From 01ab20732aa88ce12465d0bbf1cd9b57e2f5ec74 Mon Sep 17 00:00:00 2001
From: valentina <valentina.mellar@advastore.com>
Date: Tue, 18 Jun 2024 18:00:02 +0200
Subject: [PATCH] feat: add support for setting dns configuration to be pushed
 to nodes

---
 README.md                         | 11 +++++++++--
 examples/setting-dns/README.md    | 25 +++++++++++++++++++++++++
 examples/setting-dns/main.tf      | 13 +++++++++++++
 examples/setting-dns/variables.tf | 16 ++++++++++++++++
 main.tf                           |  5 +++++
 outputs.tf                        |  4 ++++
 variables.tf                      | 20 ++++++++++++++++++++
 7 files changed, 92 insertions(+), 2 deletions(-)
 create mode 100644 examples/setting-dns/README.md
 create mode 100644 examples/setting-dns/main.tf
 create mode 100644 examples/setting-dns/variables.tf

diff --git a/README.md b/README.md
index a1f666e..72c6d9b 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ BGP or OSPF.
   Pools, Networks, and Memberships. [ZeroTier Central](https://my.zerotier.com) is our SaaS
   offering, which is driven by the
   [ZeroTier Terraform Provider](https://registry.terraform.io/providers/zerotier/zerotier/latest).
-  
+
 ## Usage
 
 Before we begin, we will need to log into [my.zerotier.com](https://my.zerotier.com) and create an API
@@ -95,6 +95,13 @@ Terraform will perform the following actions:
       + route {
           + target = "10.9.8.0/24"
         }
+      + dns {
+          + domain  = "example.com"
+          + servers = [
+              + "10.10.10.1",
+              + "10.10.10.2",
+            ]
+        }
     }
 
 Plan: 1 to add, 0 to change, 0 to destroy.
@@ -116,7 +123,7 @@ module.this["hello_zerotier"].zerotier_network.this: Creation complete after 1s
 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 ```
 
-Check that it was created in the [ZeroTier Central Webui](my.zerotier.com)  
+Check that it was created in the [ZeroTier Central Webui](my.zerotier.com)
 
 ![](https://i.imgur.com/V5N04ew.png)
 
diff --git a/examples/setting-dns/README.md b/examples/setting-dns/README.md
new file mode 100644
index 0000000..e17dc5f
--- /dev/null
+++ b/examples/setting-dns/README.md
@@ -0,0 +1,25 @@
+# Single Network with DNS configuration
+
+You can set DNS search domain and DNS servers to push to all zerotier nodes via the central API.
+
+A node running the ZeroTier agent will need to run
+```
+zerotier-cli set <networkId> allowDNS=1
+```
+for these settings to be applied
+
+## Usage
+
+To run this example you need to:
+
+First, log into [my.zerotier.com](https://my.zerotier.com) and create an API
+token under the [Account](https://my.zerotier.com/account) section.
+
+Next, export the `ZEROTIER_CENTRAL_TOKEN` variable in your shell or
+Terraform workspace.
+
+```
+terraform init
+terraform plan
+terraform apply
+```
diff --git a/examples/setting-dns/main.tf b/examples/setting-dns/main.tf
new file mode 100644
index 0000000..324633a
--- /dev/null
+++ b/examples/setting-dns/main.tf
@@ -0,0 +1,13 @@
+module "this" {
+  for_each    = var.zerotier_networks
+  source      = "../../"
+  name        = each.key
+  description = each.value.description
+  subnets     = each.value.subnets
+  flow_rules  = each.value.flow_rules
+  dns         = each.value.dns
+}
+
+output "this" {
+  value = module.this
+}
diff --git a/examples/setting-dns/variables.tf b/examples/setting-dns/variables.tf
new file mode 100644
index 0000000..f5d5697
--- /dev/null
+++ b/examples/setting-dns/variables.tf
@@ -0,0 +1,16 @@
+variable "zerotier_networks" {
+  default = {
+    setting_dns = {
+      description = "Hello Zerotier!"
+      subnets     = ["10.9.76.0/24"]
+      flow_rules  = "accept;"
+      dns = {
+        domain = "example.com"
+        servers = [
+          "10.10.10.1",
+          "10.10.10.2"
+        ]
+      }
+    }
+  }
+}
diff --git a/main.tf b/main.tf
index 0ded2d9..2c59c55 100644
--- a/main.tf
+++ b/main.tf
@@ -54,4 +54,9 @@ resource "zerotier_network" "this" {
       via    = route.value.via
     }
   }
+
+  dns {
+    domain  = var.dns.domain
+    servers = var.dns.servers
+  }
 }
diff --git a/outputs.tf b/outputs.tf
index 2e4d8ac..e52d098 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -45,3 +45,7 @@ output "creation_time" {
 output "id" {
   value = zerotier_network.this.id
 }
+
+output "dns" {
+  value = zerotier_network.this.dns
+}
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 311ccdf..0717f7d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -83,3 +83,23 @@ variable "subnets" {
   type        = list(string)
   default     = []
 }
+
+variable "dns" {
+  description = "DNS settings to be pushed down to client"
+  type = object({
+    domain  = string
+    servers = list(string)
+  })
+  default = {
+    domain  = ""
+    servers = []
+  }
+  validation {
+    condition     = can([for s in var.dns.servers : cidrnetmask("${s}/32")])
+    error_message = "dns.servers should be a valid IPv4 address."
+  }
+  validation {
+    condition     = var.dns.domain == "" ? true : can(regex("^[a-z0-9]+([\\-\\.]{1}[a-z0-9]+)*\\.[a-z]{2,6}$", var.dns.domain))
+    error_message = "dns.domain should be a valid domain name."
+  }
+}
\ No newline at end of file