Update google_dns_managed_zone.private_visibility_config to require…

… at least one of `gke_clusters` or `networks` (#8581) (#15443) Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Aug 9, 2023 · 1116734 · 1116734
1 parent 601ca45
commit 1116734
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 26 deletions.
diff --git a/.changelog/8581.txt b/.changelog/8581.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+DNS: changed `private_visibility_config.networks` from `required` to requiring at least one of `private_visibility_config.networks` or `private_visibility_config.gke_clusters` in `google_dns_managed_zone`
+```
diff --git a/google/resource_dns_managed_zone_generated_test.go b/google/resource_dns_managed_zone_generated_test.go
@@ -297,9 +297,6 @@ resource "google_dns_managed_zone" "private-zone-gke" {
   visibility = "private"
 
   private_visibility_config {
-    networks {
-      network_url = google_compute_network.network-1.id
-    }
     gke_clusters {
       gke_cluster_name = google_container_cluster.cluster-1.id
     }

diff --git a/google/services/dns/resource_dns_managed_zone.go b/google/services/dns/resource_dns_managed_zone.go
@@ -231,13 +231,29 @@ This should be formatted like 'projects/{project}/global/networks/{network}' or
 				Type:     schema.TypeList,
 				Optional: true,
 				Description: `For privately visible zones, the set of Virtual Private Cloud
-resources that the zone is visible from.`,
+resources that the zone is visible from. At least one of 'gke_clusters' or 'networks' must be specified.`,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"gke_clusters": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The list of Google Kubernetes Engine clusters that can see this zone.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"gke_cluster_name": {
+										Type:     schema.TypeString,
+										Required: true,
+										Description: `The resource name of the cluster to bind this ManagedZone to.
+This should be specified in the format like
+'projects/*/locations/*/clusters/*'`,
+									},
+								},
+							},
+						},
 						"networks": {
 							Type:     schema.TypeSet,
-							Required: true,
+							Optional: true,
 							Description: `The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you
 may experience issues with this resource while updating. If you've defined a 'networks' block and
 add another 'networks' block while keeping the old block, Terraform will see an incorrect diff
@@ -257,24 +273,9 @@ blocks in an update and then apply another update adding all of them back simult
 								return tpgresource.Hashcode(buf.String())
 							},
 						},
-						"gke_clusters": {
-							Type:        schema.TypeList,
-							Optional:    true,
-							Description: `The list of Google Kubernetes Engine clusters that can see this zone.`,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"gke_cluster_name": {
-										Type:     schema.TypeString,
-										Required: true,
-										Description: `The resource name of the cluster to bind this ManagedZone to.
-This should be specified in the format like
-'projects/*/locations/*/clusters/*'`,
-									},
-								},
-							},
-						},
 					},
 				},
+				AtLeastOneOf: []string{},
 			},
 			"visibility": {
 				Type:             schema.TypeString,

diff --git a/website/docs/r/dns_managed_zone.html.markdown b/website/docs/r/dns_managed_zone.html.markdown
@@ -155,9 +155,6 @@ resource "google_dns_managed_zone" "private-zone-gke" {
   visibility = "private"
 
   private_visibility_config {
-    networks {
-      network_url = google_compute_network.network-1.id
-    }
     gke_clusters {
       gke_cluster_name = google_container_cluster.cluster-1.id
     }
@@ -357,7 +354,7 @@ The following arguments are supported:
 * `private_visibility_config` -
   (Optional)
   For privately visible zones, the set of Virtual Private Cloud
-  resources that the zone is visible from.
+  resources that the zone is visible from. At least one of `gke_clusters` or `networks` must be specified.
   Structure is [documented below](#nested_private_visibility_config).
 
 * `forwarding_config` -
@@ -453,7 +450,7 @@ The following arguments are supported:
   Structure is [documented below](#nested_gke_clusters).
 
 * `networks` -
-  (Required)
+  (Optional)
   The list of VPC networks that can see this zone. Until the provider updates to use the Terraform 0.12 SDK in a future release, you
   may experience issues with this resource while updating. If you've defined a `networks` block and
   add another `networks` block while keeping the old block, Terraform will see an incorrect diff