generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
155 lines (127 loc) · 5.08 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
##############################################################################
# Input Variables
##############################################################################
# Common
##############################################################################
# Certificate
variable "cert_common_name" {
type = string
description = "Fully qualified domain name or host domain name for the certificate to be created"
validation {
condition = length(var.cert_common_name) >= 4 && length(var.cert_common_name) <= 128
error_message = "length of cert_common_name must be >= 4 and <= 128"
}
validation {
condition = can(regex("(.*?)", var.cert_common_name))
error_message = "cert_common_name must match regular expression /(.*?)/"
}
}
variable "cert_description" {
type = string
description = "Optional, Extended description of certificate to be created. To protect privacy, do not use personal data, such as name or location, as a description for certificate"
default = null
validation {
condition = var.cert_description == null ? true : length(var.cert_description) <= 1024
error_message = "length of cert_description must be <= 1024"
}
validation {
condition = var.cert_description == null ? true : can(regex("(.*?)", var.cert_description))
error_message = "cert_description must match regular expression /(.*?)/"
}
}
variable "cert_name" {
type = string
description = "The name of the certificate to be created in Secrets Manager"
validation {
condition = length(var.cert_name) > 1 && length(var.cert_name) <= 256
error_message = "length of cert_name must be > 1 and <= 256"
}
validation {
condition = can(regex("^\\w(([\\w-.]+)?\\w)?$", var.cert_name))
error_message = "cert_name must match regular expression /^\\w(([\\w-.]+)?\\w)?$/"
}
}
variable "cert_alt_names" {
type = list(string)
description = "Optional, Alternate names for the certificate to be created"
default = null
validation {
condition = var.cert_alt_names == null ? true : length(var.cert_alt_names) < 100
error_message = "length of cert_alt_names must be < 100"
}
validation {
condition = var.cert_alt_names == null ? true : alltrue([
for cert_alt_name in var.cert_alt_names : can(regex("^(.*?)$", cert_alt_name))
])
error_message = "list items must match regular expression /^(.*?)$/"
}
}
variable "cert_secrets_group_id" {
type = string
description = "Optional, Id of Secrets Manager secret group to store the certificate in"
default = "default"
validation {
condition = var.cert_secrets_group_id == null ? true : length(var.cert_secrets_group_id) >= 7 && length(var.cert_secrets_group_id) <= 36
error_message = "length of cert_secrets_group_id must be >= 7 and <= 36"
}
validation {
condition = can(regex("^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$", var.cert_secrets_group_id))
error_message = "cert_secrets_group_id match regular expression /^([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}|default)$/"
}
}
variable "cert_rotation" {
type = object({
auto_rotate = optional(bool),
rotate_keys = optional(bool)
})
description = "Optional, Rotation policy for the certificate to be created"
default = {
auto_rotate = true,
rotate_keys = false
}
}
variable "bundle_certs" {
type = bool
description = "Indicates whether the issued certificate is bundled with intermediate certificates."
default = true
validation {
condition = can(regex("^([t][r][u][e]|[f][a][l][s][e])$", var.bundle_certs))
error_message = "The bundle_certs must be either true or false."
}
}
variable "key_algorithm" {
type = string
description = "The identifier for the cryptographic algorithm to be used to generate the public key that is associated with the certificate."
default = "RSA2048"
validation {
condition = contains(["RSA2048", "RSA4096", "ECDSA256", "ECDSA384"], var.key_algorithm)
error_message = "Invalid input, options: RSA2048, RSA4096, ECDSA256, ECDSA384"
}
}
##############################################################################
# Secrets Manager
variable "secrets_manager_ca_name" {
type = string
description = "The name of the Secrets Manager certificate authority"
}
variable "secrets_manager_dns_provider_name" {
type = string
description = "The name of the Secrets Manager DNS provider"
}
variable "secrets_manager_guid" {
type = string
description = "Secrets Manager GUID"
}
variable "secrets_manager_region" {
type = string
description = "Region the Secrets Manager instance is in"
}
variable "service_endpoints" {
type = string
description = "Service endpoint type to communicate with the provided secrets manager instance. Possible values are `public` or `private`"
default = "public"
validation {
condition = contains(["public", "private"], var.service_endpoints)
error_message = "The specified service_endpoints is not a valid selection!"
}
}