add basic support for delegation

Azure · Jan 27, 2022 · f987451 · f987451
1 parent e3d043c
commit f987451
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/main.tf b/main.tf
@@ -1,9 +1,9 @@
 #Azure Generic vNet Module
-data azurerm_resource_group "vnet" {
+data "azurerm_resource_group" "vnet" {
   name = var.resource_group_name
 }
 
-resource azurerm_virtual_network "vnet" {
+resource "azurerm_virtual_network" "vnet" {
   name                = var.vnet_name
   resource_group_name = data.azurerm_resource_group.vnet.name
   location            = var.vnet_location != null ? var.vnet_location : data.azurerm_resource_group.vnet.location
@@ -21,6 +21,15 @@ resource "azurerm_subnet" "subnet" {
   service_endpoints                              = lookup(var.subnet_service_endpoints, var.subnet_names[count.index], null)
   enforce_private_link_endpoint_network_policies = lookup(var.subnet_enforce_private_link_endpoint_network_policies, var.subnet_names[count.index], false)
   enforce_private_link_service_network_policies  = lookup(var.subnet_enforce_private_link_service_network_policies, var.subnet_names[count.index], false)
+
+  dynamic "delegation" {
+    for_each = lookup(var.subnet_delegation, var_subnet_names[count.index], {})
+    name     = lookup(delegation.value, "name")
+    service_delegation {
+      name    = lookup(delegation.value, "service_name")
+      actions = lookup(delegation.value, "service_actions", [])
+    }
+  }
 }
 
 locals {
@@ -40,4 +49,4 @@ resource "azurerm_subnet_route_table_association" "vnet" {
   for_each       = var.route_tables_ids
   route_table_id = each.value
   subnet_id      = local.azurerm_subnets[each.key]
-}
+}