generated from equinor/terraform-module-template
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathvariables.tf
366 lines (306 loc) · 11.3 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
variable "resource_group_name" {
description = "The name of the resource group to create the resources in."
type = string
nullable = false
}
variable "location" {
description = "The location to create the resources in."
type = string
nullable = false
}
variable "account_name" {
description = "The name of this Storage account."
type = string
nullable = false
}
variable "account_kind" {
description = "The kind of Storage account to create. Value must be \"StorageV2\", \"BlobStorage\", \"BlockBlobStorage\" or \"FileStorage\"."
type = string
default = "StorageV2"
nullable = false
validation {
condition = contains(["StorageV2", "BlobStorage", "BlockBlobStorage", "FileStorage"], var.account_kind)
error_message = "Account kind must be \"Standard\" or \"Premium\"."
}
}
variable "account_tier" {
description = "The performance tier of this Storage account. Value must be \"Standard\" or \"Premium\"."
type = string
default = "Standard"
nullable = false
validation {
condition = contains(["Standard", "Premium"], var.account_tier)
error_message = "Account tier must be \"Standard\" or \"Premium\"."
}
}
variable "account_replication_type" {
description = "The type of replication to use for this Storage account. Value must be \"LRS\", \"ZRS\", \"GRS\", \"RAGRS\", \"GZRS\" or \"RAGZRS\"."
type = string
default = "RAGRS"
nullable = false
validation {
condition = contains(["LRS", "ZRS", "GRS", "RAGRS", "GZRS", "RAGZRS"], var.account_replication_type)
error_message = "Account replication type must be \"LRS\", \"ZRS\", \"GRS\", \"RAGRS\", \"GZRS\" or \"RAGZRS\"."
}
}
variable "access_tier" {
description = "The access tier to use for this Storage account. Value must be \"Hot\" or \"Cool\"."
type = string
default = "Hot"
nullable = false
validation {
condition = contains(["Hot", "Cool"], var.access_tier)
error_message = "Account replication type must be \"Hot\" or \"Cool\"."
}
}
variable "shared_access_key_enabled" {
description = "Is authorization with access key enabled for this Storage account?"
type = bool
default = false
nullable = false
}
variable "public_network_access_enabled" {
description = "Should public network access be enabled for this Storage account?"
type = bool
default = true
nullable = false
}
variable "is_hns_enabled" {
description = "Is Data Lake Storage Gen2 hierarchical namespace (HNS) enabled for this Storage account?"
type = bool
default = false
nullable = false
}
variable "sftp_enabled" {
description = "Should SSH File Transfer Protocol (SFTP) be enabled for this Storage account? Only applicable if value of is_hns_enabled is true."
type = bool
default = false
nullable = false
}
variable "queue_encryption_key_type" {
description = "The type of encryption to use for this Queue Storage. Value must be \"Service\" or \"Account\"."
type = string
default = "Service"
nullable = false
validation {
condition = contains(["Service", "Account"], var.queue_encryption_key_type)
error_message = "Queue encryption key type must be \"Service\" or \"Account\"."
}
}
variable "table_encryption_key_type" {
description = "The type of encryption to use for this Table Storage. Value must be \"Service\" or \"Account\"."
type = string
default = "Service"
nullable = false
validation {
condition = contains(["Service", "Account"], var.table_encryption_key_type)
error_message = "Table encryption key type must be \"Service\" or \"Account\"."
}
}
variable "infrastructure_encryption_enabled" {
description = "Should infrastructure encryption be enabled for this Storage account? When enabled, data is encrypted twice. Recommended for scenarios where doubly encrypting data is necessary for compliance requirements. For most other scenarios there is unlikely to be a benefit to using infrastructure encryption."
type = bool
default = false
nullable = false
}
variable "allow_blob_public_access" {
description = "Allow public access to this Blob Storage?"
type = bool
default = false
nullable = false
}
variable "default_to_oauth_authentication" {
description = "Default to Entra ID authorization in the Azure Portal when accessing this Storage account?"
type = bool
default = true
nullable = false
}
variable "cross_tenant_replication_enabled" {
description = "Allow cross-tenant replication for this Storage account?"
type = bool
default = false
nullable = false
}
variable "blob_versioning_enabled" {
description = "Is versioning enabled for this Blob Storage?"
type = bool
default = true
nullable = false
}
variable "blob_change_feed_enabled" {
description = "Is change feed enabled for this Blob Storage?"
type = bool
default = true
nullable = false
}
variable "last_access_time_enabled" {
description = "Is last access time tracking enabled for this Blob Storage?"
type = bool
default = false
nullable = false
}
variable "blob_delete_retention_policy_days" {
description = "The number of days that deleted blobs should be retained. Value must be between 1 and 365."
type = number
default = 7
nullable = false
validation {
condition = var.blob_delete_retention_policy_days >= 1 && var.blob_delete_retention_policy_days <= 365
error_message = "Blob delete retention policy days must be between 1 and 365."
