diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go b/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
index a2a121972a66..a9f713075b73 100644
--- a/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
+++ b/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
@@ -211,6 +211,12 @@ func ResourceDnsRecordSet() *schema.Resource {
ExactlyOneOf: []string{"routing_policy.0.wrr", "routing_policy.0.geo", "routing_policy.0.primary_backup"},
ConflictsWith: []string{"routing_policy.0.enable_geo_fencing"},
},
+ "health_check": {
+ Type: schema.TypeString,
+ Optional: true,
+ ForceNew: true,
+ Description: "Specifies the health check.",
+ },
},
},
ExactlyOneOf: []string{"rrdatas", "routing_policy"},
@@ -268,7 +274,7 @@ var healthCheckedTargetSchema *schema.Resource = &schema.Resource{
Schema: map[string]*schema.Schema{
"internal_load_balancers": {
Type: schema.TypeList,
- Required: true,
+ Optional: true,
Description: "The list of internal load balancers to health check.",
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
@@ -314,6 +320,14 @@ var healthCheckedTargetSchema *schema.Resource = &schema.Resource{
},
},
},
+ "external_endpoints": {
+ Type: schema.TypeList,
+ Description: "The Internet IP addresses to be health checked.",
+ Optional: true,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
},
}
@@ -670,11 +684,13 @@ func expandDnsRecordSetRoutingPolicy(configured []interface{}, d tpgresource.Ter
if err != nil {
return nil, err
}
- return &dns.RRSetRoutingPolicy{
+ rp := &dns.RRSetRoutingPolicy{
+ HealthCheck: data["health_check"].(string),
Wrr: &dns.RRSetRoutingPolicyWrrPolicy{
Items: wrrItems,
},
- }, nil
+ }
+ return rp, nil
}
if len(geoRawItems) > 0 {
@@ -682,12 +698,14 @@ func expandDnsRecordSetRoutingPolicy(configured []interface{}, d tpgresource.Ter
if err != nil {
return nil, err
}
- return &dns.RRSetRoutingPolicy{
+ rp := &dns.RRSetRoutingPolicy{
+ HealthCheck: data["health_check"].(string),
Geo: &dns.RRSetRoutingPolicyGeoPolicy{
Items: geoItems,
EnableFencing: data["enable_geo_fencing"].(bool),
},
- }, nil
+ }
+ return rp, nil
}
if len(rawPrimaryBackup) > 0 {
@@ -695,9 +713,12 @@ func expandDnsRecordSetRoutingPolicy(configured []interface{}, d tpgresource.Ter
if err != nil {
return nil, err
}
- return &dns.RRSetRoutingPolicy{
+
+ rp := &dns.RRSetRoutingPolicy{
+ HealthCheck: data["health_check"].(string),
PrimaryBackup: primaryBackup,
- }, nil
+ }
+ return rp, nil
}
return nil, nil // unreachable here if ps is valid data
@@ -759,13 +780,22 @@ func expandDnsRecordSetHealthCheckedTargets(configured []interface{}, d tpgresou
}
data := configured[0].(map[string]interface{})
- internalLoadBalancers, err := expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(data["internal_load_balancers"].([]interface{}), d, config)
- if err != nil {
- return nil, err
+ if ilbs := data["internal_load_balancers"].([]interface{}); len(ilbs) > 0 {
+ internalLoadBalancers, err := expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(ilbs, d, config)
+ if err != nil {
+ return nil, err
+ }
+ return &dns.RRSetRoutingPolicyHealthCheckTargets{
+ InternalLoadBalancers: internalLoadBalancers,
+ }, nil
}
- return &dns.RRSetRoutingPolicyHealthCheckTargets{
- InternalLoadBalancers: internalLoadBalancers,
- }, nil
+
+ if endpoints := data["external_endpoints"].([]interface{}); len(endpoints) > 0 {
+ return &dns.RRSetRoutingPolicyHealthCheckTargets{
+ ExternalEndpoints: tpgresource.ConvertStringArr(endpoints),
+ }, nil
+ }
+ return nil, fmt.Errorf("specify internal load balancers or external endpoints")
}
func expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(configured []interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]*dns.RRSetRoutingPolicyLoadBalancerTarget, error) {
@@ -855,6 +885,7 @@ func flattenDnsRecordSetRoutingPolicy(policy *dns.RRSetRoutingPolicy) []interfac
if policy.PrimaryBackup != nil {
p["primary_backup"] = flattenDnsRecordSetRoutingPolicyPrimaryBackup(policy.PrimaryBackup)
}
+ p["health_check"] = policy.HealthCheck
return append(ps, p)
}
@@ -889,6 +920,7 @@ func flattenDnsRecordSetHealthCheckedTargets(targets *dns.RRSetRoutingPolicyHeal
data := map[string]interface{}{
"internal_load_balancers": flattenDnsRecordSetInternalLoadBalancers(targets.InternalLoadBalancers),
+ "external_endpoints": targets.ExternalEndpoints,
}
