forked from hashicorp/terraform-aws-terraform-enterprise
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlocals.tf
More file actions
106 lines (95 loc) · 4.22 KB
/
locals.tf
File metadata and controls
106 lines (95 loc) · 4.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# Copyright (c) HashiCorp, Inc.
# SPDX-License-Identifier: MPL-2.0
locals {
kms_key_arn = data.aws_kms_key.main.arn
enable_airgap = var.airgap_url == null && var.tfe_license_bootstrap_airgap_package_path != null
enable_external = var.operational_mode == "external" || var.operational_mode == "active-active"
enable_disk = var.operational_mode == "disk"
enable_database_module = local.enable_external && var.enable_aurora == false && var.db_use_mtls == false && var.enable_edb == false
enable_explorer_database_module = local.enable_external && var.db_use_mtls == false && var.explorer_db_name != null
enable_object_storage_module = local.enable_external
enable_redis_module = var.operational_mode == "active-active"
redis_mtls_enabled = var.enable_redis_mtls
fdo_operational_mode = var.operational_mode
ami_id = local.default_ami_id ? data.aws_ami.ubuntu.id : var.ami_id
default_ami_id = var.ami_id == null
fqdn = "${var.tfe_subdomain}.${var.domain_name}"
iam_principal = { arn = try(var.object_storage_iam_user.arn, module.service_accounts.iam_role.arn) }
network_id = var.deploy_vpc ? module.networking[0].network_id : var.network_id
network_private_subnets = var.deploy_vpc ? module.networking[0].network_private_subnets : var.network_private_subnets
network_public_subnets = var.deploy_vpc ? module.networking[0].network_public_subnets : var.network_public_subnets
network_private_subnet_cidrs = var.deploy_vpc ? module.networking[0].network_private_subnet_cidrs : var.network_private_subnet_cidrs
# explorer_database = try(module.explorer_database[0], local.default_database)
default_database = {
name = null
password = null
endpoint = null
username = null
parameters = null
}
aurora_database = try(module.aurora_database[0], local.default_database)
mtls_database = try(module.database_mtls[0], local.default_database)
enterprise_db = try(module.edb[0], local.default_database)
# standard_db = try(module.database[0], local.default_database)
# selected_database = (
# var.enable_aurora && var.db_use_mtls ? error("Both enable_aurora and db_use_mtls cannot be true.") :
# var.enable_aurora ? local.aurora_database :
# var.db_use_mtls ? local.mtls_database :
# var.enable_edb ? local.enterprise_db :
# local.standard_db
# )
# database = local.selected_database
object_storage = try(
module.object_storage[0],
{
s3_bucket = {
id = null
}
}
)
redis_default = {
hostname = null
password = null
username = null
redis_port = null
use_password_auth = null
use_tls = null
sentinel_enabled = var.enable_redis_sentinel
sentinel_hosts = []
sentinel_leader = null
sentinel_username = null
sentinel_password = null
aws_elasticache_subnet_group_name = null
aws_security_group_redis = null
}
redis = var.enable_redis_sentinel || var.enable_sentinel_mtls ? module.redis_sentinel[0] : var.enable_redis_mtls ? module.redis_mtls[0] : try(module.redis[0], local.redis_default)
no_proxy = concat([
"127.0.0.1",
"169.254.169.254",
"secretsmanager.${data.aws_region.current.name}.amazonaws.com",
".docker.com",
".docker.io",
"localhost",
"s3.amazonaws.com",
".s3.amazonaws.com",
"s3.${data.aws_region.current.name}.amazonaws.com",
local.fqdn,
var.network_cidr],
local.replicated_no_proxy,
local.rhel_no_proxy,
var.no_proxy
)
replicated_no_proxy = var.is_replicated_deployment ? [
".replicated.com",
] : []
rhel_no_proxy = var.distribution == "rhel" ? [
".aws.ce.redhat.com",
".centos.org",
".subscription.rhn.redhat.com",
".cdn.redhat.com",
] : []
trusted_proxies = concat(
var.trusted_proxies,
var.network_private_subnet_cidrs
)
}