diff --git a/.secrets.baseline b/.secrets.baseline index bde6c4e80..f65c416f6 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -3,7 +3,7 @@ "files": "go.sum|^.secrets.baseline$", "lines": null }, - "generated_at": "2023-04-06T14:59:53Z", + "generated_at": "2023-04-12T09:17:35Z", "plugins_used": [ { "name": "AWSKeyDetector" diff --git a/f5_vsi.tf b/f5_vsi.tf index 0b5ff07cd..26084c8bf 100644 --- a/f5_vsi.tf +++ b/f5_vsi.tf @@ -17,28 +17,6 @@ locals { # List of public images found in F5 schematics documentation # (https://github.com/f5devcentral/ibmcloud_schematics_bigip_multinic_public_images) public_image_map = { - f5-bigip-15-1-5-1-0-0-14-all-1slot = { - "eu-de" = "r010-b14deae9-43fd-4850-b89d-5d6485d61acb" - "jp-tok" = "r022-cfdb6280-c200-4261-af3a-a8d44bbd18ba" - "br-sao" = "r042-3915f0e3-aadc-4fc9-95a8-840f8cb163de" - "au-syd" = "r026-ed57accf-b3d4-4ca9-a6a6-e0a63ee1aba4" - "us-south" = "r006-c9f07041-bb56-4492-b25c-5f407ebea358" - "eu-gb" = "r018-6dce329f-a6eb-4146-ba3e-5560afc84aa1" - "jp-osa" = "r034-4ecc10ff-3dc7-42fb-9cae-189fb559dd61" - "us-east" = "r014-87371e4c-3645-4579-857c-7e02fe5e9ff4" - "ca-tor" = "r038-0840034f-5d05-4a6d-bdae-123628f1d323" - } - f5-bigip-15-1-5-1-0-0-14-ltm-1slot = { - "eu-de" = "r010-efad005b-4deb-45a8-b1c5-5b3cea55e7e3" - "jp-tok" = "r022-35126a90-aec2-4934-a628-d1ce90bcf68a" - "br-sao" = "r042-978cecaf-7f2a-44bc-bffd-ddcf6ce56b11" - "au-syd" = "r026-429369e1-d917-4d9c-8a8c-3a8606e26a72" - "us-south" = "r006-afe3c555-e8ba-4448-9983-151a14edf868" - "eu-gb" = "r018-f2083d86-6f25-42d6-b66a-d5ed2a0108d2" - "jp-osa" = "r034-edd01010-b7ee-411c-9158-d41960bf9def" - "us-east" = "r014-41db5a03-ab7f-4bf7-95c2-8edbeea0e3af" - "ca-tor" = "r038-f5d750b1-61dc-4fa5-98d3-a790417f07dd" - } f5-bigip-16-1-2-2-0-0-28-ltm-1slot = { "eu-de" = "r010-c90f3597-d03e-4ce6-8efa-870c782952cd" "jp-tok" = "r022-0da3fc1b-c243-4702-87cc-b5a7f5e1f035" @@ -61,49 +39,54 @@ locals { "us-east" = "r014-015d6b06-611e-4e1a-9284-551ed3832182" "ca-tor" = "r038-b7a44268-e95f-425b-99ac-6ec5fc2c4cdc" }, - f5-bigip-16-1-3-2-0-0-4-ltm-1slot = { - "eu-de" = "r010-d38b9af9-b345-40e6-8d7a-34cdfb7ffef9" - "jp-tok" = "r022-4dc47d5a-a8eb-4e85-8bda-928db1067354" - "br-sao" = "r042-28930d14-46ab-4784-b2f4-e56d0e4eddfc" - "au-syd" = "r026-c9f7699f-9e06-4802-a3a3-3b03ef429c04" - "us-south" = "r006-301cece1-59cf-4e71-a0e2-6be355b692b5" - "eu-gb" = "r018-34c9cfcc-84d6-431a-9e92-f523c6705742" - "jp-osa" = "r034-18e41455-9c8c-4ecf-8264-ff2070a76610" - "us-east" = "r014-7f427b96-c39d-40f7-8f06-2da6e4c63250" - "ca-tor" = "r038-aeeb05de-061e-40e2-b176-827d343de934" + f5-bigip-16-1-3-3-0-0-3-all-1slot = { + "eu-de" = "r010-df45998a-7c98-40ae-9b25-e908331fb76a" + "jp-tok" = "r022-cc145b83-92d2-4129-b311-bd2b78fb2172" + "br-sao" = "r042-445d3dbf-f516-4213-9a78-0bfc0b540d05" + "au-syd" = "r026-1d361ae2-35dd-4ff3-a7b8-93f26614fe52" + "us-south" = "r006-30804d17-d907-4ca9-9167-4fa7e75bc511" + "eu-gb" = "r018-0d4f8035-c26a-48b1-93b3-ec970e47cf40" + "jp-osa" = "r034-a22aceff-5f2e-4837-880c-d4576303e21f" + "us-east" = "r014-b236bd8f-2253-4606-ac51-a7fa1dadafae" + "eu-fr2" = "r030-13ff5014-3589-491f-915a-72368b7f6566" + "ca-tor" = "r038-7fa7a5b3-859a-4abc-ab97-f2d7203b4a5d" }, - f5-bigip-16-1-3-2-0-0-4-all-1slot = { - "eu-de" = "r010-92ba59fd-36b1-4ca5-a7c1-4581d10eed3a" - "jp-tok" = "r022-32b33469-1b9d-49eb-8304-b287463849aa" - "br-sao" = "r042-5195b226-d799-415d-99e2-61868995a825" - "au-syd" = "r026-495c8dc6-f8e1-4df8-bcdd-98824f3673e5" - "us-south" = "r006-51cd6c1d-60db-4bb4-8fd8-675a49403246" - "eu-gb" = "r018-7d2d2177-6e4b-4f57-9896-bd95077f2394" - "jp-osa" = "r034-efd9e396-046d-4f55-b452-d467a3183ab4" - "us-east" = "r014-0d1f83ba-54a3-48de-904c-f4806e03ebde" - "ca-tor" = "r038-d9e0b718-1b84-45ef-b603-45a00a768656" + f5-bigip-16-1-3-3-0-0-3-ltm-1slot = { + "eu-de" = "r010-78bd2415-d791-45a6-91b4-24e069ef63bd" + "jp-tok" = "r022-b93a6ccc-59e7-47dc-b9e4-f9a5a2ee93d1" + "br-sao" = "r042-3f2eaa4c-8417-4670-8974-d434612c765a" + "au-syd" = "r026-0cf76d10-db18-499f-86a5-5905ac612da4" + "us-south" = "r006-09fa4dd7-1a7f-453c-a15e-53cf6effbda6" + "eu-gb" = "r018-8b8ea452-b51c-4b20-a16a-403aea05a745" + "jp-osa" = "r034-7ef8a732-a7f1-48d9-a13e-ad6588e74c72" + "us-east" = "r014-b28c4e45-0327-4e25-8bbc-5f48ae2c8e68" + "eu-fr2" = "r030-a1826148-e6d6-47e1-bab0-7b261cd23ae5" + "ca-tor" = "r038-b4856c18-f700-40d5-b574-bd55fb95bbbf" }, - f5-bigip-17-0-0-1-0-0-4-ltm-1slot = { - "eu-de" = "r010-6e13ce99-e218-4837-b77a-b1a097cdb8be" - "jp-tok" = "r022-1a81f5b9-f178-46d6-9546-f6222f51ac09" - "br-sao" = "r042-0aa78ebd-3629-4f71-a225-d057ed910b19" - "au-syd" = "r026-ad311315-1cbf-4e38-b4da-334115ec5777" - "us-south" = "r006-612682f9-b709-41f2-a000-7c7583d6a79b" - "eu-gb" = "r018-58ac90dd-4ab6-4580-899b-ccb7a6cb0486" - "jp-osa" = "r034-d735d37d-90f3-4a5c-9318-320630cfcb8d" - "us-east" = "r014-538006c7-99b2-40ae-bb56-98626510b59c" - "ca-tor" = "r038-cc51e1d4-f29f-40d9-b45d-1fe93dd7bf25" + + f5-bigip-17-0-0-2-0-0-2-ltm-1slot = { + "eu-de" = "r010-8927cbf1-bd81-4586-bba3-10949f8b77cb" + "jp-tok" = "r022-6fa37b30-e912-41e2-95ba-49c12e0a8d65" + "br-sao" = "r042-d24cc495-1bcd-4916-858f-8834619f16e2" + "au-syd" = "r026-0614e6ee-aec3-4cdc-9c48-c2757f3fcfb3" + "us-south" = "r006-493db1ca-0b14-45e8-a222-69b9d0863a76" + "eu-gb" = "r018-a54d67dd-90c1-4983-bf93-258babf1ba44" + "jp-osa" = "r034-0625faf6-dec7-4429-98ba-7e2bbf4ed08e" + "us-east" = "r014-c6f1f733-5c37-4b6f-afb6-270af44b2247" + "eu-fr2" = "r030-b3f84f0b-fc46-4996-a52b-3c4006a9f835" + "ca-tor" = "r038-6e3b58fd-cb3e-4fef-8882-dd0164d9e8aa" }, - f5-bigip-17-0-0-1-0-0-4-all-1slot = { - "eu-de" = "r010-9920ae90-8a5a-4d6e-bb39-8e124cfb6b36" - "jp-tok" = "r022-9c278b7c-a74e-4db9-a037-af6ddff94fc5" - "br-sao" = "r042-9d99efd6-eec5-45bd-90b5-51b095ff9347" - "au-syd" = "r026-f75351ef-86b2-4966-82f0-5de9e38e2b04" - "us-south" = "r006-7256a080-1a1b-415e-a449-9fc0fb40e209" - "eu-gb" = "r018-b4db281f-c397-4e15-92b5-3e9b17014815" - "jp-osa" = "r034-dbad3304-d79b-42ec-8c05-b210c21f6840" - "us-east" = "r014-f424a008-2778-484a-89e2-8ca0146fbc74" - "ca-tor" = "r038-269cb902-3aa1-4fc2-b59e-e050af80baac" + f5-bigip-17-0-0-2-0-0-2-all-1slot = { + "eu-de" = "r010-33e49d35-0df8-4dc9-a247-56ecce82b986" + "jp-tok" = "r022-f72249df-075b-4cf3-9969-2acf80298b4c" + "br-sao" = "r042-e09ac580-af33-4eb3-9343-64f4732d69eb" + "au-syd" = "r026-4f01da0c-17a8-48d6-85b1-daeb21c436f7" + "us-south" = "r006-19fada8f-8dcd-4c27-afe9-1cc77bcd6ceb" + "eu-gb" = "r018-30ab931f-371b-4424-b34d-dfc25341f523" + "jp-osa" = "r034-c9d1a792-85b2-4c01-89be-98f63af3cc97" + "us-east" = "r014-4e8014e2-9133-4034-8035-a4913c15ae59" + "eu-fr2" = "r030-1e803de2-1ae6-4624-b467-31dbbb69c150" + "ca-tor" = "r038-8ceba776-b7e7-4ce4-b805-cd059a24037b" } } } diff --git a/module-metadata.json b/module-metadata.json index d00c98572..bf4ed111a 100644 --- a/module-metadata.json +++ b/module-metadata.json @@ -25,7 +25,7 @@ ], "pos": { "filename": "variables.tf", - "line": 1518 + "line": 1516 } }, "appid": { @@ -112,7 +112,7 @@ ], "pos": { "filename": "variables.tf", - "line": 1365 + "line": 1363 } }, "f5_vsi": { @@ -297,7 +297,7 @@ ], "pos": { "filename": "variables.tf", - "line": 1411 + "line": 1409 } }, "security_compliance_center": { @@ -318,7 +318,7 @@ ], "pos": { "filename": "variables.tf", - "line": 1427 + "line": 1425 } }, "security_groups": { @@ -478,7 +478,7 @@ ], "pos": { "filename": "variables.tf", - "line": 1486 + "line": 1484 } }, "vpcs": { @@ -2243,7 +2243,7 @@ }, "pos": { "filename": "f5_vsi.tf", - "line": 118 + "line": 101 } }, "key_management": { diff --git a/patterns/dynamic_values/config_modules/f5_deployments/f5_deployments.tf b/patterns/dynamic_values/config_modules/f5_deployments/f5_deployments.tf index d4f042a37..2da8db5a1 100644 --- a/patterns/dynamic_values/config_modules/f5_deployments/f5_deployments.tf +++ b/patterns/dynamic_values/config_modules/f5_deployments/f5_deployments.tf @@ -46,12 +46,12 @@ variable "f5_network_tiers" { } variable "f5_image_name" { - description = "Image name for f5 deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`]." + description = "Image name for f5 deployments. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." type = string validation { - error_message = "Invalid F5 image name. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." - condition = var.f5_image_name == null ? true : contains(["f5-bigip-15-1-5-1-0-0-14-all-1slot", "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", "f5-bigip-16-1-3-2-0-0-4-all-1slot", "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", "f5-bigip-17-0-0-1-0-0-4-all-1slot"], var.f5_image_name) + error_message = "Invalid F5 image name. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." + condition = var.f5_image_name == null ? true : contains(["f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", "f5-bigip-16-1-3-3-0-0-3-all-1slot", "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", "f5-bigip-17-0-0-2-0-0-2-all-1slot"], var.f5_image_name) } } diff --git a/patterns/dynamic_values/variables.tf b/patterns/dynamic_values/variables.tf index 0c75af90a..633b2a6de 100644 --- a/patterns/dynamic_values/variables.tf +++ b/patterns/dynamic_values/variables.tf @@ -159,13 +159,13 @@ variable "vpn_firewall_type" { } variable "f5_image_name" { - description = "Image name for f5 deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`]." + description = "Image name for f5 deployments. