Merge pull request #7 from data-platform-hq/fix_nsg_count

fix: nsg count

Author: owlleg6

README.md

@@ -36,7 +36,7 @@ No modules.
 | <a name="input_delegations"></a> [delegations](#input\_delegations) | (optional) subnet delegation | <pre>list(object({<br>    name    = string<br>    actions = list(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_name"></a> [name](#input\_name) | The name of the subnet | `string` | n/a | yes |
 | <a name="input_network"></a> [network](#input\_network) | The name of the virtual network in which the subnet is created in | `string` | n/a | yes |
-| <a name="input_nsg_id"></a> [nsg\_id](#input\_nsg\_id) | The ID of the Network Security Group which should be associated with the Subnet | `string` | null | no |
+| <a name="input_nsg_id"></a> [nsg\_id](#input\_nsg\_id) | The ID of the Network Security Group which should be associated with the Subnet | `map(string)` | {} | no |
 | <a name="input_private_endpoint_network_policies_enabled"></a> [private\_endpoint\_network\_policies\_enabled](#input\_private\_endpoint\_network\_policies\_enabled) | Enable or Disable network policies for the private link endpoint on the subnet. Setting this to true will Disable the policy and setting this to false will Enable the policy: [true\|false] | `bool` | `true` | no |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the storage account | `string` | n/a | yes |
 | <a name="input_service_endpoints"></a> [service\_endpoints](#input\_service\_endpoints) | The list of Service endpoints to associate with the subnet: Microsoft.AzureActiveDirectory, Microsoft.AzureCosmosDB, Microsoft.ContainerRegistry, Microsoft.EventHub, Microsoft.KeyVault, Microsoft.ServiceBus, Microsoft.Sql, Microsoft.Storage, Microsoft.Web | `list(string)` | <pre>[<br>  "Microsoft.Storage",<br>  "Microsoft.KeyVault",<br>  "Microsoft.Sql"<br>]</pre> | no |

main.tf

@@ -21,8 +21,8 @@ resource "azurerm_subnet" "this" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "this" {
-  count = var.nsg_id == null ? 0 : 1
+  for_each = var.nsg_id
 
   subnet_id                 = var.export_subnet_id == null ? azurerm_subnet.this[0].id : var.export_subnet_id
-  network_security_group_id = var.nsg_id
+  network_security_group_id = each.value
 }

outputs.tf

@@ -14,7 +14,7 @@ output "address_prefixes" {
 }
 
 output "nsg_association_id" {
-  value       = var.nsg_id == null ? null : azurerm_subnet_network_security_group_association.this[0].id
+  value       = try(azurerm_subnet_network_security_group_association.this[keys(var.nsg_id)[0]].id, null)
   description = "The ID of the Network Security Group Association"
 }
 

variables.tf

@@ -45,9 +45,9 @@ variable "delegations" {
 }
 
 variable "nsg_id" {
-  type        = string
+  type        = map(string)
   description = "The ID of the Network Security Group which should be associated with the Subnet"
-  default     = null
+  default     = {}
 }
 
 variable "export_subnet_id" {