-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
208 lines (173 loc) · 6.76 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
##############################################################################
# Module Variables
##############################################################################
variable "prefix" {
description = "The prefix that you would like to prepend to your resources"
type = string
}
variable "tags" {
description = "List of Tags for the resource created"
type = list(string)
default = null
}
variable "resource_group_id" {
description = "Resource group ID for the VSI"
type = string
default = null
}
variable "region" {
description = "The region where components will be created"
type = string
}
##############################################################################
##############################################################################
# VPC Variables
##############################################################################
variable "vpc_id" {
description = "ID of the VPC where VSI will be provisioned. If VPC ID is `null`, a VPC will be created automatically."
type = string
default = null
}
variable "create_vpc_options" {
description = "Options to use when using this module to create a VPC."
type = object({
classic_access = optional(bool)
default_network_acl_name = optional(string)
default_security_group_name = optional(string)
default_routing_table_name = optional(string)
})
default = {
classic_access = false
default_network_acl_name = null
default_security_group_name = null
default_routing_table_name = null
}
}
variable "zones" {
description = "Number of zones for edge VPC creation"
type = number
default = 3
validation {
error_message = "VPCs zones can only be 1, 2, or 3."
condition = var.zones > 0 && var.zones < 4
}
}
variable "existing_public_gateways" {
description = "Use existing public gateways for VPC id if not creating. If creating a new VPC this value will be ignored."
type = object({
zone-1 = string
zone-2 = string
zone-3 = string
})
default = {
zone-1 = null
zone-2 = null
zone-3 = null
}
}
variable "create_public_gateways" {
description = "Create public gateways on the VPC. Public gateways will be created in each zone where an existing public gateway id has not been passed in using the `existing_public_gateways` variable. Public gateways will not be created in zones greater than the `zones` variable."
type = bool
default = true
}
##############################################################################
##############################################################################
# Network ACL Variables
##############################################################################
variable "add_cluster_rules" {
description = "Automatically add needed ACL rules to allow each network to create and manage Openshift and IKS clusters."
type = bool
default = false
}
variable "global_inbound_allow_list" {
description = "List of CIDR blocks where inbound traffic will be allowed. These allow rules will be added to each network acl."
type = list(string)
default = [
"10.0.0.0/8", # Internal network traffic
"161.26.0.0/16" # IBM Network traffic
]
validation {
error_message = "Global inbound allow list should contain no duplicate CIDR blocks."
condition = length(var.global_inbound_allow_list) == 0 ? true : (
length(var.global_inbound_allow_list) == length(distinct(var.global_inbound_allow_list))
)
}
}
variable "global_outbound_allow_list" {
description = "List of CIDR blocks where outbound traffic will be allowed. These allow rules will be added to each network acl."
type = list(string)
default = [
"0.0.0.0/0"
]
validation {
error_message = "Global outbound allow list should contain no duplicate CIDR blocks."
condition = length(var.global_outbound_allow_list) == 0 ? true : (
length(var.global_outbound_allow_list) == length(distinct(var.global_outbound_allow_list))
)
}
}
variable "global_inbound_deny_list" {
description = "List of CIDR blocks where inbound traffic will be denied. These deny rules will be added to each network acl. Deny rules will be added after all allow rules."
type = list(string)
default = [
"0.0.0.0/0"
]
validation {
error_message = "Global inbound allow list should contain no duplicate CIDR blocks."
condition = length(var.global_inbound_deny_list) == 0 ? true : (
length(var.global_inbound_deny_list) == length(distinct(var.global_inbound_deny_list))
)
}
}
variable "global_outbound_deny_list" {
description = "List of CIDR blocks where outbound traffic will be denied. These deny rules will be added to each network acl. Deny rules will be added after all allow rules."
type = list(string)
default = []
validation {
error_message = "Global outbound allow list should contain no duplicate CIDR blocks."
condition = length(var.global_outbound_deny_list) == 0 ? true : (
length(var.global_outbound_deny_list) == length(distinct(var.global_outbound_deny_list))
)
}
}
##############################################################################
##############################################################################
# Subnet Variables
##############################################################################
variable "create_vpe_subnet_tier" {
description = "Create VPE subnet tier on edge VPC."
type = bool
default = false
}
variable "create_vpn_1_subnet_tier" {
description = "Create VPN-1 subnet tier."
type = bool
default = true
}
variable "create_vpn_2_subnet_tier" {
description = "Create VPN-1 subnet tier."
type = bool
default = true
}
variable "bastion_subnet_zones" {
description = "Create Bastion subnet tier for each zone in this list. Bastion subnets created cannot exceed number of zones in `var.zones`."
type = number
default = 0
validation {
error_message = "Bastion subnet zones can be 0, 1, 2, or 3."
condition = var.bastion_subnet_zones >= 0 && var.bastion_subnet_zones < 4
}
}
##############################################################################
##############################################################################
# F5 Variables
##############################################################################
variable "vpn_firewall_type" {
description = "F5 type. Can be `full-tunnel`, `waf`, or `vpn-and-waf`."
type = string
validation {
error_message = "Bastion type must be `full-tunnel`, `waf`, `vpn-and-waf` or `null`."
condition = contains(["full-tunnel", "waf", "vpn-and-waf"], var.vpn_firewall_type)
}
}
##############################################################################