Skip to content

googleDnsResponsePolicy

A Response Policy is a collection of selectors that apply to queries made against one or more Virtual Private Cloud networks.

\~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.

Open in Cloud Shell

Example Usage - Dns Response Policy Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkNetwork1 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-1",
  {
    auto_create_subnetworks: false,
    name: "network-1",
    provider: "${google-beta}",
  }
);
const googleComputeNetworkNetwork2 = new google.computeNetwork.ComputeNetwork(
  this,
  "network-2",
  {
    auto_create_subnetworks: false,
    name: "network-2",
    provider: "${google-beta}",
  }
);
const googleComputeSubnetworkSubnetwork1 =
  new google.computeSubnetwork.ComputeSubnetwork(this, "subnetwork-1", {
    ip_cidr_range: "10.0.36.0/24",
    name: googleComputeNetworkNetwork1.name,
    network: googleComputeNetworkNetwork1.name,
    private_ip_google_access: true,
    provider: "${google-beta}",
    region: "us-central1",
    secondary_ip_range: [
      {
        ip_cidr_range: "10.0.0.0/19",
        range_name: "pod",
      },
      {
        ip_cidr_range: "10.0.32.0/22",
        range_name: "svc",
      },
    ],
  });
const googleContainerClusterCluster1 =
  new google.containerCluster.ContainerCluster(this, "cluster-1", {
    default_snat_status: [
      {
        disabled: true,
      },
    ],
    initial_node_count: 1,
    ip_allocation_policy: [
      {
        cluster_secondary_range_name: `\${${googleComputeSubnetworkSubnetwork1.secondaryIpRange.fqn}[0].range_name}`,
        services_secondary_range_name: `\${${googleComputeSubnetworkSubnetwork1.secondaryIpRange.fqn}[1].range_name}`,
      },
    ],
    location: "us-central1-c",
    master_authorized_networks_config: [{}],
    name: "cluster-1",
    network: googleComputeNetworkNetwork1.name,
    networking_mode: "VPC_NATIVE",
    private_cluster_config: [
      {
        enable_private_endpoint: true,
        enable_private_nodes: true,
        master_global_access_config: [
          {
            enabled: true,
          },
        ],
        master_ipv4_cidr_block: "10.42.0.0/28",
      },
    ],
    provider: "${google-beta}",
    subnetwork: googleComputeSubnetworkSubnetwork1.name,
  });
new google.dnsResponsePolicy.DnsResponsePolicy(
  this,
  "example-response-policy",
  {
    gke_clusters: [
      {
        gke_cluster_name: googleContainerClusterCluster1.id,
      },
    ],
    networks: [
      {
        network_url: googleComputeNetworkNetwork1.id,
      },
      {
        network_url: googleComputeNetworkNetwork2.id,
      },
    ],
    provider: "${google-beta}",
    response_policy_name: "example-response-policy",
  }
);

Argument Reference

The following arguments are supported:

  • responsePolicyName - (Required) The user assigned name for this Response Policy, such as myresponsepolicy.

  • description - (Optional) The description of the response policy, such as myNewResponsePolicy.

  • networks - (Optional) The list of network names specifying networks to which this policy is applied. Structure is documented below.

  • gkeClusters - (Optional) The list of Google Kubernetes Engine clusters that can see this zone. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The networks block supports:

  • networkUrl - (Required) The fully qualified URL of the VPC network to bind to. This should be formatted like https://wwwGoogleapisCom/compute/v1/projects/{project}/global/networks/{network}

The gkeClusters block supports:

  • gkeClusterName - (Required) The resource name of the cluster to bind this ManagedZone to.\ This should be specified in the format like\ projects/*/locations/*/clusters/*

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/responsePolicies/{{responsePolicyName}}

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

ResponsePolicy can be imported using any of these accepted formats:

$ terraform import google_dns_response_policy.default projects/{{project}}/responsePolicies/{{response_policy_name}}
$ terraform import google_dns_response_policy.default {{project}}/{{response_policy_name}}
$ terraform import google_dns_response_policy.default {{response_policy_name}}

User Project Overrides

This resource supports User Project Overrides.