From 7ffd141c891ff18b14164aa7eb49296444f1d44d Mon Sep 17 00:00:00 2001
From: Vimukthi Perera <vimmperera@gmail.com>
Date: Mon, 18 Nov 2024 14:42:09 +0530
Subject: [PATCH 1/3] Add network_acl_bypass

---
 .../cosmos_database_account.tf                | 28 ++++++++++---------
 .../Cosmos-Database-Account/variables.tf      | 12 ++++++++
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf b/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
index c45fb2a6..012ff98f 100644
--- a/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
+++ b/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
@@ -10,19 +10,21 @@
 # --------------------------------------------------------------------------------------
 
 resource "azurerm_cosmosdb_account" "cosmos_db_account" {
-  name                              = join("-", ["cosmos", var.cosmosdb_account_name])
-  location                          = var.location
-  resource_group_name               = var.resource_group_name
-  offer_type                        = var.offer_type
-  kind                              = var.kind
-  tags                              = var.tags
-  enable_free_tier                  = var.enable_free_tier
-  public_network_access_enabled     = var.public_network_access_enabled
-  ip_range_filter                   = var.ip_range_filter
-  enable_multiple_write_locations   = var.enable_multiple_write_locations
-  enable_automatic_failover         = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
-  is_virtual_network_filter_enabled = var.is_virtual_network_filter_enabled
-  analytical_storage_enabled        = var.analytical_storage_enabled
+  name                                   = join("-", ["cosmos", var.cosmosdb_account_name])
+  location                               = var.location
+  resource_group_name                    = var.resource_group_name
+  offer_type                             = var.offer_type
+  kind                                   = var.kind
+  tags                                   = var.tags
+  enable_free_tier                       = var.enable_free_tier
+  public_network_access_enabled          = var.public_network_access_enabled
+  ip_range_filter                        = var.ip_range_filter
+  network_acl_bypass_for_azure_services  = var.network_acl_bypass_for_azure_services
+  network_acl_bypass_ids                 = var.network_acl_bypass_ids
+  enable_multiple_write_locations        = var.enable_multiple_write_locations
+  enable_automatic_failover              = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
+  is_virtual_network_filter_enabled      = var.is_virtual_network_filter_enabled
+  analytical_storage_enabled             = var.analytical_storage_enabled
 
   dynamic "geo_location" {
     for_each = local.geo_locations
diff --git a/modules/azurerm/Cosmos-Database-Account/variables.tf b/modules/azurerm/Cosmos-Database-Account/variables.tf
index 5329725a..57e0d4a5 100644
--- a/modules/azurerm/Cosmos-Database-Account/variables.tf
+++ b/modules/azurerm/Cosmos-Database-Account/variables.tf
@@ -148,3 +148,15 @@ variable "ip_range_filter" {
   description = "A set of IP addresses or IP address ranges in CIDR form to be included as the allowed list of client IPs"
   type        = string
 }
+
+variable "network_acl_bypass_for_azure_services" {
+  default     = true
+  description = "If Azure services can bypass ACLs."
+  type        = bool
+}
+
+variable "network_acl_bypass_ids" {
+  default     = []
+  description = "The list of resource Ids for Network Acl Bypass for this Cosmos DB account."
+  type        = list(string)
+}

From b1f1c4175b7dc4ec69c59885742ae58189549a1f Mon Sep 17 00:00:00 2001
From: Vimukthi Perera <vimmperera@gmail.com>
Date: Mon, 18 Nov 2024 15:16:14 +0530
Subject: [PATCH 2/3] Address review comments

