updates for RSG and Zones

Azure · Nov 1, 2024 · fb526dc · fb526dc
1 parent 19ae6be
commit fb526dc
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 14 deletions.
diff --git a/examples/default/main.tf b/examples/default/main.tf
@@ -20,6 +20,8 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
+
 module "regions" {
   source  = "Azure/regions/azurerm"
   version = "~> 0.3"
@@ -35,13 +37,20 @@ module "naming" {
   version = "~> 0.3"
 }
 
-
 module "test" {
   source = "../../"
   # source             = "Azure/avm-ptn-network-private-link-private-dns-zones/azurerm"
   location            = module.regions.regions[random_integer.region_index.result].name
   resource_group_name = module.naming.resource_group.name_unique
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 
 }
diff --git a/examples/with-vnet-link-existing-rg/main.tf b/examples/with-vnet-link-existing-rg/main.tf
@@ -20,6 +20,7 @@ provider "azurerm" {
   }
 }
 
+data "azurerm_client_config" "current" {}
 
 module "regions" {
   source  = "Azure/regions/azurerm"
@@ -73,5 +74,13 @@ module "test" {
     }
   }
 
+  resource_group_role_assignments = {
+    "rbac-asi-1" = {
+      role_definition_id_or_name       = "Reader"
+      principal_id                     = data.azurerm_client_config.current.object_id
+      skip_service_principal_aad_check = true
+    }
+  }
+
   enable_telemetry = var.enable_telemetry
 }
diff --git a/locals.tf b/locals.tf
@@ -155,4 +155,5 @@ locals {
     zone_name = replace(v.zone_name, "{regionName}", local.location_short_name)
   } }
   role_definition_resource_substring = "/providers/Microsoft.Authorization/roleDefinitions"
+  resource_group_resource_id = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.resource_group_name}"
 }
diff --git a/main.tf b/main.tf
@@ -6,11 +6,7 @@ resource "azurerm_resource_group" "this" {
   tags     = var.tags
 }
 
-data "azurerm_resource_group" "this" {
-  count = var.resource_group_creation_enabled ? 0 : 1
-
-  name = var.resource_group_name
-}
+data "azurerm_client_config" "current" {}
 
 module "avm_res_network_privatednszone" {
   for_each = local.combined_private_link_private_dns_zones_replaced_with_vnets_to_link
@@ -39,15 +35,15 @@ resource "azurerm_management_lock" "this" {
 
   lock_level = var.lock.kind
   name       = coalesce(var.lock.name, "lock-${var.lock.kind}")
-  scope      = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  scope      = local.resource_group_resource_id
   notes      = var.lock.kind == "CanNotDelete" ? "Cannot delete the resource or its child resources." : "Cannot delete or modify the resource or its child resources."
 }
 
 resource "azurerm_role_assignment" "this" {
   for_each = var.resource_group_role_assignments
 
   principal_id                           = each.value.principal_id
-  scope                                  = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  scope                                  = local.resource_group_resource_id
   condition                              = each.value.condition
   condition_version                      = each.value.condition_version
   delegated_managed_identity_resource_id = each.value.delegated_managed_identity_resource_id

diff --git a/outputs.tf b/outputs.tf
@@ -5,5 +5,5 @@ output "combined_private_link_private_dns_zones_replaced_with_vnets_to_link" {
 
 output "resource_group_resource_id" {
   description = "The resource ID of the resource group that the Private DNS Zones are deployed into."
-  value       = var.resource_group_creation_enabled ? azurerm_resource_group.this[0].id : data.azurerm_resource_group.this[0].id
+  value       = local.resource_group_resource_id
 }
diff --git a/variables.tf b/variables.tf
@@ -109,11 +109,8 @@ variable "private_link_private_dns_zones" {
     azure_databricks_ui_api = {
       zone_name = "privatelink.azuredatabricks.net"
     }
-    azure_batch_account = {
-      zone_name = "{regionName}.privatelink.batch.azure.com"
-    }
-    azure_batch_node_mgmt = {
-      zone_name = "{regionName}.service.privatelink.batch.azure.com"
+    azure_batch = {
+      zone_name = "'privatelink.batch.azure.com'"
     }
     azure_avd_global = {
       zone_name = "privatelink-global.wvd.microsoft.com"