From 7cb9c5680d60d654ca6134556327b8a928dc8d34 Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 15 Apr 2025 11:56:06 +0530 Subject: [PATCH 1/3] feat: included changes for existing custom resolver --- README.md | 4 +++- examples/hub-spoke-delegated-resolver/README.md | 4 +++- main.tf | 11 ++++++++++- outputs.tf | 4 ++-- variables.tf | 7 +++++++ 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 73a2e063..083863ce 100644 --- a/README.md +++ b/README.md @@ -173,6 +173,7 @@ To attach access management tags to resources in this module, you need the follo | [ibm_resource_instance.dns_instance_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource | | [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [time_sleep.wait_for_vpc_creation_data](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [ibm_dns_custom_resolvers.existing_custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/dns_custom_resolvers) | data source | | [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/iam_account_settings) | data source | | [ibm_is_subnet.subnet](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_subnet) | data source | | [ibm_is_vpc.vpc](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | @@ -205,6 +206,7 @@ To attach access management tags to resources in this module, you need the follo | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Flag to enable vpc flow logs. If true, flow log collector will be created | `bool` | `false` | no | | [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid) | GUID of the COS instance to create Flow log collector | `string` | `null` | no | +| [existing\_dns\_custom\_resolver\_name](#input\_existing\_dns\_custom\_resolver\_name) | The name of the existing DNS custom resolver instance. | `string` | `null` | no | | [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id) | Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. | `string` | `null` | no | | [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name) | Name of the COS bucket to collect VPC flow logs | `string` | `null` | no | | [existing\_subnets](#input\_existing\_subnets) | The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | 
list(object({
    id             = string
    public_gateway = optional(bool, false)
  }))
| `[]` | no | @@ -240,7 +242,7 @@ To attach access management tags to resources in this module, you need the follo | Name | Description | |------|-------------| | [cidr\_blocks](#output\_cidr\_blocks) | List of CIDR blocks present in VPC stack | -| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver created for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | +| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | | [dns\_custom\_resolver\_id](#output\_dns\_custom\_resolver\_id) | The ID of the DNS Custom Resolver. | | [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | diff --git a/examples/hub-spoke-delegated-resolver/README.md b/examples/hub-spoke-delegated-resolver/README.md index c364b9bd..b0dde77c 100644 --- a/examples/hub-spoke-delegated-resolver/README.md +++ b/examples/hub-spoke-delegated-resolver/README.md @@ -1,6 +1,7 @@ # Hub and Spoke VPC Example This example demonstrates how to deploy hub and spoke VPCs, inclusive of enabling DNS-sharing. See [About DNS sharing for VPE gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-dns-sharing) and [hub and spoke communication](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit1) for details. + - The 2 VPCs are connected through a transit gateway. - The hub VPC is configured with a custom resolver. - The spoke VPC is configured with a delegated DNS resolver. DNS requests are resolved by the hub VPC. @@ -9,9 +10,10 @@ This example demonstrates how to deploy hub and spoke VPCs, inclusive of enablin :exclamation: **Important**: Due to a limitation in the IBM Cloud terraform provider (1.59), there is a need to perform 2 applies as follows to end up with the desired topology: + 1. The first terraform apply lay down all of the topology, but does not configure the DNS resolver to delegated in the spoke 2. The second terraform apply should have the update_delegated_resolver variable to true to configure the DNS resolver to be delegated ```terraform apply -var=update_delegated_resolver=true``` -In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2 +In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see You may also be interested in the [Hub and Spoke VPC with manual DNS resolver Example](../hub-spoke-manual-resolver/) which does not exhibit those issues. diff --git a/main.tf b/main.tf index 05fbfba1..fd1308c2 100644 --- a/main.tf +++ b/main.tf @@ -212,8 +212,17 @@ resource "ibm_resource_instance" "dns_instance_hub" { plan = var.dns_plan } +data "ibm_dns_custom_resolvers" "existing_custom_resolver_hub" { + count = var.existing_dns_custom_resolver_name != null ? 