################################################################################ # Environment: gcp # Variables ################################################################################ variable "project_id" { description = "GCP project ID where all resources will be created." type = string } variable "region" { description = "GCP region for all resources." type = string default = "us-central1" } variable "environment" { description = "Deployment environment (e.g. production, staging)." type = string default = "production" } variable "project" { description = "Project identifier — used in resource names and labels." type = string default = "sentryagent-agentidp" } variable "app_image_tag" { description = "Docker image tag to deploy (e.g. '1.2.3')." type = string } ################################################################################ # Networking ################################################################################ variable "vpc_cidr" { description = "CIDR range for the VPC subnet used by Cloud Run and Cloud SQL." type = string default = "10.1.0.0/24" } variable "vpc_connector_cidr" { description = "CIDR range for the Serverless VPC Access connector (/28 required)." type = string default = "10.8.0.0/28" } ################################################################################ # Database ################################################################################ variable "db_tier" { description = "Cloud SQL instance tier (machine type)." type = string default = "db-g1-small" } variable "db_name" { description = "Name of the PostgreSQL database to create." type = string default = "sentryagent_idp" } variable "db_username" { description = "PostgreSQL user for the application." type = string default = "sentryagent" } variable "db_availability_type" { description = "Cloud SQL availability type: REGIONAL (HA) or ZONAL." type = string default = "REGIONAL" } ################################################################################ # Secrets — all marked sensitive; provide via tfvars or environment variables ################################################################################ variable "db_password" { description = "Password for the Cloud SQL PostgreSQL user. Stored in Secret Manager." type = string sensitive = true } variable "jwt_private_key" { description = "PEM-encoded RSA-2048 private key for signing JWTs. Stored in Secret Manager." type = string sensitive = true } variable "jwt_public_key" { description = "PEM-encoded RSA-2048 public key for verifying JWTs. Stored in Secret Manager." type = string sensitive = true } variable "vault_token" { description = "HashiCorp Vault token. Leave empty to disable Vault integration." type = string sensitive = true default = "" } ################################################################################ # Optional configuration ################################################################################ variable "vault_addr" { description = "HashiCorp Vault server address. Leave empty to disable Vault integration." type = string default = "" } variable "vault_mount" { description = "HashiCorp Vault KV v2 mount path." type = string default = "secret" } variable "cors_origin" { description = "CORS_ORIGIN value for the app." type = string default = "*" } variable "cloud_run_min_instances" { description = "Minimum Cloud Run instances (set > 0 to prevent cold starts)." type = number default = 1 } variable "cloud_run_max_instances" { description = "Maximum Cloud Run instances." type = number default = 10 } variable "cloud_run_cpu" { description = "CPU limit per Cloud Run instance." type = string default = "1" } variable "cloud_run_memory" { description = "Memory limit per Cloud Run instance." type = string default = "512Mi" } variable "memorystore_memory_size_gb" { description = "Memory size in GiB for the Memorystore Redis instance." type = number default = 1 } variable "memorystore_redis_version" { description = "Redis version for Memorystore." type = string default = "REDIS_7_0" } variable "memorystore_tier" { description = "Memorystore service tier: BASIC (single node) or STANDARD_HA (primary + replica)." type = string default = "STANDARD_HA" } variable "deletion_protection" { description = "Enable deletion protection on Cloud SQL and Memorystore resources." type = bool default = true }