gcp_dns_managed_zone – Creates a GCP ManagedZone¶
New in version 2.5.
Synopsis¶
- A zone is a subtree of the DNS namespace under one administrative responsibility. A ManagedZone is a resource that represents a DNS zone hosted by the Cloud DNS service.
Requirements¶
The below requirements are needed on the host that executes this module.
- python >= 2.6
- requests >= 2.18.4
- google-auth >= 1.3.0
Parameters¶
| Parameter | Choices/Defaults | Comments | ||
|---|---|---|---|---|
| auth_kind 
                    string
                                             / required                     | 
 | The type of credential used. | ||
| description 
                    string
                                             / required                     | A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function. | |||
| dns_name 
                    string
                                             / required                     | The DNS name of this managed zone, for instance "example.com.". | |||
| dnssec_config 
                    dictionary
                                                                 added in 2.9 | DNSSEC configuration. | |||
| default_key_specs 
                    list
                                                                 | Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. | |||
| algorithm 
                    string
                                                                 | String mnemonic specifying the DNSSEC algorithm of this key. Some valid choices include: "ecdsap256sha256", "ecdsap384sha384", "rsasha1", "rsasha256", "rsasha512" | |||
| key_length 
                    integer
                                                                 | Length of the keys in bits. | |||
| key_type 
                    string
                                                                 | Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. . Some valid choices include: "keySigning", "zoneSigning" | |||
| kind 
                    string
                                                                 | Default: "dns#dnsKeySpec" | Identifies what kind of resource this is. | ||
| kind 
                    string
                                                                 | Default: "dns#managedZoneDnsSecConfig" | Identifies what kind of resource this is. | ||
| non_existence 
                    string
                                                                 | Specifies the mechanism used to provide authenticated denial-of-existence responses. Some valid choices include: "nsec", "nsec3" | |||
| state 
                    string
                                                                 | Specifies whether DNSSEC is enabled, and what mode it is in. Some valid choices include: "off", "on", "transfer" | |||
| env_type 
                    string
                                                                 | Specifies which Ansible environment you're running this module within. This should not be set unless you know what you're doing. This only alters the User Agent string for any API requests. | |||
| labels 
                    dictionary
                                                                 added in 2.8 | A set of key/value label pairs to assign to this ManagedZone. | |||
| name 
                    string
                                             / required                     | User assigned name for this resource. Must be unique within the project. | |||
| name_server_set 
                    string
                                                                 | Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset. | |||
| private_visibility_config 
                    dictionary
                                                                 added in 2.8 | For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. | |||
| networks 
                    list
                                                                 | The list of VPC networks that can see this zone. | |||
| network_url 
                    string
                                                                 | The fully qualified URL of the VPC network to bind to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` . | |||
| project 
                    string
                                                                 | The Google Cloud Platform project to use. | |||
| scopes 
                    list
                                                                 | Array of scopes to be used. | |||
| service_account_contents 
                    jsonarg
                                                                 | The contents of a Service Account JSON file, either in a dictionary or as a JSON string that represents it. | |||
| service_account_email 
                    string
                                                                 | An optional service account email address if machineaccount is selected and the user does not wish to use the default email. | |||
| service_account_file 
                    path
                                                                 | The path of a Service Account JSON file if serviceaccount is selected as type. | |||
| state 
                    string
                                                                 | 
 | Whether the given object should exist in GCP | ||
| visibility 
                    string
                                                                 added in 2.8 | Default: "public" | The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Must be one of: `public`, `private`. Some valid choices include: "private", "public" | ||
Notes¶
Note
- API Reference: https://cloud.google.com/dns/api/v1/managedZones
- Managing Zones: https://cloud.google.com/dns/zones/
- for authentication, you can set service_account_file using the c(gcp_service_account_file) env variable.
- for authentication, you can set service_account_contents using the c(GCP_SERVICE_ACCOUNT_CONTENTS) env variable.
- For authentication, you can set service_account_email using the GCP_SERVICE_ACCOUNT_EMAILenv variable.
- For authentication, you can set auth_kind using the GCP_AUTH_KINDenv variable.
- For authentication, you can set scopes using the GCP_SCOPESenv variable.
- Environment variables values will only be used if the playbook values are not set.
- The service_account_email and service_account_file options are mutually exclusive.
Examples¶
- name: create a managed zone
  gcp_dns_managed_zone:
    name: test_object
    dns_name: test.somewild2.example.com.
    description: test zone
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
Return Values¶
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| creationTime 
                  string
                                       | success | The time that this resource was created on the server. This is in RFC3339 text format. | ||
| description 
                  string
                                       | success | A mutable string of at most 1024 characters associated with this resource for the user's convenience. Has no effect on the managed zone's function. | ||
| dnsName 
                  string
                                       | success | The DNS name of this managed zone, for instance "example.com.". | ||
| dnssecConfig 
                  complex
                                       | success | DNSSEC configuration. | ||
| defaultKeySpecs 
                  complex
                                       | success | Specifies parameters that will be used for generating initial DnsKeys for this ManagedZone. If you provide a spec for keySigning or zoneSigning, you must also provide one for the other. | ||
| algorithm 
                  string
                                       | success | String mnemonic specifying the DNSSEC algorithm of this key. | ||
| keyLength 
                  integer
                                       | success | Length of the keys in bits. | ||
| keyType 
                  string
                                       | success | Specifies whether this is a key signing key (KSK) or a zone signing key (ZSK). Key signing keys have the Secure Entry Point flag set and, when active, will only be used to sign resource record sets of type DNSKEY. Zone signing keys do not have the Secure Entry Point flag set and will be used to sign all other types of resource record sets. . | ||
| kind 
                  string
                                       | success | Identifies what kind of resource this is. | ||
| kind 
                  string
                                       | success | Identifies what kind of resource this is. | ||
| nonExistence 
                  string
                                       | success | Specifies the mechanism used to provide authenticated denial-of-existence responses. | ||
| state 
                  string
                                       | success | Specifies whether DNSSEC is enabled, and what mode it is in. | ||
| id 
                  integer
                                       | success | Unique identifier for the resource; defined by the server. | ||
| labels 
                  dictionary
                                       | success | A set of key/value label pairs to assign to this ManagedZone. | ||
| name 
                  string
                                       | success | User assigned name for this resource. Must be unique within the project. | ||
| nameServers 
                  list
                                       | success | Delegate your managed_zone to these virtual name servers; defined by the server . | ||
| nameServerSet 
                  string
                                       | success | Optionally specifies the NameServerSet for this ManagedZone. A NameServerSet is a set of DNS name servers that all host the same ManagedZones. Most users will leave this field unset. | ||
| privateVisibilityConfig 
                  complex
                                       | success | For privately visible zones, the set of Virtual Private Cloud resources that the zone is visible from. | ||
| networks 
                  complex
                                       | success | The list of VPC networks that can see this zone. | ||
| networkUrl 
                  string
                                       | success | The fully qualified URL of the VPC network to bind to. This should be formatted like `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}` . | ||
| visibility 
                  string
                                       | success | The zone's visibility: public zones are exposed to the Internet, while private zones are visible only to Virtual Private Cloud resources. Must be one of: `public`, `private`. | ||
Status¶
- This module is not guaranteed to have a backwards compatible interface. [preview]
- This module is maintained by the Ansible Community. [community]
Authors¶
- Google Inc. (@googlecloudplatform)
Hint
If you notice any issues in this documentation, you can edit this document to improve it.
