1. Docs
  2. Reference
  3. API
  4. pulumi_gcp
  5. dns

This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

dns

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.dns.AwaitableGetKeysResult(id=None, key_signing_keys=None, managed_zone=None, project=None, zone_signing_keys=None)
class pulumi_gcp.dns.AwaitableGetManagedZoneResult(description=None, dns_name=None, id=None, name=None, name_servers=None, project=None, visibility=None)
class pulumi_gcp.dns.GetKeysResult(id=None, key_signing_keys=None, managed_zone=None, project=None, zone_signing_keys=None)

A collection of values returned by getKeys.

id = None

The provider-assigned unique ID for this managed resource.

key_signing_keys = None

A list of Key-signing key (KSK) records. Structure is documented below. Additionally, the DS record is provided:

zone_signing_keys = None

A list of Zone-signing key (ZSK) records. Structure is documented below.

class pulumi_gcp.dns.GetManagedZoneResult(description=None, dns_name=None, id=None, name=None, name_servers=None, project=None, visibility=None)

A collection of values returned by getManagedZone.

description = None

A textual description field.

dns_name = None

The fully qualified DNS name of this zone, e.g. example.io..

id = None

The provider-assigned unique ID for this managed resource.

name_servers = None

The list of nameservers that will be authoritative for this domain. Use NS records to redirect from your DNS provider to these names, thus making Google Cloud DNS authoritative for this zone.

visibility = None

The zone’s visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.

class pulumi_gcp.dns.ManagedZone(resource_name, opts=None, description=None, dns_name=None, dnssec_config=None, forwarding_config=None, labels=None, name=None, peering_config=None, private_visibility_config=None, project=None, reverse_lookup=None, service_directory_config=None, visibility=None, __props__=None, __name__=None, __opts__=None)

A zone is a subtree of the DNS namespace under one administrative responsibility. A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service.

To get more information about ManagedZone, see:

import pulumi
import pulumi_gcp as gcp

example_zone = gcp.dns.ManagedZone("example-zone",
    description="Example DNS zone",
    dns_name="my-domain.com.",
    labels={
        "foo": "bar",
    })

import pulumi
import pulumi_gcp as gcp

network_1 = gcp.compute.Network("network-1", auto_create_subnetworks=False)
network_2 = gcp.compute.Network("network-2", auto_create_subnetworks=False)
private_zone = gcp.dns.ManagedZone("private-zone",
    dns_name="private.example.com.",
    description="Example private DNS zone",
    labels={
        "foo": "bar",
    },
    visibility="private",
    private_visibility_config={
        "networks": [
            {
                "networkUrl": network_1.id,
            },
            {
                "networkUrl": network_2.id,
            },
        ],
    })

import pulumi
import pulumi_gcp as gcp

network_1 = gcp.compute.Network("network-1", auto_create_subnetworks=False)
network_2 = gcp.compute.Network("network-2", auto_create_subnetworks=False)
private_zone = gcp.dns.ManagedZone("private-zone",
    dns_name="private.example.com.",
    description="Example private DNS zone",
    labels={
        "foo": "bar",
    },
    visibility="private",
    private_visibility_config={
        "networks": [
            {
                "networkUrl": network_1.self_link,
            },
            {
                "networkUrl": network_2.self_link,
            },
        ],
    },
    forwarding_config={
        "target_name_servers": [
            {
                "ipv4Address": "172.16.1.10",
            },
            {
                "ipv4Address": "172.16.1.20",
            },
        ],
    })

import pulumi
import pulumi_gcp as gcp

network_source = gcp.compute.Network("network-source", auto_create_subnetworks=False)
network_target = gcp.compute.Network("network-target", auto_create_subnetworks=False)
peering_zone = gcp.dns.ManagedZone("peering-zone",
    dns_name="peering.example.com.",
    description="Example private DNS peering zone",
    visibility="private",
    private_visibility_config={
        "networks": [{
            "networkUrl": network_source.id,
        }],
    },
    peering_config={
        "target_network": {
            "networkUrl": network_target.id,
        },
    })