1 : 0 + instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid +} + +locals { + existing_custom_resolver = var.existing_dns_custom_resolver_name != null ? [for resolver in data.ibm_dns_custom_resolvers.existing_custom_resolver_hub[0].custom_resolvers : resolver if resolver.name == var.existing_dns_custom_resolver_name][0] : null +} + resource "ibm_dns_custom_resolver" "custom_resolver_hub" { - count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0 + count = var.enable_hub && !var.skip_custom_resolver_hub_creation && var.existing_dns_custom_resolver_name == null ? 1 : 0 # Use var.dns_custom_resolver_name if not null, otherwise, use var.prefix and var.name combination. name = coalesce( diff --git a/outputs.tf b/outputs.tf index e679654b..bd7b402e 100644 --- a/outputs.tf +++ b/outputs.tf @@ -153,8 +153,8 @@ output "vpc_data" { ############################################################################## output "custom_resolver_hub" { - description = "The custom resolver created for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false." - value = length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null + description = "The custom resolver for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false." + value = var.existing_dns_custom_resolver_name != null ? local.existing_custom_resolver : length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null } output "dns_endpoint_gateways_by_id" { diff --git a/variables.tf b/variables.tf index f0508036..93f5d405 100644 --- a/variables.tf +++ b/variables.tf @@ -76,6 +76,13 @@ variable "dns_custom_resolver_name" { default = null } +variable "existing_dns_custom_resolver_name" { + description = "The name of the existing DNS custom resolver instance." + type = string + default = null +} + + variable "routing_table_name" { description = "The name to give the provisioned routing tables. If not set, the module generates a name based on the `prefix` and `name` variables." type = string From 0456df57a943a278d77a7e65201506c69f02055c Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Mon, 21 Apr 2025 14:02:55 +0530 Subject: [PATCH 2/3] fix: addressed review comments --- README.md | 12 ++++++------ examples/hub-spoke-delegated-resolver/README.md | 2 +- .../hub-spoke-delegated-resolver/outputs.tf | 6 +++--- examples/hub-spoke-manual-resolver/outputs.tf | 6 +++--- main.tf | 8 ++++---- outputs.tf | 17 ++++++++++------- variables.tf | 8 ++++---- 7 files changed, 31 insertions(+), 28 deletions(-) diff --git a/README.md b/README.md index 083863ce..6467de86 100644 --- a/README.md +++ b/README.md @@ -173,7 +173,7 @@ To attach access management tags to resources in this module, you need the follo | [ibm_resource_instance.dns_instance_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource | | [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | | [time_sleep.wait_for_vpc_creation_data](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | -| [ibm_dns_custom_resolvers.existing_custom_resolver_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/dns_custom_resolvers) | data source | +| [ibm_dns_custom_resolvers.custom_resolvers](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/dns_custom_resolvers) | data source | | [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/iam_account_settings) | data source | | [ibm_is_subnet.subnet](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_subnet) | data source | | [ibm_is_vpc.vpc](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source | @@ -206,7 +206,7 @@ To attach access management tags to resources in this module, you need the follo | [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no | | [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Flag to enable vpc flow logs. If true, flow log collector will be created | `bool` | `false` | no | | [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid) | GUID of the COS instance to create Flow log collector | `string` | `null` | no | -| [existing\_dns\_custom\_resolver\_name](#input\_existing\_dns\_custom\_resolver\_name) | The name of the existing DNS custom resolver instance. | `string` | `null` | no | +| [existing\_dns\_custom\_resolver\_ids](#input\_existing\_dns\_custom\_resolver\_ids) | List of existing custom DNS resolver IDs to use. If provided, no custom resolver will be created. | `list(string)` | `[]` | no | | [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id) | Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. | `string` | `null` | no | | [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name) | Name of the COS bucket to collect VPC flow logs | `string` | `null` | no | | [existing\_subnets](#input\_existing\_subnets) | The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | 
list(object({
    id             = string
    public_gateway = optional(bool, false)
  }))