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." type = string - default = "f5-bigip-17-0-0-1-0-0-4-all-1slot" + default = "f5-bigip-16-1-3-3-0-0-3-all-1slot" validation { - error_message = "Invalid F5 image name. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." - condition = var.f5_image_name == null ? true : contains(["f5-bigip-15-1-5-1-0-0-14-all-1slot", "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", "f5-bigip-16-1-3-2-0-0-4-all-1slot", "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", "f5-bigip-17-0-0-1-0-0-4-all-1slot"], var.f5_image_name) + error_message = "Invalid F5 image name. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." + condition = var.f5_image_name == null ? true : contains(["f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", "f5-bigip-16-1-3-3-0-0-3-all-1slot", "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", "f5-bigip-17-0-0-2-0-0-2-all-1slot"], var.f5_image_name) } } diff --git a/patterns/mixed/README.md b/patterns/mixed/README.md index 491ba7874..47f752e3b 100644 --- a/patterns/mixed/README.md +++ b/patterns/mixed/README.md @@ -6,87 +6,86 @@ This template allows a user to create a landing zone ## Module Variables -Name | Type | Description | Sensitive | Default --------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ---------------------------------- -ibmcloud_api_key | string | The IBM Cloud platform API key needed to deploy IAM enabled resources. | true | -TF_VERSION | string | The version of the Terraform engine that's used in the Schematics workspace. | | 1.0 -prefix | string | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | | -ssh_public_key | string | Public SSH Key for VSI creation. | | -region | string | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | | -tags | list(string) | List of tags to apply to resources created by this module. | | [] -network_cidr | string | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | | 10.0.0.0/8 -add_edge_vpc | bool | Create an edge VPC. This VPC will be dynamically added to the list of VPCs in `var.vpcs`. | | false -create_f5_network_on_management_vpc | bool | Set up bastion on management VPC. This value conflicts with `add_edge_vpc`. | | false -f5_image_name | string | Image name for F5 BIG-IP deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`. | | null -f5_instance_profile | string | F5 vsi instance profile. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | -hostname | string | The F5 BIG-IP hostname. | | f5-ve-01 -domain | string | The F5 BIG-IP domain name. | | local -default_route_interface | string | The F5 BIG-IP interface name for the default route. Leave null to auto assign. | | null -tmos_admin_password | string | Admin account password for the F5 BIG-IP instance | | null -license_type | string | License, may be 'none','byol','regkeypool','utilitypool' | | -byol_license_basekey | string | Bring your own license registration key for the F5 BIG-IP instance. | | null -license_host | string | The F5 BIG-IP or hostname to use for pool based licensing of the F5 BIG-IP instance | | null -license_username | string | The F5 BIG-IP USERNAME to use for the pool based licensing of the F5 BIG-IP instance. | | null -license_password | string | The F5 BIG-IP PASSWORD to use for the pool based licensing of the F5 BIG-IP instance. | | null -license_pool | string | The F5 BIG-IP license pool name of the pool based licensing of the F5 BIG-IP instance. | | null -license_sku_keyword_1 | string | The F5 BIG-IP primary SKU for ELA utility licensing of the F5 BIG-IP instance. | | null -license_sku_keyword_2 | string | The F5 BIG-IP secondary SKU for ELA utility licensing of the F5 BIG-IP instance. | | null -license_unit_of_measure | string | The F5 BIG-IP utility pool unit of measurement. | | hourly -do_declaration_url | string | URL to fetch the f5-declarative-onboarding declaration. | | null -as3_declaration_url | string | URL to fetch the f5-appsvcs-extension declaration. | | null -ts_declaration_url | string | URL to fetch the f5-telemetry-streaming declaration. | | null -phone_home_url | string | The URL to POST status when the F5 BIG-IP is finished onboarding. | | null -template_source | string | The terraform template source for phone_home_url_metadata. | | f5devcentral/ibmcloud_schematics_bigip_multinic_declared -template_version | string | The terraform template version for