terraform-google-modules · ayushmjain · Jan 12, 2026 · Jan 12, 2026 · Jan 12, 2026
@@ -68,7 +68,6 @@ docker_test_integration:
 .PHONY: docker_test_lint
 docker_test_lint:
 	docker run --rm -it \
-		-e ENABLE_BPMETADATA=1 \
 		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
@@ -77,10 +76,9 @@ docker_test_lint:
 .PHONY: docker_generate_docs
 docker_generate_docs:
 	docker run --rm -it \
-	    -e ENABLE_BPMETADATA=1 \
-		-v "$(CURDIR)":/workspace \
+		-v $(CURDIR):/workspace \
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
-		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs display'
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'
 
 # Alias for backwards compatibility
 .PHONY: generate_docs

@@ -67,16 +67,11 @@ Functional examples are included in the [examples](./examples/) directory.
 | domain | Zone domain, must end with a period. | `string` | n/a | yes |
 | enable\_logging | Enable query logging for this ManagedZone | `bool` | `false` | no |
 | force\_destroy | Set this true to delete all records in the zone. | `bool` | `false` | no |
-| gke\_clusters\_list | The list of Google Kubernetes Engine clusters that can see this zone. | `list(string)` | `[]` | no |
-| iam\_choice | Opt 1. iam\_binding, 2. iam\_member, 3. iam\_policy | `string` | n/a | yes |
 | labels | A set of key/value label pairs to assign to this ManagedZone | `map(any)` | `{}` | no |
-| member | Identities that will be granted the privilege in role | `string` | n/a | yes |
-| members | Identities that will be granted the privilege in role | `list(string)` | n/a | yes |
 | name | Zone name, must be unique within the project. | `string` | n/a | yes |
 | private\_visibility\_config\_networks | List of VPC self links that can see this zone. | `list(string)` | `[]` | no |
 | project\_id | Project id for the zone. | `string` | n/a | yes |
 | recordsets | List of DNS record objects to manage, in the standard terraform dns structure. | <pre>list(object({<br>    name    = string<br>    type    = string<br>    ttl     = number<br>    records = optional(list(string), null)<br><br>    routing_policy = optional(object({<br>      wrr = optional(list(object({<br>        weight  = number<br>        records = list(string)<br>      })), [])<br>      geo = optional(list(object({<br>        location = string<br>        records  = list(string)<br>      })), [])<br>    }))<br>  }))</pre> | `[]` | no |
-| role | The role that should be applied | `string` | n/a | yes |
 | service\_namespace\_url | The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace\_id}. | `string` | `""` | no |
 | target\_name\_server\_addresses | List of target name servers for forwarding zone. | `list(map(any))` | `[]` | no |
 | target\_network | Peering network. | `string` | `""` | no |
@@ -87,7 +82,6 @@ Functional examples are included in the [examples](./examples/) directory.
 | Name | Description |
 |------|-------------|
 | domain | The DNS zone domain. |
-| etag | The etag of the IAM policy |
 | name | The DNS zone name. |
 | name\_servers | The DNS zone name servers. |
 | type | The DNS zone type. |

@@ -16,7 +16,7 @@
 
 module "dns_response_policy" {
   source  = "terraform-google-modules/cloud-dns/google//modules/dns_response_policy"
-  version = "~> 6.1.0"
+  version = "~> 6.0"
 
   project_id         = var.project_id
   policy_name        = "dns-response-policy-test"

@@ -16,7 +16,7 @@
 
 module "dns-forwarding-zone" {
   source  = "terraform-google-modules/cloud-dns/google"
-  version = "~> 6.1.0"
+  version = "~> 6.0"
 
   project_id = var.project_id
   type       = "forwarding"
@@ -35,9 +35,4 @@ module "dns-forwarding-zone" {
       forwarding_path = "default"
     }
   ]
-
-  iam_choice   = "iam_member"
-  role         = "roles/viewer"
-  member       = "serviceAccount:ci-account@${var.project_id}.iam.gserviceaccount.com"
-  members      = []
 }
@@ -16,7 +16,7 @@
 
