From 6c793a4e6f2a24e58724619278fc3e2f04b61ee1 Mon Sep 17 00:00:00 2001
From: Fabio Benoit <156663372+fabiopadok@users.noreply.github.com>
Date: Mon, 11 Mar 2024 16:59:47 +0100
Subject: [PATCH] feat: allow to disable dnssec (#34)

* feat: allow to disable dnssec

* chore: fmt
---
 main.tf      | 2 +-
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/main.tf b/main.tf
index f7a9bcd..87ed538 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,7 @@ resource "google_dns_managed_zone" "this" {
   // CKV_GCP_16:
   // DNSSEC is a feature of the Domain Name System that authenticates responses to domain name lookups. DNSSEC prevents attackers from manipulating or poisoning the responses to DNS requests.
   dnssec_config {
-    state = "on"
+    state = var.dnssec_state
   }
 }
 
diff --git a/variables.tf b/variables.tf
index 310e2f5..94fdab1 100644
--- a/variables.tf
+++ b/variables.tf
@@ -37,3 +37,9 @@ variable "records" {
   description = "List of your DNS records."
   default     = {}
 }
+
+variable "dnssec_state" {
+  type        = string
+  description = "DNSSEC State"
+  default     = "on"
+}
\ No newline at end of file