generated from terraform-ibm-modules/terraform-ibm-module-template
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvariables.tf
108 lines (94 loc) · 3.03 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
##############################################################################
# Input Variables
##############################################################################
##############################################################################
# access group
##############################################################################
variable "access_group_name" {
description = "Name of the access group"
type = string
}
variable "provision" {
type = bool
description = "Would you like to provision a new access group (true/false)"
default = true
}
variable "add_members" {
type = bool
description = "Enable this to add members to access group"
default = true
}
variable "description" {
description = "Description to access group"
type = string
default = null
}
variable "tags" {
type = list(string)
description = "Tags that should be applied to the service"
default = []
}
##############################################################################
# access group members
##############################################################################
variable "ibm_ids" {
description = "A list of IBM IDs that you want to add to the access group."
type = list(string)
default = []
}
variable "service_ids" {
type = list(string)
description = "A list of service IDS that you want to add to the access group."
default = []
}
variable "trusted_profile_ids" {
type = list(string)
description = "A list of trusted profile IDS that you want to add to the access group."
default = []
}
##############################################################################
# access group policy
##############################################################################
variable "policies" {
description = "list of policies"
type = map(object({
roles = list(string)
account_management = optional(bool)
tags = set(string)
resources = optional(list(object({
region = optional(string)
attributes = optional(map(string))
service = optional(string)
resource_instance_id = optional(string)
resource_type = optional(string)
resource = optional(string)
resource_group_id = optional(string)
})))
resource_attributes = optional(list(object({
name = string
value = string
operator = optional(string)
})))
}))
}
##############################################################################
# access group rule
##############################################################################
variable "dynamic_rules" {
description = "list of dynamic rules"
type = map(object({
expiration = number
identity_provider = string
conditions = list(object({
claim = string
operator = string
value = string
}))
}))
# default = {
# name = {
# expiration = number
# identity_provider = string
# }
# }
}