2022-01-19 05:17:20 -08:00
/ * *
* Copyright 2022 Google LLC
*
* Licensed under the Apache License , Version 2 . 0 ( the " License " ) ;
* you may not use this file except in compliance with the License .
* You may obtain a copy of the License at
*
* http : //www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing , software
* distributed under the License is distributed on an " AS IS " BASIS ,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND , either express or implied .
* See the License for the specific language governing permissions and
* limitations under the License .
* /
# defaults for variables marked with global tfdoc annotations, can be set via
# the tfvars file generated in stage 00 and stored in its outputs
2022-04-11 23:17:27 -07:00
variable " automation " {
2022-02-15 15:35:50 -08:00
# tfdoc:variable:source 00-bootstrap
2022-04-11 23:17:27 -07:00
description = " Automation resources created by the bootstrap stage. "
type = object ( {
outputs_bucket = string
project_id = string
federated_identity_pool = string
federated_identity_providers = map ( object ( {
issuer = string
issuer_uri = string
name = string
principal_tpl = string
principalset_tpl = string
} ) )
} )
2022-02-15 15:35:50 -08:00
}
2022-01-19 05:17:20 -08:00
variable " billing_account " {
# tfdoc:variable:source 00-bootstrap
description = " Billing account id and organization id ('nnnnnnnn' or null). "
type = object ( {
id = string
organization_id = number
} )
}
2022-04-11 23:17:27 -07:00
variable " cicd_repositories " {
description = " CI/CD repository configuration. Identity providers reference keys in the `automation.federated_identity_providers` variable. Set to null to disable, or set individual repositories to null if not needed. "
type = object ( {
data_platform_dev = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
data_platform_prod = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
networking = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
project_factory_dev = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
project_factory_prod = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
security = object ( {
branch = string
identity_provider = string
name = string
type = string
} )
} )
default = null
validation {
condition = alltrue ( [
for k , v in coalesce ( var . cicd_repositories , { } ) :
v == null | | (
try ( v . name , null ) ! = null
&&
try ( v . identity_provider , null ) ! = null
)
] )
error_message = " Non-null repositories need non-null name and providers. "
}
validation {
condition = alltrue ( [
for k , v in coalesce ( var . cicd_repositories , { } ) :
v == null | | (
contains ( [ " github " ] , coalesce ( try ( v . type , null ) , " null " ) )
)
] )
error_message = " Invalid repository type, supported types: 'github'. "
}
}
2022-01-19 05:17:20 -08:00
variable " custom_roles " {
# tfdoc:variable:source 00-bootstrap
description = " Custom roles defined at the org level, in key => id format. "
2022-02-25 03:19:10 -08:00
type = object ( {
service_project_network_admin = string
} )
default = null
2022-01-19 05:17:20 -08:00
}
variable " groups " {
# tfdoc:variable:source 00-bootstrap
description = " Group names to grant organization-level permissions. "
type = map ( string )
# https://cloud.google.com/docs/enterprise/setup-checklist
default = {
gcp - billing - admins = " gcp-billing-admins " ,
gcp - devops = " gcp-devops " ,
gcp - network - admins = " gcp-network-admins "
gcp - organization - admins = " gcp-organization-admins "
gcp - security - admins = " gcp-security-admins "
gcp - support = " gcp-support "
}
}
variable " organization " {
# tfdoc:variable:source 00-bootstrap
description = " Organization details. "
type = object ( {
domain = string
id = number
customer_id = string
} )
}
variable " organization_policy_configs " {
description = " Organization policies customization. "
type = object ( {
allowed_policy_member_domains = list ( string )
} )
default = null
}
variable " outputs_location " {
2022-04-11 23:17:27 -07:00
description = " Enable writing provider, tfvars and CI/CD workflow files to local filesystem. Leave null to disable "
2022-01-19 05:17:20 -08:00
type = string
default = null
}
variable " prefix " {
# tfdoc:variable:source 00-bootstrap
2022-02-12 04:29:22 -08:00
description = " Prefix used for resources that need unique names. Use 9 characters or less. "
2022-01-19 05:17:20 -08:00
type = string
2022-02-12 04:29:22 -08:00
validation {
condition = try ( length ( var . prefix ) , 0 ) < 10
error_message = " Use a maximum of 9 characters for prefix. "
}
2022-01-19 05:17:20 -08:00
}
variable " team_folders " {
description = " Team folders to be created. Format is described in a code comment. "
type = map ( object ( {
descriptive_name = string
group_iam = map ( list ( string ) )
impersonation_groups = list ( string )
} ) )
default = null
# default = {
# team-a = {
# descriptive_name = "Team A"
# group_iam = {
2022-02-07 02:15:13 -08:00
# team-a-group@example.com = ["roles/owner", "roles/resourcemanager.projectCreator"]
2022-01-19 05:17:20 -08:00
# }
# impersonation_groups = ["team-a-admins@example.com"]
# }
# }
}