130 lines
3.5 KiB
HCL
130 lines
3.5 KiB
HCL
variable "use_strategy" {
|
|
type = string
|
|
description = <<-EOT
|
|
Strategy to use when setting up direct access.
|
|
If set to `network`, we will generate security groups to
|
|
allow network access to the addresses specified.
|
|
If set to `ssh`, we will generate security groups to allow network access,
|
|
then we will add a user and ssh key to the instance.
|
|
EOT
|
|
validation {
|
|
condition = contains(["network", "ssh"], var.use_strategy)
|
|
error_message = "The use_strategy value must be either `network` or `ssh`."
|
|
}
|
|
}
|
|
|
|
variable "cloudinit_ignore" {
|
|
type = bool
|
|
description = <<-EOT
|
|
If set to true, cloudinit will not be used to configure the user.
|
|
In some cases cloud-init is installed and can complete, but it can't write to the file system.
|
|
This will ignore the cloud-init and generate users and keys using other tools.
|
|
EOT
|
|
}
|
|
|
|
variable "server" {
|
|
type = object({
|
|
id = string
|
|
name = string
|
|
network_interface_id = string
|
|
public_ip = string
|
|
vpc_id = string
|
|
})
|
|
description = <<-EOT
|
|
The server to associate the EIP with.
|
|
We will attach the EIP to the primary network interface,
|
|
this will allow the server to be remade without detaching the EIP.
|
|
EOT
|
|
}
|
|
|
|
variable "image" {
|
|
type = object({
|
|
id = string
|
|
user = string
|
|
admin_group = string
|
|
workfolder = string
|
|
})
|
|
description = <<-EOT
|
|
Image object with info necessary to configure ssh access.
|
|
EOT
|
|
}
|
|
|
|
variable "access_addresses" {
|
|
type = map(object({
|
|
port = number
|
|
cidrs = list(string)
|
|
ip_family = string
|
|
protocol = string
|
|
}))
|
|
description = <<-EOT
|
|
A map of objects with external ingress information.
|
|
Example:
|
|
{
|
|
security_team = {
|
|
port = 443,
|
|
cidrs = ["100.1.1.1/28"],
|
|
ip_family = "ipv4",
|
|
protocol = "tcp"
|
|
}
|
|
support_team = {
|
|
port = 443
|
|
cidrs = ["50.1.1.1/28"],
|
|
ip_family = "ipv4",
|
|
protocol = "tcp"
|
|
}
|
|
users = {
|
|
port = 443
|
|
cidrs = ["1.1.1.1/24"]
|
|
ip_family = "ipv4",
|
|
protocol = "tcp"
|
|
}
|
|
}
|
|
EOT
|
|
}
|
|
|
|
variable "ssh" {
|
|
type = object({
|
|
user = string
|
|
user_workfolder = string
|
|
public_ssh_key = string
|
|
timeout = number
|
|
})
|
|
description = <<-EOT
|
|
This is required if use_strategy is "ssh".
|
|
The user specified will be added to the server with passwordless sudo access.
|
|
The user_workfolder is the path where scripts can be run for this user, usually '/home/<user>'.
|
|
The public_ssh_key will be added to the /home/<user>/.ssh/authorized_keys file.
|
|
The timeout value is the number of minutes to wait for setup to complete, defaults to 5.
|
|
EOT
|
|
}
|
|
|
|
variable "add_domain" {
|
|
type = bool
|
|
description = <<-EOT
|
|
If true we will create a domain based on the info in the domain variable.
|
|
EOT
|
|
}
|
|
|
|
variable "domain" {
|
|
type = object({
|
|
name = string
|
|
zone = string
|
|
type = string
|
|
ips = list(string)
|
|
})
|
|
description = <<-EOT
|
|
This is required if add_domain is true.
|
|
The name is the name of the domain to add.
|
|
The zone_id is the zone id of the domain to add.
|
|
The type is the type of domain to add, one of 'A' or 'AAAA'.
|
|
ips is the the ip addresses to add to the domain.
|
|
EOT
|
|
}
|
|
|
|
variable "add_eip" {
|
|
type = bool
|
|
description = <<-EOT
|
|
If set to true, we will add an elastic ip to the instance.
|
|
EOT
|
|
}
|