 module "dns-peering-zone" {
   source  = "terraform-google-modules/cloud-dns/google"
-  version = "~> 6.1.0"
+  version = "~> 6.0"
 
   project_id                         = var.project_id
   type                               = "peering"
@@ -25,9 +25,4 @@ module "dns-peering-zone" {
   private_visibility_config_networks = [var.network_self_link]
   target_network                     = var.target_network_self_link
   labels                             = var.labels
-
-  iam_choice   = "iam_member"
-  role         = "roles/viewer"
-  member       = "serviceAccount:ci-account@${var.project_id}.gserviceaccount.com"
-  members      = []
 }
@@ -16,7 +16,7 @@
 
 module "dns-private-zone" {
   source  = "terraform-google-modules/cloud-dns/google"
-  version = "~> 6.1.0"
+  version = "~> 6.0"
 
   project_id = var.project_id
   type       = "private"
@@ -68,9 +68,4 @@ module "dns-private-zone" {
       ]
     },
   ]
-
-  iam_choice   = "iam_policy"
-  role         = "roles/dns.reader"
-  member       = "serviceAccount:ci-account@${var.project_id}.iam.gserviceaccount.com"
-  members      = []
 }
@@ -18,9 +18,3 @@ output "name_servers" {
   description = "Zone name servers."
   value       = module.dns-private-zone.name_servers
 }
-
-output "etag" {
-  description = "The etag of the IAM policy."
-  value       = module.dns-private-zone.etag
-}
-
@@ -16,7 +16,7 @@
 
 module "dns-public-zone" {
   source  = "terraform-google-modules/cloud-dns/google"
-  version = "~> 6.1.0"
+  version = "~> 6.0"
 
   project_id                         = var.project_id
   type                               = "public"
@@ -69,9 +69,4 @@ module "dns-public-zone" {
       ]
     },
   ]
-
-  iam_choice   = "iam_policy"
-  role         = "roles/dns.reader"
-  member       = "serviceAccount:ci-account@${var.project_id}.iam.gserviceaccount.com"
-  members      = []
 }
@@ -14,13 +14,6 @@
  * limitations under the License.
  */
 
-data "google_iam_policy" "admin" {
-  binding {
-    role    = var.role
-    members = var.members
-  }
-}
-
 resource "google_dns_managed_zone" "peering" {
   count         = var.type == "peering" ? 1 : 0
   project       = var.project_id
@@ -32,22 +25,14 @@ resource "google_dns_managed_zone" "peering" {
   force_destroy = var.force_destroy
 
   dynamic "private_visibility_config" {
-    for_each = length(var.private_visibility_config_networks) > 0 || length(var.gke_clusters_list) > 0 ? [1] : []
-
+    for_each = length(var.private_visibility_config_networks) > 0 ? [1] : []
     content {
       dynamic "networks" {
-        for_each = toset(var.private_visibility_config_networks)
+        for_each = var.private_visibility_config_networks
         content {
           network_url = networks.value
         }
       }
-
-      dynamic "gke_clusters" {
-        for_each = toset(var.gke_clusters_list)
-        content {
-          gke_cluster_name = gke_clusters.value
-        }
-      }
     }
   }
 
@@ -69,22 +54,14 @@ resource "google_dns_managed_zone" "forwarding" {
   force_destroy = var.force_destroy
 
   dynamic "private_visibility_config" {
-    for_each = length(var.private_visibility_config_networks) > 0 || length(var.gke_clusters_list) > 0 ? [1] : []
-
+    for_each = length(var.private_visibility_config_networks) > 0 ? [1] : []
     content {
       dynamic "networks" {
-        for_each = toset(var.private_visibility_config_networks)
+        for_each = var.private_visibility_config_networks
         content {
           network_url = networks.value
         }
       }
-
-      dynamic "gke_clusters" {
-        for_each = toset(var.gke_clusters_list)
-        content {
-          gke_cluster_name = gke_clusters.value
-        }
-      }
     }
   }
 
