-
Notifications
You must be signed in to change notification settings - Fork 0
/
variables.container.tf
153 lines (140 loc) · 8.45 KB
/
variables.container.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
variable "containers" {
type = map(object({
public_access = optional(string, "None")
metadata = optional(map(string))
name = string
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
})), {})
timeouts = optional(object({
create = optional(string)
delete = optional(string)
read = optional(string)
update = optional(string)
}))
}))
default = {}
description = <<-EOT
- `container_access_type` - (Optional) The Access Level configured for this Container. Possible values are `Blob`, `Container` or `None`. Defaults to `None`.
- `metadata` - (Optional) A mapping of MetaData for this Container. All metadata keys should be lowercase.
- `name` - (Required) The name of the Container which should be created within the Storage Account. Changing this forces a new resource to be created.
Supply role assignments in the same way as for `var.role_assignments`.
---
`timeouts` block supports the following:
- `create` - (Defaults to 30 minutes) Used when creating the Storage Container.
- `delete` - (Defaults to 30 minutes) Used when deleting the Storage Container.
- `read` - (Defaults to 5 minutes) Used when retrieving the Storage Container.
- `update` - (Defaults to 30 minutes) Used when updating the Storage Container.
EOT
nullable = false
}
variable "immutability_policy" {
type = object({
allow_protected_append_writes = bool
period_since_creation_in_days = number
state = string
})
default = null
description = <<-EOT
- `allow_protected_append_writes` - (Required) When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted.
- `period_since_creation_in_days` - (Required) The immutability period for the blobs in the container since the policy creation, in days.
- `state` - (Required) Defines the mode of the policy. `Disabled` state disables the policy, `Unlocked` state allows increase and decrease of immutability retention time and also allows toggling allowProtectedAppendWrites property, `Locked` state only allows the increase of the immutability retention time. A policy can only be created in a Disabled or Unlocked state and can be toggled between the two states. Only a policy in an Unlocked state can transition to a Locked state which cannot be reverted.
EOT
}
variable "is_hns_enabled" {
type = bool
default = null
description = "(Optional) Is Hierarchical Namespace enabled? This can be used with Azure Data Lake Storage Gen 2 ([see here for more information](https://docs.microsoft.com/azure/storage/blobs/data-lake-storage-quickstart-create-account/)). Changing this forces a new resource to be created."
}
variable "blob_properties" {
type = object({
change_feed_enabled = optional(bool)
change_feed_retention_in_days = optional(number)
default_service_version = optional(string)
last_access_time_enabled = optional(bool)
versioning_enabled = optional(bool)
container_delete_retention_policy = optional(object({
days = optional(number)
}))
cors_rule = optional(list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
})))
delete_retention_policy = optional(object({
days = optional(number)
}))
diagnostic_settings = optional(map(object({
name = optional(string, null)
log_categories = optional(set(string), [])
log_groups = optional(set(string), ["allLogs"])
metric_categories = optional(set(string), ["AllMetrics"])
log_analytics_destination_type = optional(string, "Dedicated")
workspace_resource_id = optional(string, null)
resource_id = optional(string, null)
event_hub_authorization_rule_resource_id = optional(string, null)
event_hub_name = optional(string, null)
marketplace_partner_resource_id = optional(string, null)
})), {})
restore_policy = optional(object({
days = number
}))
})
default = null
description = <<-EOT
- `change_feed_enabled` - (Optional) Is the blob service properties for change feed events enabled? Default to `false`.
- `change_feed_retention_in_days` - (Optional) The duration of change feed events retention in days. The possible values are between 1 and 146000 days (400 years). Setting this to null (or omit this in the configuration file) indicates an infinite retention of the change feed.
- `default_service_version` - (Optional) The API Version which should be used by default for requests to the Data Plane API if an incoming request doesn't specify an API Version.
- `last_access_time_enabled` - (Optional) Is the last access time based tracking enabled? Default to `false`.
- `versioning_enabled` - (Optional) Is versioning enabled? Default to `false`.
---
`container_delete_retention_policy` block supports the following:
- `days` - (Optional) Specifies the number of days that the container should be retained, between `1` and `365` days. Defaults to `7`.
---
`cors_rule` block supports the following:
- `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
- `allowed_methods` - (Required) A list of HTTP methods that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`.
- `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS.
- `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients.
- `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.
---
`delete_retention_policy` block supports the following:
- `days` - (Optional) Specifies the number of days that the blob should be retained, between `1` and `365` days. Defaults to `7`.
---
`diagnostic_settings` block supports the following:
- `name` - (Optional) The name of the diagnostic setting. Defaults to `null`.
- `log_categories` - (Optional) A set of log categories to enable. Defaults to an empty set.
- `log_groups` - (Optional) A set of log groups to enable. Defaults to `["allLogs"]`.
- `metric_categories` - (Optional) A set of metric categories to enable. Defaults to `["AllMetrics"]`.
- `log_analytics_destination_type` - (Optional) The destination type for log analytics. Defaults to `"Dedicated"`.
- `workspace_resource_id` - (Optional) The resource ID of the Log Analytics workspace. Defaults to `null`.
- `resource_id` - (Optional) The resource ID of the target resource for diagnostics. Defaults to `null`.
- `event_hub_authorization_rule_resource_id` - (Optional) The resource ID of the Event Hub authorization rule. Defaults to `null`.
- `event_hub_name` - (Optional) The name of the Event Hub. Defaults to `null`.
- `marketplace_partner_resource_id` - (Optional) The resource ID of the marketplace partner. Defaults to `null`.
---
`restore_policy` block supports the following:
- `days` - (Required) Specifies the number of days that the blob can be restored, between `1` and `365` days. This must be less than the `days` specified for `delete_retention_policy`.
EOT
}
variable "wait_for_rbac_before_container_operations" {
type = object({
create = optional(string, "30s")
destroy = optional(string, "0s")
})
default = {}
description = <<DESCRIPTION
This variable controls the amount of time to wait before performing container operations.
It only applies when `var.role_assignments` and `var.containers` are both set.
This is useful when you are creating role assignments on the container and immediately creating containers in it.
The default is 30 seconds for create and 0 seconds for destroy.
DESCRIPTION
}