oci_dns_steering_policy
This resource provides the Steering Policy resource in Oracle Cloud Infrastructure DNS service.
Creates a new steering policy in the specified compartment. For more information on creating policies with templates, see Traffic Management API Guide.
Example Usage
resource "oci_dns_steering_policy" "test_steering_policy" {
#Required
compartment_id = var.compartment_id
display_name = var.steering_policy_display_name
template = var.steering_policy_template
#Optional
answers {
#Required
name = var.steering_policy_answers_name
rdata = var.steering_policy_answers_rdata
rtype = var.steering_policy_answers_rtype
#Optional
is_disabled = var.steering_policy_answers_is_disabled
pool = var.steering_policy_answers_pool
}
defined_tags = var.steering_policy_defined_tags
freeform_tags = var.steering_policy_freeform_tags
health_check_monitor_id = oci_health_checks_http_monitor.test_http_monitor.id
rules {
#Required
rule_type = var.steering_policy_rules_rule_type
#Optional
cases {
#Optional
answer_data {
#Optional
answer_condition = var.steering_policy_rules_cases_answer_data_answer_condition
should_keep = var.steering_policy_rules_cases_answer_data_should_keep
value = var.steering_policy_rules_cases_answer_data_value
}
case_condition = var.steering_policy_rules_cases_case_condition
count = var.steering_policy_rules_cases_count
}
default_answer_data {
#Optional
answer_condition = var.steering_policy_rules_default_answer_data_answer_condition
should_keep = var.steering_policy_rules_default_answer_data_should_keep
value = var.steering_policy_rules_default_answer_data_value
}
default_count = var.steering_policy_rules_default_count
description = var.steering_policy_rules_description
}
ttl = var.steering_policy_ttl
}
Argument Reference
If a change to the Steering Policy will result in the destruction and recreation of the resource, the Steering Policy will be temporarily removed from all attached domains while it is being updated. Since this could cause a temporary outage we recommend that you create DNS records at the affected domains with default values. Those records will be used to resolve DNS queries for the affected domains while the Steering Policy is offline.
The following arguments are supported:
answers
- (Optional) The set of all answers that can potentially issue from the steering policy.is_disabled
- (Optional) Set this property totrue
to indicate that the answer is administratively disabled, such as when the corresponding server is down for maintenance. An answer’sisDisabled
property can be referenced inanswerCondition
properties in rules usinganswer.isDisabled
.name
- (Required) A user-friendly name for the answer, unique within the steering policy. An answer’sname
property can be referenced inanswerCondition
properties of rules usinganswer.name
.pool
- (Optional) The freeform name of a group of one or more records in which this record is included, such as “LAX data center”. An answer’spool
property can be referenced inanswerCondition
properties of rules usinganswer.pool
.rdata
- (Required) The record’s data, as whitespace-delimited tokens in type-specific presentation format. All RDATA is normalized and the returned presentation of your RDATA may differ from its initial input. For more information about RDATA, see Supported DNS Resource Record Types.rtype
- (Required) The type of DNS record, such as A or CNAME. Only A, AAAA, and CNAME are supported. For more information, see Supported DNS Resource Record Types.
compartment_id
- (Required) (Updatable) The OCID of the compartment containing the steering policy.defined_tags
- (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.display_name
- (Required) (Updatable) A user-friendly name for the steering policy. Does not have to be unique and can be changed. Avoid entering confidential information.freeform_tags
- (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.health_check_monitor_id
- (Optional) (Updatable) The OCID of the health check monitor providing health data about the answers of the steering policy. A steering policy answer withrdata
matching a monitored endpoint will use the health data of that endpoint. A steering policy answer withrdata
not matching any monitored endpoint will be assumed healthy.Note: To use the Health Check monitoring feature in a steering policy, a monitor must be created using the Health Checks service first. For more information on how to create a monitor, please see Managing Health Checks.
rules
- (Optional) The series of rules that will be processed in sequence to reduce the pool of answers to a response for any given request.The first rule receives a shuffled list of all answers, and every other rule receives the list of answers emitted by the one preceding it. The last rule populates the response.