import pulumi
import pulumi_gcp as gcp

example = gcp.servicedirectory.Namespace("example",
    namespace_id="example",
    location="us-central1")
sd_zone = gcp.dns.ManagedZone("sd-zone",
    dns_name="services.example.com.",
    description="Example private DNS Service Directory zone",
    visibility="private",
    service_directory_config={
        "namespace": {
            "namespaceUrl": example.id,
        },
    })
network = gcp.compute.Network("network", auto_create_subnetworks=False)
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – A textual description field. Defaults to ‘Managed by Pulumi’.

  • dns_name (pulumi.Input[str]) – The DNS name of this managed zone, for instance “example.com.”.

  • dnssec_config (pulumi.Input[dict]) – DNSSEC configuration Structure is documented below.

  • forwarding_config (pulumi.Input[dict]) – The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. Structure is documented below.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to this ManagedZone.

  • name (pulumi.Input[str]) – User assigned name for this resource. Must be unique within the project.

  • peering_config (pulumi.Input[dict]) – The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. Structure is documented below.

  • private_visibility_config (pulumi.Input[dict]) – For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. Structure is documented below.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • reverse_lookup (pulumi.Input[bool]) – Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under private_visibility_config.

  • service_directory_config (pulumi.Input[dict]) – The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. Structure is documented below.

  • visibility (pulumi.Input[str]) – The zone’s visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.

The dnssec_config object supports the following:

  • defaultKeySpecs (pulumi.Input[list]) - Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is off. Structure is documented below.

    • algorithm (pulumi.Input[str]) - String mnemonic specifying the DNSSEC algorithm of this key

    • keyLength (pulumi.Input[float]) - Length of the keys in bits

    • keyType (pulumi.Input[str]) - Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets.

    • kind (pulumi.Input[str]) - Identifies what kind of resource this is

  • kind (pulumi.Input[str]) - Identifies what kind of resource this is

  • nonExistence (pulumi.Input[str]) - Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is off.

  • state (pulumi.Input[str]) - Specifies whether DNSSEC is enabled, and what mode it is in

The forwarding_config object supports the following:

  • targetNameServers (pulumi.Input[list]) - List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. Structure is documented below.

    • forwardingPath (pulumi.Input[str]) - Forwarding path for this TargetNameServer. If unset or default Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to private, Cloud DNS will always send queries through VPC for this target

    • ipv4Address (pulumi.Input[str]) - IPv4 address of a target name server.

The peering_config object supports the following:

  • targetNetwork (pulumi.Input[dict]) - The network with which to peer. Structure is documented below.

    • networkUrl (pulumi.Input[str]) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

The private_visibility_config object supports the following:

  • networks (pulumi.Input[list]) - The list of VPC networks that can see this zone. Structure is documented below.

    • networkUrl (pulumi.Input[str]) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

The service_directory_config object supports the following:

  • namespace (pulumi.Input[dict]) - The namespace associated with the zone. Structure is documented below.

    • namespaceUrl (pulumi.Input[str]) - The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id} Ignored for public visibility zones.

description: pulumi.Output[str] = None

A textual description field. Defaults to ‘Managed by Pulumi’.

dns_name: pulumi.Output[str] = None

The DNS name of this managed zone, for instance “example.com.”.

dnssec_config: pulumi.Output[dict] = None

DNSSEC configuration Structure is documented below.

  • defaultKeySpecs (list) - Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is off. Structure is documented below.

    • algorithm (str) - String mnemonic specifying the DNSSEC algorithm of this key

    • keyLength (float) - Length of the keys in bits

    • keyType (str) - Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets.

    • kind (str) - Identifies what kind of resource this is

  • kind (str) - Identifies what kind of resource this is

  • nonExistence (str) - Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is off.

