diff --git a/alz/azuredevops/variables.input.tf b/alz/azuredevops/variables.input.tf deleted file mode 100644 index 5fe5344..0000000 --- a/alz/azuredevops/variables.input.tf +++ /dev/null @@ -1,106 +0,0 @@ -variable "azure_devops_personal_access_token" { - description = "The personal access token for Azure DevOps" - type = string - sensitive = true -} - -variable "azure_devops_organization_name" { - description = "The name of your Azure DevOps organization. This is the section of the url after 'dev.azure.com' or before '.visualstudio.com'. E.g. enter 'my-org' for 'https://dev.azure.com/my-org'" - type = string -} - -variable "use_separate_repository_for_templates" { - description = "Controls whether to use a separate repository to store pipeline templates. This is an extra layer of security to ensure that the azure credentials can only be leveraged for the specified workload" - type = bool - default = true -} - -variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" - type = string - default = "" - validation { - condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" - type = string - default = "alz" - validation { - condition = can(regex("^[a-z0-9]+$", var.service_name)) - error_message = "The service name must only contain lowercase letters and numbers" - } -} - -variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" - type = string - default = "mgmt" - validation { - condition = can(regex("^[a-z0-9]+$", var.environment_name)) - error_message = "The environment name must only contain lowercase letters and numbers" - } -} - -variable "postfix_number" { - description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" - type = number - default = 1 -} - -variable "azure_devops_use_organisation_legacy_url" { - description = "Use the legacy Azure DevOps URL (.visualstudio.com) instead of the new URL (dev.azure.com/). This is ignored if an fqdn is supplied for version_control_system_organization" - type = bool - default = false -} - -variable "azure_devops_create_project" { - description = "Create the Azure DevOps project if it does not exist" - type = bool - default = true -} - -variable "azure_devops_project_name" { - description = "The name of the Azure DevOps project to use or create for the deployment" - type = string -} - -variable "use_self_hosted_agents" { - description = "Controls whether to use self-hosted agents for the pipelines" - type = bool - default = true -} - -variable "azure_devops_agents_personal_access_token" { - description = "Personal access token for Azure DevOps self-hosted agents (the token requires the 'Agent Pools - Read & Manage' scope and should have the maximum expiry). Only required if 'use_self_hosted_runners' is 'true'" - type = string - sensitive = true - default = "" -} - -variable "use_private_networking" { - description = "Controls whether to use private networking for the agent to storage account communication" - type = bool - default = true -} - -variable "allow_storage_access_from_my_ip" { - description = "Allow access to the storage account from the current IP address. We recommend this is kept off for security" - type = bool - default = false -} - -variable "apply_approvers" { - description = "Apply stage approvers to the action / pipeline, must be a list of SPNs separate by a comma (e.g. abcdef@microsoft.com,ghijklm@microsoft.com)" - type = list(string) - default = [] -} - -variable "create_branch_policies" { - description = "Controls whether to create branch policies for the repositories" - type = bool - default = true -} diff --git a/alz/azuredevops/variables.interface.tf b/alz/azuredevops/variables.interface.tf deleted file mode 100644 index 8075751..0000000 --- a/alz/azuredevops/variables.interface.tf +++ /dev/null @@ -1,71 +0,0 @@ -variable "iac_type" { - description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or 'bicep')" - type = string -} - -variable "module_folder_path" { - description = "The folder for the starter modules" - type = string -} - -variable "root_parent_management_group_id" { - description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" - type = string - default = "" -} - -variable "subscription_id_connectivity" { - description = "The identifier of the Connectivity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_identity" { - description = "The identifier of the Identity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_management" { - description = "The identifier of the Management Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "configuration_file_path" { - description = "The name of the configuration file" - type = string - default = "" -} - -variable "starter_module_name" { - description = "The name of the starter module" - type = string - default = "" -} - -variable "on_demand_folder_repository" { - description = "The repository to use for the on-demand folders" - type = string - default = "" -} - -variable "on_demand_folder_artifact_name" { - description = "The branch to use for the on-demand folders" - type = string - default = "" -} - -variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" - type = string -} diff --git a/alz/azuredevops/variables.hidden.tf b/alz/azuredevops/variables.tf similarity index 76% rename from alz/azuredevops/variables.hidden.tf rename to alz/azuredevops/variables.tf index d1df4bb..5aab01b 100644 --- a/alz/azuredevops/variables.hidden.tf +++ b/alz/azuredevops/variables.tf @@ -1,3 +1,182 @@ +variable "iac_type" { + description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or 'bicep')" + type = string +} + +variable "module_folder_path" { + description = "The folder for the starter modules" + type = string +} + +variable "root_parent_management_group_id" { + description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" + type = string + default = "" +} + +variable "subscription_id_connectivity" { + description = "The identifier of the Connectivity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_identity" { + description = "The identifier of the Identity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_management" { + description = "The identifier of the Management Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "configuration_file_path" { + description = "The name of the configuration file" + type = string + default = "" +} + +variable "starter_module_name" { + description = "The name of the starter module" + type = string + default = "" +} + +variable "on_demand_folder_repository" { + description = "The repository to use for the on-demand folders" + type = string + default = "" +} + +variable "on_demand_folder_artifact_name" { + description = "The branch to use for the on-demand folders" + type = string + default = "" +} + +variable "bootstrap_location" { + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" + type = string +} + +variable "azure_devops_personal_access_token" { + description = "The personal access token for Azure DevOps" + type = string + sensitive = true +} + +variable "azure_devops_organization_name" { + description = "The name of your Azure DevOps organization. This is the section of the url after 'dev.azure.com' or before '.visualstudio.com'. E.g. enter 'my-org' for 'https://dev.azure.com/my-org'" + type = string +} + +variable "use_separate_repository_for_templates" { + description = "Controls whether to use a separate repository to store pipeline templates. This is an extra layer of security to ensure that the azure credentials can only be leveraged for the specified workload" + type = bool + default = true +} + +variable "bootstrap_subscription_id" { + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" + type = string + default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "service_name" { + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" + type = string + default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } +} + +variable "environment_name" { + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" + type = string + default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } +} + +variable "postfix_number" { + description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" + type = number + default = 1 +} + +variable "azure_devops_use_organisation_legacy_url" { + description = "Use the legacy Azure DevOps URL (.visualstudio.com) instead of the new URL (dev.azure.com/). This is ignored if an fqdn is supplied for version_control_system_organization" + type = bool + default = false +} + +variable "azure_devops_create_project" { + description = "Create the Azure DevOps project if it does not exist" + type = bool + default = true +} + +variable "azure_devops_project_name" { + description = "The name of the Azure DevOps project to use or create for the deployment" + type = string +} + +variable "use_self_hosted_agents" { + description = "Controls whether to use self-hosted agents for the pipelines" + type = bool + default = true +} + +variable "azure_devops_agents_personal_access_token" { + description = "Personal access token for Azure DevOps self-hosted agents (the token requires the 'Agent Pools - Read & Manage' scope and should have the maximum expiry). Only required if 'use_self_hosted_runners' is 'true'" + type = string + sensitive = true + default = "" +} + +variable "use_private_networking" { + description = "Controls whether to use private networking for the agent to storage account communication" + type = bool + default = true +} + +variable "allow_storage_access_from_my_ip" { + description = "Allow access to the storage account from the current IP address. We recommend this is kept off for security" + type = bool + default = false +} + +variable "apply_approvers" { + description = "Apply stage approvers to the action / pipeline, must be a list of SPNs separate by a comma (e.g. abcdef@microsoft.com,ghijklm@microsoft.com)" + type = list(string) + default = [] +} + +variable "create_branch_policies" { + description = "Controls whether to create branch policies for the repositories" + type = bool + default = true +} + variable "additional_files" { description = "Additional files to upload to the repository. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml)" type = list(string) @@ -163,7 +342,7 @@ variable "virtual_network_subnet_address_prefix_private_endpoints" { variable "storage_account_replication_type" { description = "Controls the redundancy for the storage account" type = string - default = "GZRS" + default = "ZRS" validation { condition = var.storage_account_replication_type == "ZRS" || var.storage_account_replication_type == "GZRS" || var.storage_account_replication_type == "RAGZRS" error_message = "Invalid storage account replication type. Valid values are ZRS, GZRS and RAGZRS." diff --git a/alz/github/variables.input.tf b/alz/github/variables.input.tf deleted file mode 100644 index bb02610..0000000 --- a/alz/github/variables.input.tf +++ /dev/null @@ -1,95 +0,0 @@ -variable "github_personal_access_token" { - description = "Personal access token for GitHub" - type = string - sensitive = true -} - -variable "github_organization_name" { - description = "The name of your GitHub organization. This is the section of the url after 'github.com'. E.g. enter 'my-org' for 'https://github.com/my-org'" - type = string -} - -variable "use_separate_repository_for_templates" { - description = "Controls whether to use a separate repository to store action templates. This