generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables.tf
More file actions
155 lines (132 loc) · 7.08 KB
/
variables.tf
File metadata and controls
155 lines (132 loc) · 7.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
########################################################################################################################
# Input Variables
########################################################################################################################
variable "resource_group_id" {
type = string
description = "The ID of the resource group where you want to create the service."
}
variable "tags" {
type = list(string)
description = "Optional list of tags to be added to the private path service."
default = []
}
variable "access_tags" {
type = list(string)
description = "A list of access tags to apply to the private path service created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details."
default = []
validation {
condition = alltrue([
for tag in var.access_tags : can(regex("[\\w\\-_\\.]+:[\\w\\-_\\.]+", tag)) && length(tag) <= 128
])
error_message = "Tags must match the regular expression \"[\\w\\-_\\.]+:[\\w\\-_\\.]+\", see https://cloud.ibm.com/docs/account?topic=account-tag&interface=ui#limits for more details."
}
}
##############################################################################
# VPC Variables
##############################################################################
variable "subnet_id" {
description = "ID of subnet."
type = string
}
##############################################################################
# NLB Variables
##############################################################################
variable "nlb_name" {
type = string
description = "The name of the private path network load balancer."
default = "pp-nlb"
}
variable "nlb_backend_pools" {
type = list(object({
pool_name = string
pool_algorithm = optional(string, "round_robin")
pool_health_delay = optional(number, 5)
pool_health_retries = optional(number, 2)
pool_health_timeout = optional(number, 2)
pool_health_type = optional(string, "tcp")
pool_health_monitor_url = optional(string, "/")
pool_health_monitor_port = optional(number, 80)
pool_member_port = optional(number)
pool_member_instance_ids = optional(list(string), [])
pool_member_reserved_ip_ids = optional(list(string), [])
pool_member_application_load_balancer_id = optional(string)
listener_port = optional(number)
listener_accept_proxy_protocol = optional(bool, false)
}))
default = []
description = "A list describing backend pools for the private path network load balancer."
validation {
condition = alltrue([for backend in var.nlb_backend_pools : contains(["tcp", "https"], backend.pool_health_type)])
error_message = "Backend pool health type values can only be `tcp` or `https`."
}
validation {
condition = alltrue([for backend in var.nlb_backend_pools : backend.pool_health_delay > backend.pool_health_timeout])
error_message = "`pool_health_delay` must be greater than `pool_health_timeout` value."
}
validation {
condition = alltrue([for backend in var.nlb_backend_pools : contains(["round_robin", "weighted_round_robin"], backend.pool_algorithm)])
error_message = "Supported values are `round_robin` or `weighted_round_robin`."
}
validation {
condition = length(distinct([for backend in var.nlb_backend_pools : backend.listener_port])) == length([for backend in var.nlb_backend_pools : backend.listener_port])
error_message = "`listener_port` for each backend pool should be unique number."
}
validation {
condition = length(distinct([for backend in var.nlb_backend_pools : backend.pool_name])) == length([for backend in var.nlb_backend_pools : backend.pool_name])
error_message = "`pool_name` for each backend pool should be unique value."
}
validation {
condition = length([for backend in var.nlb_backend_pools : backend]) <= 10
error_message = "You cannot define more than 10 backend pools."
}
validation {
condition = alltrue([for backend in var.nlb_backend_pools : backend.pool_member_application_load_balancer_id != null && (length(backend.pool_member_reserved_ip_ids) > 0 || length(backend.pool_member_instance_ids) > 0) ? false : true])
error_message = "When an Application Load Balancer is added as a backend pool member, no other types of resources can be attached to the pool."
}
}
##############################################################################
# Private Path Variables
##############################################################################
variable "private_path_default_access_policy" {
type = string
description = "The policy to use for bindings from accounts without an explicit account policy. The default policy is set to Review all requests. Supported options are `permit`, `deny`, or `review`."
default = "review"
validation {
condition = contains(["review", "deny", "permit"], var.private_path_default_access_policy)
error_message = "The specified access policy is not valid. Supported options are `permit`, `deny`, or `review`."
}
}
variable "private_path_service_endpoints" {
type = list(string)
description = "The list of name for the service endpoint where you want to connect your Private Path service. Enter a maximum number of 10 unique endpoint names for your service."
validation {
condition = length(var.private_path_service_endpoints) < 11 && length(distinct(var.private_path_service_endpoints)) == length(var.private_path_service_endpoints) ? true : false
error_message = "Enter a maximum number of 10 unique endpoint names for your service."
}
}
variable "private_path_zonal_affinity" {
type = bool
description = "When enabled, the endpoint service preferentially permits connection requests from endpoints in the same zone. Without zonal affinity, requests are distributed to all instances in any zone."
default = false
}
variable "private_path_name" {
type = string
description = "The name of the Private Path service for VPC."
}
variable "private_path_publish" {
type = bool
description = "Set this variable to `true` to allows any account to request access to to the Private Path service. If need be, you can also unpublish where access is restricted to the account that created the Private Path service by setting this variable to `false`."
default = false
}
variable "private_path_account_policies" {
type = list(object({
account = string
access_policy = string
}))
description = "The account-specific connection request policies."
default = []
validation {
condition = alltrue([for policy in flatten(var.private_path_account_policies) : contains(["review", "deny", "permit"], policy.access_policy)])
error_message = "The specified access policy is not valid. Supported options are permit, deny, or review."
}
}