| `[]` | no | @@ -242,10 +242,10 @@ To attach access management tags to resources in this module, you need the follo | Name | Description | |------|-------------| | [cidr\_blocks](#output\_cidr\_blocks) | List of CIDR blocks present in VPC stack | -| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | -| [dns\_custom\_resolver\_id](#output\_dns\_custom\_resolver\_id) | The ID of the DNS Custom Resolver. | -| [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | -| [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. | +| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver for the hub vpc. Only applicable if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | +| [dns\_custom\_resolver\_ids](#output\_dns\_custom\_resolver\_ids) | The list of DNS Custom Resolver IDs used — either existing or newly created. | +| [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. | +| [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. | | [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. | | [dns\_zone](#output\_dns\_zone) | A map representing DNS zone information. | diff --git a/examples/hub-spoke-delegated-resolver/README.md b/examples/hub-spoke-delegated-resolver/README.md index b0dde77c..e4aa0aa3 100644 --- a/examples/hub-spoke-delegated-resolver/README.md +++ b/examples/hub-spoke-delegated-resolver/README.md @@ -14,6 +14,6 @@ This example demonstrates how to deploy hub and spoke VPCs, inclusive of enablin 1. The first terraform apply lay down all of the topology, but does not configure the DNS resolver to delegated in the spoke 2. The second terraform apply should have the update_delegated_resolver variable to true to configure the DNS resolver to be delegated ```terraform apply -var=update_delegated_resolver=true``` -In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see +In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see [here](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2) You may also be interested in the [Hub and Spoke VPC with manual DNS resolver Example](../hub-spoke-manual-resolver/) which does not exhibit those issues. diff --git a/examples/hub-spoke-delegated-resolver/outputs.tf b/examples/hub-spoke-delegated-resolver/outputs.tf index f28a0abd..5dec5e8f 100644 --- a/examples/hub-spoke-delegated-resolver/outputs.tf +++ b/examples/hub-spoke-delegated-resolver/outputs.tf @@ -57,7 +57,7 @@ output "dns_instance_id" { value = module.hub_vpc.dns_instance_id } -output "dns_custom_resolver_id" { - description = "The ID of the DNS Custom Resolver." - value = module.hub_vpc.dns_custom_resolver_id +output "dns_custom_resolver_ids" { + description = "The list of DNS Custom Resolver IDs used" + value = module.hub_vpc.dns_custom_resolver_ids } diff --git a/examples/hub-spoke-manual-resolver/outputs.tf b/examples/hub-spoke-manual-resolver/outputs.tf index f28a0abd..5dec5e8f 100644 --- a/examples/hub-spoke-manual-resolver/outputs.tf +++ b/examples/hub-spoke-manual-resolver/outputs.tf @@ -57,7 +57,7 @@ output "dns_instance_id" { value = module.hub_vpc.dns_instance_id } -output "dns_custom_resolver_id" { - description = "The ID of the DNS Custom Resolver." - value = module.hub_vpc.dns_custom_resolver_id +output "dns_custom_resolver_ids" { + description = "The list of DNS Custom Resolver IDs used" + value = module.hub_vpc.dns_custom_resolver_ids } diff --git a/main.tf b/main.tf index fd1308c2..ee17b27c 100644 --- a/main.tf +++ b/main.tf @@ -212,17 +212,17 @@ resource "ibm_resource_instance" "dns_instance_hub" { plan = var.dns_plan } -data "ibm_dns_custom_resolvers" "existing_custom_resolver_hub" { - count = var.existing_dns_custom_resolver_name != null ? 1 : 0 +data "ibm_dns_custom_resolvers" "custom_resolvers" { + count = length(var.existing_dns_custom_resolver_ids) > 0 ? 1 : 0 instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid } locals { - existing_custom_resolver = var.existing_dns_custom_resolver_name != null ? [for resolver in data.ibm_dns_custom_resolvers.existing_custom_resolver_hub[0].custom_resolvers : resolver if resolver.name == var.existing_dns_custom_resolver_name][0] : null + existing_custom_resolvers = length(var.existing_dns_custom_resolver_ids) > 0 ? [for resolver in data.ibm_dns_custom_resolvers.custom_resolvers[0].custom_resolvers : resolver if contains(var.existing_dns_custom_resolver_ids, resolver.id)] : [] } resource "ibm_dns_custom_resolver" "custom_resolver_hub" { - count = var.enable_hub && !var.skip_custom_resolver_hub_creation && var.existing_dns_custom_resolver_name == null ? 1 : 0 + count = var.enable_hub && !var.skip_custom_resolver_hub_creation && length(var.existing_dns_custom_resolver_ids) == 0 ? 