/** * Copyright 2024 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ variable "service_name" { type = string default = "demo-app" description = "The name of a single service application." } variable "acronym" { type = string description = "The acronym of the application." validation { condition = length(var.acronym) <= 3 error_message = "The max length for acronym is 3 characters." } } variable "org_id" { type = string description = "Google Cloud Organization ID." } variable "folder_id" { type = string description = "Folder ID of parent folder for application admin resources. If deploying on the enterprise foundation blueprint, this is usually the 'common' folder." } variable "billing_account" { type = string description = "Billing Account ID for application admin project resources." } variable "envs" { type = map(object({ billing_account = string folder_id = string network_project_id = string network_self_link = string org_id = string subnets_self_links = list(string) })) description = "Environments" } variable "infra_project_apis" { type = list(string) description = "List of APIs to enable for environment-specific application infra projects" default = [ "iam.googleapis.com", "cloudresourcemanager.googleapis.com", "serviceusage.googleapis.com", "cloudbilling.googleapis.com", ] } variable "cluster_projects_ids" { type = list(string) description = "Cluster projects ids." } variable "cloudbuild_sa_roles" { description = "Optional to assign to custom CloudBuild SA. Map of project name or any static key to object with list of roles. Keys much match keys from var.envs" type = map(object({ roles = list(string) })) default = {} } variable "bucket_prefix" { description = "Name prefix to use for buckets created." type = string default = "bkt" } variable "bucket_force_destroy" { description = "When deleting a bucket, this boolean option will delete all contained objects. If false, Terraform will fail to delete buckets which contain objects." type = bool default = false } variable "location" { description = "Location for build buckets." type = string default = "us-central1" } variable "trigger_location" { description = "Location of for Cloud Build triggers created in the workspace. If using private pools should be the same location as the pool." type = string default = "global" } variable "tf_apply_branches" { description = "List of git branches configured to run terraform apply Cloud Build trigger. All other branches will run plan by default." type = list(string) default = ["development", "nonproduction", "production"] } variable "gar_project_id" { description = "Project ID where the Artifact Registry Repository that Hosts the infrastructure pipeline docker image is located." type = string } variable "gar_repository_name" { description = "Artifact Registry repository name where the Docker image for the infrastructure pipeline is stored." type = string } variable "docker_tag_version_terraform" { description = "Docker tag version of image." type = string default = "latest" } variable "admin_project_id" { description = "The admin project id associated with the microservice. This project will host resources like microservice CI/CD pipelines. If set, `create_admin_project` must be set to `false`." type = string } variable "create_infra_project" { description = "Boolean value that indicates whether an infrastructure project should be created for the microservice." type = bool } variable "create_admin_project" { description = "Boolean value that indicates whether a admin project should be created for the microservice." type = bool } variable "cloudbuildv2_repository_config" { description = <<-EOT Configuration for integrating repositories with Cloud Build v2: - repo_type: Specifies the type of repository. Supported types are 'GITHUBv2', 'GITLABv2', and 'CSR'. - repositories: A map of repositories to be created. The key must match the exact name of the repository. Each repository is defined by: - repository_name: The name of the repository. - repository_url: The URL of the repository. - github_secret_id: (Optional) The personal access token for GitHub authentication. - github_app_id_secret_id: (Optional) The application ID for a GitHub App used for authentication. - gitlab_read_authorizer_credential_secret_id: (Optional) The read authorizer credential for GitLab access. - gitlab_authorizer_credential_secret_id: (Optional) The authorizer credential for GitLab access. - gitlab_webhook_secret_id: (Optional) The secret ID for the GitLab WebHook. - gitlab_enterprise_host_uri: (Optional) The URI of