is an extra layer of security to ensure that the azure credentials can only be leveraged for the specified workload" - type = bool - default = true -} - -variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" - type = string - default = "" - validation { - condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" - type = string - default = "alz" - validation { - condition = can(regex("^[a-z0-9]+$", var.service_name)) - error_message = "The service name must only contain lowercase letters and numbers" - } -} - -variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" - type = string - default = "mgmt" - validation { - condition = can(regex("^[a-z0-9]+$", var.environment_name)) - error_message = "The environment name must only contain lowercase letters and numbers" - } -} - -variable "postfix_number" { - description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" - type = number - default = 1 -} - -variable "use_self_hosted_runners" { - description = "Controls whether to use self-hosted runners for the actions" - type = bool - default = true -} - -variable "github_runners_personal_access_token" { - description = "Personal access token for GitHub self-hosted runners (the token requires the 'repo' scope and should not expire). Only required if 'use_self_hosted_runners' is 'true'" - type = string - sensitive = true - default = "" -} - -variable "use_private_networking" { - description = "Controls whether to use private networking for the runner to storage account communication" - type = bool - default = true -} - -variable "use_runner_group" { - description = "Controls whether to use a runner group. This is only relevant if using a GitHub Enterprise licensed organization" - type = bool - default = true -} - -variable "allow_storage_access_from_my_ip" { - description = "Allow access to the storage account from the current IP address. We recommend this is kept off for security" - type = bool - default = false -} - -variable "apply_approvers" { - description = "Apply stage approvers to the action / pipeline, must be a list of SPNs separate by a comma (e.g. abcdef@microsoft.com,ghijklm@microsoft.com)" - type = list(string) - default = [] -} - -variable "create_branch_policies" { - description = "Controls whether to create branch policies for the repositories" - type = bool - default = true -} diff --git a/alz/github/variables.interface.tf b/alz/github/variables.interface.tf deleted file mode 100644 index f1048c2..0000000 --- a/alz/github/variables.interface.tf +++ /dev/null @@ -1,71 +0,0 @@ -variable "iac_type" { - description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or `bicep)" - type = string -} - -variable "module_folder_path" { - description = "The folder for the starter modules" - type = string -} - -variable "root_parent_management_group_id" { - description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" - type = string - default = "" -} - -variable "subscription_id_connectivity" { - description = "The identifier of the Connectivity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_identity" { - description = "The identifier of the Identity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_management" { - description = "The identifier of the Management Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "configuration_file_path" { - description = "The name of the configuration file" - type = string - default = "" -} - -variable "starter_module_name" { - description = "The name of the starter module" - type = string - default = "" -} - -variable "on_demand_folder_repository" { - description = "The repository to use for the on-demand folders" - type = string - default = "" -} - -variable "on_demand_folder_artifact_name" { - description = "The branch to use for the on-demand folders" - type = string - default = "" -} - -variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" - type = string -} diff --git a/alz/github/variables.hidden.tf b/alz/github/variables.tf similarity index 77% rename from alz/github/variables.hidden.tf rename to alz/github/variables.tf index b29aeb4..af8545c 100644 --- a/alz/github/variables.hidden.tf +++ b/alz/github/variables.tf @@ -1,3 +1,171 @@ +variable "iac_type" { + description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or `bicep)" + type = string +} + +variable "module_folder_path" { + description = "The folder for the starter modules" + type = string +} + +variable "root_parent_management_group_id" { + description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" + type = string + default = "" +} + +variable "subscription_id_connectivity" { + description = "The identifier of the Connectivity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_identity" { + description = "The identifier of the Identity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_management" { + description = "The identifier of the Management Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "configuration_file_path" { + description = "The name of the configuration file" + type = string + default = "" +} + +variable "starter_module_name" { + description = "The name of the starter module" + type = string + default = "" +} + +variable "on_demand_folder_repository" { + description = "The repository to use for the on-demand folders" + type = string + default = "" +} + +variable "on_demand_folder_artifact_name" { + description = "The branch to use for the on-demand folders" + type = string + default = "" +} + +variable "bootstrap_location" { + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" + type = string +} + +variable "github_personal_access_token" { + description = "Personal access token for GitHub" + type = string + sensitive = true +} + +variable "github_organization_name" { + description = "The name of your GitHub organization. This is the section of the url after 'github.com'. E.g. enter 'my-org' for 'https://github.com/my-org'" + type = string +} + +variable "use_separate_repository_for_templates" { + description = "Controls whether to use a separate repository to store action templates. This is an extra layer of security to ensure that the azure credentials can only be leveraged for the specified workload" + type = bool + default = true +} + +variable "bootstrap_subscription_id" { + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" + type = string + default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "service_name" { + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" + type = string + default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } +} + +variable "environment_name" { + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" + type = string + default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } +} + +variable "postfix_number" { + description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" + type = number + default = 1 +} + +variable "use_self_hosted_runners" { + description = "Controls whether to use self-hosted runners for the actions" + type = bool + default = true +} + +variable "github_runners_personal_access_token" { + description = "Personal access token for GitHub self-hosted runners (the token requires the 'repo' scope and should not expire). Only required if 'use_self_hosted_runners' is 'true'" + type = string + sensitive = true + default = "" +} + +variable "use_private_networking" { + description = "Controls whether to use private networking for the runner to storage account communication" + type = bool + default = true +} + +variable "use_runner_group" { + description = "Controls whether to use a runner group. This is only relevant if using a GitHub Enterprise licensed organization" + type = bool + default = true +} + +variable "allow_storage_access_from_my_ip" { + description = "Allow access to the storage account from the current IP address. We recommend this is kept off for security" + type = bool + default = false +} + +variable "apply_approvers" { + description = "Apply stage approvers to the action / pipeline, must be a list of SPNs separate by a comma (e.g. abcdef@microsoft.com,ghijklm@microsoft.com)" + type = list(string) + default = [] +} + +variable "create_branch_policies" { + description = "Controls whether to create branch policies for the repositories" + type = bool + default = true +} + variable "built_in_configuration_file_names" { description = "Built-in configuration file name" type = list(string) @@ -163,7 +331,7 @@ variable "additional_folders_path" { variable "storage_account_replication_type" { description = "Controls the redundancy for the storage account" type = string - default = "GZRS" + default = "ZRS" validation { condition = var.storage_account_replication_type == "ZRS" || var.storage_account_replication_type == "GZRS" || var.storage_account_replication_type == "RAGZRS" error_message = "Invalid storage account replication type. Valid values are ZRS, GZRS and RAGZRS." diff --git a/alz/local/variables.input.tf b/alz/local/variables.input.tf deleted file mode 100644 index 3d1138e..0000000 --- a/alz/local/variables.input.tf +++ /dev/null @@ -1,53 +0,0 @@ -variable "target_directory" { - description = "The target directory to create the landing zone files in. (e.g. 'c:\\landingzones\\my_landing_zone')" - type = string - default = "" -} - -variable "create_bootstrap_resources_in_azure" { - description = "Whether to create resources in Azure (e.g. resource group, storage account, identities, etc.)" - type = bool - default = true -} - -variable "bootstrap_subscription_id" { - description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" - type = string - default = "" - validation { - condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "service_name" { - description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" - type = string - default = "alz" - validation { - condition = can(regex("^[a-z0-9]+$", var.service_name)) - error_message = "The service name must only contain lowercase letters and numbers" - } -} - -variable "environment_name" { - description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" - type = string - default = "mgmt" - validation { - condition = can(regex("^[a-z0-9]+$", var.environment_name)) - error_message = "The environment name must only contain lowercase letters and numbers" - } -} - -variable "postfix_number" { - description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" - type = number - default = 1 -} - -variable "grant_permissions_to_current_user" { - description = "Grant permissions to the current user on the bootstrap resources in addition to the user assinged managed identities." - type = bool - default = true -} diff --git a/alz/local/variables.interface.tf b/alz/local/variables.interface.tf deleted file mode 100644 index 7323582..0000000 --- a/alz/local/variables.interface.tf +++ /dev/null @@ -1,72 +0,0 @@ -variable "iac_type" { - description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or `bicep)" - type = string -} - -variable "module_folder_path" { - description = "The folder for the starter modules" - type = string -} - -variable "root_parent_management_group_id" { - description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" - type = string - default = "" -} - -variable "subscription_id_connectivity" { - description = "The identifier of the Connectivity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_identity" { - description = "The identifier of the