This repository has been archived by the owner on Nov 13, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathvariables.tf
149 lines (133 loc) · 8.05 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
variable "resource_group_name" {
type = string
description = "(Required) The name of the resource group in which to create the subnets. Changing this forces new resources to be created."
nullable = false
}
variable "subnets" {
type = map(object(
{
address_prefixes = list(string) # (Required) The address prefixes to use for the subnet.
nat_gateway = optional(object({
id = string # (Required) The ID of the NAT Gateway which should be associated with the Subnet. Changing this forces a new resource to be created.
}))
network_security_group = optional(object({
id = string # (Required) The ID of the Network Security Group which should be associated with the Subnet. Changing this forces a new association to be created.
}))
private_endpoint_network_policies_enabled = optional(bool, true) # (Optional) Enable or Disable network policies for the private endpoint on the subnet. Setting this to `true` will **Enable** the policy and setting this to `false` will **Disable** the policy. Defaults to `true`.
private_link_service_network_policies_enabled = optional(bool, true) # (Optional) Enable or Disable network policies for the private link service on the subnet. Setting this to `true` will **Enable** the policy and setting this to `false` will **Disable** the policy. Defaults to `true`.
route_table = optional(object({
id = string # (Required) The ID of the Route Table which should be associated with the Subnet. Changing this forces a new association to be created.
}))
service_endpoints = optional(set(string)) # (Optional) The list of Service endpoints to associate with the subnet. Possible values include: `Microsoft.AzureActiveDirectory`, `Microsoft.AzureCosmosDB`, `Microsoft.ContainerRegistry`, `Microsoft.EventHub`, `Microsoft.KeyVault`, `Microsoft.ServiceBus`, `Microsoft.Sql`, `Microsoft.Storage` and `Microsoft.Web`.
service_endpoint_policy_ids = optional(set(string)) # (Optional) The list of IDs of Service Endpoint Policies to associate with the subnet.
default_outbound_access_enabled = optional(bool, true) # (Optional) Enable default outbound access to the internet for the subnet. Defaults to `true`.
delegations = optional(list(
object(
{
name = string # (Required) A name for this delegation.
service_delegation = object({
name = string # (Required) The name of service to delegate to. Possible values include `Microsoft.ApiManagement/service`, `Microsoft.AzureCosmosDB/clusters`, `Microsoft.BareMetal/AzureVMware`, `Microsoft.BareMetal/CrayServers`, `Microsoft.Batch/batchAccounts`, `Microsoft.ContainerInstance/containerGroups`, `Microsoft.ContainerService/managedClusters`, `Microsoft.Databricks/workspaces`, `Microsoft.DBforMySQL/flexibleServers`, `Microsoft.DBforMySQL/serversv2`, `Microsoft.DBforPostgreSQL/flexibleServers`, `Microsoft.DBforPostgreSQL/serversv2`, `Microsoft.DBforPostgreSQL/singleServers`, `Microsoft.HardwareSecurityModules/dedicatedHSMs`, `Microsoft.Kusto/clusters`, `Microsoft.Logic/integrationServiceEnvironments`, `Microsoft.MachineLearningServices/workspaces`, `Microsoft.Netapp/volumes`, `Microsoft.Network/managedResolvers`, `Microsoft.Orbital/orbitalGateways`, `Microsoft.PowerPlatform/vnetaccesslinks`, `Microsoft.ServiceFabricMesh/networks`, `Microsoft.Sql/managedInstances`, `Microsoft.Sql/servers`, `Microsoft.StoragePool/diskPools`, `Microsoft.StreamAnalytics/streamingJobs`, `Microsoft.Synapse/workspaces`, `Microsoft.Web/hostingEnvironments`, `Microsoft.Web/serverFarms`, `NGINX.NGINXPLUS/nginxDeployments` and `PaloAltoNetworks.Cloudngfw/firewalls`.
actions = optional(list(string)) # (Optional) A list of Actions which should be delegated. This list is specific to the service to delegate to. Possible values include `Microsoft.Network/networkinterfaces/*`, `Microsoft.Network/virtualNetworks/subnets/action`, `Microsoft.Network/virtualNetworks/subnets/join/action`, `Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action` and `Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action`.
})
}
)
))
}
))
description = "Subnets to create"
}
variable "virtual_network_address_space" {
type = list(string)
description = " (Required) The address space that is used the virtual network. You can supply more than one address space."
nullable = false
validation {
condition = length(var.virtual_network_address_space) > 0
error_message = "Please provide at least one cidr as address space."
}
}
variable "virtual_network_location" {
type = string
description = "(Required) The location/region where the virtual network is created. Changing this forces new resources to be created."
nullable = false
}
variable "virtual_network_name" {
type = string
description = "(Required) The name of the virtual network to which to attach the subnet. Changing this forces a new resource to be created."
nullable = false
}
variable "new_network_ddos_protection_plan" {
type = object({
name = string
tags = optional(map(string))
timeouts = optional(object({
create = optional(string)
delete = optional(string)
read = optional(string)
update = optional(string)
}))
})
default = null
description = <<-EOT
- `name` - (Required) Specifies the name of the Network DDoS Protection Plan. Changing this forces a new resource to be created.
- `tags` - (Optional) A mapping of tags to assign to the resource.
---
`timeouts` block supports the following:
- `create` - (Defaults to 30 minutes) Used when creating the DDoS Protection Plan.
- `delete` - (Defaults to 30 minutes) Used when deleting the DDoS Protection Plan.
- `read` - (Defaults to 5 minutes) Used when retrieving the DDoS Protection Plan.
- `update` - (Defaults to 30 minutes) Used when updating the DDoS Protection Plan.
EOT
}
# tflint-ignore: terraform_unused_declarations
variable "tracing_tags_enabled" {
type = bool
default = false
description = "Whether enable tracing tags that generated by BridgeCrew Yor."
nullable = false
}
# tflint-ignore: terraform_unused_declarations
variable "tracing_tags_prefix" {
type = string
default = "avm_"
description = "Default prefix for generated tracing tags"
nullable = false
}
variable "virtual_network_bgp_community" {
type = string
default = null
description = "(Optional) The BGP community attribute in format `<as-number>:<community-value>`."
}
variable "virtual_network_ddos_protection_plan" {
type = object({
id = string # (Required) The ID of DDoS Protection Plan.
enable = bool # (Required) Enable/disable DDoS Protection Plan on Virtual Network.
})
default = null
description = "AzureNetwork DDoS Protection Plan."
}
variable "virtual_network_dns_servers" {
type = object({
dns_servers = list(string)
})
default = null
description = "(Optional) List of IP addresses of DNS servers"
}
variable "virtual_network_edge_zone" {
type = string
default = null
description = "(Optional) Specifies the Edge Zone within the Azure Region where this Virtual Network should exist. Changing this forces a new Virtual Network to be created."
}
variable "virtual_network_flow_timeout_in_minutes" {
type = number
default = null
description = "(Optional) The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between `4` and `30`minutes."
validation {
condition = var.virtual_network_flow_timeout_in_minutes == null ? true : (var.virtual_network_flow_timeout_in_minutes >= 4 && var.virtual_network_flow_timeout_in_minutes <= 30)
error_message = "Possible values for `var.virtual_network_flow_timeout_in_minutes` are between `4` and `30`minutes."
}
}
variable "virtual_network_tags" {
type = map(string)
default = null
description = "(Optional) A mapping of tags to assign to the virtual network."
}