-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathvariables.tf
156 lines (138 loc) · 6.52 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
variable "location" {
type = string
description = <<DESCRIPTION
(Required) Specifies the supported Azure location for the resource to be deployed.
Changing this forces a new resource to be created.
DESCRIPTION
nullable = false
}
variable "name" {
type = string
description = "(Required) Specifies the name of the Route Table. Changing this forces a new resource to be created."
nullable = false
}
variable "resource_group_name" {
type = string
description = "(Required) The name of the resource group in which to create the resource. Changing this forces a new resource to be created."
nullable = false
}
variable "bgp_route_propagation_enabled" {
type = bool
default = true
description = "(Optional) Boolean flag which controls propagation of routes learned by BGP on that route table. Defaults to true."
}
variable "enable_telemetry" {
type = bool
default = true
description = <<DESCRIPTION
(Optional) This variable controls whether or not telemetry is enabled for the module.
For more information see <https://aka.ms/avm/telemetryinfo>.
If it is set to false, then no telemetry will be collected.
DESCRIPTION
}
variable "lock" {
type = object({
kind = string
name = optional(string, null)
})
default = null
description = <<DESCRIPTION
(Optional) Controls the Resource Lock configuration for this resource. The following properties can be specified:
- `kind` - (Required) The type of lock. Possible values are `\"CanNotDelete\"` and `\"ReadOnly\"`.
- `name` - (Optional) The name of the lock. If not specified, a name will be generated based on the `kind` value. Changing this forces the creation of a new resource.
DESCRIPTION
validation {
condition = var.lock != null ? contains(["CanNotDelete", "ReadOnly"], var.lock.kind) : true
error_message = "The lock level must be one of: 'None', 'CanNotDelete', or 'ReadOnly'."
}
}
variable "role_assignments" {
type = map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
principal_type = optional(string, null)
}))
default = {}
description = <<DESCRIPTION
(Optional) A map of role assignments to create on this resource. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
- `role_definition_id_or_name` - The ID or name of the role definition to assign to the principal.
- `principal_id` - The ID of the principal to assign the role to.
- `description` - The description of the role assignment.
- `skip_service_principal_aad_check` - If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false.
- `condition` - The condition which will be used to scope the role assignment.
- `condition_version` - The version of the condition syntax. Valid values are '2.0'.
> Note: only set `skip_service_principal_aad_check` to true if you are assigning a role to a service principal.
DESCRIPTION
nullable = false
}
variable "routes" {
type = map(object({
name = string
address_prefix = string
next_hop_type = string
next_hop_in_ip_address = optional(string)
}))
default = {}
description = <<DESCRIPTION
(Optional) A map of route objects to create on the route table.
- `name` - (Required) The name of the route.
- `address_prefix` - (Required) The destination to which the route applies. Can be CIDR (such as 10.1.0.0/16) or Azure Service Tag (such as ApiManagement, AzureBackup or AzureMonitor) format.
- `next_hop_type` - (Required) The type of Azure hop the packet should be sent to. Possible values are VirtualNetworkGateway, VnetLocal, Internet, VirtualAppliance and None.
- `next_hop_in_ip_address` - (Optional) Contains the IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance
Example Input:
```terraform
routes = {
route1 = {
name = "test-route-vnetlocal"
address_prefix = "10.2.0.0/32"
next_hop_type = "VnetLocal"
}
}
```
DESCRIPTION
validation {
condition = length([for route in var.routes : route.name]) == length(distinct([for route in var.routes : route.name]))
error_message = "Each route name must be unique within the route table."
}
validation {
condition = alltrue([for route in var.routes : contains(["VirtualNetworkGateway", "VnetLocal", "Internet", "VirtualAppliance", "None"], route.next_hop_type)])
error_message = "next_hop_type must be one of 'VirtualNetworkGateway', 'VnetLocal', 'Internet', 'VirtualAppliance' or 'None' for all routes."
}
validation {
condition = alltrue([for route in var.routes : route.next_hop_type != "VirtualAppliance" ? route.next_hop_in_ip_address == null : true])
error_message = "If next_hop_type is not VirtualAppliance, next_hop_in_ip_address must be null."
}
}
variable "subnet_resource_ids" {
type = map(string)
default = {}
description = <<DESCRIPTION
(Optional) A map of string subnet ID's to associate the route table to.
Each value in the map must be supplied in the form of an Azure resource ID:
```yaml annotate
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}
```
Example Input:
```terraform
subnet_resource_ids = {
subnet1 = azurerm_subnet.this.id,
subnet2 = "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}"
}
```
DESCRIPTION
validation {
condition = alltrue([for subnet in var.subnet_resource_ids : can(regex("/subscriptions/[a-f0-9-]+/resourceGroups/[a-zA-Z0-9_-]+/providers/Microsoft.Network/virtualNetworks/[a-zA-Z0-9_-]+/subnets/[a-zA-Z0-9_-]+", subnet))])
error_message = "All elements in the list must be in the form of an Azure subnet resource id."
}
}
# tflint-ignore: terraform_unused_declarations
variable "tags" {
type = map(string)
default = null
description = "(Optional) Tags of the resource."
}