mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-01-06 09:11:10 +01:00
Code Issues Projects Releases Wiki Activity
vault/enos/modules/start_vault/variables.tf
hc-github-team-secure-vault-core aa9c6cc42b
Backport of Add Enos benchmark scenario into release/1.20.x (#31055) 
* backport of commit 5e90024b26f79a5783a926b1ccf14eb9f1c21ceb

* enos(consul): only use versions that are CE and ENT (#31057)

Right now our logic for consul doesn't consider whether or not the
version is available for ent or ce. Make sure that the versions we used
are available for both.

Signed-off-by: Ryan Cragun <me@ryan.ec>

---------

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Josh Black <raskchanky@gmail.com>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2025-06-20 12:26:40 -06:00

200 lines
5.2 KiB
HCL
Raw Blame History

# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: BUSL-1.1
variable "cluster_name" {
type = string
description = "The Vault cluster name"
}
variable "cluster_port" {
type = number
description = "The cluster port for Vault to listen on"
default = 8201
}
variable "cluster_tag_key" {
type = string
description = "The Vault cluster tag key"
default = "retry_join"
}
variable "config_dir" {
type = string
description = "The directory to use for Vault configuration"
default = "/etc/vault.d"
}
variable "config_mode" {
description = "The method to use when configuring Vault. When set to 'env' we will configure Vault using VAULT_ style environment variables if possible. When 'file' we'll use the HCL configuration file for all configuration options."
default = "file"
validation {
condition = contains(["env", "file"], var.config_mode)
error_message = "The config_mode must be either 'env' or 'file'. No other configuration modes are supported."
}
}
variable "disable_mlock" {
type = bool
description = "Disable mlock for Vault process."
default = false
}
variable "enable_telemetry" {
type = bool
description = "Enable Vault telemetry"
default = false
}
variable "environment" {
description = "Optional Vault configuration environment variables to set starting Vault"
type = map(string)
default = null
}
variable "external_storage_port" {
type = number
description = "The port to connect to when using external storage"
default = 8500
}
variable "hosts" {
description = "The target machines host addresses to use for the Vault cluster"
type = map(object({
ipv6 = string
private_ip = string
public_ip = string
}))
}
variable "install_dir" {
type = string
description = "The directory where the vault binary will be installed"
default = "/opt/vault/bin"
}
variable "ip_version" {
type = number
description = "The IP version to use for the Vault TCP listeners"
validation {
condition = contains([4, 6], var.ip_version)
error_message = "The ip_version must be either 4 or 6"
}
}
variable "license" {
type = string
sensitive = true
description = "The value of the Vault license"
default = null
}
variable "log_level" {
type = string
description = "The vault service log level"
default = "info"
validation {
condition = contains(["trace", "debug", "info", "warn", "error"], var.log_level)
error_message = "The log_level must be one of 'trace', 'debug', 'info', 'warn', or 'error'."
}
}
variable "manage_service" {
type = bool
description = "Manage the Vault service users and systemd unit. Disable this to use configuration in RPM and Debian packages"
default = true
}
variable "listener_port" {
type = number
description = "The port for Vault to listen on"
default = 8200
}
variable "seal_alias" {
type = string
description = "The primary seal alias name"
default = "primary"
}
variable "seal_alias_secondary" {
type = string
description = "The secondary seal alias name"
default = "secondary"
}
variable "seal_attributes" {
description = "The primary auto-unseal attributes"
default = null
}
variable "seal_attributes_secondary" {
description = "The secondary auto-unseal attributes"
default = null
}
variable "seal_priority" {
type = string
description = "The primary seal priority"
default = "1"
}
variable "seal_priority_secondary" {
type = string
description = "The secondary seal priority"
default = "2"
}
variable "seal_type" {
type = string
description = "The method by which to unseal the Vault cluster"
default = "awskms"
validation {
condition = contains(["awskms", "pkcs11", "shamir"], var.seal_type)
error_message = "The seal_type must be either 'awskms', 'pkcs11', or 'shamir'. No other seal types are supported."
}
}
variable "seal_type_secondary" {
type = string
description = "A secondary HA seal method. Only supported in Vault Enterprise >= 1.15"
default = "none"
validation {
condition = contains(["awskms", "pkcs11", "none"], var.seal_type_secondary)
error_message = "The secondary_seal_type must be 'awskms', 'pkcs11' or 'none'. No other secondary seal types are supported."
}
}
variable "service_username" {
type = string
description = "The host username to own the vault service"
default = "vault"
}
variable "storage_backend" {
type = string
description = "The storage backend to use"
default = "raft"
validation {
condition = contains(["raft", "consul"], var.storage_backend)
error_message = "The storage_backend must be either raft or consul. No other storage backends are supported."
}
}
variable "storage_backend_attrs" {
type = map(any)
description = "An optional set of key value pairs to inject into the storage block"
default = {}
}
variable "storage_node_prefix" {
type = string
description = "A prefix to use for each node in the Vault storage configuration"
default = "node"
}
Reference in New Issue View Git Blame Copy Permalink