-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathvariables.tf
More file actions
230 lines (193 loc) · 7.58 KB
/
variables.tf
File metadata and controls
230 lines (193 loc) · 7.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
variable "name" {
type = string
}
variable "resource_group_name" {
type = string
description = "The name of the resource group in which to create the SQL Server. Changing this forces a new resource to be created."
}
variable "location" {
type = string
description = "The location/region where the SQL Server is created."
}
/* --------------------------------------------------------------------------------------------------
SQL Server Variables
-------------------------------------------------------------------------------------------------- */
# fw rules
variable "firewall_rules" {
type = map(object({
start_ip_address = optional(string, "")
end_ip_address = optional(string, "")
}))
description = "If the FW rule enabling Azure Services Passthrough should be deployed."
default = {}
}
# identity
variable "ad_auth_only" {
type = bool
description = "Specifies whether only AD Users and administrators can be used to login, or also local database users."
}
variable "sql_admin_group_name" {
type = string
description = "Name of the Entra ID group with permissions to manage the SQL Server"
}
variable "sql_uai_name" {
type = string
description = "Name of the User Assigned Identity for SQL Server"
}
# sqlServer
variable "kv_id" {
type = string
description = "Name of the Key Vault in which the admin credentials are put"
}
variable "private_endpoint_properties" {
description = "Consolidated properties for the Function App Private Endpoint."
type = object({
private_dns_zone_ids_sql = optional(list(string), [])
private_endpoint_enabled = optional(bool, false)
private_endpoint_subnet_id = optional(string, "")
private_endpoint_resource_group_name = optional(string, "")
private_service_connection_is_manual = optional(bool, false)
})
# Validation rule does not work when var.private_endpoint_properties is null
validation {
condition = (
can(var.private_endpoint_properties == null) ||
(can(var.private_endpoint_properties.private_endpoint_enabled) && var.private_endpoint_properties.private_endpoint_enabled == false) ||
(can(var.private_endpoint_properties.private_endpoint_enabled) && var.private_endpoint_properties.private_endpoint_enabled == true &&
can(length(var.private_endpoint_properties.private_dns_zone_ids_sql)) &&
length(var.private_endpoint_properties.private_dns_zone_ids_sql) > 0 &&
can(length(var.private_endpoint_properties.private_endpoint_subnet_id)) &&
length(var.private_endpoint_properties.private_endpoint_subnet_id) > 0))
error_message = "Both private_dns_zone_ids_sql and private_endpoint_subnet_id must be provided if private_endpoint_enabled is true."
}
}
variable "public_network_access_enabled" {
type = bool
description = "Specifies whether or not public network access is allowed for this server."
default = false
}
variable "sql_admin_object_id" {
type = string
description = "The object ID from EntraID for SQL Server Admin."
}
variable "sqlversion" {
type = string #checkType
description = "Version of SQL to be created"
default = "12.0"
}
variable "tlsver" {
type = number
description = " The Minimum TLS Version for all SQL Database and SQL Data Warehouse databases associated with the server"
default = 1.2
}
/* --------------------------------------------------------------------------------------------------
Database Variables
-------------------------------------------------------------------------------------------------- */
variable "collation" {
type = string
description = "Specifies the collation of the database. Changing this forces a new resource to be created."
default = "SQL_Latin1_General_CP1_CI_AS"
}
variable "db_name_suffix" {
type = string
description = "The name of the MS SQL Database. Changing this forces a new resource to be created."
default = "baseline"
}
variable "licence_type" {
type = string
description = " Specifies the license type applied to this database. Possible values are LicenseIncluded and BasePrice"
default = "LicenseIncluded"
}
variable "max_gb" {
type = number
description = "The max size of the database in gigabytes"
default = 5
}
variable "read_scale" {
type = bool
description = "If enabled, connections that have application intent set to readonly in their connection string may be routed to a readonly secondary replica. This property is only settable for Premium and Business Critical databases."
default = false
}
variable "storage_account_type" {
type = string
description = "storage account type: Geo, GeoZone, Local and Zone"
default = "Local"
}
variable "sku" {
type = string #checkType
description = "Specifies the name of the SKU used by the database. For example, GP_S_Gen5_2,HS_Gen4_1,BC_Gen5_2, ElasticPool, Basic,S0, P2 ,DW100c, DS100. Changing this from the HyperScale service tier to another service tier will create a new resource."
default = "50"
}
variable "tags" {
type = map(string)
description = "Resource tags to be applied throughout the deployment."
default = {}
}
variable "zone_redundant" {
type = bool
description = "To disable zone redundancy."
default = false
}
variable "log_analytics_workspace_id" {
type = string
description = "id of the log analytics workspace to send resource logging to via diagnostic settings"
}
variable "log_monitoring_enabled" {
type = bool
description = "Default value for Log Monitoring Enabled"
default = true
}
/* --------------------------------------------------------------------------------------------------
Auditing and Diagnostics Variables
-------------------------------------------------------------------------------------------------- */
variable "monitor_diagnostic_setting_database_enabled_logs" {
type = list(string)
description = "Controls what logs will be enabled for the database"
}
variable "monitor_diagnostic_setting_database_metrics" {
type = list(string)
description = "Controls what metrics will be enabled for the database"
}
variable "monitor_diagnostic_setting_sql_server_enabled_logs" {
type = list(string)
description = "Controls what logs will be enabled for the sql server"
}
variable "monitor_diagnostic_setting_sql_server_metrics" {
type = list(string)
description = "Controls what metrics will be enabled for the sql server"
}
variable "primary_blob_endpoint_name" {
type = string
description = "Name of storage account primary endpoint"
}
variable "storage_account_id" {
type = string
description = "Id of the storage accont to send audit logging to"
}
variable "storage_account_name" {
type = string
description = "Name of the storage account to send audit logging to"
}
variable "storage_container_id" {
type = string
description = "Storage container id to save audit data to"
}
variable "sql_server_alert_policy_state" {
type = string
description = "Controls the sql server alert policy state"
}
variable "security_alert_policy_retention_days" {
type = number
description = "number of days for security alert log policies"
default = 6
}
variable "auditing_policy_retention_in_days" {
type = number
description = "number of days for audit log policies"
default = 6
}
variable "vulnerability_assessment_enabled" {
type = bool
description = "to enable extended auditing policy for server or database"
default = false
}