-
Notifications
You must be signed in to change notification settings - Fork 1.8k
/
Copy pathPolicy.yaml
171 lines (170 loc) · 6.43 KB
/
Policy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
name: 'Policy'
kind: 'dns#policy'
description: |
A policy is a collection of DNS rules applied to one or more Virtual
Private Cloud resources.
references:
guides:
'Using DNS server policies': 'https://cloud.google.com/dns/zones/#using-dns-server-policies'
api: 'https://cloud.google.com/dns/docs/reference/v1beta2/policies'
docs:
id_format: 'projects/{{project}}/policies/{{name}}'
base_url: 'projects/{{project}}/policies'
immutable: true
timeouts:
insert_minutes: 20
update_minutes: 20
delete_minutes: 20
custom_code:
pre_delete: 'templates/terraform/pre_delete/detach_network.tmpl'
examples:
- name: 'dns_policy_basic'
primary_resource_id: 'example-policy'
vars:
policy_name: 'example-policy'
network_1_name: 'network-1'
network_2_name: 'network-2'
- name: 'dns_policy_multiproject'
primary_resource_id: 'example-policy-multiproject'
vars:
policy_name: 'example-policy-multiproject'
network_1_name: 'network-1'
network_2_name: 'network-2'
project_1_name: 'project-1'
project_2_name: 'project-2'
test_env_vars:
org_id: 'ORG_ID'
billing_account: 'BILLING_ACCT'
exclude_docs: true
parameters:
properties:
- name: 'alternativeNameServerConfig'
type: NestedObject
description: |
Sets an alternative name server for the associated networks.
When specified, all DNS queries are forwarded to a name server that you choose.
Names such as .internal are not available when an alternative name server is specified.
update_url: 'projects/{{project}}/policies/{{name}}'
update_verb: 'PATCH'
properties:
- name: 'targetNameServers'
type: Array
description: |
Sets an alternative name server for the associated networks. When specified,
all DNS queries are forwarded to a name server that you choose. Names such as .internal
are not available when an alternative name server is specified.
is_set: true
required: true
set_hash_func: |-
func(v interface{}) int {
raw := v.(map[string]interface{})
if address, ok := raw["ipv4_address"]; ok {
tpgresource.Hashcode(address.(string))
}
var buf bytes.Buffer
schema.SerializeResourceForHash(&buf, raw, dnsPolicyAlternativeNameServerConfigTargetNameServersSchema())
return tpgresource.Hashcode(buf.String())
}
item_type:
type: NestedObject
properties:
- name: 'ipv4Address'
type: String
description: 'IPv4 address to forward to.'
required: true
- name: 'forwardingPath'
type: Enum
description: |
Forwarding path for this TargetNameServer. If unset or `default` Cloud DNS will make forwarding
decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go
to the Internet. When set to `private`, Cloud DNS will always send queries through VPC for this target
enum_values:
- 'default'
- 'private'
- name: 'description'
type: String
description: |
A textual description field. Defaults to 'Managed by Terraform'.
required: false
update_url: 'projects/{{project}}/policies/{{name}}'
update_verb: 'PATCH'
default_value: "Managed by Terraform"
- name: 'dns64Config'
type: NestedObject
default_from_api: true
description: Configurations related to DNS64 for this Policy.
properties:
- name: 'scope'
type: NestedObject
description: The scope to which DNS64 config will be applied to.
properties:
- name: 'allQueries'
type: Boolean
description: Controls whether DNS64 is enabled globally at the network level.
send_empty_value: true
- name: 'enableInboundForwarding'
type: Boolean
description: |
Allows networks bound to this policy to receive DNS queries sent
by VMs or applications over VPN connections. When enabled, a
virtual IP address will be allocated from each of the sub-networks
that are bound to this policy.
send_empty_value: true
update_url: 'projects/{{project}}/policies/{{name}}'
update_verb: 'PATCH'
- name: 'enableLogging'
type: Boolean
description: |
Controls whether logging is enabled for the networks bound to this policy.
Defaults to no logging if not set.
send_empty_value: true
update_url: 'projects/{{project}}/policies/{{name}}'
update_verb: 'PATCH'
- name: 'name'
type: String
description: |
User assigned name for this policy.
required: true
- name: 'networks'
type: Array
description:
'List of network names specifying networks to which this policy is
applied.'
is_set: true
update_url: 'projects/{{project}}/policies/{{name}}'
update_verb: 'PATCH'
set_hash_func: |-
func(v interface{}) int {
raw := v.(map[string]interface{})
if url, ok := raw["network_url"]; ok {
return tpgresource.SelfLinkRelativePathHash(url)
}
var buf bytes.Buffer
schema.SerializeResourceForHash(&buf, raw, dnsPolicyNetworksSchema())
return tpgresource.Hashcode(buf.String())
}
item_type:
type: NestedObject
properties:
- name: 'networkUrl'
type: String
description: |
The id or fully qualified URL of the VPC network to forward queries to.
This should be formatted like `projects/{project}/global/networks/{network}` or
`https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`
required: true
diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
custom_expand: 'templates/terraform/custom_expand/network_full_url.tmpl'