---
 .../cosmos_database_account.tf                | 30 +++++++++----------
 .../Cosmos-Database-Account/variables.tf      |  4 +--
 2 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf b/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
index 012ff98f..22b36c6e 100644
--- a/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
+++ b/modules/azurerm/Cosmos-Database-Account/cosmos_database_account.tf
@@ -10,21 +10,21 @@
 # --------------------------------------------------------------------------------------
 
 resource "azurerm_cosmosdb_account" "cosmos_db_account" {
-  name                                   = join("-", ["cosmos", var.cosmosdb_account_name])
-  location                               = var.location
-  resource_group_name                    = var.resource_group_name
-  offer_type                             = var.offer_type
-  kind                                   = var.kind
-  tags                                   = var.tags
-  enable_free_tier                       = var.enable_free_tier
-  public_network_access_enabled          = var.public_network_access_enabled
-  ip_range_filter                        = var.ip_range_filter
-  network_acl_bypass_for_azure_services  = var.network_acl_bypass_for_azure_services
-  network_acl_bypass_ids                 = var.network_acl_bypass_ids
-  enable_multiple_write_locations        = var.enable_multiple_write_locations
-  enable_automatic_failover              = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
-  is_virtual_network_filter_enabled      = var.is_virtual_network_filter_enabled
-  analytical_storage_enabled             = var.analytical_storage_enabled
+  name                                  = join("-", ["cosmos", var.cosmosdb_account_name])
+  location                              = var.location
+  resource_group_name                   = var.resource_group_name
+  offer_type                            = var.offer_type
+  kind                                  = var.kind
+  tags                                  = var.tags
+  enable_free_tier                      = var.enable_free_tier
+  public_network_access_enabled         = var.public_network_access_enabled
+  ip_range_filter                       = var.ip_range_filter
+  network_acl_bypass_for_azure_services = var.network_acl_bypass_for_azure_services
+  network_acl_bypass_ids                = var.network_acl_bypass_ids
+  enable_multiple_write_locations       = var.enable_multiple_write_locations
+  enable_automatic_failover             = length(local.geo_locations) == 1 ? false : var.enable_automatic_failover
+  is_virtual_network_filter_enabled     = var.is_virtual_network_filter_enabled
+  analytical_storage_enabled            = var.analytical_storage_enabled
 
   dynamic "geo_location" {
     for_each = local.geo_locations
diff --git a/modules/azurerm/Cosmos-Database-Account/variables.tf b/modules/azurerm/Cosmos-Database-Account/variables.tf
index 57e0d4a5..c7b2c21f 100644
--- a/modules/azurerm/Cosmos-Database-Account/variables.tf
+++ b/modules/azurerm/Cosmos-Database-Account/variables.tf
@@ -150,13 +150,13 @@ variable "ip_range_filter" {
 }
 
 variable "network_acl_bypass_for_azure_services" {
-  default     = true
+  default     = false
   description = "If Azure services can bypass ACLs."
   type        = bool
 }
 
 variable "network_acl_bypass_ids" {
   default     = []
-  description = "The list of resource Ids for Network Acl Bypass for this Cosmos DB account."
+  description = "The list of resource Ids for Network ACL Bypass for this Cosmos DB account."
   type        = list(string)
 }

From 4010b26ba63df36ef1e881d312e460eb08f98d83 Mon Sep 17 00:00:00 2001
From: Vimukthi Perera <vimmperera@gmail.com>
Date: Mon, 18 Nov 2024 15:40:13 +0530
Subject: [PATCH 3/3] Follow formatting

---
 modules/azurerm/Cosmos-Database-Account/variables.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/azurerm/Cosmos-Database-Account/variables.tf b/modules/azurerm/Cosmos-Database-Account/variables.tf
index c7b2c21f..7da7b1e0 100644
--- a/modules/azurerm/Cosmos-Database-Account/variables.tf
+++ b/modules/azurerm/Cosmos-Database-Account/variables.tf
@@ -151,12 +151,12 @@ variable "ip_range_filter" {
 
 variable "network_acl_bypass_for_azure_services" {
   default     = false
-  description = "If Azure services can bypass ACLs."
+  description = "If Azure services can bypass ACLs"
   type        = bool
 }
 
 variable "network_acl_bypass_ids" {
   default     = []
-  description = "The list of resource Ids for Network ACL Bypass for this Cosmos DB account."
+  description = "The list of resource Ids for Network ACL Bypass for this Cosmos DB account"
   type        = list(string)
 }