This repository has been archived by the owner on Oct 7, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 34
/
variables.tf
285 lines (262 loc) · 15 KB
/
variables.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
variable "location" {
type = string
description = "Azure OpenAI deployment region. Set this variable to `null` would use resource group's location."
}
variable "resource_group_name" {
type = string
description = "Name of the azure resource group to use. The resource group must exist."
}
variable "account_name" {
type = string
default = ""
description = "Specifies the name of the Cognitive Service Account. Changing this forces a new resource to be created. Leave this variable as default would use a default name with random suffix."
}
variable "application_name" {
type = string
default = ""
description = "Name of the application. A corresponding tag would be created on the created resources if `var.default_tags_enabled` is `true`."
}
variable "custom_subdomain_name" {
type = string
default = ""
description = "The subdomain name used for token-based authentication. Changing this forces a new resource to be created. Leave this variable as default would use a default name with random suffix."
}
variable "customer_managed_key" {
type = object({
key_vault_key_id = string
identity_client_id = optional(string)
})
default = null
description = <<-DESCRIPTION
type = object({
key_vault_key_id = (Required) The ID of the Key Vault Key which should be used to Encrypt the data in this OpenAI Account.
identity_client_id = (Optional) The Client ID of the User Assigned Identity that has access to the key. This property only needs to be specified when there're multiple identities attached to the OpenAI Account.
})
DESCRIPTION
}
variable "default_tags_enabled" {
type = bool
default = false
description = "Determines whether or not default tags are applied to resources. If set to true, tags will be applied. If set to false, tags will not be applied."
nullable = false
}
variable "deployment" {
type = map(object({
name = string
model_format = string
model_name = string
model_version = string
scale_type = string
rai_policy_name = optional(string)
capacity = optional(number)
version_upgrade_option = optional(string)
}))
default = {}
description = <<-DESCRIPTION
type = map(object({
name = (Required) The name of the Cognitive Services Account Deployment. Changing this forces a new resource to be created.
cognitive_account_id = (Required) The ID of the Cognitive Services Account. Changing this forces a new resource to be created.
model = {
model_format = (Required) The format of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created. Possible value is OpenAI.
model_name = (Required) The name of the Cognitive Services Account Deployment model. Changing this forces a new resource to be created.
model_version = (Required) The version of Cognitive Services Account Deployment model.
}
scale = {
scale_type = (Required) Deployment scale type. Possible value is Standard. Changing this forces a new resource to be created.
}
rai_policy_name = (Optional) The name of RAI policy. Changing this forces a new resource to be created.
capacity = (Optional) Tokens-per-Minute (TPM). The unit of measure for this field is in the thousands of Tokens-per-Minute. Defaults to 1 which means that the limitation is 1000 tokens per minute.
version_upgrade_option = (Optional) Deployment model version upgrade option. Possible values are `OnceNewDefaultVersionAvailable`, `OnceCurrentVersionExpired`, and `NoAutoUpgrade`. Defaults to `OnceNewDefaultVersionAvailable`. Changing this forces a new resource to be created.
}))
DESCRIPTION
nullable = false
}
variable "diagnostic_setting" {
type = map(object({
name = string
log_analytics_workspace_id = optional(string)
log_analytics_destination_type = optional(string)
eventhub_name = optional(string)
eventhub_authorization_rule_id = optional(string)
storage_account_id = optional(string)
partner_solution_id = optional(string)
audit_log_retention_policy = optional(object({
enabled = optional(bool, true)
days = optional(number, 7)
}))
request_response_log_retention_policy = optional(object({
enabled = optional(bool, true)
days = optional(number, 7)
}))
trace_log_retention_policy = optional(object({
enabled = optional(bool, true)
days = optional(number, 7)
}))
metric_retention_policy = optional(object({
enabled = optional(bool, true)
days = optional(number, 7)
}))
}))
default = {}
description = <<-DESCRIPTION
A map of objects that represent the configuration for a diagnostic setting."
