-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.tf
87 lines (80 loc) · 3.05 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
/**
* Copyright (C) 2023 Solution Libre <[email protected]>
*
* This file is part of Helm release generic Terraform module.
*
* Helm release generic Terraform module is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Helm release generic Terraform module is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Helm release generic Terraform module. If not, see <https://www.gnu.org/licenses/>.
*/
variable "helm_release" {
description = "Helm release configuration"
type = object({
chart = string
chart_version = string
extra_values = optional(list(string), [])
name = string
repository = string
timeout = optional(number, 900)
})
}
variable "namespace" {
description = "Namespace configuration"
type = object({
create = optional(bool, true)
name = string
})
}
variable "network_policies" {
default = {}
description = "Default network policies configuration"
type = object({
egress = optional(object({
allow = optional(object({
within_namespace = optional(bool, false) # Allow egress traffic within the namespace
}), {})
default = optional(object({
allow_all = optional(bool, false) # By default, allow all egress traffic
deny_all = optional(bool, false) # By default, deny all egress traffic
}), {})
}), {})
ingress = optional(object({
allow = optional(object({
monitoring_namespace = optional(bool, false) # Allow ingress traffic from the namespace named monitoring
within_namespace = optional(bool, false) # Allow ingress traffic within the namespace
}), {})
default = optional(object({
allow_all = optional(bool, false) # By default, allow all ingress traffic
deny_all = optional(bool, false) # By default, deny all ingress traffic
}), {})
}), {})
})
validation {
condition = !alltrue([var.network_policies.egress.default.allow_all, var.network_policies.egress.default.deny_all])
error_message = "Both `egress.default.allow_all` and `egress.default.deny_all` are set to true (but are exclusive)."
}
validation {
condition = !alltrue([var.network_policies.ingress.default.allow_all, var.network_policies.ingress.default.deny_all])
error_message = "Both `ingress.default.allow_all` and `ingress.default.deny_all` are set to true (but are exclusive)."
}
}
variable "sensitive_values" {
default = {}
description = "Helm release sensitive values"
sensitive = true
type = map(string)
}
variable "values" {
default = ""
description = "Helm release values"
type = string
}