[Do Not Merge] feat: add support for existing custom resolver

README.md

@@ -173,6 +173,7 @@ To attach access management tags to resources in this module, you need the follo
 | [ibm_resource_instance.dns_instance_hub](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
 | [time_sleep.wait_for_authorization_policy](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [time_sleep.wait_for_vpc_creation_data](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
+| [ibm_dns_custom_resolvers.custom_resolvers](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/dns_custom_resolvers) | data source |
 | [ibm_iam_account_settings.iam_account_settings](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/iam_account_settings) | data source |
 | [ibm_is_subnet.subnet](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_subnet) | data source |
 | [ibm_is_vpc.vpc](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/is_vpc) | data source |
@@ -205,6 +206,7 @@ To attach access management tags to resources in this module, you need the follo
 | <a name="input_enable_hub_vpc_id"></a> [enable\_hub\_vpc\_id](#input\_enable\_hub\_vpc\_id) | Indicates whether Hub VPC ID is passed. | `bool` | `false` | no |
 | <a name="input_enable_vpc_flow_logs"></a> [enable\_vpc\_flow\_logs](#input\_enable\_vpc\_flow\_logs) | Flag to enable vpc flow logs. If true, flow log collector will be created | `bool` | `false` | no |
 | <a name="input_existing_cos_instance_guid"></a> [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid) | GUID of the COS instance to create Flow log collector | `string` | `null` | no |
+| <a name="input_existing_dns_custom_resolver_ids"></a> [existing\_dns\_custom\_resolver\_ids](#input\_existing\_dns\_custom\_resolver\_ids) | List of existing custom DNS resolver IDs to use. If provided, no custom resolver will be created. | `list(string)` | `[]` | no |
 | <a name="input_existing_dns_instance_id"></a> [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id) | Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. | `string` | `null` | no |
 | <a name="input_existing_storage_bucket_name"></a> [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name) | Name of the COS bucket to collect VPC flow logs | `string` | `null` | no |
 | <a name="input_existing_subnets"></a> [existing\_subnets](#input\_existing\_subnets) | The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | <pre>list(object({<br/>    id             = string<br/>    public_gateway = optional(bool, false)<br/>  }))</pre> | `[]` | no |
@@ -240,10 +242,10 @@ To attach access management tags to resources in this module, you need the follo
 | Name | Description |
 |------|-------------|
 | <a name="output_cidr_blocks"></a> [cidr\_blocks](#output\_cidr\_blocks) | List of CIDR blocks present in VPC stack |
-| <a name="output_custom_resolver_hub"></a> [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolver created for the hub vpc. Only set if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. |
-| <a name="output_dns_custom_resolver_id"></a> [dns\_custom\_resolver\_id](#output\_dns\_custom\_resolver\_id) | The ID of the DNS Custom Resolver. |
-| <a name="output_dns_endpoint_gateways_by_crn"></a> [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. |
-| <a name="output_dns_endpoint_gateways_by_id"></a> [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable\_hub is false and enable\_hub\_vpc\_id are true. |
+| <a name="output_custom_resolver_hub"></a> [custom\_resolver\_hub](#output\_custom\_resolver\_hub) | The custom resolvers used for the hub VPC, either newly created or existing. Applicable for newly created only if enable\_hub is set and skip\_custom\_resolver\_hub\_creation is false. |
+| <a name="output_dns_custom_resolver_ids"></a> [dns\_custom\_resolver\_ids](#output\_dns\_custom\_resolver\_ids) | The list of DNS Custom Resolver IDs used — either existing or newly created. |
+| <a name="output_dns_endpoint_gateways_by_crn"></a> [dns\_endpoint\_gateways\_by\_crn](#output\_dns\_endpoint\_gateways\_by\_crn) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. |
+| <a name="output_dns_endpoint_gateways_by_id"></a> [dns\_endpoint\_gateways\_by\_id](#output\_dns\_endpoint\_gateways\_by\_id) | The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable\_hub is false and enable\_hub\_vpc\_id are true. |
 | <a name="output_dns_instance_id"></a> [dns\_instance\_id](#output\_dns\_instance\_id) | The ID of the DNS instance. |
 | <a name="output_dns_record_ids"></a> [dns\_record\_ids](#output\_dns\_record\_ids) | List of all the domain resource records. |
 | <a name="output_dns_zone"></a> [dns\_zone](#output\_dns\_zone) | A map representing DNS zone information. |

examples/hub-spoke-delegated-resolver/README.md

@@ -1,6 +1,7 @@
 # Hub and Spoke VPC Example
 
 This example demonstrates how to deploy hub and spoke VPCs, inclusive of enabling DNS-sharing. See [About DNS sharing for VPE gateways](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-dns-sharing) and [hub and spoke communication](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit1) for details.
+
 - The 2 VPCs are connected through a transit gateway.
 - The hub VPC is configured with a custom resolver.
 - The spoke VPC is configured with a delegated DNS resolver. DNS requests are resolved by the hub VPC.
@@ -9,9 +10,10 @@ This example demonstrates how to deploy hub and spoke VPCs, inclusive of enablin
 
 
 :exclamation: **Important**: Due to a limitation in the IBM Cloud terraform provider (1.59), there is a need to perform 2 applies as follows to end up with the desired topology:
+
 1. The first terraform apply lay down all of the topology, but does not configure the DNS resolver to delegated in the spoke
 2. The second terraform apply should have the update_delegated_resolver variable to true to configure the DNS resolver to be delegated ```terraform apply -var=update_delegated_resolver=true```
 
