professional-service-best-practices/terraform-modules
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

tflint, cleanup, description of vars

Browse source
This commit is contained in:
Maximilian_Schlenz 2025-07-17 11:33:42 +02:00
parent b4e80ed22e
commit df457fe625
8 changed files with 276 additions and 264 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

115
example/variables.tf
View file

@ -1,15 +1,9 @@
variable "region" {
description = "Region for the STACKIT Cloud"
description = "Provider region for STACKIT Cloud"
type = string
default = "eu01"
}
variable "project_id" {
description = "STACKIT Cloud project ID"
type = string
default = null
}
variable "service_account_token" {
description = "Service account token for authentication"
sensitive = true
@ -17,40 +11,44 @@ variable "service_account_token" {
default = null
}
# SNA & Projects variables
# -----------------------------------------------------------------------------#
# SNA & Projects
# -----------------------------------------------------------------------------#
variable "organization_id" {
description = "Die Container-ID deiner STACKIT Organisation."
description = "STACKIT organization container ID"
type = string
}
variable "service_account_key_path" {
description = "Path to service account JSON key"
type = string
default = "/home/hahnjan/.stackit/sa.json"
default = "/Users/schlenz/.stackit/sa.json"
}
variable "default_region" {
type = string
default = "eu01"
description = "Default region fallback for created resources"
type = string
default = "eu01"
}
variable "SNA_name" {
description = "Name der zu erstellenden Service Network Area."
description = "Name of the Service Network Area to create"
type = string
}
variable "SNA_network_ranges" {
description = "Liste der Netzwerk-CIDRs für die SNA."
description = "CIDR list for the Service Network Area"
type = list(object({ prefix = string }))
}
variable "SNA_transfer_network" {
description = "Das Transfer-Netzwerk für die SNA (z.B. 172.16.9.0/24)."
description = "Transfer network CIDR for the SNA"
type = string
}
variable "Projects_map" {
description = "Eine Map von Projekten, die erstellt werden sollen."
description = "Map of STACKIT projects to create"
type = map(object({
name = string
owner_email = string
@ -58,11 +56,17 @@ variable "Projects_map" {
}
variable "labels" {
type = map(string)
default = {}
description = "Default labels to apply where supported"
type = map(string)
default = {}
}
# -----------------------------------------------------------------------------#
# Security Groups
# -----------------------------------------------------------------------------#
variable "security_groups" {
description = "Map of security group definitions"
type = map(object({
name = optional(string)
project_key = string
@ -89,15 +93,20 @@ variable "security_groups" {
}))
}
# -----------------------------------------------------------------------------#
# PostgreSQL
# -----------------------------------------------------------------------------#
variable "postgres_instances" {
description = "Map of PostgreSQL instances to create"
type = map(object({
name = string
name = string
project_key = string
version = number
flavor = object({ cpu = number, ram = number })
storage = object({ class = string, size = number })
replicas = number
acl = list(string)
version = number
flavor = object({ cpu = number, ram = number })
storage = object({ class = string, size = number })
replicas = number
acl = list(string)
backup_schedule = string
users = list(object({
username = string
@ -110,18 +119,23 @@ variable "postgres_instances" {
}))
}
# Network definition map
# -----------------------------------------------------------------------------#
# Networks
# -----------------------------------------------------------------------------#
variable "networks" {
