formatVersion: 1 name: vdefend-form-driven version: 1 inputs: app_name: type: string title: Application Name description: Logical name used to prefix NSX groups and section. default: vdefend-app env_value: type: string title: Environment enum: - prod - test - dev default: prod requester_email: type: string title: Requester Email # vCenter inventory selection (populated via Custom Form using ABX data source) vm_web: type: array title: Web Tier VMs description: Select one or more VMs for the Web tier items: type: string vm_app: type: array title: App Tier VMs items: type: string vm_db: type: array title: DB Tier VMs items: type: string # Port lists (array of numbers; Custom Form will parse CSV input into arrays) ports_web_to_app: type: array title: Ports (Web -> App) items: type: number default: - 80 - 443 ports_app_to_db: type: array title: Ports (App -> DB) items: type: number default: - 5432 # Endpoints / credentials (map these to Project Secrets in production) nsx_manager_url: type: string title: NSX Manager URL nsx_username: type: string encrypted: true nsx_password: type: string encrypted: true resources: vdefendPolicy: type: Cloud.Terraform properties: providers: - name: nsxt source: vmware/nsxt version: ">= 3.9.0" module: # point to your Git content source that contains the module path below source: git::https://your.git/VCFA_Avi_vDefend_kit.git//terraform/vdefend_baseline_module variables: nsx_manager_url: ${input.nsx_manager_url} nsx_username: ${input.nsx_username} nsx_password: ${input.nsx_password} domain: "default" app_name: ${input.app_name} env_value: ${input.env_value} services_web_to_app: ${input.ports_web_to_app} services_app_to_db: ${input.ports_app_to_db} create_drop_others_rule: false outputs: sectionPath: value: ${resource.vdefendPolicy.outputs.section} groups: value: web: ${resource.vdefendPolicy.outputs.group_web} app: ${resource.vdefendPolicy.outputs.group_app} db: ${resource.vdefendPolicy.outputs.group_db}