type = map(object({
name = (Required) Specifies the name of the diagnostic setting. Changing this forces a new resource to be created.
log_analytics_workspace_id = (Optional) (Optional) Specifies the resource id of an Azure Log Analytics workspace where diagnostics data should be sent.
log_analytics_destination_type = (Optional) Possible values are `AzureDiagnostics` and `Dedicated`. When set to Dedicated, logs sent to a Log Analytics workspace will go into resource specific tables, instead of the legacy `AzureDiagnostics` table.
eventhub_name = (Optional) Specifies the name of the Event Hub where diagnostics data should be sent.
eventhub_authorization_rule_id = (Optional) Specifies the resource id of an Event Hub Namespace Authorization Rule used to send diagnostics data.
storage_account_id = (Optional) Specifies the resource id of an Azure storage account where diagnostics data should be sent.
partner_solution_id = (Optional) The resource id of the market partner solution where diagnostics data should be sent. For potential partner integrations, click to learn more about partner integration.
audit_log_retention_policy = (Optional) Specifies the retention policy for the audit log. This is a block with the following properties:
enabled = (Optional) Specifies whether the retention policy is enabled. If enabled, `days` must be a positive number.
days = (Optional) Specifies the number of days to retain trace logs. If `enabled` is set to `true`, this value must be set to a positive number.
request_response_log_retention_policy = (Optional) Specifies the retention policy for the request response log. This is a block with the following properties:
enabled = (Optional) Specifies whether the retention policy is enabled. If enabled, `days` must be a positive number.
days = (Optional) Specifies the number of days to retain trace logs. If `enabled` is set to `true`, this value must be set to a positive number.
trace_log_retention_policy = (Optional) Specifies the retention policy for the trace log. This is a block with the following properties:
enabled = (Optional) Specifies whether the retention policy is enabled. If enabled, `days` must be a positive number.
days = (Optional) Specifies the number of days to retain trace logs. If `enabled` is set to `true`, this value must be set to a positive number.
metric_retention_policy = (Optional) Specifies the retention policy for the metric. This is a block with the following properties:
enabled = (Optional) Specifies whether the retention policy is enabled. If enabled, `days` must be a positive number.
days = (Optional) Specifies the number of days to retain trace logs. If `enabled` is set to `true`, this value must be set to a positive number.
}))
DESCRIPTION
nullable = false
}
variable "dynamic_throttling_enabled" {
type = bool
default = null
description = "Determines whether or not dynamic throttling is enabled. If set to `true`, dynamic throttling will be enabled. If set to `false`, dynamic throttling will not be enabled."
}
variable "environment" {
type = string
default = ""
description = "Environment of the application. A corresponding tag would be created on the created resources if `var.default_tags_enabled` is `true`."
}
variable "fqdns" {
type = list(string)
default = null
description = "List of FQDNs allowed for the Cognitive Account."
}
variable "identity" {
type = object({
type = string
identity_ids = optional(list(string))
})
default = null
description = <<-DESCRIPTION
type = object({
type = (Required) The type of the Identity. Possible values are `SystemAssigned`, `UserAssigned`, `SystemAssigned, UserAssigned`.
identity_ids = (Optional) Specifies a list of User Assigned Managed Identity IDs to be assigned to this OpenAI Account.
})
DESCRIPTION
}
variable "local_auth_enabled" {
type = bool
default = true
description = "Whether local authentication methods is enabled for the Cognitive Account. Defaults to `true`."
}
variable "network_acls" {
type = set(object({
default_action = string
ip_rules = optional(set(string))
virtual_network_rules = optional(set(object({
subnet_id = string
ignore_missing_vnet_service_endpoint = optional(bool, false)
})))
}))
default = null
description = <<-DESCRIPTION
type = set(object({
default_action = (Required) The Default Action to use when no rules match from ip_rules / virtual_network_rules. Possible values are `Allow` and `Deny`.
ip_rules = (Optional) One or more IP Addresses, or CIDR Blocks which should be able to access the Cognitive Account.
virtual_network_rules = optional(set(object({
subnet_id = (Required) The ID of a Subnet which should be able to access the OpenAI Account.
ignore_missing_vnet_service_endpoint = (Optional) Whether ignore missing vnet service endpoint or not. Default to `false`.
