Merge pull request #92 from Binsabbar/v2.12.0-dev

V2.12.0 dev
Binsabbar · Jan 22, 2025 · a95fd9b · a95fd9b
2 parents eb02526 + 8bbb0c5
commit a95fd9b
Show file tree

Hide file tree

Showing 13 changed files with 433 additions and 100 deletions.
diff --git a/README.md b/README.md
@@ -153,4 +153,7 @@ Thanks to the following folks for providing suggestions and improvments to this
 * Grzegorz M [grzesjam](https://github.com/grzesjam) (v1.0 public-ip module)
 * Mateusz Kozakiewicz [mateuszkozakiewicz](https://github.com/mateuszkozakiewicz) (v1.0 public-ip module)
 * Abdullah Bin Rasheed [Twirlyz](https://github.com/Twirlyz) (dns module)
-* Remaz Altuwaim [remaz2250](https://github.com/remaz2250) (v2.8.0 and v2.10.0 instance/network-sg module)
+* Remaz Altuwaim [remaz2250](https://github.com/remaz2250) (v2.8.0 and v2.10.0 instance/network-sg module)
+* Dawid Rogowicz [dawidrogowicz](https://github.com/dawidrogowicz/) (v2.12.0 instance)
+* Mohamed Essam [mohamed-esam](https://github.com/mohamed-esam) (v2.12.0 dns-management)
+* Mohamed Essam [mohamed-esam](https://github.com/mohamed-esam) (v2.12.0 network)
diff --git a/modules/dns-management/README.md b/modules/dns-management/README.md
@@ -1,48 +1,95 @@
 # DNS Management System
 
-This module allows you to create a full DNS management system. Read more about DNS concepts at [oracle](https://docs.oracle.com/en-us/iaas/Content/DNS/Concepts/dnszonemanagement.htm). It consists of two components, a DNS Zone and a DNS Record.
+This module allows you to create a full DNS management system. Read more about DNS concepts at [oracle](https://docs.oracle.com/en-us/iaas/Content/DNS/Concepts/dnszonemanagement.htm). It consists of thress components, DNS Views , DNS Zones and DNS Records.
 
 ## Using this module
 
-In order to use this module, you need to have a compartement and VCN to create the DNS Zone and DNS Record. Check `variables.tf` to understand what each variable means and what to pass.
+In order to use this module, you need to have a compartement and VCN to create DNS Views, DNS Zone and DNS Record. Check `variables.tf` to understand what each variable means and what to pass.
 
