tf#L180) | Prefix used for resources that need unique names. Use 9 characters or less. | string | ✓ | | 0-bootstrap | | [alert_config](variables.tf#L17) | Configuration for monitoring alerts. | object({…}) | | {…} | | | [custom_roles](variables.tf#L63) | Custom roles defined at the org level, in key => id format. | object({…}) | | null | 0-bootstrap | -| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | +| [dns](variables.tf#L72) | DNS configuration. | object({…}) | | {} | | | [enable_cloud_nat](variables.tf#L82) | Deploy Cloud NAT. | bool | | false | | | [factories_config](variables.tf#L89) | Configuration for network resource factories. | object({…}) | | {…} | | | [gcp_ranges](variables.tf#L120) | GCP address ranges in name => range format. | map(string) | | {…} | | diff --git a/fast/stages/2-networking-e-nva-bgp/net-dev.tf b/fast/stages/2-networking-e-nva-bgp/net-dev.tf index 92a4a21f7a..0387c74930 100644 --- a/fast/stages/2-networking-e-nva-bgp/net-dev.tf +++ b/fast/stages/2-networking-e-nva-bgp/net-dev.tf @@ -69,6 +69,9 @@ module "dev-spoke-vpc" { project_id = module.dev-spoke-project.project_id name = "dev-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/dev" } diff --git a/fast/stages/2-networking-e-nva-bgp/net-landing.tf b/fast/stages/2-networking-e-nva-bgp/net-landing.tf index 4362a10c87..8225d30ea8 100644 --- a/fast/stages/2-networking-e-nva-bgp/net-landing.tf +++ b/fast/stages/2-networking-e-nva-bgp/net-landing.tf @@ -51,8 +51,8 @@ module "landing-untrusted-vpc" { name = "prod-untrusted-landing-0" mtu = 1500 dns_policy = { - inbound = false - logging = false + inbound = true + logging = var.dns.enable_logging } create_googleapis_routes = null factories_config = { diff --git a/fast/stages/2-networking-e-nva-bgp/net-prod.tf b/fast/stages/2-networking-e-nva-bgp/net-prod.tf index b5bff393f8..3a1a9a373a 100644 --- a/fast/stages/2-networking-e-nva-bgp/net-prod.tf +++ b/fast/stages/2-networking-e-nva-bgp/net-prod.tf @@ -67,6 +67,9 @@ module "prod-spoke-vpc" { project_id = module.prod-spoke-project.project_id name = "prod-spoke-0" mtu = 1500 + dns_policy = { + logging = var.dns.enable_logging + } factories_config = { subnets_folder = "${var.factories_config.data_dir}/subnets/prod" } diff --git a/fast/stages/2-networking-e-nva-bgp/variables.tf b/fast/stages/2-networking-e-nva-bgp/variables.tf index 03d8c98a9e..3a47e0958c 100644 --- a/fast/stages/2-networking-e-nva-bgp/variables.tf +++ b/fast/stages/2-networking-e-nva-bgp/variables.tf @@ -72,8 +72,8 @@ variable "custom_roles" { variable "dns" { description = "DNS configuration." type = object({ - # enable_logging = optional(bool, true) - resolvers = optional(list(string), []) + enable_logging = optional(bool, true) + resolvers = optional(list(string), []) }) default = {} nullable = false diff --git a/tests/fast/stages/s2_networking_a_peering/stage.yaml b/tests/fast/stages/s2_networking_a_peering/stage.yaml index 3ee8b9901e..8d72580764 100644 --- a/tests/fast/stages/s2_networking_a_peering/stage.yaml +++ b/tests/fast/stages/s2_networking_a_peering/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 29 - resources: 151 + resources: 153 diff --git a/tests/fast/stages/s2_networking_b_vpn/stage.yaml b/tests/fast/stages/s2_networking_b_vpn/stage.yaml index af6e5cac7b..79a0e4167a 100644 --- a/tests/fast/stages/s2_networking_b_vpn/stage.yaml +++ b/tests/fast/stages/s2_networking_b_vpn/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 31 - resources: 188 + resources: 190 diff --git a/tests/fast/stages/s2_networking_c_nva/stage.yaml b/tests/fast/stages/s2_networking_c_nva/stage.yaml index 01527c9995..1d2d9e033f 100644 --- a/tests/fast/stages/s2_networking_c_nva/stage.yaml +++ b/tests/fast/stages/s2_networking_c_nva/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 43 - resources: 199 + resources: 201 diff --git a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml index 1c560f7678..6df5c894d3 100644 --- a/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml +++ b/tests/fast/stages/s2_networking_d_separate_envs/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 22 - resources: 172 + resources: 174 diff --git a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml index dad424208a..eeb4d3bf77 100644 --- a/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml +++ b/tests/fast/stages/s2_networking_e_nva_bgp/stage.yaml @@ -14,4 +14,4 @@ counts: modules: 37 - resources: 210 + resources: 212