-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
124 lines (108 loc) · 3.92 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
variable "management_tenant_dns_zoneid" {
description = "The Route53 ZoneID that all the delegation is coming from."
type = string
nullable = false
}
variable "this_is_development" {
description = "The development cluster environment and data/resources can be destroyed!"
type = string
nullable = false
default = false
}
variable "tenant_key" {
description = "The tenant key"
type = string
nullable = false
}
variable "tenant_account_id" {
description = "The tenant AWS account id"
type = string
nullable = false
}
variable "github_owner" {
description = "The GitHub Owner where the tenant repo will be deployed."
type = string
nullable = false
}
variable "management_tenant_dns_aws_account_id" {
description = "The company AWS account id for the management-tenant-dns account"
type = string
nullable = false
}
variable "cluster_environments" {
description = "The cluster environments and their respective github app ids"
type = list(object({
environment_name = string
host_network_enabled = bool
github_oauth_app_client_id = string
github_oauth_app_client_secret = string
github_tenant_app_id = string
github_tenant_app_installation_id = string
github_tenant_app_b64enc_private_key = string
admin_github_org_name = string
tenant_github_org_name = string
vault_github_org_team_policy_mappings = list(object({
oidc_groups = list(string)
policy_name = string
}))
argocd_rbac_policies = string
}))
default = [
{
environment_name = "test"
host_network_enabled = true
github_oauth_app_client_id = "oauth-app-id"
github_oauth_app_client_secret = "oauth-app-secret"
github_tenant_app_id = "tenant-github-app-id"
github_tenant_app_installation_id = "tenant-github-app-installation-id"
github_tenant_app_b64enc_private_key = "tenant-github-app-b64enc-private-key"
admin_github_org_name = "GlueOps"
tenant_github_org_name = "glueops-rocks"
vault_github_org_team_policy_mappings = [
{
oidc_groups = ["GlueOps:vault_super_admins"]
policy_name = "editor"
},
{
oidc_groups = ["GlueOps:vault_super_admins", "testing-okta:developers"]
policy_name = "reader"
}
]
argocd_rbac_policies = <<EOT
g, GlueOps:argocd_super_admins, role:admin
g, glueops-rocks:developers, role:developers
p, role:developers, clusters, get, *, allow
p, role:developers, *, get, development, allow
p, role:developers, repositories, *, development/*, allow
p, role:developers, applications, *, development/*, allow
p, role:developers, exec, *, development/*, allow
EOT
},
]
}
locals {
environment_map = { for env in var.cluster_environments : env.environment_name => env }
}
locals {
cluster_environments = toset(keys(local.environment_map))
}
variable "primary_region" {
description = "The primary S3 region to create S3 bucket in used for backups. This should be the same region as the one where the cluster is being deployed."
type = string
nullable = false
}
variable "backup_region" {
description = "The secondary S3 region to create S3 bucket in used for backups. This should be different than the primary region and will have the data from the primary region replicated to it."
type = string
nullable = false
}
locals {
management_tenant_dns_zoneid = var.management_tenant_dns_zoneid
record_ttl = "60"
ns_record_type = "NS"
bucket_name = "glueops-tenant-${var.tenant_key}"
}
variable "opsgenie_emails" {
description = "List of user email addresses"
type = list(string)
}