From 810cf272b8d3c59c4e6cccb10d006b727f13c967 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sat, 3 Sep 2022 23:12:06 +0200
Subject: [PATCH] feat: add option to set univention dns records

---
 data.tf      | 10 ++++++++++
 main.tf      | 34 ++++++++++++++++++++++++++++------
 outputs.tf   |  8 ++++++--
 providers.tf | 12 ++++++++++++
 variables.tf | 26 +++++++++++++++++++++++---
 versions.tf  |  3 +++
 6 files changed, 82 insertions(+), 11 deletions(-)

diff --git a/data.tf b/data.tf
index 30f3bac..b33f3e3 100644
--- a/data.tf
+++ b/data.tf
@@ -6,3 +6,13 @@ data "cloudflare_zones" "zones" {
     status = "active"
   }
 }
+
+data "restapi_object" "ucs_zones" {
+  for_each = toset(try(var.ucs_zones, []))
+
+  query_string = "filter=univentionObjectType=dns/forward_zone"
+  path         = "/dns/forward_zone/"
+  search_key   = "id"
+  search_value = each.key
+  results_key  = "_embedded/udm:object"
+}
diff --git a/main.tf b/main.tf
index c449faf..8d27c8d 100644
--- a/main.tf
+++ b/main.tf
@@ -1,9 +1,15 @@
 locals {
-  zones = {
+  cloudflare_zones = {
     for zone in try(data.cloudflare_zones.zones, []) : zone.zones[0].name => zone.zones[0].id
   }
 }
 
+locals {
+  ucs_zones = {
+    for zone in try(data.restapi_object.ucs_zones, []) : zone.api_data.id => zone.api_data.dn
+  }
+}
+
 locals {
   server_volumes = flatten([
     for server_key, server in var.server : [
@@ -25,7 +31,7 @@ locals {
         record_type  = domain.type
         record_value = domain.value
         record_ttl   = try(domain.ttl, 1)
-        zone_id      = local.zones[try(domain.zone_name, var.cloudflare_default_zone)]
+        zone_id      = local.cloudflare_zones[try(domain.zone_name, var.server_dns_zone)]
       }
     ]
   ])
@@ -91,7 +97,7 @@ resource "hcloud_rdns" "serverv4" {
 
   server_id  = hcloud_server.server[each.value.name].id
   ip_address = hcloud_server.server[each.value.name].ipv4_address
-  dns_ptr    = "${each.value.name}.${local.zones[try(each.value.dns_zone, var.cloudflare_default_zone)]}"
+  dns_ptr    = "${each.value.name}.${try(each.value.dns_zone, var.server_dns_zone)}"
 }
 
 resource "hcloud_rdns" "serverv6" {
@@ -99,13 +105,13 @@ resource "hcloud_rdns" "serverv6" {
 
   server_id  = hcloud_server.server[each.value.name].id
   ip_address = hcloud_server.server[each.value.name].ipv6_address
-  dns_ptr    = "${each.value.name}.${local.zones[try(each.value.dns_zone, var.cloudflare_default_zone)]}"
+  dns_ptr    = "${each.value.name}.${try(each.value.dns_zone, var.server_dns_zone)}"
 }
 
 resource "cloudflare_record" "serverv4" {
   for_each = { for row in var.server : row.name => row }
 
-  zone_id = local.zones[try(each.value.dns_zone, var.cloudflare_default_zone)]
+  zone_id = local.cloudflare_zones[try(each.value.dns_zone, var.server_dns_zone)]
   name    = each.value.name
   value   = hcloud_server.server[each.value.name].ipv4_address
   type    = "A"
@@ -115,7 +121,7 @@ resource "cloudflare_record" "serverv4" {
 resource "cloudflare_record" "serverv6" {
   for_each = { for row in var.server : row.name => row }
 
-  zone_id = local.zones[try(each.value.dns_zone, var.cloudflare_default_zone)]
+  zone_id = local.cloudflare_zones[try(each.value.dns_zone, var.server_dns_zone)]
   name    = each.value.name
   value   = hcloud_server.server[each.value.name].ipv6_address
   type    = "AAAA"
@@ -131,3 +137,19 @@ resource "cloudflare_record" "record" {
   type    = each.value.record_type
   ttl     = each.value.record_ttl
 }
+
+resource "restapi_object" "ucs_server" {
+  for_each = { for row in var.server : row.name => row }
+
+  path = "/dns/host_record/"
+  data = jsonencode({
+    "position" : local.ucs_zones[try(each.value.dns_zone, var.server_dns_zone)],
+    "properties" : {
+      "name" : each.value.name,
+      "a" : [
+        hcloud_server.server[each.value.name].ipv4_address,
+        hcloud_server.server[each.value.name].ipv6_address,
+      ],
+    }
+  })
+}
diff --git a/outputs.tf b/outputs.tf
index a8693a9..353c6e0 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -4,6 +4,10 @@ output "output" {
   }
 }
 
-output "zones" {
-  value = local.zones
+output "cloudflare_zones" {
+  value = local.cloudflare_zones
+}
+
+output "ucs_zones" {
+  value = local.ucs_zones
 }
diff --git a/providers.tf b/providers.tf
index 8155974..1865ad2 100644
--- a/providers.tf
+++ b/providers.tf
@@ -5,3 +5,15 @@ provider "hcloud" {
 provider "cloudflare" {
   api_token = var.cloudflare_api_token
 }
+
+provider "restapi" {
+  uri                   = var.ucs_api_url
+  username              = var.ucs_api_username
+  password              = var.ucs_api_password
+  id_attribute          = "dn"
+  debug                 = true
+  create_returns_object = true
+  headers = {
+    accept = "application/json"
+  }
+}
diff --git a/variables.tf b/variables.tf
index 025efed..ac8104e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,3 +1,4 @@
+// Hetzner Cloud
 variable "hcloud_token" {
   type = string
 }
@@ -6,6 +7,7 @@ variable "hcloud_project" {
   type = string
 }
 
+// Cloudflare
 variable "cloudflare_api_token" {
   type = string
 }
@@ -14,14 +16,28 @@ variable "cloudflare_zones" {
   type = list(string)
 }
 
-variable "server" {
-  default = []
+// Univention
+variable "ucs_api_url" {
+  type = string
+}
+
+variable "ucs_api_username" {
+  type = string
 }
 
-variable "cloudflare_default_zone" {
+variable "ucs_api_password" {
   type = string
 }
 
+variable "ucs_zones" {
+  type = list(string)
+}
+
+// Module
+variable "server" {
+  default = []
+}
+
 variable "server_keys" {
   type = list(string)
 }
@@ -29,3 +45,7 @@ variable "server_keys" {
 variable "ssh_keys" {
   type = list(string)
 }
+
+variable "server_dns_zone" {
+  type = string
+}
diff --git a/versions.tf b/versions.tf
index a4fbcf8..ff6f93c 100644
--- a/versions.tf
+++ b/versions.tf
@@ -6,5 +6,8 @@ terraform {
     hcloud = {
       source = "hetznercloud/hcloud"
     }
+    restapi = {
+      source = "Mastercard/restapi"
+    }
   }
 }