-
Notifications
You must be signed in to change notification settings - Fork 3
/
ssh_variables.tf
129 lines (108 loc) · 3.76 KB
/
ssh_variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
variable "ssh_generate_signing_key" {
type = bool
default = true
description = "Generate a signing key for ssh secret backend"
}
variable "ssh_private_key" {
default = null
description = "The private key part the SSH CA key pair; required if ssh_generate_signing_key is false"
}
variable "ssh_public_key" {
default = null
description = "The public key part the SSH CA key pair; required if ssh_generate_signing_key is false"
}
variable "ssh_backend_role_name" {
type = string
default = null
description = "Name for SSH secret backend role"
}
variable "ssh_key_type" {
type = string
default = null
description = "Specifies the type of credentials generated by this role. This can be either otp, dynamic or ca."
}
variable "ssh_default_ttl" {
type = number
default = 3600
description = "Default TTL for ssh secrets backend"
}
variable "ssh_max_ttl" {
type = number
default = 3600
description = "Maximum TTL for ssh secrets backend"
}
variable "ssh_allow_bare_domains" {
type = bool
default = true
description = "Specifies if host certificates that are requested are allowed to use the base domains listed in ssh_allowed_domains."
}
variable "ssh_allow_host_certificates" {
type = bool
default = true
description = "Specifies if certificates are allowed to be signed for use as a 'host'."
}
variable "ssh_allow_subdomains" {
type = bool
default = true
description = "Specifies if host certificates that are requested are allowed to be subdomains of those listed in allowed_domains."
}
variable "ssh_allow_user_certificates" {
type = bool
default = true
description = "Specifies if certificates are allowed to be signed for use as a 'user'."
}
variable "ssh_allow_user_key_ids" {
type = bool
default = true
description = "Specifies if users can override the key ID for a signed certificate with the key_id field."
}
variable "ssh_allowed_critical_options" {
type = string
default = null
description = "Specifies a comma-separated list of critical options that certificates can have when signed."
}
variable "ssh_allowed_domains" {
type = string
default = null
description = "The list of domains for which a client can request a host certificate."
}
variable "ssh_allowed_extensions" {
type = string
default = null
description = "Specifies a comma-separated list of extensions that certificates can have when signed."
}
variable "ssh_allowed_users" {
type = string
default = null
description = "Specifies a comma-separated list of usernames that are to be allowed, only if certain usernames are to be allowed."
}
variable "ssh_allowed_user_key_lengths" {
type = map(string)
default = null
description = "Specifies a map of ssh key types and their expected sizes which are allowed to be signed by the CA type."
}
variable "ssh_default_extensions" {
type = map(string)
default = null
description = "Specifies a map of extensions that certificates have when signed."
}
variable "ssh_default_critical_options" {
type = map(string)
default = null
description = "Specifies a map of critical options that certificates have when signed."
}
variable "ssh_cidr_list" {
type = string
default = null
description = "The comma-separated string of CIDR blocks for which this role is applicable."
}
variable "ssh_default_user" {
type = string
default = null
description = "Specifies the default username for which a credential will be generated."
}
variable "ssh_key_id_format" {
type = string
default = null
description = "Specifies a custom format for the key id of a signed certificate."
}