From 367184ef4801a12751c556cf17a62287abf3f008 Mon Sep 17 00:00:00 2001
From: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Date: Mon, 4 Nov 2024 09:20:51 +0000
Subject: [PATCH] Updates for RSG data source, zone namespace fixes (backup),
 add tags to VNet links and add new example/test (#52)

* updates for RSG and Zones

* pre-commit

* version updates

* pre-commit

* add new example and fix batch

* pre-commit

* fixes issue 53 - add tags to links

---------

Co-authored-by: github-actions[bot] <tfmod442916@users.noreply.github.com>
---
 .vscode/settings.json                         |  19 --
 README.md                                     |  13 +-
 .../README.md                                 | 183 ++++++++++++++++++
 .../_footer.md                                |   4 +
 .../_header.md                                |   7 +
 .../main.tf                                   | 100 ++++++++++
 .../variables.tf                              |   9 +
 examples/default/README.md                    |  16 +-
 examples/default/main.tf                      |  13 +-
 examples/with-vnet-link-existing-rg/README.md |  14 +-
 examples/with-vnet-link-existing-rg/main.tf   |  11 +-
 locals.tf                                     |   1 +
 main.tf                                       |  13 +-
 outputs.tf                                    |   2 +-
 terraform.tf                                  |   2 +-
 variables.tf                                  |   7 +-
 16 files changed, 364 insertions(+), 50 deletions(-)
 create mode 100644 examples/custom-zones-vnet-link-existing-rg/README.md
 create mode 100644 examples/custom-zones-vnet-link-existing-rg/_footer.md
 create mode 100644 examples/custom-zones-vnet-link-existing-rg/_header.md
 create mode 100644 examples/custom-zones-vnet-link-existing-rg/main.tf
 create mode 100644 examples/custom-zones-vnet-link-existing-rg/variables.tf

diff --git a/.vscode/settings.json b/.vscode/settings.json
index 42fc1c6..d79b4d6 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -1,23 +1,4 @@
 {
   "editor.bracketPairColorization.enabled": true,
-  "workbench.colorCustomizations": {
-    "activityBar.activeBackground": "#f8a3fa",
-    "activityBar.background": "#f8a3fa",
-    "activityBar.foreground": "#15202b",
-    "activityBar.inactiveForeground": "#15202b99",
-    "activityBarBadge.background": "#797607",
-    "activityBarBadge.foreground": "#e7e7e7",
-    "commandCenter.border": "#15202b99",
-    "sash.hoverBorder": "#f8a3fa",
-    "statusBar.background": "#f473f7",
-    "statusBar.foreground": "#15202b",
-    "statusBarItem.hoverBackground": "#f043f4",
-    "statusBarItem.remoteBackground": "#f473f7",
-    "statusBarItem.remoteForeground": "#15202b",
-    "titleBar.activeBackground": "#f473f7",
-    "titleBar.activeForeground": "#15202b",
-    "titleBar.inactiveBackground": "#f473f799",
-    "titleBar.inactiveForeground": "#15202b99"
-  },
   "peacock.color": "#f473f7",
 }
diff --git a/README.md b/README.md
index f2ce569..7dae9bd 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.5)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.71)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116.0, < 4.0)
 
 - <a name="requirement_modtm"></a> [modtm](#requirement\_modtm) (~> 0.3)
 
@@ -42,8 +42,8 @@ The following resources are used by this module:
 - [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [modtm_telemetry.telemetry](https://registry.terraform.io/providers/Azure/modtm/latest/docs/resources/telemetry) (resource)
 - [random_uuid.telemetry](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/uuid) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 - [azurerm_client_config.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
-- [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group) (data source)
 - [modtm_module_source.telemetry](https://registry.terraform.io/providers/Azure/modtm/latest/docs/data-sources/module_source) (data source)
 
