forked from bethdevopsbunny/terraform-google-justintime
-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
107 lines (86 loc) · 2.59 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
variable "gcp_service_list" {
description = "The list of apis necessary for the project"
type = list(string)
default = [
"compute.googleapis.com",
"iap.googleapis.com",
"run.googleapis.com",
"cloudasset.googleapis.com",
"cloudresourcemanager.googleapis.com",
"iamcredentials.googleapis.com",
"secretmanager.googleapis.com",
]
}
# Deployment Variables
variable "container_image" {
type = string
description = "Container registry path for the Just In Time application"
}
variable "project" {
type = string
description = "The project ID where the Just In Time application is deployed into"
}
variable "auth_consent_screen_support_email" {
type = string
description = "Support email for IAP"
}
variable "dns_name" {
type = string
description = "Dns name of the Just In Time application"
}
variable "region" {
type = string
description = "The region where the Just In Time application is deployed into"
}
variable "iap_access_principle" {
type = string
description = "Who is able to access the IAP"
}
variable "application_name" {
type = string
description = "The name of the application"
}
variable "allow_unauthenticated_invocations" {
type = bool
description = "Opens the jit http endpoint up to unauthenticated users. This is ill-advised."
default = false
}
variable "maximum_duration" {
type = number
description = "Sets the longest duration that a user can request"
default = 60
}
variable "justification_hint" {
type = string
description = "Hint provided to the user when selecting why they are asking for the role"
default = "Bug or case number"
}
variable "justification_pattern" {
type = string
description = "Regex pattern that justification must match"
default = ".*"
}
## Scope Variables
variable "scope_type" {
type = string
description = "The level in google cloud hierarchy the application sits"
validation {
condition = contains(["organizations", "folders", "projects"], var.scope_type)
error_message = "Valid values for variable: scope_type are (organizations, folders, projects)."
}
}
variable "acting_project" {
type = string
description = "Project ID when scope_type set to 'projects'"
default = ""
}
variable "acting_folder" {
type = string
description = "Folder ID when scope_type set to 'folders'"
default = ""
}
variable "acting_organization" {
type = string
description = "Organization ID when scope_type set to 'organizations'"
default = ""
}