phone_home_url_metadata. | | 20210201 -app_id | string | The terraform application id for phone_home_url_metadata. | | null -tgactive_url | string | The URL to POST L3 addresses when tgactive is triggered. | | "" -tgstandby_url | string | The URL to POST L3 addresses when tgstandby is triggered. | | null -tgrefresh_url | string | The URL to POST L3 addresses when tgrefresh is triggered. | | null -enable_f5_management_fip | bool | Enable F5 management interface floating IP. Conflicts with `enable_f5_external_fip`, VSI can only have one floating IP per instance. | | false -enable_f5_external_fip | bool | Enable F5 external interface floating IP. Conflicts with `enable_f5_management_fip`, VSI can only have one floating IP per instance. | | false -vpn_firewall_type | string | Bastion type if provisioning bastion. Can be `full-tunnel`, `waf`, or `vpn-and-waf`. | | null -vpcs | list(string) | List of VPCs to create. The first VPC in this list will always be considered the `management` VPC, and will be where the VPN Gateway is connected. VPCs names can only be a maximum of 16 characters and can only contain letters, numbers, and - characters. VPC names must begin with a letter.. The first VPC in this list will always be considered the `management` VPC, and will be where the VPN Gateway is connected. VPCs names can only be a maximum of 16 characters and can only contain letters, numbers, and - characters. VPC names must begin with a letter. | | ["management", "workload"] -enable_transit_gateway | bool | Create transit gateway | | true -add_atracker_route | bool | Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route | | true -hs_crypto_instance_name | string | Optionally, you can bring you own Hyper Protect Crypto Service instance for key management. If you would like to use that instance, add the name here. Otherwise, leave as null | | null -hs_crypto_resource_group | string | If you're using Hyper Protect Crypto services in a resource group, provide the name here. | | null -vsi_image_name | string | VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images. | | ibm-ubuntu-18-04-6-minimal-amd64-2 -vsi_instance_profile | string | VSI image profile. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | cx2-4x8 -vsi_per_subnet | number | Number of Virtual Servers to create on each VSI subnet. | | 1 -cluster_zones | number | Number of zones to provision clusters for each VPC. At least one zone is required. Can be 1, 2, or 3 zones. | | 3 -kube_version | string | Kubernetes version to use for cluster. To get available versions, use the IBM Cloud CLI command `ibmcloud ks versions`. To use the default version, leave as default. Updates to the default versions may force this to change. | | default -flavor | string | Machine type for cluster. Use the IBM Cloud CLI command `ibmcloud ks flavors` to find valid machine types | | bx2.16x64 -workers_per_zone | number | Number of workers in each zone of the cluster. OpenShift requires at least 2 workers. | | 2 -entitlement | string | If you do not have an entitlement, leave as null. Entitlement reduces additional OCP Licence cost in OpenShift clusters. Use Cloud Pak with OCP Licence entitlement to create the OpenShift cluster. Note It is set only when the first time creation of the cluster, further modifications are not impacted Set this argument to cloud_pak only if you use the cluster with a Cloud Pak that has an OpenShift entitlement. | | null -wait_till | string | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, and `IngressReady` | | IngressReady -update_all_workers | bool | Update all workers to new kube version | | false -teleport_management_zones | number | Number of zones to create teleport VSI on Management VPC if not using F5. If you are using F5, ignore this value. | | 0 -use_existing_appid | bool | Use an existing appid instance. If this is false, one will be automatically created. | | false -appid_name | string | Name of appid instance. | | appid -appid_resource_group | string | Resource group for existing appid instance. This value is ignored if a new instance is created. | | null -teleport_instance_profile | string | Machine type for Teleport VSI instances. