Add health_check and external_endpoints to google_dns_record_set (#12682) (#9016)

modular-magician · web-flow · commit 70a21d63a478 · 2025-01-07T14:00:10.000-08:00
[upstream:740db9040af397a7079d4ab83d814ab22bacb153]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/12682.txt b/.changelog/12682.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+dns: added `health_check` and `external_endpoints` fields to `google_dns_record_set` resource
+```
diff --git a/google-beta/services/dns/resource_dns_record_set.go b/google-beta/services/dns/resource_dns_record_set.go
@@ -213,6 +213,12 @@ func ResourceDnsRecordSet() *schema.Resource {
 							ExactlyOneOf:  []string{"routing_policy.0.wrr", "routing_policy.0.geo", "routing_policy.0.primary_backup"},
 							ConflictsWith: []string{"routing_policy.0.enable_geo_fencing"},
 						},
+						"health_check": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							ForceNew:    true,
+							Description: "Specifies the health check.",
+						},
 					},
 				},
 				ExactlyOneOf: []string{"rrdatas", "routing_policy"},
@@ -270,7 +276,7 @@ var healthCheckedTargetSchema *schema.Resource = &schema.Resource{
 	Schema: map[string]*schema.Schema{
 		"internal_load_balancers": {
 			Type:        schema.TypeList,
-			Required:    true,
+			Optional:    true,
 			Description: "The list of internal load balancers to health check.",
 			Elem: &schema.Resource{
 				Schema: map[string]*schema.Schema{
@@ -316,6 +322,14 @@ var healthCheckedTargetSchema *schema.Resource = &schema.Resource{
 				},
 			},
 		},
+		"external_endpoints": {
+			Type:        schema.TypeList,
+			Description: "The Internet IP addresses to be health checked.",
+			Optional:    true,
+			Elem: &schema.Schema{
+				Type: schema.TypeString,
+			},
+		},
 	},
 }
 
@@ -672,34 +686,41 @@ func expandDnsRecordSetRoutingPolicy(configured []interface{}, d tpgresource.Ter
 		if err != nil {
 			return nil, err
 		}
-		return &dns.RRSetRoutingPolicy{
+		rp := &dns.RRSetRoutingPolicy{
+			HealthCheck: data["health_check"].(string),
 			Wrr: &dns.RRSetRoutingPolicyWrrPolicy{
 				Items: wrrItems,
 			},
-		}, nil
+		}
+		return rp, nil
 	}
 
 	if len(geoRawItems) > 0 {
 		geoItems, err := expandDnsRecordSetRoutingPolicyGeoItems(geoRawItems, d, config)
 		if err != nil {
 			return nil, err
 		}
-		return &dns.RRSetRoutingPolicy{
+		rp := &dns.RRSetRoutingPolicy{
+			HealthCheck: data["health_check"].(string),
 			Geo: &dns.RRSetRoutingPolicyGeoPolicy{
 				Items:         geoItems,
 				EnableFencing: data["enable_geo_fencing"].(bool),
 			},
-		}, nil
+		}
+		return rp, nil
 	}
 
 	if len(rawPrimaryBackup) > 0 {
 		primaryBackup, err := expandDnsRecordSetRoutingPolicyPrimaryBackup(rawPrimaryBackup, d, config)
 		if err != nil {
 			return nil, err
 		}
-		return &dns.RRSetRoutingPolicy{
+
+		rp := &dns.RRSetRoutingPolicy{
+			HealthCheck:   data["health_check"].(string),
 			PrimaryBackup: primaryBackup,
-		}, nil
+		}
+		return rp, nil
 	}
 
 	return nil, nil // unreachable here if ps is valid data
@@ -761,13 +782,22 @@ func expandDnsRecordSetHealthCheckedTargets(configured []interface{}, d tpgresou
 	}
 
 	data := configured[0].(map[string]interface{})
-	internalLoadBalancers, err := expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(data["internal_load_balancers"].([]interface{}), d, config)
-	if err != nil {
-		return nil, err
+	if ilbs := data["internal_load_balancers"].([]interface{}); len(ilbs) > 0 {
+		internalLoadBalancers, err := expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(ilbs, d, config)
+		if err != nil {
+			return nil, err
+		}
+		return &dns.RRSetRoutingPolicyHealthCheckTargets{
+			InternalLoadBalancers: internalLoadBalancers,
+		}, nil
 	}
-	return &dns.RRSetRoutingPolicyHealthCheckTargets{
-		InternalLoadBalancers: internalLoadBalancers,
-	}, nil
+
+	if endpoints := data["external_endpoints"].([]interface{}); len(endpoints) > 0 {
+		return &dns.RRSetRoutingPolicyHealthCheckTargets{
+			ExternalEndpoints: tpgresource.ConvertStringArr(endpoints),
+		}, nil
+	}
+	return nil, fmt.Errorf("specify internal load balancers or external endpoints")
 }
 
