feat: Allow creating CDN without DNS record (#365)

* feat: allow creating CDN without DNS record * chore: ran pre-commit * fix: outputs
pagopa · Oct 21, 2024 · fee3a63 · fee3a63
1 parent decd3f3
commit fee3a63
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/cdn/README.md b/cdn/README.md
@@ -128,6 +128,7 @@ During the apply there will be 1 changed and 1 destroy related to storage see [s
 | <a name="input_advanced_threat_protection_enabled"></a> [advanced\_threat\_protection\_enabled](#input\_advanced\_threat\_protection\_enabled) | n/a | `bool` | `false` | no |
 | <a name="input_azuread_service_principal_azure_cdn_frontdoor_id"></a> [azuread\_service\_principal\_azure\_cdn\_frontdoor\_id](#input\_azuread\_service\_principal\_azure\_cdn\_frontdoor\_id) | Azure CDN Front Door Principal ID - Microsoft.AzureFrontDoor-Cdn | `string` | `null` | no |
 | <a name="input_cdn_location"></a> [cdn\_location](#input\_cdn\_location) | If the location of the CDN needs to be different from that of the storage account, set this variable to the location where the CDN should be created. For example, cdn\_location = westeurope and location = northitaly | `string` | `null` | no |
+| <a name="input_create_dns_record"></a> [create\_dns\_record](#input\_create\_dns\_record) | n/a | `bool` | `true` | no |
 | <a name="input_custom_hostname_kv_enabled"></a> [custom\_hostname\_kv\_enabled](#input\_custom\_hostname\_kv\_enabled) | Flag required to enable the association between KV certificate and CDN when the hostname is different from the APEX | `bool` | `false` | no |
 | <a name="input_delivery_rule"></a> [delivery\_rule](#input\_delivery\_rule) | n/a | <pre>list(object({<br>    name  = string<br>    order = number<br><br>    // start conditions<br>    cookies_conditions = list(object({<br>      selector         = string<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    device_conditions = list(object({<br>      operator         = string<br>      match_values     = string<br>      negate_condition = bool<br>    }))<br><br>    http_version_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>    }))<br><br>    post_arg_conditions = list(object({<br>      selector         = string<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    query_string_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    remote_address_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>    }))<br><br>    request_body_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    request_header_conditions = list(object({<br>      selector         = string<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    request_method_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>    }))<br><br>    request_scheme_conditions = list(object({<br>      operator         = string<br>      match_values     = string<br>      negate_condition = bool<br>    }))<br><br>    request_uri_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    url_file_extension_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    url_file_name_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br><br>    url_path_conditions = list(object({<br>      operator         = string<br>      match_values     = list(string)<br>      negate_condition = bool<br>      transforms       = list(string)<br>    }))<br>    // end conditions<br><br>    // start actions<br>    cache_expiration_actions = list(object({<br>      behavior = string<br>      duration = string<br>    }))<br><br>    cache_key_query_string_actions = list(object({<br>      behavior   = string<br>      parameters = string<br>    }))<br><br>    modify_request_header_actions = list(object({<br>      action = string<br>      name   = string<br>      value  = string<br>    }))<br><br>    modify_response_header_actions = list(object({<br>      action = string<br>      name   = string<br>      value  = string<br>    }))<br><br>    url_redirect_actions = list(object({<br>      redirect_type = string<br>      protocol      = string<br>      hostname      = string<br>      path          = string<br>      fragment      = string<br>      query_string  = string<br>    }))<br><br>    url_rewrite_actions = list(object({<br>      source_pattern          = string<br>      destination             = string<br>      preserve_unmatched_path = string<br>    }))<br>    // end actions<br>  }))</pre> | `[]` | no |
 | <a name="input_delivery_rule_redirect"></a> [delivery\_rule\_redirect](#input\_delivery\_rule\_redirect) | n/a | <pre>list(object({<br>    name         = string<br>    order        = number<br>    operator     = string<br>    match_values = list(string)<br>    url_redirect_action = object({<br>      redirect_type = string<br>      protocol      = string<br>      hostname      = string<br>      path          = string<br>      fragment      = string<br>      query_string  = string<br>    })<br>  }))</pre> | `[]` | no |

diff --git a/cdn/main.tf b/cdn/main.tf
@@ -661,7 +661,7 @@ resource "null_resource" "custom_hostname_kv_certificate" {
 # record APEX https://docs.microsoft.com/it-it/azure/dns/dns-zones-records#record-names
 resource "azurerm_dns_a_record" "apex_hostname" {
   # create this iff DNS zone name equal to HOST NAME azurerm_cdn_endpoint.this.fqdn
-  count = var.dns_zone_name == var.hostname ? 1 : 0
+  count = var.create_dns_record && var.dns_zone_name == var.hostname ? 1 : 0
 
   name                = "@"
   zone_name           = var.dns_zone_name
@@ -686,7 +686,7 @@ resource "azurerm_dns_cname_record" "apex_cdnverify" {
 }
 
 resource "azurerm_dns_cname_record" "hostname" {
-  count = var.dns_zone_name != var.hostname ? 1 : 0
+  count = var.create_dns_record && var.dns_zone_name != var.hostname ? 1 : 0
 
   name                = trimsuffix(replace(var.hostname, var.dns_zone_name, ""), ".")
   zone_name           = var.dns_zone_name

diff --git a/cdn/outputs.tf b/cdn/outputs.tf
@@ -20,7 +20,7 @@ output "hostname" {
 }
 
 output "fqdn" {
-  value = var.dns_zone_name == var.hostname ? trimsuffix(azurerm_dns_a_record.apex_hostname[0].fqdn, ".") : trimsuffix(azurerm_dns_cname_record.hostname[0].fqdn, ".")
+  value = var.create_dns_record ? var.dns_zone_name == var.hostname ? trimsuffix(azurerm_dns_a_record.apex_hostname[0].fqdn, ".") : trimsuffix(azurerm_dns_cname_record.hostname[0].fqdn, ".") : null
 }
 
 output "storage_id" {

diff --git a/cdn/variables.tf b/cdn/variables.tf
@@ -364,6 +364,11 @@ variable "dns_zone_resource_group_name" {
   type = string
 }
 
+variable "create_dns_record" {
+  type    = bool
+  default = true
+}
+
 variable "advanced_threat_protection_enabled" {
   type    = bool
   default = false