-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathvariables.teleport.tf
146 lines (121 loc) · 4.33 KB
/
variables.teleport.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
##############################################################################
# Teleport Variables
##############################################################################
variable "enable_teleport" {
description = "Enable teleport VSI"
type = bool
default = false
}
variable "use_f5_bastion_subnets" {
description = "Create teleport instances on the edge network subnets reserved for bastion hosts. Instances will only be created if `enable_teleport` is `true`."
type = bool
default = true
}
variable "teleport_vpc" {
description = "Shortname of the VPC where teleport VSI will be provisioned. This value is ignored when `use_f5_bastion_subnets` is true."
type = string
default = "management"
}
variable "teleport_deployment_tier" {
description = "Subnet tier where teleport VSI will be deployed. This value is ignored when `use_f5_bastion_subnets` is true."
type = string
default = "vsi"
}
variable "teleport_zones" {
description = "Number of zones where teleport VSI will be provisioned. This value is ignored when `use_f5_bastion_subnets` is `true`."
type = number
default = 1
validation {
error_message = "Teleport zones must be 1, 2, or 3."
condition = var.teleport_zones > 0 && var.teleport_zones < 4
}
}
##############################################################################
##############################################################################
# App ID Variables
##############################################################################
variable "appid_use_data" {
description = "Get App ID information from data."
type = bool
default = false
}
variable "appid_name" {
description = "App ID name. Use only if `use_data` is true."
type = string
default = null
}
variable "appid_resource_group_id" {
description = "App ID resource group. Use only if `use_data` is true."
type = string
default = null
}
##############################################################################
##############################################################################
# Teleport Variables
##############################################################################
variable "teleport_profile" {
description = "Machine type for Teleport VSI instances. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles."
type = string
default = "cx2-4x8"
}
variable "teleport_image_name" {
description = "Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images."
type = string
default = "ibm-ubuntu-18-04-6-minimal-amd64-2"
}
variable "teleport_add_floating_ip" {
description = "Add a floating IP to the primary network interface for each server in the deployment."
type = bool
default = false
}
variable "teleport_allow_tcp_ports_inbound" {
description = "List of TCP ports where all inbound traffic to the teleport instance will be allowed."
type = list(number)
default = [443]
}
variable "teleport_license" {
description = "The contents of the PEM license file"
type = string
default = null
}
variable "https_cert" {
description = "The https certificate used by bastion host for teleport"
type = string
default = null
}
variable "https_key" {
description = "The https private key used by bastion host for teleport"
type = string
default = null
}
variable "teleport_hostname" {
description = "The name of the instance or bastion host"
type = string
default = null
}
variable "teleport_domain" {
description = "The domain of the bastion host"
type = string
default = "domain.domain"
}
variable "teleport_version" {
description = "Version of Teleport Enterprise to use"
type = string
default = "7.1.0"
}
variable "message_of_the_day" {
description = "Banner message that is exposed to the user at authentication time"
type = string
default = null
}
variable "claims_to_roles" {
description = "A list of maps that contain the user email and the role you want to associate with them"
type = list(
object({
email = string
roles = list(string)
})
)
default = []
}
##############################################################################