Fix vnet

aamini7 · aamini7 · commit 5e9d1655fdf7 · 2024-11-27T08:50:54.000-05:00
diff --git a/scenarios/AksOpenAiTerraform/terraform/main.tf b/scenarios/AksOpenAiTerraform/terraform/main.tf
@@ -61,35 +61,41 @@ module "virtual_network" {
     {
       name : var.system_node_pool_subnet_name
       address_prefixes : var.system_node_pool_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : var.user_node_pool_subnet_name
       address_prefixes : var.user_node_pool_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : var.pod_subnet_name
       address_prefixes : var.pod_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
-      delegation: "Microsoft.ContainerService/managedClusters"
+      delegation = {
+        name = "delegation"
+        service_delegation = {
+          name    = "Microsoft.ContainerService/managedClusters"
+          actions = ["Microsoft.Network/virtualNetworks/subnets/join/action"]
+        }
+      }
     },
     {
       name : var.vm_subnet_name
       address_prefixes : var.vm_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     },
     {
       name : "AzureBastionSubnet"
       address_prefixes : var.bastion_subnet_address_prefix
-      private_endpoint_network_policies_enabled : true
+      private_endpoint_network_policies : "Enabled"
       private_link_service_network_policies_enabled : false
       delegation: null
     }
@@ -106,6 +112,9 @@ module "nat_gateway" {
   zones                        = var.nat_gateway_zones
   tags                         = var.tags
   subnet_ids                   = module.virtual_network.subnet_ids
+  depends_on = [
+    module.virtual_network
+  ]
 }
 
 module "container_registry" {
diff --git a/scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/main.tf b/scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/main.tf
@@ -19,7 +19,7 @@ resource "azurerm_subnet" "subnet" {
   resource_group_name                            = var.resource_group_name
   virtual_network_name                           = azurerm_virtual_network.vnet.name
   address_prefixes                               = each.value.address_prefixes
-  private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled
+  private_endpoint_network_policies              = each.value.private_endpoint_network_policies
   private_link_service_network_policies_enabled  = each.value.private_link_service_network_policies_enabled
 
   dynamic "delegation" {
@@ -28,7 +28,8 @@ resource "azurerm_subnet" "subnet" {
       name                                       = "delegation"
       
       service_delegation {
-        name                                     = delegation.value
+        name                                     = delegation.value.service_delegation.name
+        actions                                  = delegation.value.service_delegation.actions
       }
     }
   }
diff --git a/scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/variables.tf b/scenarios/AksOpenAiTerraform/terraform/modules/virtual_network/variables.tf
@@ -23,9 +23,12 @@ variable "subnets" {
   type = list(object({
     name                                           = string
     address_prefixes                               = list(string)
-    private_endpoint_network_policies_enabled      = bool
+    private_endpoint_network_policies              = string
     private_link_service_network_policies_enabled  = bool
-    delegation                                     = string
+    delegation                                     = object({name = string, service_delegation = object({
+      name = string
+      actions = list(string) 
+    })})
   }))
 }
 

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ resource "azurerm_subnet" "subnet" {`
`19`	`19`	`resource_group_name = var.resource_group_name`
`20`	`20`	`virtual_network_name = azurerm_virtual_network.vnet.name`
`21`	`21`	`address_prefixes = each.value.address_prefixes`
`22`		`- private_endpoint_network_policies_enabled = each.value.private_endpoint_network_policies_enabled`
	`22`	`+ private_endpoint_network_policies = each.value.private_endpoint_network_policies`
`23`	`23`	`private_link_service_network_policies_enabled = each.value.private_link_service_network_policies_enabled`
`24`	`24`
`25`	`25`	`dynamic "delegation" {`
`@@ -28,7 +28,8 @@ resource "azurerm_subnet" "subnet" {`
`28`	`28`	`name = "delegation"`
`29`	`29`
`30`	`30`	`service_delegation {`
`31`		`- name = delegation.value`
	`31`	`+ name = delegation.value.service_delegation.name`
	`32`	`+ actions = delegation.value.service_delegation.actions`
`32`	`33`	`}`
`33`	`34`	`}`
`34`	`35`	`}`