2023-04-04 11:41:04 -07:00
/ * *
2024-01-31 04:44:51 -08:00
* Copyright 2024 Google LLC
2023-04-04 11:41:04 -07:00
*
* Licensed under the Apache License , Version 2 . 0 ( the " License " ) ;
* you may not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http : //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an " AS IS " BASIS ,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
* /
2023-06-02 07:55:35 -07:00
variable " alert_config " {
description = " Configuration for monitoring alerts. "
type = object ( {
vpn_tunnel_established = optional ( object ( {
auto_close = optional ( string , null )
duration = optional ( string , " 120s " )
enabled = optional ( bool , true )
notification_channels = optional ( list ( string ) , [ ] )
user_labels = optional ( map ( string ) , { } )
} ) )
vpn_tunnel_bandwidth = optional ( object ( {
auto_close = optional ( string , null )
duration = optional ( string , " 120s " )
enabled = optional ( bool , true )
notification_channels = optional ( list ( string ) , [ ] )
threshold_mbys = optional ( string , " 187.5 " )
user_labels = optional ( map ( string ) , { } )
} ) )
} )
default = {
vpn_tunnel_established = { }
vpn_tunnel_bandwidth = { }
}
}
2023-04-04 11:41:04 -07:00
variable " automation " {
# tfdoc:variable:source 0-bootstrap
description = " Automation resources created by the bootstrap stage. "
type = object ( {
outputs_bucket = string
} )
}
variable " billing_account " {
# tfdoc:variable:source 0-bootstrap
description = " Billing account id. If billing account is not part of the same org set `is_org_level` to false. "
type = object ( {
id = string
is_org_level = optional ( bool , true )
} )
validation {
condition = var . billing_account . is_org_level ! = null
error_message = " Invalid `null` value for `billing_account.is_org_level`. "
}
}
variable " custom_roles " {
# tfdoc:variable:source 0-bootstrap
description = " Custom roles defined at the org level, in key => id format. "
type = object ( {
service_project_network_admin = string
} )
default = null
}
variable " dns " {
2024-01-31 04:44:51 -08:00
description = " DNS configuration. "
type = object ( {
enable_logging = optional ( bool , true )
resolvers = optional ( list ( string ) , [ ] )
} )
default = { }
nullable = false
2023-04-04 11:41:04 -07:00
}
2024-02-02 01:58:16 -08:00
variable " enable_cloud_nat " {
description = " Deploy Cloud NAT. "
type = bool
default = false
nullable = false
}
2023-04-04 11:41:04 -07:00
variable " factories_config " {
description = " Configuration for network resource factories. "
type = object ( {
2023-05-03 22:38:40 -07:00
data_dir = optional ( string , " data " )
dns_policy_rules_file = optional ( string , " data/dns-policy-rules.yaml " )
2023-08-21 23:55:56 -07:00
firewall_policy_name = optional ( string , " net-default " )
2023-04-04 11:41:04 -07:00
} )
default = {
data_dir = " data "
}
nullable = false
validation {
condition = var . factories_config . data _ dir ! = null
error_message = " Data folder needs to be non-null. "
}
validation {
condition = var . factories_config . firewall_policy_name ! = null
error_message = " Firewall policy name needs to be non-null. "
}
}
variable " folder_ids " {
# tfdoc:variable:source 1-resman
description = " Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. "
type = object ( {
networking = string
networking - dev = string
networking - prod = string
} )
}
variable " gcp_ranges " {
description = " GCP address ranges in name => range format. "
type = map ( string )
default = {
2023-09-21 07:27:53 -07:00
gcp_dev_primary = " 10.68.0.0/16 "
gcp_dev_secondary = " 10.84.0.0/16 "
gcp_landing_trusted_primary = " 10.64.0.0/17 "
gcp_landing_trusted_secondary = " 10.80.0.0/17 "
gcp_landing_untrusted_primary = " 10.64.127.0/17 "
gcp_landing_untrusted_secondary = " 10.80.127.0/17 "
gcp_prod_primary = " 10.72.0.0/16 "
gcp_prod_secondary = " 10.88.0.0/16 "
2023-04-04 11:41:04 -07:00
}
}
2024-01-25 03:20:14 -08:00
variable " groups " {
# tfdoc:variable:source 0-bootstrap
description = " Group names or emails to grant organization-level permissions. If just the name is provided, the default organization domain is assumed. "
type = object ( {
gcp - network - admins = optional ( string )
} )
default = { }
nullable = false
}
2023-04-04 11:41:04 -07:00
variable " ncc_asn " {
description = " The NCC Cloud Routers ASN configuration. "
type = map ( number )
default = {
nva_primary = 64513
nva_secondary = 64514
