generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
135 lines (116 loc) · 6.61 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
##############################################################################
# Input Variables
##############################################################################
variable "resource_group_id" {
description = "The ID of the resource group where the Event Notifications instance is created."
type = string
}
variable "name" {
type = string
description = "The name of the Event Notifications instance that is created by this module."
}
variable "cos_bucket_name" {
type = string
description = "The name of an existing IBM Cloud Object Storage bucket which will be used for storage of failed delivery events. Required if `cos_integration_enabled` is set to true."
default = null
}
variable "cos_instance_id" {
type = string
description = "The ID of the IBM Cloud Object Storage instance in which the bucket that is defined in the `cos_bucket_name` variable exists. Required if `cos_integration_enabled` is set to true."
default = null
}
variable "cos_endpoint" {
type = string
description = "The endpoint URL for your bucket region. For more information, see https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-endpoints. Required if `cos_integration_enabled` is set to true."
default = null
}
variable "plan" {
type = string
description = "The pricing plan of the Event Notifications instance. Possible values: `Lite`, `Standard`"
default = "standard"
validation {
condition = contains(["lite", "standard"], var.plan)
error_message = "The specified pricing plan is not available. The following plans are supported: `Lite`, `Standard`"
}
}
variable "tags" {
type = list(string)
description = "The list of tags to add to the Event Notifications instance."
default = []
}
variable "region" {
type = string
description = "The IBM Cloud region where the Event Notifications resource is created. Possible values: `us-south` (Dallas), `eu-gb` (London), `eu-de` (Frankfurt), `au-syd` (Sydney), `eu-es` (Madrid)"
default = "us-south"
validation {
condition = contains(["us-south", "eu-gb", "eu-de", "au-syd", "eu-es", "eu-fr2"], var.region)
error_message = "The specified region is not supported. The following regions are supported: `us-south` (Dallas), `eu-gb` (London), `eu-de` (Frankfurt), `au-syd` (Sydney), `eu-es` (Madrid), `eu-fr2` (BNPP)"
}
}
variable "kms_endpoint_url" {
description = "The URL of the KMS endpoint to use when configuring KMS encryption. The Hyper Protect Crypto Services endpoint URL format can be found at https://cloud.ibm.com/docs/hs-crypto?topic=hs-crypto-regions#new-service-endpoints, and the Key Protect endpoint URL format can be found here https://cloud.ibm.com/docs/key-protect?topic=key-protect-regions#service-endpoints."
type = string
default = null
}
variable "service_endpoints" {
type = string
description = "Specify whether you want to enable public, or both public and private service endpoints. Possible values: `public`, `public-and-private`"
default = "public-and-private"
validation {
condition = contains(["public", "public-and-private"], var.service_endpoints)
error_message = "The specified service endpoint is not supported. The following endpoint options are supported: `public`, `public-and-private`"
}
}
variable "cbr_rules" {
type = list(object({
description = string
account_id = string
rule_contexts = list(object({
attributes = optional(list(object({
name = string
value = string
}))) }))
enforcement_mode = string
}))
description = "The list of context-based restrictions rules to create."
default = []
}
variable "skip_en_kms_auth_policy" {
type = bool
description = "Set to `true` to skip the creation of an IAM authorization policy that permits the Event Notifications instance to read the encryption key from the KMS instance. If set to `false`, a value must be passed for the KMS instance and key using inputs `existing_kms_instance_crn` and `root_key_id`. In addition, no policy is created if `kms_encryption_enabled` is set to `false`."
default = false
}
variable "kms_encryption_enabled" {
type = bool
description = "Set to `true` to control the encryption keys that are used to encrypt the data that you store in the Event Notifications instance. If set to `false`, the data is encrypted by using randomly generated keys. For more information, see [Managing encryption](https://cloud.ibm.com/docs/event-notifications?topic=event-notifications-en-managing-encryption)."
default = false
}
variable "skip_en_cos_auth_policy" {
type = bool
description = "Set to `true` to skip the creation of an IAM authorization policy that permits the Event Notifications instance `Object Writer` and `Reader` access to the given Object Storage bucket. Ignored if `cos_integration_enabled` is set to `false`."
default = false
}
variable "cos_integration_enabled" {
type = bool
description = "Set to `true` to connect a Cloud Object Storage service instance to your Event Notifications instance to collect events that failed delivery. If set to false, no failed events will be captured."
default = false
}
variable "existing_kms_instance_crn" {
description = "The CRN of the Hyper Protect Crypto Services or Key Protect instance. Required only if `var.kms_encryption_enabled` is set to `true`."
type = string
default = null
}
variable "root_key_id" {
type = string
description = "The key ID of a root key, existing in the KMS instance passed in `var.existing_kms_instance_crn`, which will be used to encrypt the data encryption keys which are then used to encrypt the data. Required only if `var.kms_encryption_enabled` is set to `true`."
default = null
}
variable "service_credential_names" {
description = "The mapping of names and roles for service credentials that you want to create for the Event Notifications instance."
type = map(string)
default = {}
validation {
condition = alltrue([for name, role in var.service_credential_names : contains(["Manager", "Writer", "Reader", "Event Source Manager", "Channel Editor", "Event Notification Publisher", "Status Reporter", "Device Manager", "Email Sender", "Custom Email Status Reporter"], role)])
error_message = "The specified service credential role is not valid. The following values are valid for service credential roles: 'Manager', 'Writer', 'Reader', 'Event Source Manager', 'Channel Editor', 'Event Notification Publisher', 'Status Reporter', 'Device Manager', 'Email Sender', 'Custom Email Status Reporter'"
}
}