/** * Copyright 2024 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ variable "alert_config" { description = "Configuration for monitoring alerts." type = object({ vpn_tunnel_established = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) user_labels = optional(map(string), {}) })) vpn_tunnel_bandwidth = optional(object({ auto_close = optional(string, null) duration = optional(string, "120s") enabled = optional(bool, true) notification_channels = optional(list(string), []) threshold_mbys = optional(string, "187.5") user_labels = optional(map(string), {}) })) }) default = { vpn_tunnel_established = {} vpn_tunnel_bandwidth = {} } } variable "automation" { # tfdoc:variable:source 0-bootstrap description = "Automation resources created by the bootstrap stage." type = object({ outputs_bucket = string }) } variable "billing_account" { # tfdoc:variable:source 0-bootstrap description = "Billing account id. If billing account is not part of the same org set `is_org_level` to false." type = object({ id = string is_org_level = optional(bool, true) }) validation { condition = var.billing_account.is_org_level != null error_message = "Invalid `null` value for `billing_account.is_org_level`." } } variable "custom_roles" { # tfdoc:variable:source 0-bootstrap description = "Custom roles defined at the org level, in key => id format." type = object({ service_project_network_admin = string }) default = null } variable "dns" { description = "DNS configuration." type = object({ enable_logging = optional(bool, true) resolvers = optional(list(string), []) }) default = {} nullable = false } variable "enable_cloud_nat" { description = "Deploy Cloud NAT." type = bool default = false nullable = false } variable "essential_contacts" { description = "Email used for essential contacts, unset if null." type = string default = null } variable "factories_config" { description = "Configuration for network resource factories." type = object({ data_dir = optional(string, "data") dns_policy_rules_file = optional(string, "data/dns-policy-rules.yaml") firewall_policy_name = optional(string, "net-default") }) default = { data_dir = "data" } nullable = false validation { condition = var.factories_config.data_dir != null error_message = "Data folder needs to be non-null." } validation { condition = var.factories_config.firewall_policy_name != null error_message = "Firewall policy name needs to be non-null." } } variable "folder_ids" { # tfdoc:variable:source 1-resman description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created." type = object({ networking = string networking-dev = string networking-prod = string }) } variable "gcp_ranges" { description = "GCP address ranges in name => range format." type = map(string) default = { gcp_dev_primary = "10.68.0.0/16" gcp_dev_secondary = "10.84.0.0/16" gcp_landing_landing_primary = "10.64.0.0/17" gcp_landing_landing_secondary = "10.80.0.0/17" gcp_dmz_primary = "10.64.127.0/17" gcp_dmz_secondary = "10.80.127.0/17" gcp_prod_primary = "10.72.0.0/16" gcp_prod_secondary = "10.88.0.0/16" } } variable "onprem_cidr" { description = "Onprem addresses in name => range format." type = map(string) default = { main = "10.0.0.0/24" } } variable "organization" { # tfdoc:variable:source 0-bootstrap description = "Organization details." type = object({ domain = string id = number customer_id = string }) } variable "outputs_location" { description = "Path where providers and tfvars files for the following stages are written. Leave empty to disable." type = string default = null } variable "prefix" { # tfdoc:variable:source 0-bootstrap description = "Prefix used for resources that need unique names. Use 9 characters or less." type = string validation { condition = try(length(var.prefix), 0) < 10 error_message = "Use a maximum of 9 characters for prefix." } } variable "psa_ranges" { description = "IP ranges used for Private Service Access (e.g. CloudSQL). Ranges is in name => range format." type = object({ dev = object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) }) prod = object({ ranges = map(string) export_routes = optional(bool, false) import_routes = optional(bool, false) peered_domains = optional(list(string), []) }) }) default = null } variable "regions" { description = "Region definitions." type = object({ primary = string secondary = string }) default = { primary = "europe-west1" secondary = "europe-west4" } } variable "service_accounts" { # tfdoc:variable:source 1-resman description = "Automation service accounts in name => email format." type = object({ data-platform-dev = string data-platform-prod = string gke-dev = string gke-prod = string project-factory-dev = string project-factory-prod = string }) default = null } variable "vpn_onprem_primary_config" { description = "VPN gateway configuration for onprem interconnection in the primary region." type = object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) # each BGP session on the same Cloud Router must use a unique /30 CIDR # from the 169.254.0.0/16 block. bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) }) default = null } variable "vpn_onprem_secondary_config" { description = "VPN gateway configuration for onprem interconnection in the secondary region." type = object({ peer_external_gateways = map(object({ redundancy_type = string interfaces = list(string) })) router_config = object({ create = optional(bool, true) asn = number name = optional(string) keepalive = optional(number) custom_advertise = optional(object({ all_subnets = bool ip_ranges = map(string) })) }) tunnels = map(object({ bgp_peer = object({ address = string asn = number route_priority = optional(number, 1000) custom_advertise = optional(object({ all_subnets = bool all_vpc_subnets = bool all_peer_vpc_subnets = bool ip_ranges = map(string) })) }) # each BGP session on the same Cloud Router must use a unique /30 CIDR # from the 169.254.0.0/16 block. bgp_session_range = string ike_version = optional(number, 2) peer_external_gateway_interface = optional(number) peer_gateway = optional(string, "default") router = optional(string) shared_secret = optional(string) vpn_gateway_interface = number })) }) default = null }