trusted = 64515
untrusted = 64512
}
}
variable " onprem_cidr " {
description = " Onprem addresses in name => range format. "
type = map ( string )
default = {
main = " 10.0.0.0/24 "
}
}
variable " organization " {
# tfdoc:variable:source 0-bootstrap
description = " Organization details. "
type = object ( {
domain = string
id = number
customer_id = string
} )
}
variable " outputs_location " {
description = " Path where providers and tfvars files for the following stages are written. Leave empty to disable. "
type = string
default = null
}
variable " prefix " {
# tfdoc:variable:source 0-bootstrap
description = " Prefix used for resources that need unique names. Use 9 characters or less. "
type = string
validation {
condition = try ( length ( var . prefix ) , 0 ) < 10
error_message = " Use a maximum of 9 characters for prefix. "
}
}
variable " psa_ranges " {
description = " IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format. "
type = object ( {
dev = object ( {
2023-10-15 23:57:18 -07:00
ranges = map ( string )
export_routes = optional ( bool , false )
import_routes = optional ( bool , false )
peered_domains = optional ( list ( string ) , [ ] )
2023-04-04 11:41:04 -07:00
} )
prod = object ( {
2023-10-15 23:57:18 -07:00
ranges = map ( string )
export_routes = optional ( bool , false )
import_routes = optional ( bool , false )
peered_domains = optional ( list ( string ) , [ ] )
2023-04-04 11:41:04 -07:00
} )
} )
default = null
}
variable " regions " {
description = " Region definitions. "
type = object ( {
primary = string
secondary = string
} )
default = {
primary = " europe-west1 "
secondary = " europe-west4 "
}
}
variable " service_accounts " {
# tfdoc:variable:source 1-resman
description = " Automation service accounts in name => email format. "
type = object ( {
data - platform - dev = string
data - platform - prod = string
gke - dev = string
gke - prod = string
project - factory - dev = string
project - factory - prod = string
} )
default = null
}
variable " vpn_onprem_primary_config " {
description = " VPN gateway configuration for onprem interconnection in the primary region. "
type = object ( {
peer_external_gateways = map ( object ( {
redundancy_type = string
interfaces = list ( string )
} ) )
router_config = object ( {
create = optional ( bool , true )
asn = number
name = optional ( string )
keepalive = optional ( number )
custom_advertise = optional ( object ( {
all_subnets = bool
ip_ranges = map ( string )
} ) )
} )
tunnels = map ( object ( {
bgp_peer = object ( {
address = string
asn = number
route_priority = optional ( number , 1000 )
custom_advertise = optional ( object ( {
all_subnets = bool
all_vpc_subnets = bool
all_peer_vpc_subnets = bool
ip_ranges = map ( string )
} ) )
} )
# each BGP session on the same Cloud Router must use a unique /30 CIDR
# from the 169.254.0.0/16 block.
bgp_session_range = string
ike_version = optional ( number , 2 )
peer_external_gateway_interface = optional ( number )
peer_gateway = optional ( string , " default " )
router = optional ( string )
shared_secret = optional ( string )
vpn_gateway_interface = number
} ) )
} )
default = null
}
variable " vpn_onprem_secondary_config " {
description = " VPN gateway configuration for onprem interconnection in the secondary region. "
type = object ( {
peer_external_gateways = map ( object ( {
redundancy_type = string
interfaces = list ( string )
} ) )
router_config = object ( {
create = optional ( bool , true )
asn = number
name = optional ( string )
keepalive = optional ( number )
custom_advertise = optional ( object ( {
all_subnets = bool
ip_ranges = map ( string )
} ) )
} )
tunnels = map ( object ( {
bgp_peer = object ( {
address = string
asn = number
route_priority = optional ( number , 1000 )
custom_advertise = optional ( object ( {
all_subnets = bool
all_vpc_subnets = bool
all_peer_vpc_subnets = bool
ip_ranges = map ( string )
} ) )
} )
# each BGP session on the same Cloud Router must use a unique /30 CIDR
# from the 169.254.0.0/16 block.
bgp_session_range = string
ike_version = optional ( number , 2 )
peer_external_gateway_interface = optional ( number )
peer_gateway = optional ( string , " default " )
router = optional ( string )
shared_secret = optional ( string )
vpn_gateway_interface = number
} ) )
} )
default = null
}
variable " zones " {
description = " Zones in which NVAs are deployed. "
type = list ( string )
default = [ " b " , " c " ]
2023-08-21 23:55:56 -07:00
}