feat: add param for private key vault

azurerm/modules/azurerm-kv/README.md

@@ -99,6 +99,7 @@ No modules.
 | <a name="input_network_acl_default_action"></a> [network\_acl\_default\_action](#input\_network\_acl\_default\_action) | he Name of the SKU used for this Key Vault. Possible values are standard and premium | `string` | `"Deny"` | no |
 | <a name="input_network_acls_bypass"></a> [network\_acls\_bypass](#input\_network\_acls\_bypass) | Specifies which traffic can bypass the network rules. Possible values are AzureServices and None | `string` | `"AzureServices"` | no |
 | <a name="input_network_acls_ip_rules"></a> [network\_acls\_ip\_rules](#input\_network\_acls\_ip\_rules) | The Default Action to use when no rules match from ip\_rules / virtual\_network\_subnet\_ids. Possible values are Allow and Deny | `list(string)` | `[]` | no |
+| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Allow public network access to Key Vault. Set as true or false. | `bool` | `true` | no |
 | <a name="input_purge_protection_enabled"></a> [purge\_protection\_enabled](#input\_purge\_protection\_enabled) | Is Purge Protection enabled for this Key Vault | `bool` | `false` | no |
 | <a name="input_reader_object_ids"></a> [reader\_object\_ids](#input\_reader\_object\_ids) | A list of Azure active directory user,group or application object ID's that will have reader role to the key vault | `list(string)` | `[]` | no |
 | <a name="input_resource_group_location"></a> [resource\_group\_location](#input\_resource\_group\_location) | Location of Resource group | `string` | `"uksouth"` | no |

azurerm/modules/azurerm-kv/main.tf

@@ -16,7 +16,7 @@ resource "azurerm_key_vault" "example" {
   enabled_for_template_deployment = var.enabled_for_template_deployment
   enable_rbac_authorization       = var.enable_rbac_authorization
   sku_name                        = var.sku_name
-
+  public_network_access_enabled   = var.public_network_access_enabled
 
   dynamic "network_acls" {
     for_each = var.create_kv_networkacl == false ? toset([]) : toset([1])

azurerm/modules/azurerm-kv/vars.tf

@@ -147,3 +147,9 @@ variable "reader_object_ids" {
   type        = list(string)
   default     = []
 }
+
+variable "public_network_access_enabled" {
+  type        = bool
+  default     = true
+  description = "Allow public network access to Key Vault. Set as true or false."
+}

azurerm/modules/azurerm-sql/main.tf

@@ -37,16 +37,16 @@ resource "azurerm_mssql_firewall_rule" "example_fw_rule" {
 }
 
 resource "azurerm_mssql_database" "example-db" {
-  for_each       = toset(var.sql_db_names)
-  name           = each.key
-  server_id      = azurerm_mssql_server.example.id
-  create_mode    = var.create_mode
-  sample_name    = var.sample_name
-  collation      = var.collation
-  license_type   = var.license_type
-  sku_name       = var.sku_name
-  zone_redundant = var.zone_redundant
+  for_each                    = toset(var.sql_db_names)
+  name                        = each.key
+  server_id                   = azurerm_mssql_server.example.id
+  create_mode                 = var.create_mode
+  sample_name                 = var.sample_name
+  collation                   = var.collation
+  license_type                = var.license_type
+  sku_name                    = var.sku_name
+  zone_redundant              = var.zone_redundant
   auto_pause_delay_in_minutes = var.auto_pause_delay_in_minutes
-  tags           = var.resource_tags
+  tags                        = var.resource_tags
 
 }

azurerm/modules/azurerm-sql/vars.tf

@@ -85,7 +85,7 @@ variable "azuread_administrator" {
     object_id      = string
   }))
   description = "Specifies whether only AD Users and administrators (like azuread_administrator.0.login_username) can be used to login, or also local database users (like administrator_login). When true, the administrator_login and administrator_login_password properties can be omitted."
-  default = []
+  default     = []
 
 
 }