Allow specifying global L7 ILB in dns_record_set routing policy (Goog…

…leCloudPlatform#8470)

* Allow specifying global L7 ILB in dns_record_set routing policy

* fix url_map default_service in docs

* fix forwarding rule reference in rrset for cross-region test

* don't specify region for globalL7ilb routing policy item

* add backend subnet for FR IP address provisioning

* pass backendSubnetName to cross-region L7 test case

* remove google-beta req from test backend subnet

* remove extra primary-backup examples

* add globalL7ilb value to docs

mmv1/third_party/terraform/services/dns/resource_dns_record_set.go

@@ -258,8 +258,8 @@ var healthCheckedTargetSchema *schema.Resource = &schema.Resource{
 					"load_balancer_type": {
 						Type:         schema.TypeString,
 						Required:     true,
-						Description:  `The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb]`,
-						ValidateFunc: validation.StringInSlice([]string{"regionalL4ilb", "regionalL7ilb"}, false),
+						Description:  `The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]`,
+						ValidateFunc: validation.StringInSlice([]string{"regionalL4ilb", "regionalL7ilb", "globalL7ilb"}, false),
 					},
 					"ip_address": {
 						Type:        schema.TypeString,

mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.erb

@@ -255,6 +255,7 @@ func TestAccDNSRecordSet_routingPolicy(t *testing.T) {
 	t.Parallel()
 
 	networkName := fmt.Sprintf("tf-test-network-%s", acctest.RandString(t, 10))
+	backendSubnetName := fmt.Sprintf("tf-test-backend-subnet-%s", acctest.RandString(t, 10))
 	proxySubnetName := fmt.Sprintf("tf-test-proxy-subnet-%s", acctest.RandString(t, 10))
 	httpHealthCheckName := fmt.Sprintf("tf-test-http-health-check-%s", acctest.RandString(t, 10))
 	backendName := fmt.Sprintf("tf-test-backend-%s", acctest.RandString(t, 10))
@@ -303,6 +304,15 @@ func TestAccDNSRecordSet_routingPolicy(t *testing.T) {
 				ImportState:   true,
 				ImportStateVerify: true,
 			},
+			{
+				Config: testAccDnsRecordSet_routingPolicyCrossRegionL7PrimaryBackup(networkName, backendSubnetName, proxySubnetName, httpHealthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, 300),
+			},
+			{
+				ResourceName:  "google_dns_record_set.foobar",
+				ImportStateId: fmt.Sprintf("%s/%s/test-record.%s.hashicorptest.com./A", envvar.GetTestProjectFromEnv(), zoneName, zoneName),
+				ImportState:   true,
+				ImportStateVerify: true,
+			},
 		},
 	})
 }
@@ -828,6 +838,108 @@ resource "google_dns_record_set" "foobar" {
 `, networkName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, zoneName, zoneName, ttl)
 }
 
+func testAccDnsRecordSet_routingPolicyCrossRegionL7PrimaryBackup(networkName, backendSubnetName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName string, ttl int) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "default" {
+  name = "%s"
+}
+
+resource "google_compute_subnetwork" "backend_subnet" {
+  name          = "%s"
+  ip_cidr_range = "10.0.1.0/24"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+}
+
+resource "google_compute_subnetwork" "proxy_subnet" {
+  name          = "%s"
+  ip_cidr_range = "10.100.0.0/24"
+  region        = "us-central1"
+  purpose       = "GLOBAL_MANAGED_PROXY"
+  role          = "ACTIVE"
+  network       = google_compute_network.default.id
+}
+
+resource "google_compute_health_check" "health_check" {
+  name   = "%s"
+
+  http_health_check {
+    port = 80
+  }
+}
+
+resource "google_compute_backend_service" "backend" {
+  name                  = "%s"
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  protocol              = "HTTP"
+  health_checks         = [google_compute_health_check.health_check.id]
+}
+
+resource "google_compute_url_map" "url_map" {
+  name            = "%s"
+  default_service = google_compute_backend_service.backend.id
+}
+
+resource "google_compute_target_http_proxy" "http_proxy" {
+  name    = "%s"
+  url_map = google_compute_url_map.url_map.id
+}
+
+resource "google_compute_global_forwarding_rule" "default" {
+  name                  = "%s"
+  depends_on            = [google_compute_subnetwork.proxy_subnet]
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  target                = google_compute_target_http_proxy.http_proxy.id
+  port_range            = "80"
+  network               = google_compute_network.default.name
+  subnetwork            = google_compute_subnetwork.backend_subnet.name
+  ip_protocol           = "TCP"
+}
+
+resource "google_dns_managed_zone" "parent-zone" {
+  name        = "%s"
+  dns_name    = "%s.hashicorptest.com."
+  description = "Test Description"
+  visibility = "private"
+}
+
+resource "google_dns_record_set" "foobar" {
+  managed_zone = google_dns_managed_zone.parent-zone.name
+  name         = "test-record.%s.hashicorptest.com."
+  type         = "A"
+  ttl          = %d
+
+  routing_policy {
+    primary_backup {
+      trickle_ratio                  = 0.1
+      enable_geo_fencing_for_backups = true
+
+      primary {
+        internal_load_balancers {
+          load_balancer_type = "globalL7ilb"
+          ip_address         = google_compute_global_forwarding_rule.default.ip_address
+          port               = "80"
+          ip_protocol        = "tcp"
+          network_url        = google_compute_network.default.id
+          project            = google_compute_global_forwarding_rule.default.project
+        }
+      }
+
+      backup_geo {
+        location = "us-west1"
+        rrdatas  = ["1.2.3.4"]
+      }
+
+      backup_geo {
+        location = "asia-east1"
+        rrdatas  = ["5.6.7.8"]
+      }
+    }
+  }
+}
+`, networkName, backendSubnetName, proxySubnetName, healthCheckName, backendName, urlMapName, httpProxyName, forwardingRuleName, zoneName, zoneName, zoneName, ttl)
+}
+
 func testAccDnsRecordSet_interpolated(zoneName string) string {
 	return fmt.Sprintf(`
 resource "google_dns_managed_zone" "parent-zone" {

mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown

@@ -241,104 +241,6 @@ resource "google_compute_network" "prod" {
 }
 ```
 
-#### Primary-Backup with a regional L7 ILB
-
-```hcl
-resource "google_dns_record_set" "a" {
-  name         = "backend.${google_dns_managed_zone.prod.dns_name}"
-  managed_zone = google_dns_managed_zone.prod.name
-  type         = "A"
-  ttl          = 300
-
-  routing_policy {
-    primary_backup {
-      trickle_ratio = 0.1
-
-      primary {
-        internal_load_balancers {
-          load_balancer_type = "regionalL7ilb"
-          ip_address         = google_compute_forwarding_rule.prod.ip_address
-          port               = "80"
-          ip_protocol        = "tcp"
-          network_url        = google_compute_network.prod.id
-          project            = google_compute_forwarding_rule.prod.project
-          region             = google_compute_forwarding_rule.prod.region
-        }
-      }
-
-      backup_geo {
-        location = "asia-east1"
-        rrdatas  = ["10.128.1.1"]
-      }
-
-      backup_geo {
-        location = "us-west1"
-        rrdatas  = ["10.130.1.1"]
-      }
-    }
-  }
-}
-
-resource "google_dns_managed_zone" "prod" {
-  name     = "prod-zone"
-  dns_name = "prod.mydomain.com."
-}
-
-resource "google_compute_forwarding_rule" "prod" {
-  name                  = "prod-ilb"
-  region                = "us-central1"
-  depends_on            = [google_compute_subnetwork.prod_proxy]
-  load_balancing_scheme = "INTERNAL_MANAGED"
-  target                = google_compute_region_target_http_proxy.prod.id
-  port_range            = "80"
-  allow_global_access   = true
-  network               = google_compute_network.prod.name
-  ip_protocol           = "TCP"
-}
-
-resource "google_compute_region_target_http_proxy" "prod" {
-  name    = "prod-http-proxy"
-  region  = "us-central1"
-  url_map = google_compute_region_url_map.prod.id
-}
-
-resource "google_compute_region_url_map" "prod" {
-  name            = "prod-url-map"
-  region          = "us-central1"
-  default_service = google_compute_region_backend_service.prod.id
-}
-
-resource "google_compute_region_backend_service" "prod" {
-  name                  = "prod-backend"
-  region                = "us-central1"
-  load_balancing_scheme = "INTERNAL_MANAGED"
-  protocol              = "HTTP"
-  health_checks         = [google_compute_region_health_check.prod.id]
-}
-
-resource "google_compute_region_health_check" "prod" {
-  name               = "prod-http-health-check"
-  region             = "us-central1"
-
-  http_health_check {
-    port = 80
-  }
-}
-
-resource "google_compute_subnetwork" "prod_proxy" {
-  name          = "prod-proxy-subnet"
-  ip_cidr_range = "10.100.0.0/24"
-  region        = "us-central1"
-  purpose       = "INTERNAL_HTTPS_LOAD_BALANCER"
-  role          = "ACTIVE"
-  network       = google_compute_network.prod.id
-}
-
-resource "google_compute_network" "prod" {
-  name = "prod-network"
-}
-```
-
 ## Argument Reference
 
 The following arguments are supported:
@@ -414,7 +316,7 @@ The following arguments are supported:
 
 <a name="nested_internal_load_balancers"></a>The `internal_load_balancers` block supports:
 
-* `load_balancer_type` - (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb"]
+* `load_balancer_type` - (Required) The type of load balancer. This value is case-sensitive. Possible values: ["regionalL4ilb", "regionalL7ilb", "globalL7ilb"]
 
 * `ip_address` - (Required) The frontend IP address of the load balancer.