Update DNS Record when metadata of compute instance is changed or deleted

[jgireeshj]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
• Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.
• If an issue is assigned to the modular-magician user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If an issue is assigned to a user, that user is claiming responsibility for the issue. If an issue is assigned to hashibot, a community member has claimed the issue already.

Terraform Version

Terraform v0.12.29

• provider.archive v1.3.0
• provider.google v3.33.0
• provider.random v2.3.0

Affected Resource(s)

• google_cloud_asset_organization_feed

Terraform Configuration Files

Expected Behavior

Whenever a change in the metadata of the compute instance is occurred, the DNS Records associated to it has to be changed or updatedor deleted.

Actual Behavior

I am able to create google_cloud_asset_organization_feed, but unsure how to integrate it with updating DNS Record sets

Terraform Configuration Files

provider "google-beta" { 
  project  = var.project_id 
}

resource "google_cloud_asset_organization_feed" "default" {
  billing_project  = var.project_id
  org_id              = var.org_id
  feed_id             = "instance-updates"
  content_type   = "RESOURCE"

  asset_types = [
    "compute.googleapis.com/Instance",
  ]
  feed_output_config {
    pubsub_destination {
      topic = google_pubsub_topic.feed_output.id
    }
  }
  # Wait for the permission to be ready on the destination topic.
  depends_on = [
    google_pubsub_topic_iam_member.cloud_asset_writer,
  ]
}

# The topic where the resource change notifications will be sent.
resource "google_pubsub_topic" "feed_output" {
  project   = var.project_id
  name     = "instance-updates"
}

resource "google_pubsub_topic_iam_member" "cloud_asset_writer" {
  project = var.project_id
  topic   = google_pubsub_topic.feed_output.id
  role    = "roles/pubsub.publisher"
  member  = "serviceAccount:owner-326633442211@owner.iam.gserviceaccount.com"
}

[edwardmedia]

@jgireeshj what DNS Record sets do you refer to? Can you post the state after you have applied the config and specify the field(s) in the state? Thank you

[jgireeshj]

@jgireeshj what DNS Record sets do you refer to? Can you post the state after you have applied the config and specify the field(s) in the state? Thank you

As I have mentioned, I have done the coding for creating the organization asset feed. I am unsure of how to integrate the code to update a DNS Record.

I need your help in doing the following:

• A compute instance is already running.

• A DNS Record(A Record) has been defined in the Cloud DNS.

Scenario is :
If a customer is updating the name/tag/ip_address of the instance, the respective DNS Record has to get updated.

I am stuck how to take this forward in integrating the cloud function to perform this action

[edwardmedia]

@jgireeshj I am not sure what to do with your above code against what you are trying to achieve. Is below resource you are looking for? There are some examples showing how to manage the DNS records with google_compute_instance.

https://www.terraform.io/docs/providers/google/r/dns_record_set.html

[jgireeshj]

@edwardmedia ,

I think you have not understood the concept.

Please find the details below:

A compute instnace is launched Google cloud.(used google_compute_instance)
A DNS record has been created for the respective instance. (used google_dns_record_set)

These two were created by means of a terraform script.

Now, the name of the instance is updated manually in the Google cloud console.

What fuctionality can be used to update the DNS Record set automatically with the new name of the instnace.

[edwardmedia]

@jgireeshj sorry if I misunderstood what you were trying to do. Looks at the line rrdatas in below code (from the link I provided), you can see the relationship between google_compute_instance and google_dns_record_set. Does this make sense?

resource "google_dns_record_set" "frontend" {
  name = "frontend.${google_dns_managed_zone.prod.dns_name}"
  type = "A"
  ttl  = 300

  managed_zone = google_dns_managed_zone.prod.name

  rrdatas = [google_compute_instance.frontend.network_interface[0].access_config[0].nat_ip]
}

Below is what I tested using the example I provided earlier. After I update the instance name, I see below plan on google_dns_record_set. Does this make sense to you?

  # google_dns_record_set.frontend will be updated in-place
  ~ resource "google_dns_record_set" "frontend" {
        id           = "issue6971/frontend.mydomain/A"
        managed_zone = "issue6971"
        name         = "frontend.mydomain"
        project      = "myproject"
      ~ rrdatas      = [
          - "130.xxx.xxx.xx",
        ] -> (known after apply)
        ttl          = 300
        type         = "A"
    }
Plan: 1 to add, 1 to change, 1 to destroy.

If this is not what you intended to do, please provide your code and specify the question in details. Thanks

[jgireeshj]

@edwardmedia I know this concept.

For a new or existing instance, this is possible. But this is manual work.

I want to automize the task as whenever a new tag is added to a compute instance, a DNS CNAME Record has to be automatically created.

As per the details, you have shared it is not possible to check if the DNS Record exists and to create a new one.

[edwardmedia]

@jgireeshj I want to automize the task as whenever a new tag is added to a compute instance, a DNS CNAME Record has to be automatically created. how do you apply the change for a new tag?
..... is not possible to check if the DNS ... what do you expect to check?

[edwardmedia]

@jgireeshj I am closing this issue now as I assume you have resolved the issue. Feel free to reopen it if you need to continue the conversation. Thanks

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!