the GitLab Enterprise host this connection is for. If not specified, the default value is https://gitlab.com. - gitlab_enterprise_service_directory: (Optional) Configuration for using Service Directory to privately connect to a GitLab Enterprise server. This should only be set if the GitLab Enterprise server is hosted on-premises and not reachable by public internet. If this field is left empty, calls to the GitLab Enterprise server will be made over the public internet. Format: projects/{project}/locations/{location}/namespaces/{namespace}/services/{service}. - gitlab_enterprise_ca_certificate: (Optional) SSL certificate to use for requests to GitLab Enterprise. - secret_project_id: (Optional) The project id where the secret is stored. Note: When using GITLABv2, specify `gitlab_read_authorizer_credential` and `gitlab_authorizer_credential` and `gitlab_webhook_secret_id`. Note: When using GITHUBv2, specify `github_pat` and `github_app_id`. Note: If 'cloudbuildv2_repository_config' variable is not configured, CSR (Cloud Source Repositories) will be used by default. EOT type = object({ repo_type = string # Supported values are: GITHUBv2, GITLABv2 and CSR # repositories to be created repositories = map( object({ repository_name = string repository_url = string }) ) # Credential Config for each repository type github_secret_id = optional(string) github_app_id_secret_id = optional(string) gitlab_read_authorizer_credential_secret_id = optional(string) gitlab_authorizer_credential_secret_id = optional(string) gitlab_webhook_secret_id = optional(string) gitlab_enterprise_host_uri = optional(string) gitlab_enterprise_service_directory = optional(string) gitlab_enterprise_ca_certificate = optional(string) secret_project_id = optional(string) }) validation { condition = ( var.cloudbuildv2_repository_config.repo_type == "GITHUBv2" ? ( var.cloudbuildv2_repository_config.github_secret_id != null && var.cloudbuildv2_repository_config.github_app_id_secret_id != null && var.cloudbuildv2_repository_config.gitlab_read_authorizer_credential_secret_id == null && var.cloudbuildv2_repository_config.gitlab_authorizer_credential_secret_id == null && var.cloudbuildv2_repository_config.gitlab_webhook_secret_id == null && var.cloudbuildv2_repository_config.secret_project_id != null ) : var.cloudbuildv2_repository_config.repo_type == "GITLABv2" ? ( var.cloudbuildv2_repository_config.github_secret_id == null && var.cloudbuildv2_repository_config.github_app_id_secret_id == null && var.cloudbuildv2_repository_config.gitlab_read_authorizer_credential_secret_id != null && var.cloudbuildv2_repository_config.gitlab_authorizer_credential_secret_id != null && var.cloudbuildv2_repository_config.gitlab_webhook_secret_id != null && var.cloudbuildv2_repository_config.secret_project_id != null ) : var.cloudbuildv2_repository_config.repo_type == "CSR" ? true : false ) error_message = "You must specify a valid repo_type ('GITHUBv2', 'GITLABv2', or 'CSR'). For 'GITHUBv2', all 'github_' prefixed variables must be defined and no 'gitlab_' prefixed variables should be defined. For 'GITLABv2', all 'gitlab_' prefixed variables must be defined and no 'github_' prefixed variables should be defined." } } variable "workerpool_id" { description = <<-EOT Specifies the Cloud Build Worker Pool that will be utilized for triggers created in this step. The expected format is: `projects/PROJECT/locations/LOCATION/workerPools/POOL_NAME`. If you are using worker pools from a different project, ensure that you grant the `roles/cloudbuild.workerPoolUser` role on the workerpool project to the Cloud Build Service Agent and the Cloud Build Service Account of the trigger project: `service-PROJECT_NUMBER@gcp-sa-cloudbuild.iam.gserviceaccount.com`, `PROJECT_NUMBER@cloudbuild.gserviceaccount.com` EOT type = string default = "" } variable "service_perimeter_name" { description = "(VPC-SC) Service perimeter name. The created projects in this step will be assigned to this perimeter." type = string default = null } variable "access_level_name" { description = "(VPC-SC) Access Level full name. When providing this variable, additional identities will be added to the access level, these are required to work within an enforced VPC-SC Perimeter." type = string default = null } variable "service_perimeter_mode" { description = "(VPC-SC) Service perimeter mode: ENFORCE, DRY_RUN." type = string validation { condition = contains(["ENFORCE", "DRY_RUN"], var.service_perimeter_mode) error_message = "The service_perimeter_mode value must be one of: ENFORCE, DRY_RUN." } }