Azure · jaredfholgate · Feb 19, 2025 · Feb 19, 2025
diff --git a/alz/azuredevops/variables.input.tf b/alz/azuredevops/variables.input.tf
diff --git a/alz/azuredevops/variables.interface.tf b/alz/azuredevops/variables.interface.tf
diff --git a/alz/azuredevops/variables.hidden.tf → alz/azuredevops/variables.tf b/alz/azuredevops/variables.hidden.tf → alz/azuredevops/variables.tf
@@ -1,3 +1,182 @@
+variable "iac_type" {
+  description = "The type of infrastructure as code to use for the deployment. (e.g. 'terraform' or 'bicep')"
+  type        = string
+}
+
+variable "module_folder_path" {
+  description = "The folder for the starter modules"
+  type        = string
+}
+
+variable "root_parent_management_group_id" {
+  description = "The root parent management group ID. This will default to the Tenant Root Group ID if not supplied"
+  type        = string
+  default     = ""
+}
+
+variable "subscription_id_connectivity" {
+  description = "The identifier of the Connectivity Subscription"
+  type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_connectivity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
+}
+
+variable "subscription_id_identity" {
+  description = "The identifier of the Identity Subscription"
+  type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_identity))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
+}
+
+variable "subscription_id_management" {
+  description = "The identifier of the Management Subscription"
+  type        = string
+  validation {
+    condition     = can(regex("^[0-9a-fA-F-]{36}$", var.subscription_id_management))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
+}
+
+variable "configuration_file_path" {
+  description = "The name of the configuration file"
+  type        = string
+  default     = ""
+}
+
+variable "starter_module_name" {
+  description = "The name of the starter module"
+  type        = string
+  default     = ""
+}
+
+variable "on_demand_folder_repository" {
+  description = "The repository to use for the on-demand folders"
+  type        = string
+  default     = ""
+}
+
+variable "on_demand_folder_artifact_name" {
+  description = "The branch to use for the on-demand folders"
+  type        = string
+  default     = ""
+}
+
+variable "bootstrap_location" {
+  description = "Azure Deployment location for the bootstrap resources (e.g. storage account, identities, etc)"
+  type        = string
+}
+
+variable "azure_devops_personal_access_token" {
+  description = "The personal access token for Azure DevOps"
+  type        = string
+  sensitive   = true
+}
+
+variable "azure_devops_organization_name" {
+  description = "The name of your Azure DevOps organization. This is the section of the url after 'dev.azure.com' or before '.visualstudio.com'. E.g. enter 'my-org' for 'https://dev.azure.com/my-org'"
+  type        = string
+}
+
+variable "use_separate_repository_for_templates" {
+  description = "Controls whether to use a separate repository to store pipeline templates. This is an extra layer of security to ensure that the azure credentials can only be leveraged for the specified workload"
+  type        = bool
+  default     = true
+}
+
+variable "bootstrap_subscription_id" {
+  description = "Azure Subscription ID for the bootstrap resources (e.g. storage account, identities, etc). Leave empty to use the az login subscription"
+  type        = string
+  default     = ""
+  validation {
+    condition     = var.bootstrap_subscription_id == "" ? true : can(regex("^[0-9a-fA-F-]{36}$", var.bootstrap_subscription_id))
+    error_message = "The bootstrap subscription ID must be a valid GUID"
+  }
+}
+
+variable "service_name" {
+  description = "Used to build up the default resource names (e.g. rg-<service_name>-mgmt-uksouth-001)"
+  type        = string
+  default     = "alz"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.service_name))
+    error_message = "The service name must only contain lowercase letters and numbers"
+  }
+}
+
+variable "environment_name" {
+  description = "Used to build up the default resource names (e.g. rg-alz-<environment_name>-uksouth-001)"
+  type        = string
+  default     = "mgmt"
+  validation {
+    condition     = can(regex("^[a-z0-9]+$", var.environment_name))
+    error_message = "The environment name must only contain lowercase letters and numbers"
+  }
+}
+
+variable "postfix_number" {
+  description = "Used to build up the default resource names (e.g. rg-alz-mgmt-uksouth-<postfix_number>)"
+  type        = number
+  default     = 1
+}
+
+variable "azure_devops_use_organisation_legacy_url" {
+  description = "Use the legacy Azure DevOps URL (<organisation>.visualstudio.com) instead of the new URL (dev.azure.com/<organization>). This is ignored if an fqdn is supplied for version_control_system_organization"
+  type        = bool
+  default     = false
+}
+
+variable "azure_devops_create_project" {
+  description = "Create the Azure DevOps project if it does not exist"
+  type        = bool
+  default     = true
+}
+
+variable "azure_devops_project_name" {
+  description = "The name of the Azure DevOps project to use or create for the deployment"
+  type        = string
+}
+
+variable "use_self_hosted_agents" {
+  description = "Controls whether to use self-hosted agents for the pipelines"
+  type        = bool
+  default     = true
+}
+
+variable "azure_devops_agents_personal_access_token" {
+  description = "Personal access token for Azure DevOps self-hosted agents (the token requires the 'Agent Pools - Read & Manage' scope and should have the maximum expiry). Only required if 'use_self_hosted_runners' is 'true'"
+  type        = string
+  sensitive   = true
+  default     = ""
+}
+
+variable "use_private_networking" {
+  description = "Controls whether to use private networking for the agent to storage account communication"
+  type        = bool
+  default     = true
+}
+
+variable "allow_storage_access_from_my_ip" {
+  description = "Allow access to the storage account from the current IP address. We recommend this is kept off for security"
+  type        = bool
+  default     = false
+}
+
+variable "apply_approvers" {
+  description = "Apply stage approvers to the action / pipeline, must be a list of SPNs separate by a comma (e.g. [email protected],[email protected])"
+  type        = list(string)
+  default     = []
+}
+
+variable "create_branch_policies" {
+  description = "Controls whether to create branch policies for the repositories"
+  type        = bool
+  default     = true
+}
+
 variable "additional_files" {
   description = "Additional files to upload to the repository. This must be specified as a comma-separated list of absolute file paths (e.g. c:\\config\\config.yaml or /home/user/config/config.yaml)"
   type        = list(string)
@@ -163,7 +342,7 @@ variable "virtual_network_subnet_address_prefix_private_endpoints" {
 variable "storage_account_replication_type" {
   description = "Controls the redundancy for the storage account"
   type        = string
-  default     = "GZRS"
+  default     = "ZRS"
   validation {
     condition     = var.storage_account_replication_type == "ZRS" || var.storage_account_replication_type == "GZRS" || var.storage_account_replication_type == "RAGZRS"
     error_message = "Invalid storage account replication type. Valid values are ZRS, GZRS and RAGZRS."