-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathvariables.tf
97 lines (81 loc) · 4 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# ---------------------------------------------------------------------------------------------------------------------
# REQUIRED VARIABLES
# These variables must be set when using this module.
# ---------------------------------------------------------------------------------------------------------------------
variable "account_id" {
description = "(Required) The account id that is used to generate the service account email address and a stable unique id. It is unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035."
type = string
validation {
condition = length(var.account_id) >= 6 && length(var.account_id) <= 30 && can(regex("[a-z]([-a-z0-9]*[a-z0-9])", var.account_id))
error_message = "It must be unique within a project, must be 6-30 characters long, and match the regular expression [a-z]([-a-z0-9]*[a-z0-9]) to comply with RFC1035."
}
}
# ---------------------------------------------------------------------------------------------------------------------
# OPTIONAL VARIABLES
# These variables have defaults, but may be overridden.
# ---------------------------------------------------------------------------------------------------------------------
variable "display_name" {
description = "(Optional) The display name for the service account. Can be updated without creating a new resource."
type = string
default = null
}
variable "description" {
description = "(Optional) A text description of the service account. Must be less than or equal to 256 UTF-8 bytes."
type = string
default = null
}
variable "project" {
description = "(Optional) The project ID. If not specified, terraform uses the ID of the project configured with the provider."
type = string
default = null
}
variable "projects_access" {
description = "(Optional) A set of projects with roles that are going to be granted to the service account."
type = any
default = []
}
variable "folders_access" {
description = "(Optional) A set of folders with roles that are going to be granted to the service account."
type = any
default = []
}
variable "organization_access" {
description = "(Optional) An organization object setting the organization and the organization wide roles that are going to be granted to the service account."
type = any
default = {}
}
## IAM
variable "iam" {
description = "(Optional) A list of IAM access."
type = any
default = []
}
variable "policy_bindings" {
description = "(Optional) A list of IAM policy bindings."
type = any
default = null
}
variable "computed_members_map" {
type = map(string)
description = "(Optional) A map of members to replace in 'members' to handle terraform computed values. Will be ignored when policy bindings are used."
default = {}
validation {
condition = alltrue([for k, v in var.computed_members_map : can(regex("^(allUsers|allAuthenticatedUsers|(user|serviceAccount|group|domain|principal|principalSet):)", v))])
error_message = "The value must be a non-empty string being a valid principal type identified with `allUsers`, `allAuthenticatedUsers` or prefixed with `user:`, `serviceAccount:`, `group:`, `domain:`, `principal:`, or `principalSet:`."
}
}
# ------------------------------------------------------------------------------
# MODULE CONFIGURATION PARAMETERS
# These variables are used to configure the module.
# See https://medium.com/mineiros/the-ultimate-guide-on-how-to-write-terraform-modules-part-1-81f86d31f024
# ------------------------------------------------------------------------------
variable "module_enabled" {
type = bool
description = "(Optional) Whether to create resources within the module or not. Default is 'true'."
default = true
}
variable "module_depends_on" {
type = any
description = "(Optional) A list of external resources the module depends_on. Default is '[]'."
default = []
}