From d341d08232dbfaf2d28dd4374c305dd9a46620cd Mon Sep 17 00:00:00 2001 From: Hubert Cornet Date: Sat, 15 Nov 2025 20:42:27 +0100 Subject: [PATCH] Update variables.auto.tfvars --- variables.auto.tfvars | 95 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 95 insertions(+) diff --git a/variables.auto.tfvars b/variables.auto.tfvars index e70557c..6920306 100644 --- a/variables.auto.tfvars +++ b/variables.auto.tfvars @@ -73,3 +73,98 @@ cloudflare_access_tags = [ "qa", "devops" ] + +#===================================== +# Cloudflare variables +#===================================== +cf_team_name = "macharpe" +cf_email_domain = "passfwd.com" + +# Tunnels +cf_tunnel_name_gcp = "Tunnel GCP (Access For Infrastructure)" +cf_tunnel_name_aws = "Tunnel AWS (SSH Browser Rendered)" +cf_windows_rdp_tunnel_name = "Tunnel GCP (Windows RDP)" + +# WARP Connector Tunnels - Sensitive: manually retrieved from Cloudflare dashboard +cf_warp_tunnel_azure_id = "185f0bc0-986d-********" +cf_warp_tunnel_gcp_id = "ad04a3ed-a1a1-********" + +# Subdomains +cf_subdomain_ssh = "ssh-database.example.com" +cf_subdomain_vnc = "vnc.example.com" +cf_subdomain_web = "intranet.example.com" +cf_subdomain_rdp = "rdp.example.com" +cf_subdomain_web_sensitive = "competition.example.com" +cf_subdomain_training_status = "training-status.example.com" # OPTIONAL: Only needed if using optional-cloudflare-apps.tf and Training Compliance Gateway + +# Targets +cf_target_ssh_name = "GCP-database" +cf_target_rdp_name = "Domain-Controller" + +# Applications +cf_infra_app_name = "GCP Infrastructure SSH database" +cf_browser_ssh_app_name = "AWS Browser SSH database" +cf_browser_vnc_app_name = "AWS Browser VNC database" +cf_browser_rdp_app_name = "GCP Browser RDP windows" +cf_sensitive_web_app_name = "Competition App" +cf_intranet_web_app_name = "Intranet" + +# Application Ports +cf_competition_app_port = 8080 +cf_intranet_app_port = 8181 +cf_domain_controller_rdp_port = 3389 + +# Identity Providers - Sensitive: manually retrieved from Cloudflare dashboard +cf_okta_identity_provider_id = "8fd4786e-97d7-4257-********" +cf_otp_identity_provider_id = "a6dfbf35-0e20-4244-********" +cf_azure_identity_provider_id = "8c593fe8-aee3-4075-********" +cf_azure_admin_rule_group_id = "5f253130-a400-4215-********" + +# Device Posture - Sensitive: manually retrieved from Cloudflare dashboard +cf_gateway_posture_id = "4d8d7499-38c3-4bf0-********" +cf_macos_posture_id = "6d64ff80-1308-4462-********" +cf_ios_posture_id = "56454654-1245-8564-********" +cf_windows_posture_id = "67b05735-3b9b-4bcc-********" +cf_linux_posture_id = "ed5639c7-3305-4a91-********" +cf_device_os = "mac" # Options: "linux", "windows", "mac" + +# WARP CGNAT Routes +cf_custom_cgnat_routes = [ + { + address = "100.64.0.0/11" + description = "WARP Connector CGNAT 1" + }, + { + address = "100.112.0.0/12" + description = "WARP Connector CGNAT 2" + } +] + +cf_default_cgnat_routes = [{ + address = "100.64.0.0/10" + description = "Default CGNAT Range" +}] + +cf_warp_cgnat_cidr = "100.96.0.0/12" + + +#===================================== +# Okta +#===================================== + +# SAML Group IDs - Unused variables removed + +# SAML Group names +okta_sales_eng_saml_group_name = "SalesEngineering" +okta_itadmin_saml_group_name = "ITAdmin" +okta_sales_saml_group_name = "Sales" +okta_contractors_saml_group_name = "Contractors" +okta_infra_admin_saml_group_name = "InfrastructureAdmin" + +# User IDs - Unused variables removed + +# User logins +okta_bob_user_login = "********3@passfwd.com" +okta_matthieu_user_login = "********" + +okta_bob_user_linux_password = "bob"