-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathvariables.tf
More file actions
156 lines (140 loc) · 5.45 KB
/
variables.tf
File metadata and controls
156 lines (140 loc) · 5.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
variable "tags" {
description = "A map of tags to add to all resources"
type = map(string)
default = {}
}
variable "friendly_name" {
type = string
description = "Friendly name to identify all resources"
default = "imperva-dsf-cte-ddc-agent"
validation {
condition = length(var.friendly_name) >= 3
error_message = "Must be at least 3 characters long"
}
validation {
condition = can(regex("^\\p{L}.*", var.friendly_name))
error_message = "Must start with a letter"
}
}
variable "ebs" {
type = object({
volume_size = number
volume_type = string
iops = number
})
description = "Compute instance volume attributes for the agent instance"
}
variable "subnet_id" {
type = string
description = "Subnet id for the agent instance"
validation {
condition = length(var.subnet_id) >= 15 && substr(var.subnet_id, 0, 7) == "subnet-"
error_message = "Subnet id is invalid. Must be subnet-********"
}
}
variable "security_group_ids" {
type = list(string)
description = "AWS security group Ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
validation {
condition = alltrue([for item in var.security_group_ids : substr(item, 0, 3) == "sg-"])
error_message = "One or more of the security group Ids list is invalid. Each item should be in the format of 'sg-xx..xxx'"
}
default = []
}
variable "attach_persistent_public_ip" {
type = bool
default = false
description = "Create and attach elastic public IP for the instance"
}
variable "allowed_ssh_cidrs" {
type = list(string)
description = "List of allowed ingress CIDR patterns allowing ssh protocols to the ec2 instance"
default = []
}
variable "allowed_rdp_cidrs" {
type = list(string)
description = "List of allowed ingress CIDR patterns allowing rdp protocols to the ec2 instance"
default = []
}
variable "ssh_key_pair" {
type = object({
ssh_public_key_name = string
ssh_private_key_file_path = string
})
description = "SSH materials to access machine"
nullable = false
}
variable "cipher_trust_manager_address" {
type = string
description = "CipherTrust Manager address to register to"
nullable = false
}
variable "os_type" {
type = string
description = "OS type to provision as EC2, available types are: ['Red Hat', 'Windows']"
nullable = false
validation {
condition = var.os_type == null || try(contains(["Red Hat", "Windows"], var.os_type), false)
error_message = "Valid values should contain at least one of the following: 'Red Hat', 'Windows']"
}
}
variable "agent_installation" {
type = object({
registration_token = string
install_cte = bool
install_ddc = bool
cte_agent_installation_file = string
ddc_agent_installation_file = string
})
description = "CTE and DDC agent installation files, and the registration token for registering the CTE agent with the CipherTrust Manager. 'cte_agent_installation_file' and 'ddc_agent_installation_file' are absolute paths in the machine where Terraform is executed."
nullable = false
validation {
condition = var.agent_installation.install_cte || var.agent_installation.install_ddc
error_message = "At least one of install_cte or install_ddc must be true"
}
validation {
condition = var.agent_installation.install_cte == false || var.agent_installation.cte_agent_installation_file != null
error_message = "CTE agent installation file must be provided if install_cte is true"
}
validation {
condition = var.agent_installation.install_ddc == false || var.agent_installation.ddc_agent_installation_file != null
error_message = "DDC agent installation file must be provided if install_ddc is true"
}
validation {
condition = var.agent_installation.cte_agent_installation_file == null || try(fileexists(var.agent_installation.cte_agent_installation_file), false)
error_message = "CTE agent installation file does not exist at the specified path"
}
validation {
condition = var.agent_installation.ddc_agent_installation_file == null || try(fileexists(var.agent_installation.ddc_agent_installation_file), false)
error_message = "DDC agent installation file does not exist at the specified path"
}
}
variable "instance_type" {
type = string
description = "EC2 instance type for the agent"
default = "t2.large"
nullable = false
}
variable "use_public_ip" {
type = bool
default = false
description = "Whether to use the agent instance's public or private IP for ssh access"
}
variable "ingress_communication_via_proxy" {
type = object({
proxy_address = string
proxy_private_ssh_key_path = string
proxy_ssh_user = string
})
description = "Proxy address used for ssh for private CTE and/or DDC agent, Proxy ssh key file path and Proxy ssh user. Keep empty if no proxy is in use"
default = null
}
variable "terraform_script_path_folder" {
type = string
description = "Terraform script path folder to create terraform temporary script files on the CTE and/or DDC agent instance. Use '.' to represent the instance home directory"
default = null
validation {
condition = var.terraform_script_path_folder != ""
error_message = "Terraform script path folder cannot be an empty string"
}
}