})))
}))
DESCRIPTION
}
variable "outbound_network_access_restricted" {
type = bool
default = false
description = "Whether outbound network access is restricted for the Cognitive Account. Defaults to `false`."
}
variable "pe_subresource" {
type = list(string)
default = ["account"]
description = "A list of subresource names which the Private Endpoint is able to connect to. `subresource_names` corresponds to `group_id`. Possible values are detailed in the product [documentation](https://docs.microsoft.com/azure/private-link/private-endpoint-overview#private-link-resource) in the `Subresources` column. Changing this forces a new resource to be created."
}
variable "private_dns_zone" {
type = object({
name = string
resource_group_name = optional(string)
})
default = null
description = <<-DESCRIPTION
A map of object that represents the existing Private DNS Zone you'd like to use. Leave this variable as default would create a new Private DNS Zone.
type = object({
name = "(Required) The name of the Private DNS Zone."
resource_group_name = "(Optional) The Name of the Resource Group where the Private DNS Zone exists. If the Name of the Resource Group is not provided, the first Private DNS Zone from the list of Private DNS Zones in your subscription that matches `name` will be returned."
}
DESCRIPTION
}
variable "private_endpoint" {
type = map(object({
name = string
vnet_rg_name = string
vnet_name = string
subnet_name = string
location = optional(string, null)
dns_zone_virtual_network_link_name = optional(string, "dns_zone_link")
private_dns_entry_enabled = optional(bool, false)
private_service_connection_name = optional(string, "privateserviceconnection")
is_manual_connection = optional(bool, false)
}))
default = {}
description = <<-DESCRIPTION
A map of objects that represent the configuration for a private endpoint."
type = map(object({
name = (Required) Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.
vnet_rg_name = (Required) Specifies the name of the Resource Group where the Private Endpoint's Virtual Network Subnet exists. Changing this forces a new resource to be created.
vnet_name = (Required) Specifies the name of the Virtual Network where the Private Endpoint's Subnet exists. Changing this forces a new resource to be created.
subnet_name = (Required) Specifies the name of the Subnet which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.
dns_zone_virtual_network_link_name = (Optional) The name of the Private DNS Zone Virtual Network Link. Changing this forces a new resource to be created. Default to `dns_zone_link`.
private_dns_entry_enabled = (Optional) Whether or not to create a `private_dns_zone_group` block for the Private Endpoint. Default to `false`.
private_service_connection_name = (Optional) Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created. Default to `privateserviceconnection`.
is_manual_connection = (Optional) Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created. Default to `false`.
}))
DESCRIPTION
nullable = false
}
variable "public_network_access_enabled" {
type = bool
default = false
description = "Whether public network access is allowed for the Cognitive Account. Defaults to `false`."
}
variable "sku_name" {
type = string
default = "S0"
description = "Specifies the SKU Name for this Cognitive Service Account. Possible values are `F0`, `F1`, `S0`, `S`, `S1`, `S2`, `S3`, `S4`, `S5`, `S6`, `P0`, `P1`, `P2`, `E0` and `DC0`. Default to `S0`."
}
variable "tags" {
type = map(string)
default = {}
description = "(Optional) A mapping of tags to assign to the resource."
nullable = false
}
# tflint-ignore: terraform_unused_declarations
variable "tracing_tags_enabled" {
type = bool
default = false
description = "Whether enable tracing tags that generated by BridgeCrew Yor."
nullable = false
}
# tflint-ignore: terraform_unused_declarations
variable "tracing_tags_prefix" {
type = string
default = "avm_"
description = "Default prefix for generated tracing tags"
nullable = false
}