 ## Example for this module:
 
 ```h
 module "dns" {
   source         = PATH_TO_MODULE
 
-  compartment_id = COMPARTMENT_OCID
-
-  view_id        = VIEW_OCID // Optional if scope is PUBLIC
-
-  zones          = {
-    // ZONE 1
-    "test" = {
-      name = "test.com"
-    }
-    // ZONE 2
-    "test-2" = {
-      name = "test-2.com"
+  private_dns = {
+    protected_views = {
+      "prod_vcn_protected_views" = {
+        view_id        = "ocid1.dnsview.oc1..example1"
+        compartment_id = "ocid1.compartment.oc1..example1"
+        zones = {
+          "internal-prod" = {
+            zone_name = "internal-prod.example.com"
+            records = {
+              "app1" = {
+                domain_name = "app1.internal-prod.example.com"
+                rdata      = "10.0.1.10"
+                # rtype and ttl will use defaults (A and 300)
+              }
+              "db1" = {
+                domain_name = "db1.internal-prod.example.com"
+                rdata      = "10.0.1.20"
+                rtype      = "A"
+                ttl        = 600
+              }
+            }
+          }
+          "internal-staging" = {
+            zone_name = "internal-staging.example.com"
+            records = {
+              "app1-stage" = {
+                domain_name = "app1.internal-staging.example.com"
+                rdata      = "10.0.2.10"
+              }
+            }
+          }
+        }
+      }
     }
-  }
 
-  records       = {
-    // RECORD 1
-    "test" = {
-      domain_name = "*.test.com"
-      rtype       = "A"
-      zone_name   = "test.com"
-      rdata       = "xxx.xxx.xxx.xxx"
-      ttl         = 300
-    }
-    // RECORD 2
-    "test-2" = {
-      domain_name = "something.test-2.com"
-      rtype       = "A"
-      zone_name   = "test-2.com"
-      rdata       = "xxx.xxx.xxx.xxx"
-      ttl         = 300
+    custom_views = {
+      "dev_vcn_custom_view" = {
+        view_name      = "development_view"
+        compartment_id = "ocid1.compartment.oc1..example2"
+        zones = {
+          "dev-zone" = {
+            zone_name = "dev.example.com"
+            records = {
+              "test-app" = {
+                domain_name = "test-app.dev.example.com"
+                rdata      = "10.0.3.10"
+              }
+              "test-db" = {
+                domain_name = "test-db.dev.example.com"
+                rdata      = "10.0.3.20"
+                rtype      = "A"
+                ttl        = 900
+              }
+            }
+          }
+        }
+      }
+      "qa_vcn_custom_view" = {
+        view_name      = "qa_view"
+        compartment_id = "ocid1.compartment.oc1..example3"
+        zones = {
+          "qa-zone" = {
+            zone_name = "qa.example.com"
+            records = {
+              "qa-app" = {
+                domain_name = "qa-app.qa.example.com"
+                rdata      = "10.0.4.10"
+                rtype      = "A"
+                ttl        = 450
+              }
+              "qa-api" = {
+                domain_name = "api.qa.example.com"
+                rdata      = "10.0.4.15"
+              }
+            }
+          }
+        }
+      }
     }
   }
 }

diff --git a/modules/dns-management/main.tf b/modules/dns-management/main.tf
@@ -1,27 +1,131 @@
-resource "oci_dns_zone" "dns_zone" {
-  for_each       = var.zones
-  name           = each.value.name
-  compartment_id = var.compartment_id
-  zone_type      = var.zone_type
-  view_id        = var.view_id
-  scope          = var.scope
+### Private Custom Views Zones
+locals {
+  private_dns_zones_custom_views = flatten([
+    for v_key, view in var.private_dns.custom_views : [
+      for z_key, zone in view.zones : {
+        item_key       = "${v_key}-${z_key}"
+        view_key       = v_key
+        zone_name      = zone.zone_name
+        compartment_id = view.compartment_id
+      }
+    ]
+  ])
+
+  private_dns_records_custom_views = flatten([
+    for v_key, view in var.private_dns.custom_views : [
+      for z_key, zone in view.zones : [
+        for r_key, record in zone.records : {
+          item_key    = "${v_key}-${z_key}-${r_key}"
+          zone_key    = "${v_key}-${z_key}"
+          domain_name = record.domain_name
+          rdata       = record.rdata
+          rtype       = record.rtype
+          ttl         = record.ttl
+        }
+      ]
+    ]
+  ])
+}
+
+resource "oci_dns_view" "custom_view" {
+  for_each = var.private_dns.custom_views
+
+  display_name   = each.value.view_name
+  compartment_id = each.value.compartment_id
+  scope          = "PRIVATE"
+}
+
+resource "oci_dns_zone" "private_dns_zone_custom_view" {
+  for_each = { for _, item in local.private_dns_zones_custom_views : "${item.item_key}" => item }
+
+  name           = each.value.zone_name
+  compartment_id = each.value.compartment_id
+  zone_type      = "PRIMARY"
+  view_id        = oci_dns_view.custom_view[each.value.view_key].id