return []map[string]interface{}{data}
diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.tmpl b/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.tmpl
index f1ce98b8067b..0620171d8f35 100644
--- a/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.tmpl
@@ -346,6 +346,9 @@ func TestAccDNSRecordSet_routingPolicy(t *testing.T) {
ImportState: true,
ImportStateVerify: true,
},
+ {
+ Config: testAccDnsRecordSet_routingPolicyRegionalL7XLBPrimaryBackup(networkName, proxySubnetName, httpHealthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, 300),
+ },
},
})
}
@@ -1314,3 +1317,207 @@ resource "google_dns_record_set" "foobar" {
}
`, zoneName, zoneName, zoneName)
}
+
+func testAccDnsRecordSet_routingPolicyRegionalL7XLBPrimaryBackup(networkName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName string, ttl int) string {
+ return fmt.Sprintf(`
+resource "google_compute_network" "default" {
+ name = "%s"
+}
+
+resource "google_compute_subnetwork" "proxy_subnet" {
+ name = "%s"
+ ip_cidr_range = "10.100.0.0/24"
+ region = "us-central1"
+ purpose = "REGIONAL_MANAGED_PROXY"
+ role = "ACTIVE"
+ network = google_compute_network.default.id
+}
+
+resource "google_compute_subnetwork" "backup_proxy_subnet" {
+ name = "${google_compute_subnetwork.proxy_subnet.name}-usw1"
+ ip_cidr_range = "10.100.1.0/24"
+ region = "us-west1"
+ purpose = "REGIONAL_MANAGED_PROXY"
+ role = "ACTIVE"
+ network = google_compute_network.default.id
+}
+
+resource "google_compute_region_health_check" "health_check" {
+ name = "%s"
+ region = "us-central1"
+
+ http_health_check {
+ port = 80
+ }
+}
+
+resource "google_compute_region_health_check" "backup_health_check" {
+ name = "${google_compute_region_health_check.health_check.name}-usw1"
+ region = "us-west1"
+
+ http_health_check {
+ port = 80
+ }
+}
+
+resource "google_compute_region_backend_service" "backend" {
+ name = "%s"
+ region = "us-central1"
+ load_balancing_scheme = "EXTERNAL_MANAGED"
+ protocol = "HTTP"
+ health_checks = [google_compute_region_health_check.health_check.id]
+}
+
+resource "google_compute_region_backend_service" "backup_backend" {
+ name = "${google_compute_region_backend_service.backend.name}-usw1"
+ region = "us-west1"
+ load_balancing_scheme = "EXTERNAL_MANAGED"
+ protocol = "HTTP"
+ health_checks = [google_compute_region_health_check.backup_health_check.id]
+}
+
+resource "google_compute_region_url_map" "url_map" {
+ name = "%s"
+ region = "us-central1"
+ default_service = google_compute_region_backend_service.backend.id
+}
+
+resource "google_compute_region_url_map" "backup_url_map" {
+ name = "${google_compute_region_url_map.url_map.name}-usw1"
+ region = "us-west1"
+ default_service = google_compute_region_backend_service.backup_backend.id
+}
+
+resource "google_compute_region_target_http_proxy" "http_proxy" {
+ name = "%s"
+ region = "us-central1"
+ url_map = google_compute_region_url_map.url_map.id
+}
+
+resource "google_compute_region_target_http_proxy" "backup_http_proxy" {
+ name = "${google_compute_region_target_http_proxy.http_proxy.name}-usw1"
+ region = "us-west1"
+ url_map = google_compute_region_url_map.backup_url_map.id
+}
+
+resource "google_compute_forwarding_rule" "default" {
+ name = "%s"
+ region = "us-central1"
+ depends_on = [google_compute_subnetwork.proxy_subnet]
+ load_balancing_scheme = "EXTERNAL_MANAGED"
+ target = google_compute_region_target_http_proxy.http_proxy.id
+ port_range = "80"
+ network = google_compute_network.default.name
+ ip_protocol = "TCP"
+}
+
+resource "google_compute_forwarding_rule" "backup" {
+ name = "${google_compute_forwarding_rule.default.name}-usw1"
+ region = "us-west1"
+ depends_on = [google_compute_subnetwork.backup_proxy_subnet]
+ load_balancing_scheme = "EXTERNAL_MANAGED"
+ target = google_compute_region_target_http_proxy.backup_http_proxy.id
+ port_range = "80"
+ network = google_compute_network.default.name
+ ip_protocol = "TCP"
+}
+
+resource "google_compute_health_check" "health_check" {
+ name = "${google_compute_region_health_check.health_check.name}-dns"
+
+ timeout_sec = 5
+ check_interval_sec = 30
+ healthy_threshold = 4
+ unhealthy_threshold = 5
+
+ http_health_check {
+ port = 80
+ }
+
+ source_regions = ["us-central1", "us-west1", "us-east1"]
+}
+
+resource "google_dns_managed_zone" "parent-zone" {
+ name = "%s"
+ dns_name = "%s.hashicorptest.com."
