generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 3
/
variables.tf
144 lines (128 loc) · 5.95 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
##############################################################################
# VPC Variables
##############################################################################
variable "region" {
description = "The region where VPC and services are deployed"
type = string
default = "us-south"
}
variable "prefix" {
description = "The prefix that you would like to append to your resources. Value is only used if no value is passed for the `vpe_name` option in the `cloud_services` input variable."
type = string
default = "vpe"
}
variable "vpc_name" {
description = "A label that can be used as a short name for virtual private endpoints. If `vpe_name` is not specified in the `cloud_services` or `cloud_service_by_crn` input variable lists, VPE names are created in the format `<prefix>-<vpc_name>-<service_name>`. The value that you specify for `vpc_name` must be known at Terraform plan time."
type = string
default = "vpc"
}
variable "vpc_id" {
description = "ID of the VPC where the Endpoint Gateways will be created"
type = string
default = null
}
variable "subnet_zone_list" {
description = "List of subnets in the VPC where gateways and reserved IPs will be provisioned. This value is intended to use the `subnet_zone_list` output from the Landing Zone VPC Subnet Module (https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc) or from templates using that module for subnet creation."
type = list(
object({
name = string
id = string
zone = string
cidr = optional(string)
})
)
default = []
}
##############################################################################
##############################################################################
# VPE Variables
##############################################################################
variable "resource_group_id" {
description = "ID of the resource group where endpoint gateways will be provisioned"
type = string
default = null
}
variable "security_group_ids" {
description = "List of security group ids to attach to each endpoint gateway."
type = list(string)
default = null
}
variable "cloud_services" {
description = "The list of cloud services used to create endpoint gateways. If `vpe_name` is not specified in the list, VPE names are created in the format `<prefix>-<vpc_name>-<service_name>`. The value that you specify for `vpc_name` must be known at Terraform plan time."
type = set(object({
service_name = string
vpe_name = optional(string), # Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.
allow_dns_resolution_binding = optional(bool, false)
}))
default = []
validation {
error_message = "The service you're trying to add is not supported. For a list of supported services, see [VPE-enabled services](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-supported-services). You can add unsupported services in the `cloud_service_by_crn` variable."
condition = length(var.cloud_services) == 0 ? true : length([
for service in var.cloud_services :
service.service_name if !contains([
"account-management",
"billing",
"cloud-object-storage",
"cloud-object-storage-config",
"codeengine",
"container-registry",
"containers-kubernetes",
"context-based-restrictions",
"directlink",
"dns-svcs",
"enterprise",
"global-search-tagging",
"global-search",
"global-tagging",
"globalcatalog",
"hs-crypto",
"hs-crypto-cert-mgr",
"hs-crypto-ep11",
"hs-crypto-ep11-az1",
"hs-crypto-ep11-az2",
"hs-crypto-ep11-az3",
"hs-crypto-kmip",
"hs-crypto-tke",
"iam-svcs",
"is",
"kms",
"messaging",
"resource-controller",
"support-center",
"transit",
"user-management",
"vmware",
"ntp"
], service.service_name)
]) == 0
}
}
variable "cloud_service_by_crn" {
description = "The list of cloud service CRNs used to create endpoint gateways. Use this list to identify services that are not supported by service name in the `cloud_services` variable. For a list of supported services, see [VPE-enabled services](https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-supported-services). If `service_name` is not specified, the CRN is used to find the name. If `vpe_name` is not specified in the list, VPE names are created in the format `<prefix>-<vpc_name>-<service_name>`. The value that you specify for `vpc_name` must be known at Terraform plan time."
type = set(
object({
crn = string
vpe_name = optional(string) # Full control on the VPE name. If not specified, the VPE name will be computed based on prefix, vpc name and service name.
service_name = optional(string) # Name of the service used to compute the name of the VPE. If not specified, the service name will be obtained from the crn.
allow_dns_resolution_binding = optional(bool, true)
})
)
default = []
}
variable "service_endpoints" {
description = "Service endpoints to use to create endpoint gateways. Can be `public`, or `private`."
type = string
default = "private"
validation {
error_message = "Service endpoints can only be `public` or `private`."
condition = contains(["public", "private"], var.service_endpoints)
}
}
variable "reserved_ips" {
description = "Map of existing reserved IP names and values. If you wish to create your reserved ips independently and not create new ones you can first run the `reserved-ips` submodule and then copy the output `reserved_ip_map` here."
type = object({
name = optional(string) # reserved ip name
})
default = {}
}
##############################################################################