 <!-- markdownlint-disable MD013 -->
@@ -181,11 +181,8 @@ Default:
   "azure_backup": {
     "zone_name": "privatelink.{regionCode}.backup.windowsazure.com"
   },
-  "azure_batch_account": {
-    "zone_name": "{regionName}.privatelink.batch.azure.com"
-  },
-  "azure_batch_node_mgmt": {
-    "zone_name": "{regionName}.service.privatelink.batch.azure.com"
+  "azure_batch": {
+    "zone_name": "privatelink.batch.azure.com"
   },
   "azure_bot_svc_bot": {
     "zone_name": "privatelink.directline.botframework.com"
@@ -442,7 +439,7 @@ The following Modules are called:
 
 Source: Azure/avm-res-network-privatednszone/azurerm
 
-Version: 0.1.2
+Version: 0.2.1
 
 <!-- markdownlint-disable-next-line MD041 -->
 ## Data Collection
diff --git a/examples/custom-zones-vnet-link-existing-rg/README.md b/examples/custom-zones-vnet-link-existing-rg/README.md
new file mode 100644
index 0000000..58f25af
--- /dev/null
+++ b/examples/custom-zones-vnet-link-existing-rg/README.md
@@ -0,0 +1,183 @@
+<!-- BEGIN_TF_DOCS -->
+# Link Private DNS Zones to Virtual Networks and Deploy Private DNS Zones to an Existing Resource Group
+
+This deploys the module in a more advanced and rarer configuration.
+
+It will deploy custom private DNS zones into an existing Resource Group and will also link each of the Private DNS Zones to the Virtual Networks provided via a Private DNS Zone Virtual Network Link.
+
+Also tags are added to all resources created by the module.
+
+```hcl
+terraform {
+  required_version = "~> 1.5"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.116.0, < 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
+data "azurerm_client_config" "current" {}
+
+module "regions" {
+  source  = "Azure/regions/azurerm"
+  version = "~> 0.3"
+}
+
+resource "random_integer" "region_index" {
+  max = length(module.regions.regions) - 1
+  min = 0
+}
+
+module "naming" {
+  source  = "Azure/naming/azurerm"
+  version = "~> 0.3"
+}
+
+resource "azurerm_resource_group" "this" {
+  location = module.regions.regions[random_integer.region_index.result].name
+  name     = module.naming.resource_group.name_unique
+}
+
+resource "azurerm_virtual_network" "this_1" {
+  address_space       = ["10.0.1.0/24"]
+  location            = azurerm_resource_group.this.location
+  name                = "vnet1"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+resource "azurerm_virtual_network" "this_2" {
+  address_space       = ["10.0.2.0/24"]
+  location            = azurerm_resource_group.this.location
+  name                = "vnet2"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+module "test" {
+  source = "../../"
+  # source             = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
+
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+
+  resource_group_creation_enabled = false
+
+  private_link_private_dns_zones = {
+    "custom_zone_1" = {
+      zone_name = "custom-example-1.int"
+    }
+    "custom_zone_2" = {
+      zone_name = "custom-example-2.local"
+    }
+  }
+
+  virtual_network_resource_ids_to_link_to = {
+    "vnet1" = {
+      vnet_resource_id = azurerm_virtual_network.this_1.id
+    }
+    "vnet2" = {
+      vnet_resource_id = azurerm_virtual_network.this_2.id
+    }
+  }
+
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
+  tags = {
+    "env"             = "example"
+    "example-tag-key" = "example tag value"
+  }
+
+  enable_telemetry = var.enable_telemetry
+}
+```
+
+<!-- markdownlint-disable MD033 -->
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.5)
+
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116.0, < 4.0)
+
+- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
+
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
+- [azurerm_virtual_network.this_1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource)
+- [azurerm_virtual_network.this_2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource)
+- [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
+
+<!-- markdownlint-disable MD013 -->
+## Required Inputs
+
+No required inputs.
+
+## Optional Inputs
+
+The following input variables are optional (have default values):
+
+### <a name="input_enable_telemetry"></a> [enable\_telemetry](#input\_enable\_telemetry)
+
+Description: This variable controls whether or not telemetry is enabled for the module.  
+For more information see <https://aka.ms/avm/telemetryinfo>.  
+If it is set to false, then no telemetry will be collected.
+
+Type: `bool`
+
+Default: `true`
+
+## Outputs
+
+No outputs.
+
+## Modules
+
+The following Modules are called:
+
+### <a name="module_naming"></a> [naming](#module\_naming)
+
+Source: Azure/naming/azurerm
+
+Version: ~> 0.3
+
+### <a name="module_regions"></a> [regions](#module\_regions)