description = "Map of network definitions per project"
type = map(object({
name = string
name = string
project_key = string
# IPv4 settings
# IPv4
ipv4_gateway = optional(string)
ipv4_nameservers = optional(list(string))
ipv4_prefix = optional(string)
ipv4_prefix_length = optional(number)
# IPv6 settings
# IPv6
ipv6_gateway = optional(string)
ipv6_nameservers = optional(list(string))
ipv6_prefix = optional(string)
@ -133,7 +147,7 @@ variable "networks" {
no_ipv6_gateway = optional(bool)
routed = optional(bool)
# NIC-specific options
# NICs
nics = optional(map(object({
nic_ipv4 = optional(string)
nic_name = string
@ -144,16 +158,18 @@ variable "networks" {
nic_security_group_names = optional(list(string))
})))
}))
default = {}
}
variable "ske_clusters" {
description = "Eine Map von SKE-Clustern"
type = map(object({
# -----------------------------------------------------------------------------#
# SKE Clusters
# -----------------------------------------------------------------------------#
name = string
project_key = string
variable "ske_clusters" {
description = "Map of SKE cluster definitions"
type = map(object({
name = string
project_key = string
kubernetes_version_min = optional(string)
hibernations = optional(list(object({
start = string
@ -161,10 +177,10 @@ variable "ske_clusters" {
timezone = optional(string)
})))
maintenance = optional(object({
enable_kubernetes_version_updates = bool
enable_kubernetes_version_updates = bool
enable_machine_image_version_updates = bool
start = string
end = string
start = string
end = string
}))
extensions = optional(object({
acl = optional(object({
@ -178,7 +194,6 @@ variable "ske_clusters" {
}))
node_pools = list(object({
name = string
machine_type = string
availability_zones = list(string)
@ -204,15 +219,18 @@ variable "ske_clusters" {
default = {}
}
# -----------------------------------------------------------------------------#
# Observability
# -----------------------------------------------------------------------------#
variable "observability_instances" {
description = "Map of Observability instances to create"
type = map(object({
# Required
name = string
name = string
project_key = string
plan_name = string
plan_name = string
# Optional instance settings
# Instance settings
acl = optional(list(string))
metrics_retention_days = optional(number)
metrics_retention_days_5m_downsampling = optional(number)
@ -220,11 +238,11 @@ variable "observability_instances" {
alert_config = optional(any)
parameters = optional(map(string))
# Control credential creation
# Credentials
create_credentials = optional(bool, true)
credentials_count = optional(number, 1)
# alert-groups
# Alert-groups
alertgroups = optional(map(object({
name = string
interval = optional(string)
@ -237,7 +255,7 @@ variable "observability_instances" {
}))
})), {})
# log-alert-groups
# Log-alert-groups
logalertgroups = optional(map(object({
name = string
interval = optional(string)
@ -250,7 +268,7 @@ variable "observability_instances" {
}))
})), {})
# scrape-configs
# Scrape-configs
scrapeconfigs = optional(map(object({
name = string
metrics_path = string
@ -272,6 +290,7 @@ variable "observability_instances" {
})), {})
}))
default = {}
validation {
condition = alltrue([
for k, v in var.observability_instances :
@ -292,7 +311,7 @@ variable "observability_instances" {
])
error_message = <<-EOM
One or more observability_instances specify an invalid plan_name.
See the provider error output for the list of supported plans. Allowed values:
See the provider error output for supported plans. Allowed:
Observability-Medium-EU01
Observability-Monitoring-XL-EU01
Observability-Large-EU01