 func expandDnsRecordSetHealthCheckedTargetsInternalLoadBalancers(configured []interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) ([]*dns.RRSetRoutingPolicyLoadBalancerTarget, error) {
@@ -857,6 +887,7 @@ func flattenDnsRecordSetRoutingPolicy(policy *dns.RRSetRoutingPolicy) []interfac
 	if policy.PrimaryBackup != nil {
 		p["primary_backup"] = flattenDnsRecordSetRoutingPolicyPrimaryBackup(policy.PrimaryBackup)
 	}
+	p["health_check"] = policy.HealthCheck
 	return append(ps, p)
 }
 
@@ -891,6 +922,7 @@ func flattenDnsRecordSetHealthCheckedTargets(targets *dns.RRSetRoutingPolicyHeal
 
 	data := map[string]interface{}{
 		"internal_load_balancers": flattenDnsRecordSetInternalLoadBalancers(targets.InternalLoadBalancers),
+		"external_endpoints":      targets.ExternalEndpoints,
 	}
 
 	return []map[string]interface{}{data}
diff --git a/google-beta/services/dns/resource_dns_record_set_test.go b/google-beta/services/dns/resource_dns_record_set_test.go
@@ -348,6 +348,9 @@ func TestAccDNSRecordSet_routingPolicy(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
+			{
+				Config: testAccDnsRecordSet_routingPolicyRegionalL7XLBPrimaryBackup(networkName, proxySubnetName, httpHealthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, 300),
+			},
 		},
 	})
 }
@@ -1315,3 +1318,207 @@ resource "google_dns_record_set" "foobar" {
 }
 `, zoneName, zoneName, zoneName)
 }
+
+func testAccDnsRecordSet_routingPolicyRegionalL7XLBPrimaryBackup(networkName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName string, ttl int) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "default" {
+  name = "%s"
+}
+
+resource "google_compute_subnetwork" "proxy_subnet" {
+  name          = "%s"
+  ip_cidr_range = "10.100.0.0/24"
+  region        = "us-central1"
+  purpose       = "REGIONAL_MANAGED_PROXY"
+  role          = "ACTIVE"
+  network       = google_compute_network.default.id
+}
+
+resource "google_compute_subnetwork" "backup_proxy_subnet" {
+  name          = "${google_compute_subnetwork.proxy_subnet.name}-usw1"
+  ip_cidr_range = "10.100.1.0/24"
+  region        = "us-west1"
+  purpose       = "REGIONAL_MANAGED_PROXY"
+  role          = "ACTIVE"
+  network       = google_compute_network.default.id
+}
+
+resource "google_compute_region_health_check" "health_check" {
+  name   = "%s"
+  region = "us-central1"
+
+  http_health_check {
+    port = 80
+  }
+}
+
+resource "google_compute_region_health_check" "backup_health_check" {
+  name   = "${google_compute_region_health_check.health_check.name}-usw1"
+  region = "us-west1"
+
+  http_health_check {
+    port = 80
+  }
+}
+
+resource "google_compute_region_backend_service" "backend" {
+  name                  = "%s"
+  region                = "us-central1"
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  protocol              = "HTTP"
+  health_checks         = [google_compute_region_health_check.health_check.id]
+}
+
+resource "google_compute_region_backend_service" "backup_backend" {
+  name                  = "${google_compute_region_backend_service.backend.name}-usw1"
+  region                = "us-west1"
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  protocol              = "HTTP"
+  health_checks         = [google_compute_region_health_check.backup_health_check.id]
+}
+
+resource "google_compute_region_url_map" "url_map" {
+  name            = "%s"
+  region          = "us-central1"
+  default_service = google_compute_region_backend_service.backend.id
+}
+
+resource "google_compute_region_url_map" "backup_url_map" {
+  name            = "${google_compute_region_url_map.url_map.name}-usw1"
+  region          = "us-west1"
+  default_service = google_compute_region_backend_service.backup_backend.id
+}
+
+resource "google_compute_region_target_http_proxy" "http_proxy" {
+  name    = "%s"
+  region  = "us-central1"
+  url_map = google_compute_region_url_map.url_map.id
+}
+
+resource "google_compute_region_target_http_proxy" "backup_http_proxy" {
+  name    = "${google_compute_region_target_http_proxy.http_proxy.name}-usw1"
+  region  = "us-west1"
+  url_map = google_compute_region_url_map.backup_url_map.id
+}
+
+resource "google_compute_forwarding_rule" "default" {
+  name                  = "%s"
