# Add these new variables: variable "location" { type = string description = "Specifies the Azure location where the resource exists." nullable = false } variable "name" { type = string description = "The name of this resource." validation { condition = can(regex("^[a-z0-9]{5,50}$", var.name)) error_message = "The name must be between 5 and 50 characters long and can only contain lowercase letters and numbers." } } variable "resource_group_name" { type = string description = "Name of the resource group" } variable "storage_account_id" { type = string description = "Specifies the storage account to use for the Batch account" } variable "allowed_authentication_modes" { type = list(string) default = null description = "Specifies the allowed authentication mode for the Batch account. Possible values include AAD, SharedKey or TaskAuthenticationToken." validation { condition = var.allowed_authentication_modes == null ? true : length([for mode in var.allowed_authentication_modes : true if contains(["AAD", "SharedKey", "TaskAuthenticationToken"], mode)]) == length(var.allowed_authentication_modes) error_message = "allowed_authentication_modes must be one of 'AAD', 'SharedKey', or 'TaskAuthenticationToken'." } } variable "enable_telemetry" { type = bool default = true description = <<DESCRIPTION This variable controls whether or not telemetry is enabled for the module. For more information see <https://aka.ms/avm/telemetryinfo>. If it is set to false, then no telemetry will be collected. DESCRIPTION } variable "encryption" { type = object({ key_vault_key_id = string }) default = null description = "Specifies if customer managed key encryption should be used to encrypt batch account data." } variable "identity" { type = list(object({ type = string identity_ids = optional(set(string), []) # Optional with default empty set })) default = [] description = "Managed Service Identity that should be configured on this Batch Account." } variable "key_vault_reference" { type = object({ id = string url = string }) default = null description = <<DESCRIPTION A key_vault_reference block that describes the Azure KeyVault reference to use when deploying the Azure Batch account using the UserSubscription pool allocation mode. - `id` - (Required) The Azure identifier of the Azure KeyVault to use. - `url` - (Required) The HTTPS URL of the Azure KeyVault to use. DESCRIPTION } variable "lock" { type = object({ kind = string name = optional(string, null) }) default = null description = <<DESCRIPTION Controls the Resource Lock configuration for this resource. The following properties can be specified: - `kind` - (Required) The type of lock. Possible values are `\"CanNotDelete\"` and `\"ReadOnly\"`. - `name` - (Optional) The name of the lock. If not specified, a name will be generated based on the `kind` value. Changing this forces the creation of a new resource. DESCRIPTION validation { condition = var.lock != null ? contains(["CanNotDelete", "ReadOnly"], var.lock.kind) : true error_message = "Lock kind must be either `\"CanNotDelete\"` or `\"ReadOnly\"`." } } # tflint-ignore: terraform_unused_declarations variable "managed_identities" { type = object({ system_assigned = optional(bool, false) user_assigned_resource_ids = optional(set(string), []) }) default = {} description = "Managed identities to be created for the resource." nullable = false } variable "network_profile" { type = list(map(any)) default = [] description = "Network profile settings for account and node management access." } variable "pool_allocation_mode" { type = string default = "BatchService" description = "Specifies the mode to use for pool allocation" } variable "private_endpoints" { type = map(object({ name = optional(string, null) role_assignments = optional(map(object({ role_definition_id_or_name = string principal_id = string description = optional(string, null) skip_service_principal_aad_check = optional(bool, false) condition = optional(string, null) condition_version = optional(string, null) delegated_managed_identity_resource_id = optional(string, null) principal_type = optional(string, null) })), {}) lock = optional(object({ kind = string name = optional(string, null) }), null) tags = optional(map(string), null) subnet_resource_id = string subresource_name = string # NOTE: `subresource_name` can be excluded if the resource does not support multiple sub resource types (e.g. storage account supports blob, queue, etc) private_dns_zone_group_name = optional(string, "default") private_dns_zone_resource_ids = optional(set(string), []) application_security_group_associations = optional(map(string), {}) private_service_connection_name = optional(string, null) network_interface_name = optional(string, null) location = optional(string, null) resource_group_name = optional(string, null) ip_configurations = optional(map(object({ name = string private_ip_address = string })), {}) })) default = {} description = <<DESCRIPTION A map of private endpoints to create on the Key Vault. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - `name` - (Optional) The name of the private endpoint. One will be generated if not set. - `role_assignments` - (Optional) A map of role assignments to create on the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. See `var.role_assignments` for more information. - `role_definition_id_or_name` - The ID or name of the role definition to assign to the principal. - `principal_id` - The ID of the principal to assign the role to. - `description` - (Optional) The description of the role assignment. - `skip_service_principal_aad_check` - (Optional) If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false. - `condition` - (Optional) The condition which will be used to scope the role assignment. - `condition_version` - (Optional) The version of the condition syntax. Leave as `null` if you are not using a condition, if you are then valid values are '2.0'. - `delegated_managed_identity_resource_id` - (Optional) The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. This field is only used in cross-tenant scenario. - `principal_type` - (Optional) The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute. - `lock` - (Optional) The lock level to apply to the private endpoint. Default is `None`. Possible values are `None`, `CanNotDelete`, and `ReadOnly`. - `kind` - (Required) The type of lock. Possible values are `\"CanNotDelete\"` and `\"ReadOnly\"`. - `name` - (Optional) The name of the lock. If not specified, a name will be generated based on the `kind` value. Changing this forces the creation of a new resource. - `tags` - (Optional) A mapping of tags to assign to the private endpoint. - `subnet_resource_id` - The resource ID of the subnet to deploy the private endpoint in. - `subresource_name` - The name of the sub resource for the private endpoint. - `private_dns_zone_group_name` - (Optional) The name of the private DNS zone group. One will be generated if not set. - `private_dns_zone_resource_ids` - (Optional) A set of resource IDs of private DNS zones to associate with the private endpoint. If not set, no zone groups will be created and the private endpoint will not be associated with any private DNS zones. DNS records must be managed external to this module. - `application_security_group_resource_ids` - (Optional) A map of resource IDs of application security groups to associate with the private endpoint. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - `private_service_connection_name` - (Optional) The name of the private service connection. One will be generated if not set. - `network_interface_name` - (Optional) The name of the network interface. One will be generated if not set. - `location` - (Optional) The Azure location where the resources will be deployed. Defaults to the location of the resource group. - `resource_group_name` - (Optional) The resource group where the resources will be deployed. Defaults to the resource group of the Key Vault. - `ip_configurations` - (Optional) A map of IP configurations to create on the private endpoint. If not specified the platform will create one. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - `name` - The name of the IP configuration. - `private_ip_address` - The private IP address of the IP configuration. DESCRIPTION nullable = false } variable "private_endpoints_manage_dns_zone_group" { type = bool default = true description = "Whether to manage private DNS zone groups with this module. If set to false, you must manage private DNS zone groups externally, e.g. using Azure Policy." nullable = false } variable "public_network_access_enabled" { type = bool default = true description = "Whether public network access is allowed for this server" } variable "role_assignments" { type = map(object({ role_definition_id_or_name = string principal_id = string description = optional(string, null) skip_service_principal_aad_check = optional(bool, false) condition = optional(string, null) condition_version = optional(string, null) delegated_managed_identity_resource_id = optional(string, null) principal_type = optional(string, null) })) default = {} description = <<DESCRIPTION A map of role assignments to create on the <RESOURCE>. The map key is deliberately arbitrary to avoid issues where map keys maybe unknown at plan time. - `role_definition_id_or_name` - The ID or name of the role definition to assign to the principal. - `principal_id` - The ID of the principal to assign the role to. - `description` - (Optional) The description of the role assignment. - `skip_service_principal_aad_check` - (Optional) If set to true, skips the Azure Active Directory check for the service principal in the tenant. Defaults to false. - `condition` - (Optional) The condition which will be used to scope the role assignment. - `condition_version` - (Optional) The version of the condition syntax. Leave as `null` if you are not using a condition, if you are then valid values are '2.0'. - `delegated_managed_identity_resource_id` - (Optional) The delegated Azure Resource Id which contains a Managed Identity. Changing this forces a new resource to be created. This field is only used in cross-tenant scenario. - `principal_type` - (Optional) The type of the `principal_id`. Possible values are `User`, `Group` and `ServicePrincipal`. It is necessary to explicitly set this attribute when creating role assignments if the principal creating the assignment is constrained by ABAC rules that filters on the PrincipalType attribute. > Note: only set `skip_service_principal_aad_check` to true if you are assigning a role to a service principal. DESCRIPTION nullable = false } variable "storage_account_authentication_mode" { type = string default = "StorageKeys" description = "Specifies the storage account authentication mode" } variable "storage_account_node_identity" { type = string default = null description = "Specifies the user assigned identity for the storage account." } variable "tags" { type = map(string) default = null description = "(Optional) Tags of the resource." }