-In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2
+In order to perform a successful destroy, please set to the resolver to "system" in the spoke VPC through the UI before issuing the terraform destroy - see [here](https://cloud.ibm.com/docs/solution-tutorials?topic=solution-tutorials-vpc-transit2)
 
 You may also be interested in the [Hub and Spoke VPC with manual DNS resolver Example](../hub-spoke-manual-resolver/) which does not exhibit those issues.

examples/hub-spoke-delegated-resolver/outputs.tf

@@ -57,7 +57,7 @@ output "dns_instance_id" {
   value       = module.hub_vpc.dns_instance_id
 }
 
-output "dns_custom_resolver_id" {
-  description = "The ID of the DNS Custom Resolver."
-  value       = module.hub_vpc.dns_custom_resolver_id
+output "dns_custom_resolver_ids" {
+  description = "The list of DNS Custom Resolver IDs used"
+  value       = module.hub_vpc.dns_custom_resolver_ids
 }

examples/hub-spoke-manual-resolver/outputs.tf

@@ -57,7 +57,7 @@ output "dns_instance_id" {
   value       = module.hub_vpc.dns_instance_id
 }
 
-output "dns_custom_resolver_id" {
-  description = "The ID of the DNS Custom Resolver."
-  value       = module.hub_vpc.dns_custom_resolver_id
+output "dns_custom_resolver_ids" {
+  description = "The list of DNS Custom Resolver IDs used"
+  value       = module.hub_vpc.dns_custom_resolver_ids
 }

main.tf

@@ -172,8 +172,17 @@ resource "ibm_resource_instance" "dns_instance_hub" {
   plan              = var.dns_plan
 }
 
+data "ibm_dns_custom_resolvers" "custom_resolvers" {
+  count       = length(var.existing_dns_custom_resolver_ids) > 0 ? 1 : 0
+  instance_id = var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid
+}
+
+locals {
+  existing_custom_resolvers = length(var.existing_dns_custom_resolver_ids) > 0 ? [for resolver in data.ibm_dns_custom_resolvers.custom_resolvers[0].custom_resolvers : resolver if contains(var.existing_dns_custom_resolver_ids, resolver.id)] : []
+}
+
 resource "ibm_dns_custom_resolver" "custom_resolver_hub" {
-  count = var.enable_hub && !var.skip_custom_resolver_hub_creation ? 1 : 0
+  count = var.enable_hub && !var.skip_custom_resolver_hub_creation && length(var.existing_dns_custom_resolver_ids) == 0 ? 1 : 0
 
   # Use var.dns_custom_resolver_name if not null, otherwise, use var.prefix and var.name combination.
   name = coalesce(

outputs.tf

@@ -153,17 +153,17 @@ output "vpc_data" {
 ##############################################################################
 
 output "custom_resolver_hub" {
-  description = "The custom resolver created for the hub vpc. Only set if enable_hub is set and skip_custom_resolver_hub_creation is false."
-  value       = length(ibm_dns_custom_resolver.custom_resolver_hub) == 1 ? ibm_dns_custom_resolver.custom_resolver_hub[0] : null
+  description = "The custom resolvers used for the hub VPC, either newly created or existing. Applicable for newly created only if enable_hub is set and skip_custom_resolver_hub_creation is false."
+  value       = length(var.existing_dns_custom_resolver_ids) > 0 ? local.existing_custom_resolvers : (length(ibm_dns_custom_resolver.custom_resolver_hub) > 0 ? ibm_dns_custom_resolver.custom_resolver_hub : [])
 }
 
 output "dns_endpoint_gateways_by_id" {
-  description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable_hub is false and enable_hub_vpc_id are true."
+  description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable_hub is false and enable_hub_vpc_id are true."
   value       = length(ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_id) == 1 ? ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_id[0] : null
 }
 
 output "dns_endpoint_gateways_by_crn" {
-  description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only set if enable_hub is false and enable_hub_vpc_id are true."
+  description = "The list of VPEs that are made available for DNS resolution in the created VPC. Only applicable if enable_hub is false and enable_hub_vpc_id are true."
   value       = length(ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn) == 1 ? ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0] : null
 }
 
@@ -172,11 +172,14 @@ output "dns_instance_id" {
   value       = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? (var.use_existing_dns_instance ? var.existing_dns_instance_id : ibm_resource_instance.dns_instance_hub[0].guid) : null
 }
 
-output "dns_custom_resolver_id" {
-  description = "The ID of the DNS Custom Resolver."
-  value       = (var.enable_hub && !var.skip_custom_resolver_hub_creation) ? one(ibm_dns_custom_resolver.custom_resolver_hub[*].instance_id) : null
+output "dns_custom_resolver_ids" {
+  description = "The list of DNS Custom Resolver IDs used — either existing or newly created."
+  value = var.enable_hub && !var.skip_custom_resolver_hub_creation ? (
+    length(var.existing_dns_custom_resolver_ids) > 0 ? var.existing_dns_custom_resolver_ids : [for resolver in ibm_dns_custom_resolver.custom_resolver_hub : resolver.id]
+  ) : []
 }
 
+
 ## DNS Zone and Records
 output "dns_zone_state" {
   description = "The state of the DNS zone."

variables.tf

@@ -86,6 +86,13 @@ variable "dns_custom_resolver_name" {
   default     = null
 }
 
+variable "existing_dns_custom_resolver_ids" {
+  description = "List of existing custom DNS resolver IDs to use. If provided, no custom resolver will be created."
+  type        = list(string)
+  default     = []
+}
+
+
 variable "routing_table_name" {
   description = "The name to give the provisioned routing tables. If not set, the module generates a name based on the `prefix` and `name` variables."
   type        = string