+
+Source: Azure/regions/azurerm
+
+Version: ~> 0.3
+
+### <a name="module_test"></a> [test](#module\_test)
+
+Source: ../../
+
+Version:
+
+<!-- markdownlint-disable-next-line MD041 -->
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/examples/custom-zones-vnet-link-existing-rg/_footer.md b/examples/custom-zones-vnet-link-existing-rg/_footer.md
new file mode 100644
index 0000000..bc56bcb
--- /dev/null
+++ b/examples/custom-zones-vnet-link-existing-rg/_footer.md
@@ -0,0 +1,4 @@
+<!-- markdownlint-disable-next-line MD041 -->
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/examples/custom-zones-vnet-link-existing-rg/_header.md b/examples/custom-zones-vnet-link-existing-rg/_header.md
new file mode 100644
index 0000000..4649aa9
--- /dev/null
+++ b/examples/custom-zones-vnet-link-existing-rg/_header.md
@@ -0,0 +1,7 @@
+# Link Private DNS Zones to Virtual Networks and Deploy Private DNS Zones to an Existing Resource Group
+
+This deploys the module in a more advanced and rarer configuration.
+
+It will deploy custom private DNS zones into an existing Resource Group and will also link each of the Private DNS Zones to the Virtual Networks provided via a Private DNS Zone Virtual Network Link.
+
+Also tags are added to all resources created by the module.
diff --git a/examples/custom-zones-vnet-link-existing-rg/main.tf b/examples/custom-zones-vnet-link-existing-rg/main.tf
new file mode 100644
index 0000000..dcb78ff
--- /dev/null
+++ b/examples/custom-zones-vnet-link-existing-rg/main.tf
@@ -0,0 +1,100 @@
+terraform {
+  required_version = "~> 1.5"
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 3.116.0, < 4.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
+data "azurerm_client_config" "current" {}
+
+module "regions" {
+  source  = "Azure/regions/azurerm"
+  version = "~> 0.3"
+}
+
+resource "random_integer" "region_index" {
+  max = length(module.regions.regions) - 1
+  min = 0
+}
+
+module "naming" {
+  source  = "Azure/naming/azurerm"
+  version = "~> 0.3"
+}
+
+resource "azurerm_resource_group" "this" {
+  location = module.regions.regions[random_integer.region_index.result].name
+  name     = module.naming.resource_group.name_unique
+}
+
+resource "azurerm_virtual_network" "this_1" {
+  address_space       = ["10.0.1.0/24"]
+  location            = azurerm_resource_group.this.location
+  name                = "vnet1"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+resource "azurerm_virtual_network" "this_2" {
+  address_space       = ["10.0.2.0/24"]
+  location            = azurerm_resource_group.this.location
+  name                = "vnet2"
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+module "test" {
+  source = "../../"
+  # source             = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
+
+  location            = azurerm_resource_group.this.location
+  resource_group_name = azurerm_resource_group.this.name
+
+  resource_group_creation_enabled = false
+
+  private_link_private_dns_zones = {
+    "custom_zone_1" = {
+      zone_name = "custom-example-1.int"
+    }
+    "custom_zone_2" = {
+      zone_name = "custom-example-2.local"
+    }
+  }
+
+  virtual_network_resource_ids_to_link_to = {
+    "vnet1" = {
+      vnet_resource_id = azurerm_virtual_network.this_1.id
+    }
+    "vnet2" = {
+      vnet_resource_id = azurerm_virtual_network.this_2.id
+    }
+  }
+
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
+  tags = {
+    "env"             = "example"
+    "example-tag-key" = "example tag value"
+  }
+
+  enable_telemetry = var.enable_telemetry
+}
diff --git a/examples/custom-zones-vnet-link-existing-rg/variables.tf b/examples/custom-zones-vnet-link-existing-rg/variables.tf
new file mode 100644
index 0000000..e52bbd6
--- /dev/null
+++ b/examples/custom-zones-vnet-link-existing-rg/variables.tf
@@ -0,0 +1,9 @@
+variable "enable_telemetry" {
+  type        = bool
+  default     = true
+  description = <<DESCRIPTION
+This variable controls whether or not telemetry is enabled for the module.
+For more information see <https://aka.ms/avm/telemetryinfo>.
+If it is set to false, then no telemetry will be collected.
+DESCRIPTION
+}
diff --git a/examples/default/README.md b/examples/default/README.md
index b64cf54..290c45c 100644
--- a/examples/default/README.md
+++ b/examples/default/README.md
@@ -11,7 +11,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.74"
+      version = ">= 3.116.0, < 4.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -28,6 +28,8 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
+
 module "regions" {
   source  = "Azure/regions/azurerm"
   version = "~> 0.3"
@@ -43,13 +45,20 @@ module "naming" {
   version = "~> 0.3"
 }
 