cases
- (Optional) An array ofcaseConditions
. A rule may optionally include a sequence of cases defining alternate configurations for how it should behave during processing for any given DNS query. When a rule has no sequence ofcases
, it is always evaluated with the same configuration during processing. When a rule has an empty sequence ofcases
, it is always ignored during processing. When a rule has a non-empty sequence ofcases
, its behavior during processing is configured by the first matchingcase
in the sequence. When a rule has no matching cases the rule is ignored. A rule case with nocaseCondition
always matches. A rule case with acaseCondition
matches only when that expression evaluates to true for the given query.answer_data
- (Applicable when rule_type=FILTER | PRIORITY | WEIGHTED) An array ofSteeringPolicyPriorityAnswerData
objects.answer_condition
- (Applicable when rule_type=FILTER | PRIORITY | WEIGHTED) An expression that is used to select a set of answers that match a condition. For example, answers with matching pool properties.should_keep
- (Applicable when rule_type=FILTER) Keeps the answer only if the value istrue
.value
- (Required when rule_type=PRIORITY | WEIGHTED) The rank assigned to the set of answers that match the expression inanswerCondition
. Answers with the lowest values move to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.
case_condition
- (Applicable when rule_type=FILTER | HEALTH | LIMIT | PRIORITY | WEIGHTED) An expression that uses conditions at the time of a DNS query to indicate whether a case matches. Conditions may include the geographical location, IP subnet, or ASN the DNS query originated. Example: If you have an office that uses the subnet192.0.2.0/24
you could use acaseCondition
expressionquery.client.address in ('192.0.2.0/24')
to define a case that matches queries from that office.count
- (Required when rule_type=LIMIT) The number of answers allowed to remain after the limit rule has been processed, keeping only the first of the remaining answers in the list. Example: If thecount
property is set to2
and four answers remain before the limit rule is processed, only the first two answers in the list will remain after the limit rule has been processed.
default_answer_data
- (Applicable when rule_type=FILTER | PRIORITY | WEIGHTED) Defines a default set of answer conditions and values that are applied to an answer whencases
is not defined for the rule, or a matching case does not have any matchinganswerCondition
s in itsanswerData
.defaultAnswerData
is not applied ifcases
is defined and there are no matching cases. In this scenario, the next rule will be processed.answer_condition
- (Applicable when rule_type=FILTER | PRIORITY | WEIGHTED) An expression that is used to select a set of answers that match a condition. For example, answers with matching pool properties.should_keep
- (Applicable when rule_type=FILTER) Keeps the answer only if the value istrue
.value
- (Required when rule_type=PRIORITY | WEIGHTED) The rank assigned to the set of answers that match the expression inanswerCondition
. Answers with the lowest values move to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.
default_count
- (Applicable when rule_type=LIMIT) Defines a default count ifcases
is not defined for the rule or a matching case does not definecount
.defaultCount
is not applied ifcases
is defined and there are no matching cases. In this scenario, the next rule will be processed. If no rules remain to be processed, the answer will be chosen from the remaining list of answers.description
- (Optional) A user-defined description of the rule’s purpose or behavior.rule_type
- (Required) The type of a rule determines its sorting/filtering behavior.FILTER
- Filters the list of answers based on their defined boolean data. Answers remain only if theirshouldKeep
value istrue
.HEALTH
- Removes answers from the list if theirrdata
matches a target in the health check monitor referenced by the steering policy and the target is reported down.WEIGHTED
- Uses a number between 0 and 255 to determine how often an answer will be served in relation to other answers. Anwers with a higher weight will be served more frequently.PRIORITY
- Uses a defined rank value of answers to determine which answer to serve, moving those with the lowest values to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.LIMIT
- Filters answers that are too far down the list. ParameterdefaultCount
specifies how many answers to keep. Example: IfdefaultCount
has a value of2
and there are five answers left, when theLIMIT
rule is processed, only the first two answers will remain in the list.
