-
Notifications
You must be signed in to change notification settings - Fork 3
/
variables.tf
153 lines (133 loc) · 4.54 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
variable "cluster_name" {
type = string
description = "Name of the cluster to setup permissions for."
}
# NOTE: if using Terraform or other automation tool, use 'api' as the installation type.
variable "installation_type" {
type = string
default = "cli"
description = "The installation type that will be used to create the ARO cluster. One of: [api, cli]"
validation {
condition = contains(["api", "cli"], var.installation_type)
error_message = "'installation_type' must be one of: ['api', 'cli']."
}
}
#
# service principals and users
#
variable "cluster_service_principal" {
type = object({
name = string
create = bool
})
default = {
name = null
create = true
}
description = "Cluster Service Principal to use or optionally create. If name is unset, the cluster_name is used to derive a name."
}
variable "installer_service_principal" {
type = object({
name = string
create = bool
})
default = {
name = null
create = true
}
description = "Installer Service Principal to use or optionally create. If name is unset, the cluster_name is used to derive a name. Overridden if an 'installer_user_name' is specified."
}
variable "installer_user" {
type = string
default = ""
description = "User who will be executing the installation (e.g. via az aro create). This overrides the 'installer_service_principal'. Must be in UPN format (e.g. jdoe@example.com)."
}
#
# objects
#
variable "aro_resource_group" {
type = object({
name = string
create = bool
})
description = "ARO resource group to use or optionally create."
}
variable "vnet" {
type = string
description = "VNET where ARO will be deployed into."
}
variable "vnet_resource_group" {
type = string
default = null
description = "Resource Group where the VNET resides. If unspecified, defaults to 'aro_resource_group.name'."
}
# TODO: pull from data sources
variable "route_tables" {
type = list(string)
default = []
description = "Names of route tables for user-defined routing. Route tables are assumed to exist in 'vnet_resource_group'."
}
# TODO: pull from data sources
variable "nat_gateways" {
type = list(string)
default = []
description = "Names of NAT gateways for user-defined routing. NAT gateways are assumed to exist in 'vnet_resource_group'."
}
variable "network_security_group" {
type = string
default = null
description = "Network security group used in a BYO-NSG scenario."
}
variable "disk_encryption_set" {
type = string
default = null
description = "Disk encryption set to use. If specified, a role is created for allowing read access to the specified disk encryption set. Must exist in 'aro_resource_group.name'."
}
#
# roles
#
variable "minimal_network_role" {
type = string
default = null
description = "Role to manage to substitute for full 'Network Contributor' on network objects. If specified, this is created, otherwise 'Network Contributor' is used. For objects such as NSGs, route tables, and NAT gateways, this is used as a prefix for the role."
}
variable "minimal_aro_role" {
type = string
default = null
description = "Role to manage to substitute for full 'Contributor' on the ARO resource group. If specified, this is created, otherwise 'Contributor' is used. For objects such as disk encryption sets, this is used as a prefix for the role."
}
#
# azure variables
#
variable "environment" {
type = string
default = "public"
description = "Explicitly use a specific Azure environment. One of: [public, usgovernment, dod]."
validation {
condition = contains(["public", "usgovernment", "dod"], var.environment)
error_message = "'environment' must be one of: ['public', 'usgovernment', 'dod']."
}
}
variable "subscription_id" {
type = string
default = null
description = "Explicitly use a specific Azure subscription id (defaults to the current system configuration)."
}
variable "tenant_id" {
type = string
default = null
description = "Explicitly use a specific Azure tenant id (defaults to the current system configuration)."
}
variable "location" {
type = string
default = "eastus"
description = "Azure region where region-specific objects exist or are to be created."
}
#
# other variables
#
variable "output_as_file" {
type = bool
default = true
description = "Output created service principal client identifier and client secret into a source file."
}