  • state (str) - Specifies whether DNSSEC is enabled, and what mode it is in

forwarding_config: pulumi.Output[dict] = None

The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. Structure is documented below.

  • targetNameServers (list) - List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. Structure is documented below.

    • forwardingPath (str) - Forwarding path for this TargetNameServer. If unset or default Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to private, Cloud DNS will always send queries through VPC for this target

    • ipv4Address (str) - IPv4 address of a target name server.

labels: pulumi.Output[dict] = None

A set of key/value label pairs to assign to this ManagedZone.

name: pulumi.Output[str] = None

User assigned name for this resource. Must be unique within the project.

name_servers: pulumi.Output[list] = None

Delegate your managed_zone to these virtual name servers; defined by the server

peering_config: pulumi.Output[dict] = None

The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. Structure is documented below.

  • targetNetwork (dict) - The network with which to peer. Structure is documented below.

    • networkUrl (str) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

private_visibility_config: pulumi.Output[dict] = None

For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. Structure is documented below.

  • networks (list) - The list of VPC networks that can see this zone. Structure is documented below.

    • networkUrl (str) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

reverse_lookup: pulumi.Output[bool] = None

Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under private_visibility_config.

service_directory_config: pulumi.Output[dict] = None

The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. Structure is documented below.

  • namespace (dict) - The namespace associated with the zone. Structure is documented below.

    • namespaceUrl (str) - The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id} Ignored for public visibility zones.

visibility: pulumi.Output[str] = None

The zone’s visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.

static get(resource_name, id, opts=None, description=None, dns_name=None, dnssec_config=None, forwarding_config=None, labels=None, name=None, name_servers=None, peering_config=None, private_visibility_config=None, project=None, reverse_lookup=None, service_directory_config=None, visibility=None)

Get an existing ManagedZone resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • description (pulumi.Input[str]) – A textual description field. Defaults to ‘Managed by Pulumi’.

  • dns_name (pulumi.Input[str]) – The DNS name of this managed zone, for instance “example.com.”.

  • dnssec_config (pulumi.Input[dict]) – DNSSEC configuration Structure is documented below.

  • forwarding_config (pulumi.Input[dict]) – The presence for this field indicates that outbound forwarding is enabled for this zone. The value of this field contains the set of destinations to forward to. Structure is documented below.

  • labels (pulumi.Input[dict]) – A set of key/value label pairs to assign to this ManagedZone.

  • name (pulumi.Input[str]) – User assigned name for this resource. Must be unique within the project.

  • name_servers (pulumi.Input[list]) – Delegate your managed_zone to these virtual name servers; defined by the server

  • peering_config (pulumi.Input[dict]) – The presence of this field indicates that DNS Peering is enabled for this zone. The value of this field contains the network to peer with. Structure is documented below.

  • private_visibility_config (pulumi.Input[dict]) – For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. Structure is documented below.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • reverse_lookup (pulumi.Input[bool]) – Specifies if this is a managed reverse lookup zone. If true, Cloud DNS will resolve reverse lookup queries using automatically configured records for VPC resources. This only applies to networks listed under private_visibility_config.

  • service_directory_config (pulumi.Input[dict]) – The presence of this field indicates that this zone is backed by Service Directory. The value of this field contains information related to the namespace associated with the zone. Structure is documented below.

  • visibility (pulumi.Input[str]) – The zone’s visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources.

The dnssec_config object supports the following:

  • defaultKeySpecs (pulumi.Input[list]) - Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. default_key_specs can only be updated when the state is off. Structure is documented below.

    • algorithm (pulumi.Input[str]) - String mnemonic specifying the DNSSEC algorithm of this key

    • keyLength (pulumi.Input[float]) - Length of the keys in bits

    • keyType (pulumi.Input[str]) - Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets.

