generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathvariables.tf
More file actions
299 lines (262 loc) · 15.3 KB
/
variables.tf
File metadata and controls
299 lines (262 loc) · 15.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
##############################################################################
# Input Variables
##############################################################################
variable "ibmcloud_api_key" {
type = string
description = "The IBM Cloud API key to deploy resources."
sensitive = true
}
variable "existing_resource_group_name" {
type = string
description = "The name of an existing resource group to provision the resources. If not provided the default resource group will be used."
default = null
}
variable "prefix" {
type = string
nullable = true
description = "The prefix to be added to all resources created by this solution. To skip using a prefix, set this value to null or an empty string. The prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It should not exceed 16 characters, must not end with a hyphen('-'), and can not contain consecutive hyphens ('--'). Example: prod-0205-cos. [Learn more](https://terraform-ibm-modules.github.io/documentation/#/prefix.md)."
validation {
# - null and empty string is allowed
# - Must not contain consecutive hyphens (--): length(regexall("--", var.prefix)) == 0
# - Starts with a lowercase letter: [a-z]
# - Contains only lowercase letters (a–z), digits (0–9), and hyphens (-)
# - Must not end with a hyphen (-): [a-z0-9]
condition = (var.prefix == null || var.prefix == "" ? true :
alltrue([
can(regex("^[a-z][-a-z0-9]*[a-z0-9]$", var.prefix)),
length(regexall("--", var.prefix)) == 0
])
)
error_message = "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--')."
}
validation {
# must not exceed 16 characters in length
condition = var.prefix == null || var.prefix == "" ? true : length(var.prefix) <= 16
error_message = "Prefix must not exceed 16 characters."
}
}
variable "name" {
type = string
description = "The name of the Databases for PostgreSQL instance. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format."
default = "postgresql"
}
variable "region" {
description = "The region where you want to deploy your instance."
type = string
default = "us-south"
}
variable "existing_postgresql_instance_crn" {
type = string
default = null
description = "The CRN of an existing Databases for Postgresql instance. If no value is specified, a new instance is created."
}
variable "postgresql_version" {
description = "The version of the Databases for Redis instance."
type = string
default = null
}
variable "remote_leader_crn" {
type = string
description = "A CRN of the leader database to make the replica(read-only) deployment. The leader database is created by a database deployment with the same service ID. A read-only replica is set up to replicate all of your data from the leader deployment to the replica deployment by using asynchronous replication. [Learn more](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-read-only-replicas)."
default = null
}
##############################################################################
# ICD hosting model properties
##############################################################################
variable "members" {
type = number
description = "The number of members that are allocated. [Learn more](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling)."
default = 2
}
variable "member_memory_mb" {
type = number
description = "The memory per member that is allocated. [Learn more](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling)"
default = 4096
}
variable "member_cpu_count" {
type = number
description = "The dedicated CPU per member that is allocated. For shared CPU, set to 0. [Learn more](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling)."
default = 0
}
variable "member_disk_mb" {
type = number
description = "The disk that is allocated per member. [Learn more](https://cloud.ibm.com/docs/databases-for-postgresql?topic=databases-for-postgresql-resources-scaling)."
default = 5120
}
variable "member_host_flavor" {
type = string
description = "The host flavor per member. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor)."
default = "multitenant"
# Prevent null or "", require multitenant or a machine type
validation {
condition = (length(var.member_host_flavor) > 0)
error_message = "Member host flavor must be specified. [Learn more](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/database#host_flavor)."
}
}
variable "configuration" {
description = "Database Configuration for PostgreSQL instance. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/tree/main/solutions/fully-configurable/DA-types.md)"
type = object({
shared_buffers = optional(number)
max_connections = optional(number)
max_prepared_transactions = optional(number)
synchronous_commit = optional(string)
effective_io_concurrency = optional(number)
deadlock_timeout = optional(number)
log_connections = optional(string)
log_disconnections = optional(string)
log_min_duration_statement = optional(number)
tcp_keepalives_idle = optional(number)
tcp_keepalives_interval = optional(number)
tcp_keepalives_count = optional(number)
archive_timeout = optional(number)
wal_level = optional(string)
max_replication_slots = optional(number)
max_wal_senders = optional(number)
})
default = {
shared_buffers = 32000
max_connections = 115
max_prepared_transactions = 0
synchronous_commit = "local"
effective_io_concurrency = 12
deadlock_timeout = 10000
log_connections = "on"
log_disconnections = "on"
log_min_duration_statement = 100
tcp_keepalives_idle = 111
tcp_keepalives_interval = 15
tcp_keepalives_count = 6
archive_timeout = 1800
max_replication_slots = 10
max_wal_senders = 12
}
}
variable "service_credential_names" {
description = "Map of name, role for service credentials that you want to create for the database. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/blob/main/solutions/fully-configurable/DA-types.md#svc-credential-name)"
type = map(string)
default = {}
}
variable "admin_pass" {
type = string
description = "The password for the database administrator. If no admin password is provided (i.e., it is null), one will be generated automatically. Additional users can be added using a user block."
default = null
sensitive = true
}
variable "users" {
type = list(object({
name = string
password = string # pragma: allowlist secret
type = string # "type" is required to generate the connection string for the outputs.
