Merge pull request #114 from VimukthiPerera/main

Add network_acl_bypass
wso2 · Nov 18, 2024 · cc8336b · cc8336b
2 parents a8357de + 4010b26
commit cc8336b
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 13 deletions.
diff --git a/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf b/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
@@ -10,19 +10,21 @@
 # --------------------------------------------------------------------------------------
 
 resource "azurerm_cosmosdb_account" "cosmos_db_account" {
-  name                              = join("-", ["cosmos", var.cosmosdb_account_name])
-  location                          = var.location
-  resource_group_name               = var.resource_group_name
-  offer_type                        = var.offer_type
-  kind                              = var.kind
-  tags                              = var.tags
-  enable_free_tier                  = var.enable_free_tier
-  public_network_access_enabled     = var.public_network_access_enabled
-  ip_range_filter                   = var.ip_range_filter
-  enable_multiple_write_locations   = var.enable_multiple_write_locations
-  enable_automatic_failover         = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
-  is_virtual_network_filter_enabled = var.is_virtual_network_filter_enabled
-  analytical_storage_enabled        = var.analytical_storage_enabled
+  name                                  = join("-", ["cosmos", var.cosmosdb_account_name])
+  location                              = var.location
+  resource_group_name                   = var.resource_group_name
+  offer_type                            = var.offer_type
+  kind                                  = var.kind
+  tags                                  = var.tags
+  enable_free_tier                      = var.enable_free_tier
+  public_network_access_enabled         = var.public_network_access_enabled
+  ip_range_filter                       = var.ip_range_filter
+  network_acl_bypass_for_azure_services = var.network_acl_bypass_for_azure_services
+  network_acl_bypass_ids                = var.network_acl_bypass_ids
+  enable_multiple_write_locations       = var.enable_multiple_write_locations
+  enable_automatic_failover             = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
+  is_virtual_network_filter_enabled     = var.is_virtual_network_filter_enabled
+  analytical_storage_enabled            = var.analytical_storage_enabled
 
   dynamic "geo_location" {
     for_each = local.geo_locations

diff --git a/modules/azurerm/Cosmos-Database-Account/variables.tf b/modules/azurerm/Cosmos-Database-Account/variables.tf
@@ -148,3 +148,15 @@ variable "ip_range_filter" {
   description = "A set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs"
   type        = string
 }
+
+variable "network_acl_bypass_for_azure_services" {
+  default     = false
+  description = "If Azure services can bypass ACLs"
+  type        = bool
+}
+
+variable "network_acl_bypass_ids" {
+  default     = []
+  description = "The list of resource Ids for Network ACL Bypass for this Cosmos DB account"
+  type        = list(string)
+}