template
- (Required) (Updatable) A set of predefined rules based on the desired purpose of the steering policy. Each template utilizes Traffic Management’s rules in a different order to produce the desired results when answering DNS queries.Example: The
FAILOVER
template determines answers by filtering the policy’s answers using theFILTER
rule first, then the following rules in succession:HEALTH
,PRIORITY
, andLIMIT
. This gives the domain dynamic failover capability.It is strongly recommended to use a template other than
CUSTOM
when creating a steering policy.All templates require the rule order to begin with an unconditional
FILTER
rule that keeps answers contingent uponanswer.isDisabled != true
, except forCUSTOM
. A definedHEALTH
rule must follow theFILTER
rule if the policy references ahealthCheckMonitorId
. The last rule of a template must must be aLIMIT
rule. For more information about templates and code examples, see Traffic Management API Guide.Template Types
FAILOVER
- Uses health check information on your endpoints to determine which DNS answers to serve. If an endpoint fails a health check, the answer for that endpoint will be removed from the list of available answers until the endpoint is detected as healthy.LOAD_BALANCE
- Distributes web traffic to specified endpoints based on defined weights.ROUTE_BY_GEO
- Answers DNS queries based on the query’s geographic location. For a list of geographic locations to route by, see Traffic Management Geographic Locations.ROUTE_BY_ASN
- Answers DNS queries based on the query’s originating ASN.ROUTE_BY_IP
- Answers DNS queries based on the query’s IP address.CUSTOM
- Allows a customized configuration of rules.
ttl
- (Optional) (Updatable) The Time To Live (TTL) for responses from the steering policy, in seconds. If not specified during creation, a value of 30 seconds will be used.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Attributes Reference
The following attributes are exported:
answers
- The set of all answers that can potentially issue from the steering policy.is_disabled
- Set this property totrue
to indicate that the answer is administratively disabled, such as when the corresponding server is down for maintenance. An answer’sisDisabled
property can be referenced inanswerCondition
properties in rules usinganswer.isDisabled
.name
- A user-friendly name for the answer, unique within the steering policy. An answer’sname
property can be referenced inanswerCondition
properties of rules usinganswer.name
.pool
- The freeform name of a group of one or more records in which this record is included, such as “LAX data center”. An answer’spool
property can be referenced inanswerCondition
properties of rules usinganswer.pool
.rdata
- The record’s data, as whitespace-delimited tokens in type-specific presentation format. All RDATA is normalized and the returned presentation of your RDATA may differ from its initial input. For more information about RDATA, see Supported DNS Resource Record Types.rtype
- The type of DNS record, such as A or CNAME. Only A, AAAA, and CNAME are supported. For more information, see Supported DNS Resource Record Types.
compartment_id
- The OCID of the compartment containing the steering policy.defined_tags
- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags.display_name
- A user-friendly name for the steering policy. Does not have to be unique and can be changed. Avoid entering confidential information.freeform_tags
- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags.health_check_monitor_id
- The OCID of the health check monitor providing health data about the answers of the steering policy. A steering policy answer withrdata
matching a monitored endpoint will use the health data of that endpoint. A steering policy answer withrdata
not matching any monitored endpoint will be assumed healthy.Note: To use the Health Check monitoring feature in a steering policy, a monitor must be created using the Health Checks service first. For more information on how to create a monitor, please see Managing Health Checks.
id
- The OCID of the resource.rules
- The series of rules that will be processed in sequence to reduce the pool of answers to a response for any given request.The first rule receives a shuffled list of all answers, and every other rule receives the list of answers emitted by the one preceding it. The last rule populates the response.
cases
- An array ofcaseConditions
. A rule may optionally include a sequence of cases defining alternate configurations for how it should behave during processing for any given DNS query. When a rule has no sequence ofcases
, it is always evaluated with the same configuration during processing. When a rule has an empty sequence ofcases
, it is always ignored during processing. When a rule has a non-empty sequence ofcases
, its behavior during processing is configured by the first matchingcase
in the sequence. When a rule has no matching cases the rule is ignored. A rule case with nocaseCondition
always matches. A rule case with acaseCondition
matches only when that expression evaluates to true for the given query.answer_data
- An array ofSteeringPolicyPriorityAnswerData
objects.answer_condition
- An expression that is used to select a set of answers that match a condition. For example, answers with matching pool properties.should_keep
- Keeps the answer only if the value istrue
.value
- The rank assigned to the set of answers that match the expression inanswerCondition
. Answers with the lowest values move to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.
case_condition
- An expression that uses conditions at the time of a DNS query to indicate whether a case matches. Conditions may include the geographical location, IP subnet, or ASN the DNS query originated. Example: If you have an office that uses the subnet192.0.2.0/24
you could use acaseCondition
expressionquery.client.address in ('192.0.2.0/24')
to define a case that matches queries from that office.count
- The number of answers allowed to remain after the limit rule has been processed, keeping only the first of the remaining answers in the list. Example: If thecount
property is set to2
and four answers remain before the limit rule is processed, only the first two answers in the list will remain after the limit rule has been processed.
