/** * Copyright 2023 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ variable "kms_project_id" { description = "The project where KMS will be created." type = string } variable "serverless_project_id" { description = "The project where Cloud Function is going to be deployed." type = string } variable "prevent_destroy" { description = "Set the prevent_destroy lifecycle attribute on keys.." type = bool default = true } variable "keyring_name" { description = "Keyring name." type = string } variable "key_rotation_period" { description = "Period of key rotation in seconds." type = string default = "2592000s" } variable "key_name" { description = "Key name." type = string } variable "key_protection_level" { description = "The protection level to use when creating a version based on this template. Possible values: [\"SOFTWARE\", \"HSM\"]" type = string default = "HSM" } variable "location" { description = "The location where resources are going to be deployed." type = string default = "us-east4" } variable "owners" { description = "List of comma-separated owners for each key declared in set_owners_for." type = list(string) default = [] } variable "encrypters" { description = "List of comma-separated owners for each key declared in set_encrypters_for." type = list(string) default = [] } variable "decrypters" { description = "List of comma-separated owners for each key declared in set_decrypters_for." type = list(string) default = [] } variable "policy_for" { description = "Policy Root: set one of the following values to determine where the policy is applied. Possible values: [\"project\", \"folder\", \"organization\"]." type = string default = "project" } variable "folder_id" { description = "The folder ID to apply the policy to." type = string default = "" } variable "organization_id" { description = "The organization ID to apply the policy to." type = string default = "" } variable "groups" { description = <<EOT Groups which will have roles assigned. The Serverless Administrators email group which the following roles will be added: Cloud Function Admin, Compute Network Viewer and Compute Network User. The Serverless Security Administrators email group which the following roles will be added: Cloud Function Viewer, Cloud KMS Viewer and Artifact Registry Reader. The Cloud Function Developer email group which the following roles will be added: Cloud Function Developer, Artifact Registry Writer and Cloud KMS CryptoKey Encrypter. The Cloud Function User email group which the following roles will be added: Cloud Function Invoker. EOT type = object({ group_serverless_administrator = optional(string, null) group_serverless_security_administrator = optional(string, null) group_cloud_function_developer = optional(string, null) group_cloud_function_user = optional(string, null) }) default = {} }