/** * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ variable "alert_config" { description = "Configuration for monitoring alerts." type = object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) }) default = { vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} } } variable "automation" { # tfdoc:variable:source 0-bootstrap description = "Automation resources created by the bootstrap stage." type = object({ outputs_bucket = string }) } variable "billing_account" { # tfdoc:variable:source 0-bootstrap description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." type = object({ id = string is_org_level = optional(bool, true) }) validation { condition = var.billing_account.is_org_level != null error_message = "Invalid `null` value for `billing_account.is_org_level`." } } variable "custom_roles" { # tfdoc:variable:source 0-bootstrap description = "Custom roles defined at the org level, in key => id format." type = object({ service_project_network_admin = string }) default = null } variable "dns" { description = "Onprem DNS resolvers." type = map(list(string)) default = { onprem = [""] } } variable "factories_config" { description = "Configuration for network resource factories." type = object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") }) default = { data_dir = "data" } nullable = false validation { condition = var.factories_config.data_dir != null error_message = "Data folder needs to be non-null." } validation { condition = var.factories_config.firewall_policy_name != null error_message = "Firewall policy name needs to be non-null." } } variable "folder_ids" { # tfdoc:variable:source 1-resman description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." type = object({ networking = string networking-dev = string networking-prod = string }) } variable "gcp_ranges" { description = "GCP address ranges in name => range format." type = map(string) default = { gcp_dev_primary = "" gcp_dev_secondary = "" gcp_landing_trusted_primary = "" gcp_landing_trusted_secondary = "" gcp_landing_untrusted_primary = "" gcp_landing_untrusted_secondary = "" gcp_prod_primary = "" gcp_prod_secondary = "" } } variable "onprem_cidr" { description = "Onprem addresses in name => range format." type = map(string) default = { main = "" } } variable "organization" { # tfdoc:variable:source 0-bootstrap description = "Organization details." type = object({ domain = string id = number customer_id = string }) } variable "outputs_location" { description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable." type = string default = null } variable "prefix" { # tfdoc:variable:source 0-bootstrap description = "Prefix used for resources that need unique names. Use 9 characters or less." type = string validation { condition = try(length(var.prefix), 0) < 10 error_message = "Use a maximum of 9 characters for prefix." } } variable "psa_ranges" { description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format." type = object({ dev = object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) }) prod = object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) }) }) default = null } variable "regions" { description = "Region definitions." type = object({ primary = string secondary = string }) default = { primary = "europe-west1" secondary = "europe-west4" } } variable "service_accounts" { # tfdoc:variable:source 1-resman description = "Automation service accounts in name => email format." type = object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string }) default = null } variable "vpn_onprem_primary_config" { description = "VPN gateway configuration for onprem interconnection in the primary region." type = object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) # each BGP session on the same Cloud Router must use a unique /30 CIDR # from the block. bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) }) default = null } variable "vpn_onprem_secondary_config" { description = "VPN gateway configuration for onprem interconnection in the secondary region." type = object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) # each BGP session on the same Cloud Router must use a unique /30 CIDR # from the block. bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) }) default = null }