Identity Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "subscription_id_management" { - description = "The identifier of the Management Subscription" - type = string - validation { - condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) - error_message = "The bootstrap subscription ID must be a valid GUID" - } -} - -variable "configuration_file_path" { - description = "The name of the configuration file" - type = string - default = "" -} - -variable "starter_module_name" { - description = "The name of the starter module" - type = string - default = "" -} - -variable "bootstrap_location" { - description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" - type = string - default = "" -} - -variable "on_demand_folder_repository" { - description = "The repository to use for the on-demand folders" - type = string - default = "" -} - -variable "on_demand_folder_artifact_name" { - description = "The branch to use for the on-demand folders" - type = string - default = "" -} diff --git a/alz/local/variables.hidden.tf b/alz/local/variables.tf similarity index 76% rename from alz/local/variables.hidden.tf rename to alz/local/variables.tf index 8025a09..9214986 100644 --- a/alz/local/variables.hidden.tf +++ b/alz/local/variables.tf @@ -1,3 +1,130 @@ +variable "iac_type" { + description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or `bicep)" + type = string +} + +variable "module_folder_path" { + description = "The folder for the starter modules" + type = string +} + +variable "root_parent_management_group_id" { + description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied" + type = string + default = "" +} + +variable "subscription_id_connectivity" { + description = "The identifier of the Connectivity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_identity" { + description = "The identifier of the Identity Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "subscription_id_management" { + description = "The identifier of the Management Subscription" + type = string + validation { + condition = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "configuration_file_path" { + description = "The name of the configuration file" + type = string + default = "" +} + +variable "starter_module_name" { + description = "The name of the starter module" + type = string + default = "" +} + +variable "bootstrap_location" { + description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)" + type = string + default = "" +} + +variable "on_demand_folder_repository" { + description = "The repository to use for the on-demand folders" + type = string + default = "" +} + +variable "on_demand_folder_artifact_name" { + description = "The branch to use for the on-demand folders" + type = string + default = "" +} + +variable "target_directory" { + description = "The target directory to create the landing zone files in. (e.g. 'c:\\landingzones\\my_landing_zone')" + type = string + default = "" +} + +variable "create_bootstrap_resources_in_azure" { + description = "Whether to create resources in Azure (e.g. resource group, storage account, identities, etc.)" + type = bool + default = true +} + +variable "bootstrap_subscription_id" { + description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription" + type = string + default = "" + validation { + condition = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id)) + error_message = "The bootstrap subscription ID must be a valid GUID" + } +} + +variable "service_name" { + description = "Used to build up the default resource names (e.g. rg--mgmt-uksouth-001)" + type = string + default = "alz" + validation { + condition = can(regex("^[a-z0-9]+$", var.service_name)) + error_message = "The service name must only contain lowercase letters and numbers" + } +} + +variable "environment_name" { + description = "Used to build up the default resource names (e.g. rg-alz--uksouth-001)" + type = string + default = "mgmt" + validation { + condition = can(regex("^[a-z0-9]+$", var.environment_name)) + error_message = "The environment name must only contain lowercase letters and numbers" + } +} + +variable "postfix_number" { + description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-)" + type = number + default = 1 +} + +variable "grant_permissions_to_current_user" { + description = "Grant permissions to the current user on the bootstrap resources in addition to the user assinged managed identities." + type = bool + default = true +} + variable "additional_files" { description = "Additional files to upload to the repository. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml)" type = list(string) @@ -56,7 +183,7 @@ variable "default_target_directory" { variable "storage_account_replication_type" { description = "Controls the redundancy for the storage account" type = string - default = "GZRS" + default = "ZRS" validation { condition = var.storage_account_replication_type == "ZRS" || var.storage_account_replication_type == "GZRS" || var.storage_account_replication_type == "RAGZRS" error_message = "Invalid storage account replication type. Valid values are ZRS, GZRS and RAGZRS." diff --git a/modules/azure/variables.tf b/modules/azure/variables.tf index ecad00e..6684cf2 100644 --- a/modules/azure/variables.tf +++ b/modules/azure/variables.tf @@ -49,7 +49,7 @@ variable "storage_container_name" { variable "storage_account_replication_type" { type = string - default = "GZRS" + default = "ZRS" validation { condition = var.storage_account_replication_type == "ZRS" || var.storage_account_replication_type == "GZRS" || var.storage_account_replication_type == "RAGZRS" error_message = "Invalid storage account replication type. Valid values are LRS, GZRS and RAGZRS."