-
 module "test" {
   source = "../../"
   # source             = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
   location            = module.regions.regions[random_integer.region_index.result].name
   resource_group_name = module.naming.resource_group.name_unique
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 
 }
@@ -62,7 +71,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.5)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.74)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116.0, < 4.0)
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
 
@@ -71,6 +80,7 @@ The following requirements are needed by this module:
 The following resources are used by this module:
 
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs
diff --git a/examples/default/main.tf b/examples/default/main.tf
index 5bd4223..4338b37 100644
--- a/examples/default/main.tf
+++ b/examples/default/main.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.74"
+      version = ">= 3.116.0, < 4.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -20,6 +20,8 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
+
 module "regions" {
   source  = "Azure/regions/azurerm"
   version = "~> 0.3"
@@ -35,13 +37,20 @@ module "naming" {
   version = "~> 0.3"
 }
 
-
 module "test" {
   source = "../../"
   # source             = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
   location            = module.regions.regions[random_integer.region_index.result].name
   resource_group_name = module.naming.resource_group.name_unique
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 
 }
diff --git a/examples/with-vnet-link-existing-rg/README.md b/examples/with-vnet-link-existing-rg/README.md
index 323b065..c4a27a7 100644
--- a/examples/with-vnet-link-existing-rg/README.md
+++ b/examples/with-vnet-link-existing-rg/README.md
@@ -11,7 +11,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.74"
+      version = ">= 3.116.0, < 4.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -28,6 +28,7 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
 