}
}
variable "blob_container_delete_retention_policy_days" {
description = "The number of days that deleted blob containers should be retained. Value must be between 1 and 365."
type = number
default = 7
nullable = false
validation {
condition = var.blob_container_delete_retention_policy_days >= 1 && var.blob_container_delete_retention_policy_days <= 365
error_message = "Blob container delete retention policy days must be between 1 and 365."
}
}
variable "blob_restore_policy_days" {
description = "The number of days in the past to set the maximum point-in-time restore point for containers. Value must be between 0 and 364, and less than the blob delete retention policy."
type = number
default = 6
nullable = false
validation {
condition = var.blob_restore_policy_days >= 0 && var.blob_restore_policy_days <= 364
error_message = "Blob restore policy days must be between 0 and 365."
}
}
variable "blob_cors_rules" {
description = "A list of CORS rules to configure for this Blob Storage."
type = list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
}))
default = []
nullable = false
}
variable "share_retention_policy_days" {
description = "The number of days that files should be retained. Value must be between 1 and 365."
type = number
default = 7
nullable = false
validation {
condition = var.share_retention_policy_days >= 1 && var.share_retention_policy_days <= 365
error_message = "Share retention policy days must be between 1 and 365."
}
}
variable "share_cors_rules" {
description = "A list of CORS rules to configure for this File Storage."
type = list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
}))
default = []
nullable = false
}
variable "system_assigned_identity_enabled" {
description = "Should the system-assigned identity be enabled for this Web App?"
type = bool
default = false
nullable = false
}
variable "identity_ids" {
description = "A list of IDs of managed identities to be assigned to this Web App."
type = list(string)
default = []
nullable = false
}
variable "network_rules_default_action" {
description = "The default action of the network rules for this Storage account. Value must be \"Allow\" or \"Deny\"."
type = string
default = "Deny"
nullable = false
validation {
condition = contains(["Allow", "Deny"], var.network_rules_default_action)
error_message = "Network rules default action must be \"Allow\" or \"Deny\"."
}
}
variable "network_rules_virtual_network_subnet_ids" {
description = "A list of virtual subnet IDs that should be able to bypass the network rules for this Storage account."
type = list(string)
default = []
nullable = false
}
variable "network_rules_bypass_azure_services" {
description = "Should Azure services be allowed to bypass the network rules for this Storage account?"
type = bool
default = true
nullable = false
}
variable "network_rules_ip_rules" {
description = "A list of public IPs or IP ranges that should be able to bypass the network rules for this Storage account. Values must be in CIDR format, and only IP ranges with 0-30 number of bits as prefix are allowed."
type = list(string)
default = []
nullable = false
validation {
condition = alltrue([for ip_rule in var.network_rules_ip_rules : can(cidrhost("${ip_rule}/32", 0)) || can(cidrhost(ip_rule, 0))])
error_message = "Invalid public IPs or IP ranges. Must be in CIDR format."
}
validation {
condition = alltrue([for ip_rule in var.network_rules_ip_rules : try(split("/", ip_rule)[1], 0) < 31])
error_message = "Invalid IP range prefix. Only 0-30 number of bits allowed."
}
}
variable "private_link_accesses" {
description = "A list of private link accesses to configure for this Storage account."
type = list(object({
endpoint_resource_id = string
endpoint_tenant_id = optional(string)
}))
default = []
nullable = false
}
variable "custom_domain" {
description = "A custom domain (or subdomain) name for this Storage account."
type = object({
name = string
use_subdomain = optional(bool, false)
})
default = null
nullable = true
}
variable "log_analytics_workspace_id" {
description = "The ID of the Log Analytics workspace to send diagnostics to."
type = string
nullable = false
}
variable "diagnostic_setting_name" {
description = "The name of this diagnostic setting."
type = string
default = "audit-logs"
nullable = false
}
variable "diagnostic_setting_enabled_log_categories" {
description = "A list of log categories to be enabled for this diagnostic setting."
type = list(string)
default = ["StorageRead", "StorageWrite", "StorageDelete"]
nullable = false
}
variable "diagnostic_setting_enabled_metric_categories" {
description = "A list of metric categories to be enabled for this diagnostic setting."
type = list(string)
default = []
nullable = false
}
variable "advanced_threat_protection_enabled" {
description = "Should Defender for Storage (classic) advanced threat protection be enabled for this Storage account?"
type = bool
default = false
nullable = false
}
variable "tags" {
description = "A map of tags to assign to the resources."
type = map(string)
default = {}
nullable = false
}