1 : 0 # Use var.dns_custom_resolver_name if not null, otherwise, use var.prefix and var.name combination. name = coalesce( diff --git a/outputs.tf b/outputs.tf index bd7b402e..1e8a457b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -153,17 +153,17 @@ output "vpc_data" { ############################################################################## output "custom_resolver_hub" { - description = "The custom resolver for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false." - value = var.existing_dns_custom_resolver_name != null ? local.existing_custom_resolver : length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null + description = "The custom resolver for the hub vpc. Only applicable if enable_hub is set and skip_custom_resolver_hub_creation is false." + value = length(var.existing_dns_custom_resolver_ids) > 0 ? local.existing_custom_resolvers : (length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null) } output "dns_endpoint_gateways_by_id" { - description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable_hub is false and enable_hub_vpc_id are true." + description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable_hub is false and enable_hub_vpc_id are true." value = length(ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_id) == 1 ? ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_id[0] : null } output "dns_endpoint_gateways_by_crn" { - description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable_hub is false and enable_hub_vpc_id are true." + description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable_hub is false and enable_hub_vpc_id are true." value = length(ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn) == 1 ? ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0] : null } @@ -172,11 +172,14 @@ output "dns_instance_id" { value = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null } -output "dns_custom_resolver_id" { - description = "The ID of the DNS Custom Resolver." - value = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? one(ibm_dns_custom_resolver.custom_resolver_hub[*].instance_id) : null +output "dns_custom_resolver_ids" { + description = "The list of DNS Custom Resolver IDs used — either existing or newly created." + value = var.enable_hub && !var.skip_custom_resolver_hub_creation ? ( + length(var.existing_dns_custom_resolver_ids) > 0 ? var.existing_dns_custom_resolver_ids : [for resolver in ibm_dns_custom_resolver.custom_resolver_hub : resolver.id] + ) : [] } + ## DNS Zone and Records output "dns_zone_state" { description = "The state of the DNS zone." diff --git a/variables.tf b/variables.tf index 93f5d405..88aba915 100644 --- a/variables.tf +++ b/variables.tf @@ -76,10 +76,10 @@ variable "dns_custom_resolver_name" { default = null } -variable "existing_dns_custom_resolver_name" { - description = "The name of the existing DNS custom resolver instance." - type = string - default = null +variable "existing_dns_custom_resolver_ids" { + description = "List of existing custom DNS resolver IDs to use. If provided, no custom resolver will be created." + type = list(string) + default = [] } From ea61232de36692b2fd4279621d84b619decc06ec Mon Sep 17 00:00:00 2001 From: Prateek-Sharma13 Date: Tue, 22 Apr 2025 12:03:17 +0530 Subject: [PATCH 3/3] fix: fixed return type --- README.md | 2 +- outputs.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 6467de86..2446d96b 100644 --- a/README.md +++ b/README.md @@ -242,7 +242,7 @@ To attach access management tags to resources in this module, you need the follo | Name | Description | |------|-------------| | [cidr\_blocks](#output\_cidr\_blocks) | List of CIDR blocks present in VPC stack | -| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver for the hub vpc. Only applicable if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | +| [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolvers used for the hub VPC, either newly created or existing. Applicable for newly created only if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. | | [dns\_custom\_resolver\_ids](#output\_dns\_custom\_resolver\_ids) | The list of DNS Custom Resolver IDs used — either existing or newly created. | | [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. | | [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. | diff --git a/outputs.tf b/outputs.tf index 1e8a457b..25065ffa 100644 --- a/outputs.tf +++ b/outputs.tf @@ -153,8 +153,8 @@ output "vpc_data" { ############################################################################## output "custom_resolver_hub" { - description = "The custom resolver for the hub vpc. Only applicable if enable_hub is set and skip_custom_resolver_hub_creation is false." - value = length(var.existing_dns_custom_resolver_ids) > 0 ? local.existing_custom_resolvers : (length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null) + description = "The custom resolvers used for the hub VPC, either newly created or existing. Applicable for newly created only if enable_hub is set and skip_custom_resolver_hub_creation is false." + value = length(var.existing_dns_custom_resolver_ids) > 0 ? local.existing_custom_resolvers : (length(ibm_dns_custom_resolver.custom_resolver_hub) > 0 ? ibm_dns_custom_resolver.custom_resolver_hub : []) } output "dns_endpoint_gateways_by_id" {