 module "regions" {
   source  = "Azure/regions/azurerm"
@@ -81,6 +82,14 @@ module "test" {
     }
   }
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 }
 ```
@@ -92,7 +101,7 @@ The following requirements are needed by this module:
 
 - <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (~> 1.5)
 
-- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (~> 3.74)
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 3.116.0, < 4.0)
 
 - <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
 
@@ -104,6 +113,7 @@ The following resources are used by this module:
 - [azurerm_virtual_network.this_1](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource)
 - [azurerm_virtual_network.this_2](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
 
 <!-- markdownlint-disable MD013 -->
 ## Required Inputs
diff --git a/examples/with-vnet-link-existing-rg/main.tf b/examples/with-vnet-link-existing-rg/main.tf
index 39d6a84..bad7233 100644
--- a/examples/with-vnet-link-existing-rg/main.tf
+++ b/examples/with-vnet-link-existing-rg/main.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.74"
+      version = ">= 3.116.0, < 4.0"
     }
     random = {
       source  = "hashicorp/random"
@@ -20,6 +20,7 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
 
 module "regions" {
   source  = "Azure/regions/azurerm"
@@ -73,5 +74,13 @@ module "test" {
     }
   }
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 }
diff --git a/locals.tf b/locals.tf
index 4d16454..d8c5178 100644
--- a/locals.tf
+++ b/locals.tf
@@ -154,5 +154,6 @@ locals {
   private_link_private_dns_zones_replaced_regionName_map = { for k, v in var.private_link_private_dns_zones : k => {
     zone_name = replace(v.zone_name, "{regionName}", local.location_short_name)
   } }
+  resource_group_resource_id         = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
   role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions"
 }
diff --git a/main.tf b/main.tf
index b2d3d5c..56a7e47 100644
--- a/main.tf
+++ b/main.tf
@@ -6,17 +6,13 @@ resource "azurerm_resource_group" "this" {
   tags     = var.tags
 }
 
-data "azurerm_resource_group" "this" {
-  count = var.resource_group_creation_enabled ? 0 : 1
-
-  name = var.resource_group_name
-}
+data "azurerm_client_config" "current" {}
 
 module "avm_res_network_privatednszone" {
   for_each = local.combined_private_link_private_dns_zones_replaced_with_vnets_to_link
 
   source  = "Azure/avm-res-network-privatednszone/azurerm"
-  version = "0.1.2"
+  version = "0.2.1"
 
   resource_group_name = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].name : var.resource_group_name
   domain_name         = each.value.zone_value.zone_name
@@ -25,6 +21,7 @@ module "avm_res_network_privatednszone" {
     vnetlinkname     = "vnet_link-${each.value.zone_key}-${vnet.vnet_key}"
     vnetid           = vnet.vnet_value.vnet_resource_id
     autoregistration = false
+    tags             = var.tags
     }
   } : {}
 
@@ -39,7 +36,7 @@ resource "azurerm_management_lock" "this" {
 
   lock_level = var.lock.kind
   name       = coalesce(var.lock.name, "lock-${var.lock.kind}")
-  scope      = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  scope      = local.resource_group_resource_id
   notes      = var.lock.kind == "CanNotDelete" ? "Cannot delete the resource or its child resources." : "Cannot delete or modify the resource or its child resources."
 }
 
@@ -47,7 +44,7 @@ resource "azurerm_role_assignment" "this" {
   for_each = var.resource_group_role_assignments
 
   principal_id                           = each.value.principal_id
-  scope                                  = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  scope                                  = local.resource_group_resource_id
   condition                              = each.value.condition
   condition_version                      = each.value.condition_version
   delegated_managed_identity_resource_id = each.value.delegated_managed_identity_resource_id
diff --git a/outputs.tf b/outputs.tf
index 1348954..9c9c8f6 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -5,5 +5,5 @@ output "combined_private_link_private_dns_zones_replaced_with_vnets_to_link" {
 
 output "resource_group_resource_id" {
   description = "The resource ID of the resource group that the Private DNS Zones are deployed into."
-  value       = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  value       = local.resource_group_resource_id
 }
diff --git a/terraform.tf b/terraform.tf
index ee485e6..e72f9c6 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -3,7 +3,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "~> 3.71"
+      version = ">= 3.116.0, < 4.0"
     }
     modtm = {
       source  = "Azure/modtm"
diff --git a/variables.tf b/variables.tf
index c19d93b..1cf237b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -109,11 +109,8 @@ variable "private_link_private_dns_zones" {
     azure_databricks_ui_api = {
       zone_name = "privatelink.azuredatabricks.net"
     }
-    azure_batch_account = {
-      zone_name = "{regionName}.privatelink.batch.azure.com"
-    }
-    azure_batch_node_mgmt = {
-      zone_name = "{regionName}.service.privatelink.batch.azure.com"
+    azure_batch = {
+      zone_name = "privatelink.batch.azure.com"
     }
     azure_avd_global = {
       zone_name = "privatelink-global.wvd.microsoft.com"