role = optional(string)
}))
default = []
sensitive = true
description = "A list of users that you want to create on the database. Multiple blocks are allowed. The user password must be in the range of 10-32 characters. Be warned that in most case using IAM service credentials (via the var.service_credential_names) is sufficient to control access to the PostgreSQL instance. This blocks creates native postgres database users. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/tree/main/solutions/fully-configurable/DA-types.md#users)"
}
variable "resource_tags" {
type = list(string)
description = "The list of resource tags to be added to the Databases for PostgreSQL instance."
default = []
}
variable "access_tags" {
type = list(string)
description = "A list of access tags to apply to the Databases for PostgreSQL instance created by the solution. [Learn more](https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial)."
default = []
}
variable "deletion_protection" {
type = bool
description = "Enable deletion protection within terraform. This is not a property of the resource and does not prevent deletion outside of terraform. The database can not be deleted by terraform when this value is set to 'true'. In order to delete with terraform the value must be set to 'false' and a terraform apply performed before the destroy is performed. The default is 'true'."
default = true
}
variable "timeouts_update" {
type = string
description = "A database update may require a longer timeout for the update to complete. The default is 120 minutes. Set this variable to change the `update` value in the `timeouts` block. [Learn more](https://developer.hashicorp.com/terraform/language/resources/syntax#operation-timeouts)."
default = "120m"
}
##############################################################
# Encryption
##############################################################
variable "existing_kms_instance_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services instance. Required to create a new encryption key and key ring which will be used to encrypt both deployment data and backups. To use an existing key, pass values for `existing_kms_key_crn` and/or `existing_backup_kms_key_crn`. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null
}
variable "existing_kms_key_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services encryption key to encrypt your data. By default this key is used for both deployment data and backups, but this behaviour can be altered using the optional `existing_backup_kms_key_crn` input. If no value is passed a new key will be created in the instance specified in the `existing_kms_instance_crn` input. Bare in mind that backups encryption is only available in certain regions. See [Bring your own key for backups](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-key-protect&interface=ui#key-byok) and [Using the HPCS Key for Backup encryption](https://cloud.ibm.com/docs/cloud-databases?topic=cloud-databases-hpcs#use-hpcs-backups)."
default = null
validation {
condition = (
(var.existing_kms_key_crn != null && var.existing_kms_instance_crn == null) ||
(var.existing_kms_key_crn == null && var.existing_kms_instance_crn != null)
)
error_message = "Either existing_kms_key_crn or existing_kms_instance_crn must be set, but not both."
}
}
variable "skip_postgresql_kms_auth_policy" {
type = bool
description = "Whether to create an IAM authorization policy that permits all Databases for PostgreSQL instances in the resource group to read the encryption key from the Hyper Protect Crypto Services instance specified in the `existing_kms_instance_crn` variable."
default = false
}
variable "ibmcloud_kms_api_key" {
type = string
description = "The IBM Cloud API key that can create a root key and key ring in the key management service (KMS) instance. If not specified, the 'ibmcloud_api_key' variable is used. Specify this key if the instance in `existing_kms_instance_crn` is in an account that's different from the PostgreSQL instance. Leave this input empty if the same account owns both instances."
sensitive = true
default = null
}
variable "key_ring_name" {
type = string
default = "postgresql-key-ring"
description = "The name for the key ring created for the Databases for PostgreSQL key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format."
}
variable "key_name" {
type = string
default = "postgresql-key"
description = "The name for the key created for the Databases for PostgreSQL key. Applies only if not specifying an existing key. If a prefix input variable is specified, the prefix is added to the name in the `<prefix>-<name>` format."
}
variable "existing_backup_kms_key_crn" {
type = string
description = "The CRN of a Key Protect or Hyper Protect Crypto Services encryption key that you want to use for encrypting the disk that holds deployment backups. If no value is passed, the value of `existing_kms_key_crn` is used. If no value is passed for `existing_kms_key_crn`, a new key will be created in the instance specified in the `existing_kms_instance_crn` input."
default = null
}
variable "backup_crn" {
type = string
description = "The CRN of a backup resource to restore from. The backup is created by a database deployment with the same service ID. The backup is loaded after provisioning and the new deployment starts up that uses that data. A backup CRN is in the format crn:v1:<…>:backup:. If omitted, the database is provisioned empty."
default = null
validation {
condition = anytrue([
var.backup_crn == null,
can(regex("^crn:.*:backup:", var.backup_crn))
])
error_message = "backup_crn must be null OR starts with 'crn:' and contains ':backup:'"
}
}
##############################################################
# Auto Scaling
##############################################################
variable "auto_scaling" {
type = object({
disk = object({
capacity_enabled = optional(bool, false)
free_space_less_than_percent = optional(number, 10)
io_above_percent = optional(number, 90)
io_enabled = optional(bool, false)
io_over_period = optional(string, "15m")
rate_increase_percent = optional(number, 10)
rate_limit_mb_per_member = optional(number, 3670016)
rate_period_seconds = optional(number, 900)
rate_units = optional(string, "mb")
})
memory = object({
io_above_percent = optional(number, 90)
io_enabled = optional(bool, false)
io_over_period = optional(string, "15m")
rate_increase_percent = optional(number, 10)
rate_limit_mb_per_member = optional(number, 114688)
rate_period_seconds = optional(number, 900)
rate_units = optional(string, "mb")
})
})
description = "Optional rules to allow the database to increase resources in response to usage. Only a single autoscaling block is allowed. Make sure you understand the effects of autoscaling, especially for production environments. [Learn more](https://github.com/terraform-ibm-modules/terraform-ibm-icd-postgresql/tree/main/solutions/fully-configurable/DA-types.md)"
default = null
}