131
network/variables.tf
View file

@ -1,103 +1,123 @@
variable "project_id" {
type = string
description = "STACKIT project ID"
type = string
}
variable "name" {
type = string
description = "Network name"
type = string
}
# -----------------------------
# IPv4
# -----------------------------
variable "ipv4_gateway" {
type = string
default = null
description = "IPv4 gateway address"
type = string
default = null
}
variable "ipv4_nameservers" {
type = list(string)
default = []
description = "IPv4 nameserver list"
type = list(string)
default = []
}
variable "ipv4_prefix" {
type = string
default = null
description = "IPv4 prefix CIDR"
type = string
default = null
}
variable "ipv4_prefix_length" {
type = number
default = null
description = "IPv4 prefix length"
type = number
default = null
}
# -----------------------------
# IPv6
# -----------------------------
variable "ipv6_gateway" {
type = string
default = null
description = "IPv6 gateway address"
type = string
default = null
}
variable "ipv6_nameservers" {
type = list(string)
default = []
description = "IPv6 nameserver list"
type = list(string)
default = []
}
variable "ipv6_prefix" {
type = string
default = null
description = "IPv6 prefix CIDR"
type = string
default = null
}
variable "ipv6_prefix_length" {
type = number
default = null
description = "IPv6 prefix length"
type = number
default = null
}
# -----------------------------
# Deprecated legacy nameservers (provider still exposes)
# -----------------------------
variable "nameservers" {
description = "Deprecated nameserver list (legacy field)"
type = list(string)
default = []
}
# -----------------------------
# Labels & flags
# -----------------------------
variable "labels" {
type = map(string)
default = {}
description = "Labels map"
type = map(string)
default = {}
}
variable "no_ipv4_gateway" {
type = bool
default = false
description = "Disable IPv4 gateway"
type = bool
default = false
}
variable "no_ipv6_gateway" {
type = bool
default = false
description = "Disable IPv6 gateway"
type = bool
default = false
}
variable "routed" {
type = bool
# default = true
description = "Mark network routed"
type = bool
default = null
}
variable "nic_allowed_addresses" {
type = list(string)
default = []
# -----------------------------
# Region override & routing
# -----------------------------
variable "region" {
description = "Resource region override (defaults to provider region)"
type = string
default = null
}
variable "nic_ipv4" {
type = string
default = null
}
variable "nic_labels" {
type = map(string)
default = {}
}
variable "nic_name" {
type = string
default = null
}
variable "nic_security" {
type = bool
default = false
nullable = false
}
variable "nic_security_group_ids" {
type = list(string)
default = []
variable "routing_table_id" {
description = "Routing table ID"
type = string
default = null
}
# -----------------------------
# NIC map (zero or many)
# -----------------------------
variable "nics" {
description = "Map of NIC configs"
type = map(object({
nic_ipv4 = optional(string)
nic_name = optional(string)
@ -110,7 +130,10 @@ variable "nics" {
default = {}
}
# -----------------------------
# Security group lookup map
# -----------------------------
variable "security_group_ids_by_name" {
description = "Map of security-group names -> IDs"
description = "Security group name→ID map"
type = map(string)
}

4
observability/outputs.tf
View file

@ -26,7 +26,7 @@ output "observability_credentials" {
}
output "observability_alertgroups" {
description = "Map of created Thanos alert-group IDs"
description = "Map of created alert-group IDs"
value = {
for key, alertgrp in stackit_observability_alertgroup.this :
key => alertgrp.id
@ -34,7 +34,7 @@ output "observability_alertgroups" {
}
output "observability_logalertgroups" {
description = "Map of created Loki log-alert-group IDs"
description = "Map of created log-alert-group IDs"
value = {
for key, logalertgrp in stackit_observability_logalertgroup.this :
key => logalertgrp.id

26
observability/variables.tf
View file

@ -4,65 +4,65 @@ variable "project_id" {
}
variable "name" {
description = "The name of the Observability instance."
description = "Observability instance name"
type = string
}
variable "plan_name" {
description = "Specifies the Observability plan."
description = "Observability plan name"
type = string
}
variable "acl" {
description = "Access control list (CIDR blocks) permitted to access this instance."
description = "Allowed CIDR list"
type = list(string)
default = null
}
variable "metrics_retention_days" {
description = "How many days raw metrics are kept."
description = "Retention days raw metrics"
type = number
default = null
}
variable "metrics_retention_days_5m_downsampling" {
description = "How many days 5m-downsampled metrics are kept."
description = "Retention days 5m downsample"
type = number
default = null
}
variable "metrics_retention_days_1h_downsampling" {
description = "How many days 1h-downsampled metrics are kept."
description = "Retention days 1h downsample"
type = number
default = null
}
variable "alert_config" {
description = "Complex Alertmanager configuration."
description = "Alertmanager config object"
type = any
default = null
}
variable "parameters" {
description = "Additional key/value parameters for the instance."
description = "Extra key/value parameters"
type = map(string)
default = null
}
variable "create_credentials" {
description = "Whether to create credentials for this instance."
description = "Create credentials"
type = bool
default = true
}
variable "credentials_count" {
description = "How many credentials to create when enabled."
description = "Credential count when enabled"
type = number
default = 1
}
variable "alertgroups" {
description = "Map of alert-groups to create."
description = "Map of alert-groups to create"
type = map(object({
name = string
interval = optional(string)
@ -78,7 +78,7 @@ variable "alertgroups" {
}
variable "logalertgroups" {
description = "Map of log-alert-groups to create."
description = "Map of log-alert-groups to create"
type = map(object({
name = string
interval = optional(string)
@ -94,7 +94,7 @@ variable "logalertgroups" {
}
variable "scrapeconfigs" {
description = "Map of scrape-configs to create."
description = "Map of scrape-configs to create"
type = map(object({
name = string
metrics_path = string