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | cx2-4x8 -teleport_vsi_image_name | string | Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images. | | ibm-ubuntu-18-04-6-minimal-amd64-2 -teleport_license | string | The contents of the PEM license file | | null -https_cert | string | The https certificate used by bastion host for teleport | | null -https_key | string | The https private key used by bastion host for teleport | | null -teleport_hostname | string | The name of the instance or bastion host | | null -teleport_domain | string | The domain of the bastion host | | null -teleport_version | string | Version of Teleport Enterprise to use | | null -message_of_the_day | string | Banner message that is exposed to the user at authentication time | | null -teleport_admin_email | string | Email for teleport vsi admin. | | null -teleport_management_zones | number | Number of zones to create teleport VSI on Management VPC if not using F5. If you are using F5, ignore this value | | 0 -add_edge_vpc | bool | Create an edge VPC. This VPC will be dynamically added to the list of VPCs in `var.vpcs`. Conflicts with `create_f5_network_on_management_vpc` to prevent overlapping subnet CIDR blocks. | | false -provision_teleport_in_f5 | bool | Provision teleport VSI in `bastion` subnet tier of F5 network if able. | | false -enable_scc | bool | Create SCC resources | | false -scc_cred_name | string | SCC Credential Name | | slz-cred -scc_group_id | string | SCC Credential Group, used to group credentials together ID. | | null -scc_group_passphrase | string | Managed by IBM by default for an account, provide passphrase if the account being scanned has enabled passphrase, else provide an arbitrary passphrase. | true | null -scc_cred_description | string | SCC Credential Description | | This credential is used for SCC. -scc_collector_description | string | SCC Collector Description | | collector description -scc_scope_description | string | SCC Scope Description | | IBM-schema-for-configuration-collection -scc_scope_name | string | SCC Scope Name | | scope -override | bool | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | | false - +| Name | Type | Description | Sensitive | Default | +| ----------------------------------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | -------------------------------------------------------- | +| ibmcloud_api_key | string | The IBM Cloud platform API key needed to deploy IAM enabled resources. | true | +| TF_VERSION | string | The version of the Terraform engine that's used in the Schematics workspace. | | 1.0 | +| prefix | string | A unique identifier for resources. Must begin with a letter and end with a letter or number. This prefix will be prepended to any resources provisioned by this template. Prefixes must be 16 or fewer characters. | | +| ssh_public_key | string | Public SSH Key for VSI creation. | | +| region | string | Region where VPC will be created. To find your VPC region, use `ibmcloud is regions` command to find available regions. | | +| tags | list(string) | List of tags to apply to resources created by this module. | | [] | +| network_cidr | string | Network CIDR for the VPC. This is used to manage network ACL rules for cluster provisioning. | | 10.0.0.0/8 | +| add_edge_vpc | bool | Create an edge VPC. This VPC will be dynamically added to the list of VPCs in `var.vpcs`. | | false | +| create_f5_network_on_management_vpc | bool | Set up bastion on management VPC. This value conflicts with `add_edge_vpc`. | | false | +| f5_image_name | string | Image name for F5 BIG-IP deployments. Must be null or one of `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`. | | null | +| f5_instance_profile | string | F5 vsi instance profile. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | +| hostname | string | The F5 BIG-IP hostname. | | f5-ve-01 | +| domain | string | The F5 BIG-IP domain name. | | local | +| default_route_interface | string | The F5 BIG-IP interface name for the default route. Leave null to auto assign. | | null | +| tmos_admin_password | string | Admin account password for the F5 BIG-IP instance | | null | +| license_type | string | License, may be 'none','byol','regkeypool','utilitypool' | | +| byol_license_basekey | string | Bring your own license registration key for the F5 BIG-IP instance. | | null | +| license_host | string | The F5 BIG-IP or hostname to use for pool based licensing of the F5 BIG-IP instance | | null | +| license_username | string | The F5 BIG-IP USERNAME to use for the pool based licensing of the F5 BIG-IP instance. | | null | +| license_password | string | The F5 BIG-IP PASSWORD to use for the pool based licensing of the F5 BIG-IP instance. | | null | +| license_pool | string | The F5 BIG-IP license pool name of the pool based licensing of the F5 BIG-IP instance. | | null | +| license_sku_keyword_1 | string | The F5 BIG-IP primary SKU for ELA utility licensing of the F5 BIG-IP instance. | | null | +| license_sku_keyword_2 | string | The F5 BIG-IP secondary SKU for ELA utility licensing of the F5 BIG-IP instance. | | null | +| license_unit_of_measure | string | The F5 BIG-IP utility pool unit of measurement. | | hourly | +| do_declaration_url | string | URL to fetch the f5-declarative-onboarding declaration. | | null | +| as3_declaration_url | string | URL to fetch the f5-appsvcs-extension declaration. | | null | +| ts_declaration_url | string | URL to fetch the f5-telemetry-streaming declaration. | | null | +| phone_home_url | string | The URL to POST status when the F5 BIG-IP is finished onboarding. | | null | +| template_source | string | The terraform template source for phone_home_url_metadata. | | f5devcentral/ibmcloud_schematics_bigip_multinic_declared | +| template_version | string | The terraform template version for phone_home_url_metadata. | | 20210201 | +| app_id | string | The terraform application id for phone_home_url_metadata. | | null | +| tgactive_url | string | The URL to POST L3 addresses when tgactive is triggered. | | "" | +| tgstandby_url | string | The URL to POST L3 addresses when tgstandby is triggered. | | null | +| tgrefresh_url | string | The URL to POST L3 addresses when tgrefresh is triggered. | | null | +| enable_f5_management_fip | bool | Enable F5 management interface floating IP. Conflicts with `enable_f5_external_fip`, VSI can only have one floating IP per instance. | | false | +| enable_f5_external_fip | bool | Enable F5 external interface floating IP. Conflicts with `enable_f5_management_fip`, VSI can only have one floating IP per instance. | | false | +| vpn_firewall_type | string | Bastion type if provisioning bastion. Can be `full-tunnel`, `waf`, or `vpn-and-waf`. | | null | +| vpcs | list(string) | List of VPCs to create. The first VPC in this list will always be considered the `management` VPC, and will be where the VPN Gateway is connected. VPCs names can only be a maximum of 16 characters and can only contain letters, numbers, and - characters. VPC names must begin with a letter.. The first VPC in this list will always be considered the `management` VPC, and will be where the VPN Gateway is connected. VPCs names can only be a maximum of 16 characters and can only contain letters, numbers, and - characters. VPC names must begin with a letter. | | ["management", "workload"] | +| enable_transit_gateway | bool | Create transit gateway | | true | +| add_atracker_route | bool | Atracker can only have one route per zone. use this value to disable or enable the creation of atracker route | | true | +| hs_crypto_instance_name | string | Optionally, you can bring you own Hyper Protect Crypto Service instance for key management. If you would like to use that instance, add the name here. Otherwise, leave as null | | null | +| hs_crypto_resource_group | string | If you're using Hyper Protect Crypto services in a resource group, provide the name here. | | null | +| vsi_image_name | string | VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images. | | ibm-ubuntu-18-04-6-minimal-amd64-2 | +| vsi_instance_profile | string | VSI image profile. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | cx2-4x8 | +| vsi_per_subnet | number | Number of Virtual Servers to create on each VSI subnet. | | 1 | +| cluster_zones | number | Number of zones to provision clusters for each VPC. At least one zone is required. Can be 1, 2, or 3 zones. | | 3 | +| kube_version | string | Kubernetes version to use for cluster. To get available versions, use the IBM Cloud CLI command `ibmcloud ks versions`. To use the default version, leave as default. Updates to the default versions may force this to change. | | default | +| flavor | string | Machine type for cluster. Use the IBM Cloud CLI command `ibmcloud ks flavors` to find valid machine types | | bx2.16x64 | +| workers_per_zone | number | Number of workers in each zone of the cluster. OpenShift requires at least 2 workers. | | 2 | +| entitlement | string | If you do not have an entitlement, leave as null. Entitlement reduces additional OCP Licence cost in OpenShift clusters. Use Cloud Pak with OCP Licence entitlement to create the OpenShift cluster. Note It is set only when the first time creation of the cluster, further modifications are not impacted Set this argument to cloud_pak only if you use the cluster with a Cloud Pak that has an OpenShift entitlement. | | null | +| wait_till | string | To avoid long wait times when you run your Terraform code, you can specify the stage when you want Terraform to mark the cluster resource creation as completed. Depending on what