    • kind (pulumi.Input[str]) - Identifies what kind of resource this is

  • kind (pulumi.Input[str]) - Identifies what kind of resource this is

  • nonExistence (pulumi.Input[str]) - Specifies the mechanism used to provide authenticated denial-of-existence responses. non_existence can only be updated when the state is off.

  • state (pulumi.Input[str]) - Specifies whether DNSSEC is enabled, and what mode it is in

The forwarding_config object supports the following:

  • targetNameServers (pulumi.Input[list]) - List of target name servers to forward to. Cloud DNS will select the best available name server if more than one target is given. Structure is documented below.

    • forwardingPath (pulumi.Input[str]) - Forwarding path for this TargetNameServer. If unset or default Cloud DNS will make forwarding decision based on address ranges, i.e. RFC1918 addresses go to the VPC, Non-RFC1918 addresses go to the Internet. When set to private, Cloud DNS will always send queries through VPC for this target

    • ipv4Address (pulumi.Input[str]) - IPv4 address of a target name server.

The peering_config object supports the following:

  • targetNetwork (pulumi.Input[dict]) - The network with which to peer. Structure is documented below.

    • networkUrl (pulumi.Input[str]) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

The private_visibility_config object supports the following:

  • networks (pulumi.Input[list]) - The list of VPC networks that can see this zone. Structure is documented below.

    • networkUrl (pulumi.Input[str]) - The id or fully qualified URL of the VPC network to forward queries to. This should be formatted like projects/{project}/global/networks/{network} or https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

The service_directory_config object supports the following:

  • namespace (pulumi.Input[dict]) - The namespace associated with the zone. Structure is documented below.

    • namespaceUrl (pulumi.Input[str]) - The fully qualified or partial URL of the service directory namespace that should be associated with the zone. This should be formatted like https://servicedirectory.googleapis.com/v1/projects/{project}/locations/{location}/namespaces/{namespace_id} or simply projects/{project}/locations/{location}/namespaces/{namespace_id} Ignored for public visibility zones.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.dns.Policy(resource_name, opts=None, alternative_name_server_config=None, description=None, enable_inbound_forwarding=None, enable_logging=None, name=None, networks=None, project=None, __props__=None, __name__=None, __opts__=None)

A policy is a collection of DNS rules applied to one or more Virtual Private Cloud resources.

To get more information about Policy, see:

import pulumi
import pulumi_gcp as gcp

network_1 = gcp.compute.Network("network-1", auto_create_subnetworks=False)
network_2 = gcp.compute.Network("network-2", auto_create_subnetworks=False)
example_policy = gcp.dns.Policy("example-policy",
    enable_inbound_forwarding=True,
    enable_logging=True,
    alternative_name_server_config={
        "target_name_servers": [
            {
                "ipv4Address": "172.16.1.10",
            },
            {
                "ipv4Address": "172.16.1.20",
            },
        ],
    },
    networks=[
        {
            "networkUrl": network_1.self_link,
        },
        {
            "networkUrl": network_2.self_link,
        },
    ])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alternative_name_server_config (pulumi.Input[dict]) – Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

  • description (pulumi.Input[str]) – A textual description field. Defaults to ‘Managed by Pulumi’.

  • enable_inbound_forwarding (pulumi.Input[bool]) – Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy.

  • enable_logging (pulumi.Input[bool]) – Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

  • name (pulumi.Input[str]) – User assigned name for this policy.

  • networks (pulumi.Input[list]) – List of network names specifying networks to which this policy is applied. Structure is documented below.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The alternative_name_server_config object supports the following:

  • targetNameServers (pulumi.Input[list]) - Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

    • ipv4Address (pulumi.Input[str]) - IPv4 address to forward to.

The networks object supports the following:

  • networkUrl (pulumi.Input[str]) - The fully qualified URL of the VPC network to bind to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

alternative_name_server_config: pulumi.Output[dict] = None

Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

  • targetNameServers (list) - Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

    • ipv4Address (str) - IPv4 address to forward to.

description: pulumi.Output[str] = None

A textual description field. Defaults to ‘Managed by Pulumi’.

enable_inbound_forwarding: pulumi.Output[bool] = None

Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy.

enable_logging: pulumi.Output[bool] = None

Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

name: pulumi.Output[str] = None

User assigned name for this policy.

networks: pulumi.Output[list] = None

List of network names specifying networks to which this policy is applied. Structure is documented below.

