-
Notifications
You must be signed in to change notification settings - Fork 3
/
azure_variables.tf
88 lines (73 loc) · 2.6 KB
/
azure_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
variable "azure_subscription_id" {
type = string
default = "null"
description = "Azure subscription ID"
}
variable "azure_tenant_id" {
type = string
default = null
description = "Azure tenant ID"
}
variable "azure_client_id" {
type = string
default = null
description = "Client ID for Azure Service Principal. WARNING - This will be written to the state file in plain text"
}
variable "azure_client_secret" {
type = string
default = null
description = "Client secret for Azure Service Principal. WARNING - This will be written to the state file in plain text"
}
variable "azure_environment" {
type = string
default = "AzurePublicCloud"
description = "The Azure cloud environment to use."
validation {
condition = can(contains(["AzurePublicCloud", "AzureUSGovernmentCloud", "AzureChinaCloud", "AzureGermanCloud"], var.azure_environment))
error_message = "The Azure Environment value must be a valid identifier."
}
}
variable "azure_secret_backend_role_name" {
type = string
default = null
description = "Name for Azure secret backend role"
}
variable "azure_secret_backend_max_ttl" {
type = number
default = 3600
description = "Maximum TTL for Azure secret backend."
}
variable "azure_secret_backend_ttl" {
type = number
default = 3600
description = "Default TTL for Azure secret backend."
}
variable "use_resource_group" {
type = bool
default = false
description = "Toggle to enable usage of Resource Groups for Azure Role Scopes. When set to true, resource_group_identifier must be set."
}
variable "azure_role" {
type = string
default = "Reader"
description = "Azure role to assigned to service principal."
validation {
condition = can(contains(["Reader", "Contributor", "Owner"], var.azure_role))
error_message = "The Azure role must be one of Reader, Contributor, Owner."
}
}
variable "resource_group_identifier" {
type = string
default = "null"
description = "Azure Resource Group Identifier"
}
locals {
global_identifier = "/subscription/${var.azure_subscription_id}"
local_identifier = "/subscription/${var.azure_subscription_id}/resourceGroups/${var.resource_group_identifier}"
azure_role_scope = var.use_resource_group ? local.local_identifier : local.global_identifier
}
variable "azure_app_id" {
type = string
default = null
description = "Application Object ID for an existing service principal that will be used instead of creating dynamic service principals. azure_roles will be ignored if this is used"
}