terraform-stackguardian-modules/variables.tf at main · StackGuardian/terraform-stackguardian-modules · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
############ StackGuardian credentials ############

variable "api_key" {
  type        = string
  description = "Your organization's API key on the StackGuardian Platform"
  sensitive   = true

  validation {
    condition     = can(regex("^sgu_[a-zA-Z0-9]+$", var.api_key))
    error_message = "API key must start with 'sgu_' followed by alphanumeric characters."
  }
}

variable "org_name" {
  type        = string
  description = "Your organization name on StackGuardian Platform"

  validation {
    condition     = length(var.org_name) > 0 && length(var.org_name) <= 50
    error_message = "Organization name must be between 1 and 50 characters."
  }
}

########## StackGuardian Workflow Groups ##########

variable "workflow_groups" {
  type        = list(string)
  description = "List of StackGuardian workflow groups"
}
########## StackGuardian AWS Cloud Connector (here with RBAC) ##########

variable "cloud_connectors" {
  type = list(object({
    name                 = string
    connector_type       = string
    role_arn             = string
    aws_role_external_id = string
  }))
  description = "List of cloud connectors to be created"

  default = [
    {
      name                 = "aws-connector-1"
      connector_type       = "AWS_RBAC"
      role_arn             = "arn:aws:iam::123456789012:role/StackGuardianRole"
      aws_role_external_id = "test-org:1234567"
    }
  ]
}

########## StackGuardian Role ##########

variable "role_name" {
  type        = string
  description = "name of the aws role thats getting created"
}

variable "template_list" {
  type        = list(string)
  description = "The list of templates on StackGuardian platform that you want to work with"

  validation {
    condition     = length(var.template_list) > 0
    error_message = "At least one template must be specified."
  }
}

variable "user_or_group" {
  type        = string
  description = "Group or User that should be onboarded"
  #Format: sso-auth/email (email in SSO), sso-auth/group-id (Group in SSO), email (Email via local login)
  #Example: "test-org-1/user@stackguardian.com" or "test-org-1/9djhd38cniwje9jde" or "user@stackguardian.com"
}

variable "entity_type" {
  type        = string
  description = "Type of entity that should be onboarded. Valid values: EMAIL or GROUP"
}

###########################################
# StackGuardian Connector - AWS Static key
###########################################

variable "aws_access_key_id" {
  type        = string
  description = "your AWS acoount access key"
  default     = null
}

variable "aws_secret_access_key" {
  type        = string
  description = "your AWS account secret access key"
  default     = null
}

variable "aws_default_region" {
  type        = string
  description = "any default region you want to set, for all your deployments"
  default     = null
}

###########################################
# StackGuardian Connector - Azure Service Principal with Secret
###########################################

variable "armTenantId" {
  type        = string
  description = "your azure account tenant id"
  default     = null
}

variable "armSubscriptionId" {
  type        = string
  description = "your azure subscription id"
  default     = null
}

variable "armClientId" {
  type        = string
  description = "your azure client id"
  default     = null
}

variable "armClientSecret" {
  type        = string
  description = "your azure client secret"
  default     = null
}

###########################################
# StackGuardian Connector - VCS Connectors
###########################################

variable "vcs_connectors" {
  type        = map(any)
  description = "List of version control systems"
  default = {
    vcs_bitbucket = {
      kind = "BITBUCKET_ORG"
      name = "bitbucket-connector"
      config = [{
        bitbucket_creds = {
          bitbucket_creds = ""
        }
      }]
    }
  }
}

/*
########### AWS OIDC ############
# Create a OIDC in AWS IAM and a connected Role for StackGuardian #

variable "account_number" {
  type = number
  description = "AWS account number"
}
variable "region" {
  type = string
  description = "aws region on which you want to create the role"
}
variable "aws_policy" {
  type = string
  description = "ARN of aws policy"
}
*/