default_answer_data
- Defines a default set of answer conditions and values that are applied to an answer whencases
is not defined for the rule, or a matching case does not have any matchinganswerCondition
s in itsanswerData
.defaultAnswerData
is not applied ifcases
is defined and there are no matching cases. In this scenario, the next rule will be processed.answer_condition
- An expression that is used to select a set of answers that match a condition. For example, answers with matching pool properties.should_keep
- Keeps the answer only if the value istrue
.value
- The rank assigned to the set of answers that match the expression inanswerCondition
. Answers with the lowest values move to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.
default_count
- Defines a default count ifcases
is not defined for the rule or a matching case does not definecount
.defaultCount
is not applied ifcases
is defined and there are no matching cases. In this scenario, the next rule will be processed. If no rules remain to be processed, the answer will be chosen from the remaining list of answers.description
- A user-defined description of the rule’s purpose or behavior.rule_type
- The type of a rule determines its sorting/filtering behavior.FILTER
- Filters the list of answers based on their defined boolean data. Answers remain only if theirshouldKeep
value istrue
.HEALTH
- Removes answers from the list if theirrdata
matches a target in the health check monitor referenced by the steering policy and the target is reported down.WEIGHTED
- Uses a number between 0 and 255 to determine how often an answer will be served in relation to other answers. Anwers with a higher weight will be served more frequently.PRIORITY
- Uses a defined rank value of answers to determine which answer to serve, moving those with the lowest values to the beginning of the list without changing the relative order of those with the same value. Answers can be given a value between0
and255
.LIMIT
- Filters answers that are too far down the list. ParameterdefaultCount
specifies how many answers to keep. Example: IfdefaultCount
has a value of2
and there are five answers left, when theLIMIT
rule is processed, only the first two answers will remain in the list.
self
- The canonical absolute URL of the resource.state
- The current state of the resource.template
- A set of predefined rules based on the desired purpose of the steering policy. Each template utilizes Traffic Management’s rules in a different order to produce the desired results when answering DNS queries.Example: The
FAILOVER
template determines answers by filtering the policy’s answers using theFILTER
rule first, then the following rules in succession:HEALTH
,PRIORITY
, andLIMIT
. This gives the domain dynamic failover capability.It is strongly recommended to use a template other than
CUSTOM
when creating a steering policy.All templates require the rule order to begin with an unconditional
FILTER
rule that keeps answers contingent uponanswer.isDisabled != true
, except forCUSTOM
. A definedHEALTH
rule must follow theFILTER
rule if the policy references ahealthCheckMonitorId
. The last rule of a template must must be aLIMIT
rule. For more information about templates and code examples, see Traffic Management API Guide.Template Types
FAILOVER
- Uses health check information on your endpoints to determine which DNS answers to serve. If an endpoint fails a health check, the answer for that endpoint will be removed from the list of available answers until the endpoint is detected as healthy.LOAD_BALANCE
- Distributes web traffic to specified endpoints based on defined weights.ROUTE_BY_GEO
- Answers DNS queries based on the query’s geographic location. For a list of geographic locations to route by, see Traffic Management Geographic Locations.ROUTE_BY_ASN
- Answers DNS queries based on the query’s originating ASN.ROUTE_BY_IP
- Answers DNS queries based on the query’s IP address.CUSTOM
- Allows a customized configuration of rules.
time_created
- The date and time the resource was created, expressed in RFC 3339 timestamp format.Example:
2016-07-22T17:23:59:60Z
ttl
- The Time To Live (TTL) for responses from the steering policy, in seconds. If not specified during creation, a value of 30 seconds will be used.
Timeouts
The timeouts
block allows you to specify timeouts for certain operations:
* create
- (Defaults to 20 minutes), when creating the Steering Policy
* update
- (Defaults to 20 minutes), when updating the Steering Policy
* delete
- (Defaults to 20 minutes), when destroying the Steering Policy
Import
SteeringPolicies can be imported using the id
, e.g.
$ terraform import oci_dns_steering_policy.test_steering_policy "id"