@@ -110,22 +87,14 @@ resource "google_dns_managed_zone" "private" {
   force_destroy = var.force_destroy
 
   dynamic "private_visibility_config" {
-    for_each = length(var.private_visibility_config_networks) > 0 || length(var.gke_clusters_list) > 0 ? [1] : []
-
+    for_each = length(var.private_visibility_config_networks) > 0 ? [1] : []
     content {
       dynamic "networks" {
-        for_each = toset(var.private_visibility_config_networks)
+        for_each = var.private_visibility_config_networks
         content {
           network_url = networks.value
         }
       }
-
-      dynamic "gke_clusters" {
-        for_each = toset(var.gke_clusters_list)
-        content {
-          gke_cluster_name = gke_clusters.value
-        }
-      }
     }
   }
 }
@@ -182,22 +151,14 @@ resource "google_dns_managed_zone" "reverse_lookup" {
   reverse_lookup = true
 
   dynamic "private_visibility_config" {
-    for_each = length(var.private_visibility_config_networks) > 0 || length(var.gke_clusters_list) > 0 ? [1] : []
-
+    for_each = length(var.private_visibility_config_networks) > 0 ? [1] : []
     content {
       dynamic "networks" {
-        for_each = toset(var.private_visibility_config_networks)
+        for_each = var.private_visibility_config_networks
         content {
           network_url = networks.value
         }
       }
-
-      dynamic "gke_clusters" {
-        for_each = toset(var.gke_clusters_list)
-        content {
-          gke_cluster_name = gke_clusters.value
-        }
-      }
     }
   }
 }
@@ -214,22 +175,11 @@ resource "google_dns_managed_zone" "service_directory" {
   visibility    = "private"
   force_destroy = var.force_destroy
 
-  dynamic "private_visibility_config" {
-    for_each = length(var.private_visibility_config_networks) > 0 || length(var.gke_clusters_list) > 0 ? [1] : []
-
-    content {
-      dynamic "networks" {
-        for_each = toset(var.private_visibility_config_networks)
-        content {
-          network_url = networks.value
-        }
-      }
-
-      dynamic "gke_clusters" {
-        for_each = toset(var.gke_clusters_list)
-        content {
-          gke_cluster_name = gke_clusters.value
-        }
+  private_visibility_config {
+    dynamic "networks" {
+      for_each = var.private_visibility_config_networks
+      content {
+        network_url = networks.value
       }
     }
   }
@@ -284,56 +234,3 @@ resource "google_dns_record_set" "cloud-static-records" {
     google_dns_managed_zone.public,
   ]
 }
-
-resource "google_dns_managed_zone_iam_policy" "managed_zone_iam_policy" {
-  count = var.iam_choice == "iam_policy" ? 1 : 0
-
-  managed_zone = var.name
-  project      = var.project_id
-  policy_data  = data.google_iam_policy.admin.policy_data
-
-  depends_on = [
-    google_dns_managed_zone.private,
-    google_dns_managed_zone.public,
-    google_dns_managed_zone.peering,
-    google_dns_managed_zone.forwarding,
-    google_dns_managed_zone.reverse_lookup,
-    google_dns_managed_zone.service_directory,
-  ]
-}
-
-resource "google_dns_managed_zone_iam_binding" "managed_zone_iam_binding" {
-  count = var.iam_choice == "iam_binding" ? 1 : 0
-
-  managed_zone = var.name
-  members      = var.members
-  role         = var.role
-  project      = var.project_id
-
-  depends_on = [
-    google_dns_managed_zone.private,
-    google_dns_managed_zone.public,
-    google_dns_managed_zone.peering,
-    google_dns_managed_zone.forwarding,
-    google_dns_managed_zone.reverse_lookup,
-    google_dns_managed_zone.service_directory,
-  ]
-}
-
-resource "google_dns_managed_zone_iam_member" "managed_zone_iam_member" {
-  count = var.iam_choice == "iam_member" ? 1 : 0
-
-  managed_zone = var.name
-  member       = var.member
-  role         = var.role
-  project      = var.project_id
-
-  depends_on = [
-    google_dns_managed_zone.private,
-    google_dns_managed_zone.public,
-    google_dns_managed_zone.peering,
-    google_dns_managed_zone.forwarding,
-    google_dns_managed_zone.reverse_lookup,
-    google_dns_managed_zone.service_directory,
-  ]
-}