+  region                = "us-central1"
+  depends_on            = [google_compute_subnetwork.proxy_subnet]
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  target                = google_compute_region_target_http_proxy.http_proxy.id
+  port_range            = "80"
+  network               = google_compute_network.default.name
+  ip_protocol           = "TCP"
+}
+
+resource "google_compute_forwarding_rule" "backup" {
+  name                  = "${google_compute_forwarding_rule.default.name}-usw1"
+  region                = "us-west1"
+  depends_on            = [google_compute_subnetwork.backup_proxy_subnet]
+  load_balancing_scheme = "EXTERNAL_MANAGED"
+  target                = google_compute_region_target_http_proxy.backup_http_proxy.id
+  port_range            = "80"
+  network               = google_compute_network.default.name
+  ip_protocol           = "TCP"
+}
+
+resource "google_compute_health_check" "health_check" {
+  name   = "${google_compute_region_health_check.health_check.name}-dns"
+
+  timeout_sec         = 5
+  check_interval_sec  = 30
+  healthy_threshold   = 4
+  unhealthy_threshold = 5
+  
+  http_health_check {
+    port = 80
+  }
+
+  source_regions = ["us-central1", "us-west1", "us-east1"]
+}
+
+resource "google_dns_managed_zone" "parent-zone" {
+  name        = "%s"
+  dns_name    = "%s.hashicorptest.com."
+  description = "Test Description"
+  visibility  = "public"
+}
+
+resource "google_dns_record_set" "failover" {
+  managed_zone = google_dns_managed_zone.parent-zone.name
+  name         = "failover-test-record.%s.hashicorptest.com."
+  type         = "A"
+  ttl          = %d
+
+  routing_policy {
+    health_check = google_compute_health_check.health_check.id
+    primary_backup {
+      trickle_ratio                  = 0.1
+      enable_geo_fencing_for_backups = true
+
+      primary {
+        external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+      }
+
+      backup_geo {
+        location = "us-west1"
+        health_checked_targets {
+          external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+        }
+      }
+    }
+  }
+}
+
+resource "google_dns_record_set" "wrr" {
+  managed_zone = google_dns_managed_zone.parent-zone.name
+  name         = replace(google_dns_record_set.failover.name, "failover-test-record", "wrr-test-record")
+  type         = "A"
+  ttl          = google_dns_record_set.failover.ttl
+
+  routing_policy {
+    health_check = google_compute_health_check.health_check.id
+    wrr {
+      weight             = 0.8
+      rrdatas            = [google_compute_forwarding_rule.default.ip_address]
+      health_checked_targets {
+        external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+      }
+    }
+    wrr {
+      weight             = 0.2
+      rrdatas            = [google_compute_forwarding_rule.backup.ip_address]
+      health_checked_targets {
+        external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+      }
+    }
+  }
+}
+
+resource "google_dns_record_set" "geo" {
+  managed_zone = google_dns_managed_zone.parent-zone.name
+  name         = replace(google_dns_record_set.failover.name, "failover-test-record", "geo-test-record")
+  type         = "A"
+  ttl          = google_dns_record_set.failover.ttl
+
+  routing_policy {
+    health_check = google_compute_health_check.health_check.id
+    geo {
+      location           = "us-central1"
+      rrdatas            = [google_compute_forwarding_rule.default.ip_address]
+      health_checked_targets {
+        external_endpoints = [google_compute_forwarding_rule.default.ip_address]
+      }
+    }
+    geo {
+      location           = "us-west1"
+      rrdatas            = [google_compute_forwarding_rule.backup.ip_address]
+      health_checked_targets {
+        external_endpoints = [google_compute_forwarding_rule.backup.ip_address]
+      }
+    }
+  }
+}
+`, networkName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, zoneName, zoneName, ttl)
+}
diff --git a/website/docs/r/dns_record_set.html.markdown b/website/docs/r/dns_record_set.html.markdown

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+dns: added `health_check` and `external_endpoints` fields to `google_dns_record_set` resource
	`3`	+```