38
postgres/variables.tf
View file

@ -1,9 +1,11 @@
variable "project_id" {
type = string
description = "STACKIT project ID"
type = string
}
variable "name" {
type = string
description = "Instance name (DNS-1035 compliant)"
type = string
validation {
condition = length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", var.name)) > 0
@ -16,50 +18,52 @@ variable "name" {
}
}
variable "instance_id" {
type = string
default = ""
}
variable "ver" {
type = number
description = "PostgreSQL version"
type = number
}
variable "flavor" {
description = "Compute flavor (cpu, ram GB)"
type = object({
cpu = number,
cpu = number
ram = number
})
}
variable "storage" {
description = "Storage settings (class, size GB)"
type = object({
class = string,
class = string
size = number
})
}
variable "replicas" {
type = number
description = "Number of instance replicas"
type = number
}
variable "acl" {
type = list(string)
description = "Allowed CIDR list for instance access"
type = list(string)
}
variable "backup_schedule" {
type = string
description = "Backup schedule string"
type = string
}
variable "users" {
description = "Database users (username, roles)"
type = list(object({
username = string
roles = set(string)
}))
default = []
validation {
condition = alltrue([
condition = alltrue([
for user in var.users : user.username != "admin"
])
error_message = "The username 'admin' is reserved and cannot be used."
@ -67,12 +71,14 @@ variable "users" {
}
variable "databases" {
description = "Databases to create (name, owner)"
type = list(object({
name = string
owner = string
}))
default = []
validation {
validation {
condition = alltrue([
for db in var.databases : length(regexall("^[a-z]([-a-z0-9]*[a-z0-9])?$", db.name)) > 0
])

17
project/variables.tf
View file

@ -1,9 +1,16 @@
variable "organization_id" {
description = "Empfängt die Container-ID der Organisation vom Root-Modul."
description = "Organization container ID (root parent)"
type = string
}
variable "parent_container_id" {
description = "Parent container ID to create projects under"
type = string
default = null
}
variable "projects" {
description = "Map of projects (name, owner_email)"
type = map(object({
name = string
owner_email = string
@ -11,11 +18,13 @@ variable "projects" {
}
variable "sna_id" {
description = "Empfängt die ID der Network Area vom Root-Modul."
description = "Network Area ID; adds label networkArea=<id> when set"
type = string
default = null
}
variable "labels" {
type = map(string)
default = {}
description = "Extra labels applied to all projects"
type = map(string)
default = {}
}