+  scope          = "PRIVATE"
+}
+
+resource "oci_dns_rrset" "dns_rrset_custom_view" {
+  for_each = { for _, item in local.private_dns_records_custom_views : "${item.item_key}" => item }
+
+  domain          = each.value.domain_name
+  rtype           = each.value.rtype
+  zone_name_or_id = oci_dns_zone.private_dns_zone_custom_view[each.value.zone_key].id
+
+  items {
+    domain = each.value.domain_name
+    rdata  = each.value.rdata
+    rtype  = each.value.rtype
+    ttl    = each.value.ttl
+  }
+}
+
+### Private Protected Views Zones
+locals {
+  private_dns_zones_protected_veiws = flatten([
+    for v_key, view in var.private_dns.protected_views : [
+      for z_key, zone in view.zones : {
+        item_key       = "${v_key}-${z_key}"
+        view_id        = view.view_id
+        zone_name      = zone.zone_name
+        compartment_id = view.compartment_id
+      }
+    ]
+  ])
+
+  private_dns_records_protected_veiws = flatten([
+    for v_key, view in var.private_dns.protected_views : [
+      for z_key, zone in view.zones : [
+        for r_key, record in zone.records : {
+          item_key    = "${v_key}-${z_key}-${r_key}"
+          zone_key    = "${v_key}-${z_key}"
+          domain_name = record.domain_name
+          rdata       = record.rdata
+          rtype       = record.rtype
+          ttl         = record.ttl
+          view_id     = view.view_id
+        }
+      ]
+    ]
+  ])
 }
 
-resource "oci_dns_rrset" "dns_rrset" {
-  for_each        = var.records
+data "oci_dns_view" "protected_view" {
+  for_each = { for _, item in var.private_dns.protected_views : item.view_id => item }
+
+  view_id = each.value.view_id
+  scope   = "PRIVATE"
+}
+
+resource "oci_dns_zone" "private_dns_zone_protected_view" {
+  for_each = { for _, item in local.private_dns_zones_protected_veiws : "${item.item_key}" => item }
+
+  name           = each.value.zone_name
+  compartment_id = each.value.compartment_id
+  view_id        = each.value.view_id
+
+  zone_type = "PRIMARY"
+  scope     = "PRIVATE"
+
+  lifecycle {
+    precondition {
+      condition     = data.oci_dns_view.protected_view[each.value.view_id].is_protected
+      error_message = "ERROR: view ${each.value.view_id} is not protected, only protected view ids are allowed in private_dns.protected_views input"
+    }
+  }
+}
+
+resource "oci_dns_rrset" "dns_rrset_protected_view" {
+  for_each = { for _, item in local.private_dns_records_protected_veiws : "${item.item_key}" => item }
+
   domain          = each.value.domain_name
   rtype           = each.value.rtype
-  zone_name_or_id = each.value.zone_name
-  compartment_id  = var.compartment_id
-  view_id         = var.view_id
-  scope           = var.scope
+  zone_name_or_id = oci_dns_zone.private_dns_zone_protected_view[each.value.zone_key].id
+
   items {
     domain = each.value.domain_name
     rdata  = each.value.rdata
     rtype  = each.value.rtype
     ttl    = each.value.ttl
   }
-  depends_on = [
-    oci_dns_zone.dns_zone
-  ]
-}
+}
diff --git a/modules/dns-management/output.tf b/modules/dns-management/output.tf
@@ -1,5 +1,44 @@
-output "dns_record" {
-  value = { for items, value in oci_dns_rrset.dns_rrset :
-    items => value
+output "dns_configuration" {
+  description = "Hierarchical structure of DNS views, their zones, and records"
+  value = {
+    protected_views = {
+      for view_key, view in data.oci_dns_view.protected_view : "${view.display_name}" => {
+        name           = view.display_name
+        compartment_id = view.compartment_id
+        id             = view_key
+        zones = {
+          for zone_key, zone in oci_dns_zone.private_dns_zone_protected_view : "${zone.name}" => {
+            name           = zone.name
+            compartment_id = zone.compartment_id
+            id             = zone.id
+            records = {
+              for record_key, record in oci_dns_rrset.dns_rrset_protected_view : "${record.domain}" => {
+                items = record.items
+              } if record.zone_name_or_id == zone.id
+            }
+          } if zone.view_id == view_key
+        }
+      }
+    }
+
+    custom_views = {
+      for view_key, view in oci_dns_view.custom_view : "${view.display_name}" => {
+        name           = view.display_name
+        compartment_id = view.compartment_id
+        id             = view.id
+        zones = {
+          for zone_key, zone in oci_dns_zone.private_dns_zone_custom_view : "${zone.name}" => {
+            name           = zone.name
+            compartment_id = zone.compartment_id
+            id             = zone.id
+            records = {
+              for record_key, record in oci_dns_rrset.dns_rrset_custom_view : "${record.domain}" => {
+                items = record.items
+              } if record.zone_name_or_id == zone.id
+            }
+          } if zone.view_id == view.id
+        }
+      }
+    }
   }
 }