generated from Azure/terraform-azurerm-avm-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvariables.tf
92 lines (80 loc) · 3.77 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
variable "name" {
type = string
description = "The name of the Container App."
nullable = false
validation {
condition = can(regex("^[a-zA-Z0-9][a-zA-Z0-9-]{0,30}[a-zA-Z0-9]$", var.name))
error_message = "The name must be between 2 and 32 characters long, can only contain alphanumerics or hyphens, and may not start or end with a hyphen."
}
}
variable "resource_group_name" {
type = string
description = "(Required) The name of the resource group in which the Container App Environment is to be created. Changing this forces a new resource to be created."
}
variable "enable_telemetry" {
type = bool
default = false
description = <<DESCRIPTION
This variable controls whether or not telemetry is enabled for the module.
For more information see https://aka.ms/avm/telemetryinfo.
If it is set to false, then no telemetry will be collected.
DESCRIPTION
}
variable "location" {
type = string
default = null
description = "Azure region where the resource should be deployed. If null, the location will be inferred from the resource group location."
}
# required AVM interfaces
variable "lock" {
type = object({
name = optional(string, null)
kind = optional(string, "None")
})
default = {}
description = "The lock level to apply to the resource. Default is `None`. Possible values are `None`, `CanNotDelete`, and `ReadOnly`."
nullable = false
validation {
condition = contains(["CanNotDelete", "ReadOnly", "None"], var.lock.kind)
error_message = "The lock level must be one of: 'None', 'CanNotDelete', or 'ReadOnly'."
}
}
variable "managed_identities" {
type = object({
system_assigned = optional(bool, false)
user_assigned_resource_ids = optional(set(string), [])
})
default = {}
description = <<DESCRIPTION
Configurations for managed identities in Azure. This variable allows you to specify both system-assigned and user-assigned managed identities for resources that support identity-based authentication.
- `system_assigned` - (Optional) A boolean flag indicating whether to enable the system-assigned managed identity. Defaults to `false`.
- `user_assigned_resource_ids` - (Optional) A set of user-assigned managed identity resource IDs to be associated with the resource.
DESCRIPTION
}
variable "role_assignments" {
type = map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
}))
default = {}
description = <<DESCRIPTION
A map of role assignments to create on the Container Registry. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time.
- `role_definition_id_or_name` - The ID or name of the role definition to assign to the principal.
- `principal_id` - The ID of the principal to assign the role to.
- `description` - The description of the role assignment.
- `skip_service_principal_aad_check` - If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false.
- `condition` - The condition which will be used to scope the role assignment.
- `condition_version` - The version of the condition syntax. Valid values are '2.0'.
> Note: only set `skip_service_principal_aad_check` to true if you are assigning a role to a service principal.
DESCRIPTION
}
variable "tags" {
type = map(string)
default = {}
description = "Custom tags to apply to the resource."
}