+ description = "Test Description"
+ visibility = "public"
+}
+
+resource "google_dns_record_set" "failover" {
+ managed_zone = google_dns_managed_zone.parent-zone.name
+ name = "failover-test-record.%s.hashicorptest.com."
+ type = "A"
+ ttl = %d
+
+ routing_policy {
+ health_check = google_compute_health_check.health_check.id
+ primary_backup {
+ trickle_ratio = 0.1
+ enable_geo_fencing_for_backups = true
+
+ primary {
+ external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+ }
+
+ backup_geo {
+ location = "us-west1"
+ health_checked_targets {
+ external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+ }
+ }
+ }
+ }
+}
+
+resource "google_dns_record_set" "wrr" {
+ managed_zone = google_dns_managed_zone.parent-zone.name
+ name = replace(google_dns_record_set.failover.name, "failover-test-record", "wrr-test-record")
+ type = "A"
+ ttl = google_dns_record_set.failover.ttl
+
+ routing_policy {
+ health_check = google_compute_health_check.health_check.id
+ wrr {
+ weight = 0.8
+ rrdatas = [google_compute_forwarding_rule.default.ip_address]
+ health_checked_targets {
+ external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+ }
+ }
+ wrr {
+ weight = 0.2
+ rrdatas = [google_compute_forwarding_rule.backup.ip_address]
+ health_checked_targets {
+ external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+ }
+ }
+ }
+}
+
+resource "google_dns_record_set" "geo" {
+ managed_zone = google_dns_managed_zone.parent-zone.name
+ name = replace(google_dns_record_set.failover.name, "failover-test-record", "geo-test-record")
+ type = "A"
+ ttl = google_dns_record_set.failover.ttl
+
+ routing_policy {
+ health_check = google_compute_health_check.health_check.id
+ geo {
+ location = "us-central1"
+ rrdatas = [google_compute_forwarding_rule.default.ip_address]
+ health_checked_targets {
+ external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+ }
+ }
+ geo {
+ location = "us-west1"
+ rrdatas = [google_compute_forwarding_rule.backup.ip_address]
+ health_checked_targets {
+ external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+ }
+ }
+ }
+}
+`, networkName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, zoneName, zoneName, ttl)
+}
diff --git a/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown b/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
index 35ee7b0f1ce8..0f3a73923593 100644
--- a/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
@@ -241,6 +241,54 @@ resource "google_compute_network" "prod" {
}
```
+#### Public zone failover
+
+```hcl
+resource "google_dns_record_set" "a" {
+ name = "backend.${google_dns_managed_zone.prod.dns_name}"
+ managed_zone = google_dns_managed_zone.prod.name
+ type = "A"
+ ttl = 300
+
+ routing_policy {
+ health_check = google_compute_health_check.http-health-check.id
+ primary_backup {
+ trickle_ratio = 0.1
+
+ primary {
+ external_endpoints = ["10.128.1.1"]
+ }
+
+ backup_geo {
+ location = "us-west1"
+ health_checked_targets {
+ external_endpoints = ["10.130.1.1"]
+ }
+ }
+ }
+ }
+}
+
+resource "google_compute_health_check" "http-health-check" {
+ name = "http-health-check"
+ description = "Health check via http"
+
+ timeout_sec = 5
+ check_interval_sec = 30
+ healthy_threshold = 4
+ unhealthy_threshold = 5
+
+ http_health_check {
+ port_specification = "USE_SERVING_PORT"
+ }
+}
+
+resource "google_dns_managed_zone" "prod" {
+ name = "prod-zone"
+ dns_name = "prod.mydomain.com."
+}
+```
+
## Argument Reference
The following arguments are supported:
@@ -279,6 +327,8 @@ The following arguments are supported:
* `primary_backup` - (Optional) The configuration for a failover policy with global to regional failover. Queries are responded to with the global primary targets, but if none of the primary targets are healthy, then we fallback to a regional failover policy.
Structure is [documented below](#nested_primary_backup).
+* `health_check` - (Optional) Specifies the health check (used with external endpoints).
+
The `wrr` block supports:
* `weight` - (Required) The ratio of traffic routed to the target.
@@ -311,9 +361,11 @@ The following arguments are supported:
The `health_checked_targets` block supports:
-* `internal_load_balancers` - (Required) The list of internal load balancers to health check.
+* `internal_load_balancers` - (Optional) The list of internal load balancers to health check.
Structure is [documented below](#nested_internal_load_balancers).
+* `external_endpoints` - (Optional) The list of external endpoint addresses to health check.
+
The `internal_load_balancers` block supports:
* `load_balancer_type` - (Optional) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]