  • networkUrl (str) - The fully qualified URL of the VPC network to bind to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

static get(resource_name, id, opts=None, alternative_name_server_config=None, description=None, enable_inbound_forwarding=None, enable_logging=None, name=None, networks=None, project=None)

Get an existing Policy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • alternative_name_server_config (pulumi.Input[dict]) – Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

  • description (pulumi.Input[str]) – A textual description field. Defaults to ‘Managed by Pulumi’.

  • enable_inbound_forwarding (pulumi.Input[bool]) – Allows networks bound to this policy to receive DNS queries sent by VMs or applications over VPN connections. When enabled, a virtual IP address will be allocated from each of the sub-networks that are bound to this policy.

  • enable_logging (pulumi.Input[bool]) – Controls whether logging is enabled for the networks bound to this policy. Defaults to no logging if not set.

  • name (pulumi.Input[str]) – User assigned name for this policy.

  • networks (pulumi.Input[list]) – List of network names specifying networks to which this policy is applied. Structure is documented below.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The alternative_name_server_config object supports the following:

  • targetNameServers (pulumi.Input[list]) - Sets an alternative name server for the associated networks. When specified, all DNS queries are forwarded to a name server that you choose. Names such as .internal are not available when an alternative name server is specified. Structure is documented below.

    • ipv4Address (pulumi.Input[str]) - IPv4 address to forward to.

The networks object supports the following:

  • networkUrl (pulumi.Input[str]) - The fully qualified URL of the VPC network to bind to. This should be formatted like https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.dns.RecordSet(resource_name, opts=None, managed_zone=None, name=None, project=None, rrdatas=None, ttl=None, type=None, __props__=None, __name__=None, __opts__=None)

Manages a set of DNS records within Google Cloud DNS. For more information see the official documentation and API.

Note: The provider treats this resource as an authoritative record set. This means existing records (including the default records) for the given type will be overwritten when you create this resource in the provider. In addition, the Google Cloud DNS API requires NS records to be present at all times, so the provider will not actually remove NS records during destroy but will report that it did.

import pulumi
import pulumi_gcp as gcp

frontend_instance = gcp.compute.Instance("frontendInstance",
    machine_type="g1-small",
    zone="us-central1-b",
    boot_disk={
        "initialize_params": {
            "image": "debian-cloud/debian-9",
        },
    },
    network_interface=[{
        "network": "default",
        "access_config": [{}],
    }])
prod = gcp.dns.ManagedZone("prod", dns_name="prod.mydomain.com.")
frontend_record_set = gcp.dns.RecordSet("frontendRecordSet",
    type="A",
    ttl=300,
    managed_zone=prod.name,
    rrdatas=[frontend_instance.network_interfaces[0]["accessConfigs"][0]["natIp"]])

import pulumi
import pulumi_gcp as gcp

prod = gcp.dns.ManagedZone("prod", dns_name="prod.mydomain.com.")
record_set = gcp.dns.RecordSet("recordSet",
    managed_zone=prod.name,
    type="A",
    ttl=300,
    rrdatas=["8.8.8.8"])

import pulumi
import pulumi_gcp as gcp

prod = gcp.dns.ManagedZone("prod", dns_name="prod.mydomain.com.")
mx = gcp.dns.RecordSet("mx",
    managed_zone=prod.name,
    type="MX",
    ttl=3600,
    rrdatas=[
        "1 aspmx.l.google.com.",
        "5 alt1.aspmx.l.google.com.",
        "5 alt2.aspmx.l.google.com.",
        "10 alt3.aspmx.l.google.com.",
        "10 alt4.aspmx.l.google.com.",
    ])

