Dedicated resource for private DNS zone network association

munavirch commented 1 year ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

There is no option now to add a network after creation of a managed zone. Which limits the usage in two ways:

Can only add additional networks if the managed zone itself is managed
If the zone is managed, can't add additional networks outside terraform

We have both of this use case and only option we current have is to ignore lifecycle changes to the private_visibility_config

New or Affected Resource(s)

google_dns_managed_zone_network

Potential Terraform Configuration

resource "google_dns_managed_zone_network" "private_association" {
  zone      = google_dns_managed_zone.example-zone.id
  network = google_compute_network.vpc_network.id
}

References

rileykarson commented 1 year ago

@SarahFrench to investigate

SarahFrench commented 1 year ago

I figured I'd post a summary as part of triaging:

The request is for a 'binding' resource to control relationships between two resources. Currently, the API enforces that the associations between a DNS managed zone and VPC networks are stored within the API's managed zone resource in the privateVisibilityConfig.networks[] list. The provider's google_dns_managed_zone resource enforces this as it mirrors the API structure. The new binding resource could potentially use the API's patch endpoint to selectively update that field.

hashicorp / terraform-provider-google