-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
182 lines (156 loc) · 5.82 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
variable "environment" {
description = "Environment name. Will be used along with `project_name` as a prefix for all resources."
type = string
}
variable "project_name" {
description = "Project name. Will be used along with `environment` as a prefix for all resources."
type = string
}
variable "azure_location" {
description = "Azure location in which to launch resources."
type = string
}
variable "tags" {
description = "Tags to be applied to all resources"
type = map(string)
default = {}
}
variable "existing_resource_group" {
description = "Conditionally launch resources into an existing resource group. Specifying this will NOT create a resource group."
type = string
default = ""
}
variable "enable_mssql_database" {
description = "Set to true to create an Azure SQL server/database, with a private endpoint within the virtual network"
type = bool
default = false
}
variable "mssql_server_admin_password" {
description = "The local administrator password for the MSSQL server"
type = string
default = ""
sensitive = true
}
variable "mssql_azuread_admin_username" {
description = "Username of a User within Azure AD that you want to assign as the SQL Server Administrator"
type = string
default = ""
}
variable "mssql_azuread_admin_object_id" {
description = "Object ID of a User within Azure AD that you want to assign as the SQL Server Administrator"
type = string
default = ""
}
variable "mssql_azuread_auth_only" {
description = "Set to true to only permit SQL logins from Azure AD users"
type = bool
default = false
}
variable "mssql_sku_name" {
description = "Specifies the name of the SKU used by the database"
type = string
default = "Basic"
}
variable "mssql_collation" {
description = "Set the collation for the SQL database"
type = string
default = "SQL_Latin1_General_CP1_CI_AS"
}
variable "mssql_max_size_gb" {
description = "The max size of the database in gigabytes"
type = number
default = 2
}
variable "mssql_database_name" {
description = "The name of the MSSQL database to create. Must be set if `enable_mssql_database` is true"
type = string
default = ""
}
variable "mssql_firewall_ipv4_allow_list" {
description = "A list of IPv4 Addresses that require remote access to the MSSQL Server"
type = map(object({
start_ip_range : string,
end_ip_range : optional(string, "")
}))
default = {}
}
variable "mssql_server_public_access_enabled" {
description = "Enable public internet access to your MSSQL instance. Be sure to specify 'mssql_firewall_ipv4_allow_list' to restrict inbound connections"
type = bool
default = false
}
variable "mssql_version" {
description = "Specify the version of Microsoft SQL Server you want to run"
type = string
default = "12.0"
}
variable "enable_mssql_vulnerability_assessment" {
description = "Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities"
type = bool
default = true
}
variable "mssql_security_storage_firewall_ipv4_allow_list" {
description = "Additional IP addresses to add to the Storage Account that holds the Vulnerability Assessments"
type = list(string)
default = []
}
variable "mssql_managed_identity_assign_role" {
description = "Assign the 'Storage Blob Data Contributor' Role to the SQL Server User-Assigned Managed Identity. Note: If you do not have 'Microsoft.Authorization/roleAssignments/write' permission, you will need to manually assign the 'Storage Blob Data Contributor' Role to the identity"
type = bool
default = false
}
variable "enable_monitoring" {
description = "Create an App Insights instance and notification group for the Container App"
type = bool
default = false
}
variable "monitor_email_receivers" {
description = "A list of email addresses that should be notified by monitoring alerts"
type = list(string)
default = []
}
variable "existing_logic_app_workflow" {
description = "Name, Resource Group and HTTP Trigger URL of an existing Logic App Workflow. Leave empty to create a new Resource"
type = object({
name : string
resource_group_name : string
})
default = {
name = ""
resource_group_name = ""
}
}
variable "key_vault_access_ipv4" {
description = "List of IPv4 Addresses that are permitted to access the Key Vault"
type = list(string)
}
variable "tfvars_filename" {
description = "tfvars filename. This file is uploaded and stored encrypted within Key Vault, to ensure that the latest tfvars are stored in a shared place."
type = string
}
variable "private_endpoint_configurations" {
description = <<EOT
Map of private endpoint configurations, specifying the VNet name/resource-group and a new subnet CIDR. A subnet, private endpoint and DNS zone will be created within the specified VNet.
{
endpoint-name = {
vnet_name: The Name of the VNet to create the private endpoint resources
vnet_resource_group_name: The Name of the resource group containing the VNet
subnet_cidr: The CIDR of the Private Endpoint subnet to be created
route_table_name: The Route Table ID to associate the subnet with (Optional)
}
}
EOT
type = map(object({
vnet_name = string
vnet_resource_group_name = string
subnet_cidr = string
subnet_route_table_name = optional(string, null)
create_acr_privatelink_dns_zone = optional(bool, true)
}))
default = {}
}
variable "adf_private_endpoint_configurations" {
description = "Key value pair. Specify the Key as the ADF Name, and the value as the ADF Resource ID"
type = map(string)
default = {}
}