generated from Azure/terraform-verified-module
-
Notifications
You must be signed in to change notification settings - Fork 38
/
variables.share.tf
168 lines (154 loc) · 8.81 KB
/
variables.share.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
variable "shares" {
type = map(object({
access_tier = optional(string)
enabled_protocol = optional(string)
metadata = optional(map(string))
name = string
quota = number
root_squash = optional(string)
signed_identifiers = optional(list(object({
id = string
access_policy = optional(object({
expiry_time = string
permission = string
start_time = string
}))
})))
role_assignments = optional(map(object({
role_definition_id_or_name = string
principal_id = string
description = optional(string, null)
skip_service_principal_aad_check = optional(bool, false)
condition = optional(string, null)
condition_version = optional(string, null)
delegated_managed_identity_resource_id = optional(string, null)
})), {})
timeouts = optional(object({
create = optional(string)
delete = optional(string)
read = optional(string)
update = optional(string)
}))
}))
default = {}
description = <<-EOT
- `access_tier` - (Optional) The access tier of the File Share. Possible values are `Hot`, `Cool` and `TransactionOptimized`, `Premium`.
- `enabled_protocol` - (Optional) The protocol used for the share. Possible values are `SMB` and `NFS`. The `SMB` indicates the share can be accessed by SMBv3.0, SMBv2.1 and REST. The `NFS` indicates the share can be accessed by NFSv4.1. Defaults to `SMB`. Changing this forces a new resource to be created.
- `metadata` - (Optional) A mapping of MetaData for this File Share.
- `name` - (Required) The name of the share. Must be unique within the storage account where the share is located. Changing this forces a new resource to be created.
- `quota` - (Required) The maximum size of the share, in gigabytes. For Standard storage accounts, this must be `1`GB (or higher) and at most `5120` GB (`5` TB). For Premium FileStorage storage accounts, this must be greater than 100 GB and at most `102400` GB (`100` TB).
---
`acl` block supports the following:
- `id` - (Required) The ID which should be used for this Shared Identifier.
---
`access_policy` block supports the following:
- `expiry` - (Optional) The time at which this Access Policy should be valid until, in [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format.
- `permissions` - (Required) The permissions which should be associated with this Shared Identifier. Possible value is combination of `r` (read), `w` (write), `d` (delete), and `l` (list).
- `start` - (Optional) The time at which this Access Policy should be valid from, in [ISO8601](https://en.wikipedia.org/wiki/ISO_8601) format.
---
`timeouts` block supports the following:
- `create` - (Defaults to 30 minutes) Used when creating the Storage Share.
- `delete` - (Defaults to 30 minutes) Used when deleting the Storage Share.
- `read` - (Defaults to 5 minutes) Used when retrieving the Storage Share.
- `update` - (Defaults to 30 minutes) Used when updating the Storage Share.
Supply role assignments in the same way as for `var.role_assignments`.
EOT
nullable = false
}
variable "share_properties" {
type = object({
cors_rule = optional(list(object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
})))
diagnostic_settings = optional(map(object({
name = optional(string, null)
log_categories = optional(set(string), [])
log_groups = optional(set(string), ["allLogs"])
metric_categories = optional(set(string), ["AllMetrics"])
log_analytics_destination_type = optional(string, "Dedicated")
workspace_resource_id = optional(string, null)
resource_id = optional(string, null)
event_hub_authorization_rule_resource_id = optional(string, null)
event_hub_name = optional(string, null)
marketplace_partner_resource_id = optional(string, null)
})), {})
retention_policy = optional(object({
days = optional(number)
}))
smb = optional(object({
authentication_types = optional(set(string))
channel_encryption_type = optional(set(string))
kerberos_ticket_encryption_type = optional(set(string))
multichannel_enabled = optional(bool)
versions = optional(set(string))
}))
})
default = null
description = <<-EOT
---
`cors_rule` block supports the following:
- `allowed_headers` - (Required) A list of headers that are allowed to be a part of the cross-origin request.
