-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathvariables-file.tf
61 lines (57 loc) · 2.31 KB
/
variables-file.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
variable "file_share_cors_rules" {
description = "Storage Account file shares CORS rule. Please refer to the [documentation](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account#cors_rule) for more information."
type = object({
allowed_headers = list(string)
allowed_methods = list(string)
allowed_origins = list(string)
exposed_headers = list(string)
max_age_in_seconds = number
})
default = null
}
variable "file_share_retention_policy_in_days" {
description = "Storage Account file shares retention policy in days. Enabling this may require additional directory permissions."
type = number
default = null
}
variable "file_share_properties_smb" {
description = "Storage Account file shares smb properties."
type = object({
versions = optional(list(string), null)
authentication_types = optional(list(string), null)
kerberos_ticket_encryption_type = optional(list(string), null)
channel_encryption_type = optional(list(string), null)
multichannel_enabled = optional(bool, null)
})
default = null
}
variable "file_share_authentication" {
description = "Storage Account file shares authentication configuration."
type = object({
directory_type = string
active_directory = optional(object({
storage_sid = string
domain_name = string
domain_sid = string
domain_guid = string
forest_name = string
netbios_domain_name = string
}))
})
default = null
validation {
condition = var.file_share_authentication == null || (
contains(["AADDS", "AD", ""], try(var.file_share_authentication.directory_type, ""))
)
error_message = "`file_share_authentication.directory_type` can only be `AADDS` or `AD`."
}
validation {
condition = var.file_share_authentication == null || (
try(var.file_share_authentication.directory_type, null) == "AADDS" || (
try(var.file_share_authentication.directory_type, null) == "AD" &&
try(var.file_share_authentication.active_directory, null) != null
)
)
error_message = "`file_share_authentication.active_directory` block is required when `file_share_authentication.directory_type` is set to `AD`."
}
}