stage you choose, the cluster creation might not be fully completed and continues to run in the background. However, your Terraform code can continue to run without waiting for the cluster to be fully created. Supported args are `MasterNodeReady`, `OneWorkerNodeReady`, and `IngressReady` | | IngressReady | +| update_all_workers | bool | Update all workers to new kube version | | false | +| teleport_management_zones | number | Number of zones to create teleport VSI on Management VPC if not using F5. If you are using F5, ignore this value. | | 0 | +| use_existing_appid | bool | Use an existing appid instance. If this is false, one will be automatically created. | | false | +| appid_name | string | Name of appid instance. | | appid | +| appid_resource_group | string | Resource group for existing appid instance. This value is ignored if a new instance is created. | | null | +| teleport_instance_profile | string | Machine type for Teleport VSI instances. Use the IBM Cloud CLI command `ibmcloud is instance-profiles` to see available image profiles. | | cx2-4x8 | +| teleport_vsi_image_name | string | Teleport VSI image name. Use the IBM Cloud CLI command `ibmcloud is images` to see availabled images. | | ibm-ubuntu-18-04-6-minimal-amd64-2 | +| teleport_license | string | The contents of the PEM license file | | null | +| https_cert | string | The https certificate used by bastion host for teleport | | null | +| https_key | string | The https private key used by bastion host for teleport | | null | +| teleport_hostname | string | The name of the instance or bastion host | | null | +| teleport_domain | string | The domain of the bastion host | | null | +| teleport_version | string | Version of Teleport Enterprise to use | | null | +| message_of_the_day | string | Banner message that is exposed to the user at authentication time | | null | +| teleport_admin_email | string | Email for teleport vsi admin. | | null | +| teleport_management_zones | number | Number of zones to create teleport VSI on Management VPC if not using F5. If you are using F5, ignore this value | | 0 | +| add_edge_vpc | bool | Create an edge VPC. This VPC will be dynamically added to the list of VPCs in `var.vpcs`. Conflicts with `create_f5_network_on_management_vpc` to prevent overlapping subnet CIDR blocks. | | false | +| provision_teleport_in_f5 | bool | Provision teleport VSI in `bastion` subnet tier of F5 network if able. | | false | +| enable_scc | bool | Create SCC resources | | false | +| scc_cred_name | string | SCC Credential Name | | slz-cred | +| scc_group_id | string | SCC Credential Group, used to group credentials together ID. | | null | +| scc_group_passphrase | string | Managed by IBM by default for an account, provide passphrase if the account being scanned has enabled passphrase, else provide an arbitrary passphrase. | true | null | +| scc_cred_description | string | SCC Credential Description | | This credential is used for SCC. | +| scc_collector_description | string | SCC Collector Description | | collector description | +| scc_scope_description | string | SCC Scope Description | | IBM-schema-for-configuration-collection | +| scc_scope_name | string | SCC Scope Name | | scope | +| override | bool | Override default values with custom JSON template. This uses the file `override.json` to allow users to create a fully customized environment. | | false | ## Using override.json @@ -103,9 +102,10 @@ This module outputs `config`, a JSON encoded definition of your environment base ### Overriding Only Some Variables `override.json` does not need to contain all elements. As an example override.json could be: + ```json { - "enable_transit_gateway": false + "enable_transit_gateway": false } ``` diff --git a/patterns/mixed/variables.tf b/patterns/mixed/variables.tf index 135d2b727..d032dbd8e 100644 --- a/patterns/mixed/variables.tf +++ b/patterns/mixed/variables.tf @@ -244,13 +244,13 @@ variable "vpn_firewall_type" { } variable "f5_image_name" { - description = "Image name for f5 deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." + description = "Image name for f5 deployments. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." type = string - default = "f5-bigip-17-0-0-1-0-0-4-all-1slot" + default = "f5-bigip-16-1-3-3-0-0-3-all-1slot" validation { - error_message = "Invalid F5 image name. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." - condition = var.f5_image_name == null ? true : contains(["f5-bigip-15-1-5-1-0-0-14-all-1slot", "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", "f5-bigip-16-1-3-2-0-0-4-all-1slot", "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", "f5-bigip-17-0-0-1-0-0-4-all-1slot"], var.f5_image_name) + error_message = "Invalid F5 image name. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." + condition = var.f5_image_name == null ? true : contains(["f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", "f5-bigip-16-1-3-3-0-0-3-all-1slot", "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", "f5-bigip-17-0-0-2-0-0-2-all-1slot"], var.f5_image_name) } } diff --git a/patterns/roks/variables.tf b/patterns/roks/variables.tf index e4ac56eee..6417c9eae 100644 --- a/patterns/roks/variables.tf +++ b/patterns/roks/variables.tf @@ -217,13 +217,13 @@ variable "ssh_public_key" { } variable "f5_image_name" { - description = "Image name for f5 deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." + description = "Image name for f5 deployments. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." type = string - default = "f5-bigip-17-0-0-1-0-0-4-all-1slot" + default = "f5-bigip-16-1-3-3-0-0-3-all-1slot" validation { - error_message = "Invalid F5 image name. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." - condition = var.f5_image_name == null ? true : contains(["f5-bigip-15-1-5-1-0-0-14-all-1slot", "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", "f5-bigip-16-1-3-2-0-0-4-all-1slot", "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", "f5-bigip-17-0-0-1-0-0-4-all-1slot"], var.f5_image_name) + error_message = "Invalid F5 image name. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." + condition = var.f5_image_name == null ? true : contains(["f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", "f5-bigip-16-1-3-3-0-0-3-all-1slot", "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", "f5-bigip-17-0-0-2-0-0-2-all-1slot"], var.f5_image_name) } } diff --git a/patterns/vsi/variables.tf b/patterns/vsi/variables.tf index 586505c68..d8787310e 100644 --- a/patterns/vsi/variables.tf +++ b/patterns/vsi/variables.tf @@ -178,13 +178,13 @@ variable "vpn_firewall_type" { } variable "f5_image_name" { - description = "Image name for f5 deployments. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." + description = "Image name for f5 deployments. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." type = string - default = "f5-bigip-17-0-0-1-0-0-4-all-1slot" + default = "f5-bigip-16-1-3-3-0-0-3-all-1slot" validation { - error_message = "Invalid F5 image name. Must be null or one of `f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`,`f5-bigip-16-1-3-2-0-0-4-ltm-1slot`,`f5-bigip-16-1-3-2-0-0-4-all-1slot`,`f5-bigip-17-0-0-1-0-0-4-ltm-1slot`,`f5-bigip-17-0-0-1-0-0-4-all-1slot`]." - condition = var.f5_image_name == null ? true : contains(["f5-bigip-15-1-5-1-0-0-14-all-1slot", "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", "f5-bigip-16-1-3-2-0-0-4-all-1slot", "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", "f5-bigip-17-0-0-1-0-0-4-all-1slot"], var.f5_image_name) + error_message = "Invalid F5 image name. Must be null or one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." + condition = var.f5_image_name == null ? true : contains(["f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", "f5-bigip-16-1-3-3-0-0-3-all-1slot", "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", "f5-bigip-17-0-0-2-0-0-2-all-1slot"], var.f5_image_name) } } diff --git a/variables.tf b/variables.tf index 7c6cf57fe..3d5c3a33d 100644 --- a/variables.tf +++ b/variables.tf @@ -1340,20 +1340,18 @@ variable "f5_vsi" { default = [] validation { - error_message = "Image names for F5 VSI must be one of [`f5-bigip-15-1-5-1-0-0-14-all-1slot`,`f5-bigip-15-1-5-1-0-0-14-ltm-1slot`, `f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`]." + error_message = "Image names for F5 VSI must be one of [`f5-bigip-16-1-2-2-0-0-28-ltm-1slot`,`f5-bigip-16-1-2-2-0-0-28-all-1slot`, `f5-bigip-16-1-3-3-0-0-3-ltm-1slot`, `f5-bigip-16-1-3-3-0-0-3-all-1slot`, `f5-bigip-17-0-0-2-0-0-2-ltm-1slot`, `f5-bigip-17-0-0-2-0-0-2-all-1slot`]." condition = length( [ for f5_vsi in var.f5_vsi : f5_vsi if !contains( [ - "f5-bigip-15-1-5-1-0-0-14-all-1slot", - "f5-bigip-15-1-5-1-0-0-14-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-ltm-1slot", "f5-bigip-16-1-2-2-0-0-28-all-1slot", - "f5-bigip-16-1-3-2-0-0-4-ltm-1slot", - "f5-bigip-16-1-3-2-0-0-4-all-1slot", - "f5-bigip-17-0-0-1-0-0-4-ltm-1slot", - "f5-bigip-17-0-0-1-0-0-4-all-1slot" + "f5-bigip-16-1-3-3-0-0-3-ltm-1slot", + "f5-bigip-16-1-3-3-0-0-3-all-1slot", + "f5-bigip-17-0-0-2-0-0-2-ltm-1slot", + "f5-bigip-17-0-0-2-0-0-2-all-1slot" ], f5_vsi.f5_image_name )