import pulumi
import pulumi_gcp as gcp

prod = gcp.dns.ManagedZone("prod", dns_name="prod.mydomain.com.")
spf = gcp.dns.RecordSet("spf",
    managed_zone=prod.name,
    type="TXT",
    ttl=300,
    rrdatas=[""v=spf1 ip4:111.111.111.111 include:backoff.email-example.com -all""])

import pulumi
import pulumi_gcp as gcp

prod = gcp.dns.ManagedZone("prod", dns_name="prod.mydomain.com.")
cname = gcp.dns.RecordSet("cname",
    managed_zone=prod.name,
    type="CNAME",
    ttl=300,
    rrdatas=["frontend.mydomain.com."])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • managed_zone (pulumi.Input[str]) – The name of the zone in which this record set will reside.

  • name (pulumi.Input[str]) – The DNS name this record set will apply to.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • rrdatas (pulumi.Input[list]) – The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding " if you don’t want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add "" inside the provider configuration string (e.g. "first255characters""morecharacters").

  • ttl (pulumi.Input[float]) – The time-to-live of this record set (seconds).

  • type (pulumi.Input[str]) – The DNS record set type.

managed_zone: pulumi.Output[str] = None

The name of the zone in which this record set will reside.

name: pulumi.Output[str] = None

The DNS name this record set will apply to.

project: pulumi.Output[str] = None

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

rrdatas: pulumi.Output[list] = None

The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding " if you don’t want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add "" inside the provider configuration string (e.g. "first255characters""morecharacters").

ttl: pulumi.Output[float] = None

The time-to-live of this record set (seconds).

type: pulumi.Output[str] = None

The DNS record set type.

static get(resource_name, id, opts=None, managed_zone=None, name=None, project=None, rrdatas=None, ttl=None, type=None)

Get an existing RecordSet resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • managed_zone (pulumi.Input[str]) – The name of the zone in which this record set will reside.

  • name (pulumi.Input[str]) – The DNS name this record set will apply to.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • rrdatas (pulumi.Input[list]) – The string data for the records in this record set whose meaning depends on the DNS type. For TXT record, if the string data contains spaces, add surrounding " if you don’t want your string to get split on spaces. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add "" inside the provider configuration string (e.g. "first255characters""morecharacters").

  • ttl (pulumi.Input[float]) – The time-to-live of this record set (seconds).

  • type (pulumi.Input[str]) – The DNS record set type.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_gcp.dns.get_keys(managed_zone=None, project=None, opts=None)

Get the DNSKEY and DS records of DNSSEC-signed managed zones. For more information see the official documentation and API.

import pulumi
import pulumi_gcp as gcp

foo = gcp.dns.ManagedZone("foo",
    dns_name="foo.bar.",
    dnssec_config={
        "state": "on",
        "nonExistence": "nsec3",
    })
foo_dns_keys = foo.id.apply(lambda id: gcp.dns.get_keys(managed_zone=id))
pulumi.export("fooDnsDsRecord", foo_dns_keys.key_signing_keys[0]["dsRecord"])
Parameters

  • managed_zone (str) – The name or id of the Cloud DNS managed zone.

  • project (str) – The ID of the project in which the resource belongs. If project is not provided, the provider project is used.

pulumi_gcp.dns.get_managed_zone(name=None, project=None, opts=None)

Provides access to a zone’s attributes within Google Cloud DNS. For more information see the official documentation and API.

import pulumi
import pulumi_gcp as gcp

env_dns_zone = gcp.dns.get_managed_zone(name="qa-zone")
dns = gcp.dns.RecordSet("dns",
    type="TXT",
    ttl=300,
    managed_zone=env_dns_zone.name,
    rrdatas=["test"])
Parameters

  • name (str) – A unique name for the resource.

  • project (str) – The ID of the project for the Google Cloud DNS zone.