- `allowed_methods` - (Required) A list of HTTP methods that are allowed to be executed by the origin. Valid options are `DELETE`, `GET`, `HEAD`, `MERGE`, `POST`, `OPTIONS`, `PUT` or `PATCH`.
- `allowed_origins` - (Required) A list of origin domains that will be allowed by CORS.
- `exposed_headers` - (Required) A list of response headers that are exposed to CORS clients.
- `max_age_in_seconds` - (Required) The number of seconds the client should cache a preflight response.
---
`diagnostic_settings` block supports the following:
- `name` - (Optional) The name of the diagnostic setting. Defaults to `null`.
- `log_categories` - (Optional) A set of log categories to enable. Defaults to an empty set.
- `log_groups` - (Optional) A set of log groups to enable. Defaults to `["allLogs"]`.
- `metric_categories` - (Optional) A set of metric categories to enable. Defaults to `["AllMetrics"]`.
- `log_analytics_destination_type` - (Optional) The destination type for log analytics. Defaults to `"Dedicated"`.
- `workspace_resource_id` - (Optional) The resource ID of the Log Analytics workspace. Defaults to `null`.
- `resource_id` - (Optional) The resource ID of the target resource for diagnostics. Defaults to `null`.
- `event_hub_authorization_rule_resource_id` - (Optional) The resource ID of the Event Hub authorization rule. Defaults to `null`.
- `event_hub_name` - (Optional) The name of the Event Hub. Defaults to `null`.
- `marketplace_partner_resource_id` - (Optional) The resource ID of the marketplace partner. Defaults to `null`.
---
`retention_policy` block supports the following:
- `days` - (Optional) Specifies the number of days that the `azurerm_shares` should be retained, between `1` and `365` days. Defaults to `7`.
---
`smb` block supports the following:
- `authentication_types` - (Optional) A set of SMB authentication methods. Possible values are `NTLMv2`, and `Kerberos`.
- `channel_encryption_type` - (Optional) A set of SMB channel encryption. Possible values are `AES-128-CCM`, `AES-128-GCM`, and `AES-256-GCM`.
- `kerberos_ticket_encryption_type` - (Optional) A set of Kerberos ticket encryption. Possible values are `RC4-HMAC`, and `AES-256`.
- `multichannel_enabled` - (Optional) Indicates whether multichannel is enabled. Defaults to `false`. This is only supported on Premium storage accounts.
- `versions` - (Optional) A set of SMB protocol versions. Possible values are `SMB2.1`, `SMB3.0`, and `SMB3.1.1`.
EOT
}
variable "large_file_share_enabled" {
type = bool
default = null
description = "(Optional) Is Large File Share Enabled?"
}
variable "azure_files_authentication" {
type = object({
directory_type = optional(string, "AADKERB")
default_share_level_permission = optional(string)
active_directory = optional(object({
domain_guid = string
domain_name = string
domain_sid = string
forest_name = string
netbios_domain_name = string
storage_sid = string
}))
})
default = null
description = <<-EOT
- `directory_type` - (Required) Specifies the directory service used. Possible values are `AADDS`, `AD` and `AADKERB`.
- `default_share_level_permission` - (Optional) Specifies the default share level permissions applied to all users. Possible values are StorageFileDataSmbShareReader, StorageFileDataSmbShareContributor, StorageFileDataSmbShareElevatedContributor, or None.
---
`active_directory` block supports the following:
- `domain_guid` - (Required) Specifies the domain GUID.
- `domain_name` - (Required) Specifies the primary domain that the AD DNS server is authoritative for.
- `domain_sid` - (Required) Specifies the security identifier (SID).
- `forest_name` - (Required) Specifies the Active Directory forest.
- `netbios_domain_name` - (Required) Specifies the NetBIOS domain name.
- `storage_sid` - (Required) Specifies the security identifier (SID) for Azure Storage.
EOT
}