142
security-group/variables.tf
View file

@ -1,107 +1,65 @@
variable "project_id" {
description = "STACKIT project ID in which to create resources."
description = "STACKIT project ID"
type = string
}
variable "name" {
description = "Name of the network."
description = "Security group name"
type = string
}
variable "description" {
description = "Security group description"
type = string
default = ""
}
variable "ipv4_gateway" {
description = "IPv4 gateway for the network. If null, the first IP in the CIDR is used."
type = string
nullable = true
default = null
}
variable "ipv4_nameservers" {
description = "List of IPv4 nameservers."
type = list(string)
nullable = true
default = null
}
variable "ipv4_prefix" {
description = "IPv4 prefix (CIDR) for the network."
type = string
nullable = true
default = null
}
variable "ipv4_prefix_length" {
description = "IPv4 prefix length for the network."
type = number
nullable = true
default = null
}
variable "ipv6_gateway" {
description = "IPv6 gateway for the network. If null, the first IP in the CIDR is used."
type = string
nullable = true
default = null
}
variable "ipv6_nameservers" {
description = "List of IPv6 nameservers."
type = list(string)
nullable = true
default = null
}
variable "ipv6_prefix" {
description = "IPv6 prefix (CIDR) for the network."
type = string
nullable = true
default = null
}
variable "ipv6_prefix_length" {
description = "IPv6 prefix length for the network."
type = number
nullable = true
default = null
}
variable "labels" {
description = "Key/value labels to attach to the network."
type = map(string)
nullable = true
default = null
}
variable "no_ipv4_gateway" {
description = "If true, suppress creation of an IPv4 gateway."
type = bool
default = false
}
variable "no_ipv6_gateway" {
description = "If true, suppress creation of an IPv6 gateway."
type = bool
default = false
}
variable "routed" {
description = "If true, the network is routed."
type = bool
default = false
}
variable "routing_table_id" {
description = "Routing table ID to associate with this network (experimental)."
type = string
nullable = true
default = null
}
# rule schema
variable "rules" {
description = "List of routing rules to apply to this network (experimental)."
type = any
description = "List of security group rules"
type = list(object({
direction = string # ingress | egress
description = optional(string)
ether_type = optional(string) # IPv4 | IPv6
icmp_parameters = optional(object({
type = optional(number)
code = optional(number)
}))
ip_range = optional(string) # CIDR
port_range = optional(object({
min = number
max = number
}))
protocol = optional(object({
name = optional(string) # tcp | udp | icmp
number = optional(number) # OR protocol number
}))
remote_security_group_id = optional(string)
}))
validation {
condition = alltrue([
for r in var.rules : contains(["ingress", "egress"], lower(r.direction))
])
error_message = "Each rule.direction must be 'ingress' or 'egress'."
}
validation {
condition = alltrue([
for r in var.rules :
r.ether_type == null ? true : contains(["IPv4", "IPv6"], r.ether_type)
])
error_message = "Each rule.ether_type must be 'IPv4' or 'IPv6' when set."
}
# port_range min <= max when provided
validation {
condition = alltrue([
for r in var.rules :
(
r.port_range == null ? true : (r.port_range.min <= r.port_range.max)
)
])
error_message = "Each rule.port_range.min must be <= rule.port_range.max."
}
}

67
ske/variables.tf
View file

@ -1,47 +1,51 @@
variable "project_id" {
description = "STACKIT project ID to which the cluster is associated."
description = "STACKIT project ID"
type = string
}
variable "name" {
description = "The cluster name."
description = "Cluster name"
type = string
}
variable "node_pools" {
description = "One or more node_pool blocks."
description = "List of node pool configs"
type = list(object({
name = string
machine_type = string
availability_zones = list(string)
minimum = number
maximum = number
allow_system_components = optional(bool)
cri = optional(string)
labels = optional(map(string))
max_surge = optional(number)
max_unavailable = optional(number)
os_name = optional(string)
os_version_min = optional(string)
taints = optional(list(object({
name = string
machine_type = string
availability_zones = list(string)
minimum = number
maximum = number
allow_system_components = optional(bool)
cri = optional(string)
labels = optional(map(string))
max_surge = optional(number)
max_unavailable = optional(number)
os_name = optional(string)
os_version_min = optional(string)
taints = optional(list(object({
effect = string
key = string
value = optional(string)
})))
volume_size = optional(number)
volume_type = optional(string)
volume_size = optional(number)
volume_type = optional(string)
}))
}
# Optionale Variablen
# -----------------------------------------------------------------------------#
# Optional fields
# -----------------------------------------------------------------------------#
variable "kubernetes_version_min" {
description = "The minimum Kubernetes version."
description = "Minimum Kubernetes version"
type = string
default = null
}
variable "hibernations" {
description = "A list of hibernation schedules for the cluster."
description = "Hibernation schedules"
type = list(object({
start = string
end = string
@ -51,7 +55,7 @@ variable "hibernations" {
}
variable "maintenance" {
description = "A single maintenance block."
description = "Maintenance window settings"
type = object({
enable_kubernetes_version_updates = bool
enable_machine_image_version_updates = bool
@ -60,8 +64,9 @@ variable "maintenance" {
})
default = null
}
variable "extensions" {
description = "A single extensions block."
description = "Extensions config"
type = object({
acl = optional(object({
enabled = bool
@ -72,23 +77,15 @@ variable "extensions" {
argus_instance_id = string
}))
dns = optional(object({
enabled = bool
zones = optional(list(string))
enabled = bool
zones = optional(list(string))
}))
})
default = null
}
variable "network" {
description = "Network block."
type = object({
id = string
})
default = null
}
variable "default_region" {
description = "The resource region."
description = "Resource region override"
type = string
default = null
}
}