From 71363fdf53bbd421fccb3db49a9900389d728e4a Mon Sep 17 00:00:00 2001
From: Matthias Ritter <matthias.ritter@dm.de>
Date: Thu, 27 Jun 2024 09:37:22 +0200
Subject: [PATCH] feat(private_endpoint.tf) allow custom location on
 private-endpoint

---
 .devcontainer/devcontainer.json | 5 ++++-
 README.md                       | 2 +-
 private_endpoint.tf             | 4 ++--
 variables.tf                    | 1 +
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index dcd525c..f2d688a 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -9,7 +9,10 @@
 		"--network=host"
 	],
 
-	"mounts": [ "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind" ],
+	"mounts": [ 
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind",
+    "source=${localEnv:HOME}${localEnv:USERPROFILE},target=/host-home-folder,type=bind,consistency=cached"
+   ],
   "customizations": {
     "vscode": {
       "settings": {
diff --git a/README.md b/README.md
index b2172bd..6f859f0 100644
--- a/README.md
+++ b/README.md
@@ -63,7 +63,7 @@ No modules.
 | <a name="input_outbound_network_access_restricted"></a> [outbound\_network\_access\_restricted](#input\_outbound\_network\_access\_restricted) | Whether outbound network access is restricted for the Cognitive Account. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_pe_subresource"></a> [pe\_subresource](#input\_pe\_subresource) | A list of subresource names which the Private Endpoint is able to connect to. `subresource_names` corresponds to `group_id`. Possible values are detailed in the product [documentation](https://docs.microsoft.com/azure/private-link/private-endpoint-overview#private-link-resource) in the `Subresources` column. Changing this forces a new resource to be created. | `list(string)` | <pre>[<br>  "account"<br>]</pre> | no |
 | <a name="input_private_dns_zone"></a> [private\_dns\_zone](#input\_private\_dns\_zone) | A map of object that represents the existing Private DNS Zone you'd like to use. Leave this variable as default would create a new Private DNS Zone.<br>type = object({<br>  name                = "(Required) The name of the Private DNS Zone."<br>  resource\_group\_name = "(Optional) The Name of the Resource Group where the Private DNS Zone exists. If the Name of the Resource Group is not provided, the first Private DNS Zone from the list of Private DNS Zones in your subscription that matches `name` will be returned."<br>} | <pre>object({<br>    name                = string<br>    resource_group_name = optional(string)<br>  })</pre> | `null` | no |
-| <a name="input_private_endpoint"></a> [private\_endpoint](#input\_private\_endpoint) | A map of objects that represent the configuration for a private endpoint."<br>type = map(object({<br>  name                               = (Required) Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.<br>  vnet\_rg\_name                       = (Required) Specifies the name of the Resource Group where the Private Endpoint's Virtual Network Subnet exists. Changing this forces a new resource to be created.<br>  vnet\_name                          = (Required) Specifies the name of the Virtual Network where the Private Endpoint's Subnet exists. Changing this forces a new resource to be created.<br>  subnet\_name                        = (Required) Specifies the name of the Subnet which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.<br>  dns\_zone\_virtual\_network\_link\_name = (Optional) The name of the Private DNS Zone Virtual Network Link. Changing this forces a new resource to be created. Default to `dns_zone_link`.<br>  private\_dns\_entry\_enabled          = (Optional) Whether or not to create a `private_dns_zone_group` block for the Private Endpoint. Default to `false`.<br>  private\_service\_connection\_name    = (Optional) Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created. Default to `privateserviceconnection`.<br>  is\_manual\_connection               = (Optional) Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created. Default to `false`.<br>})) | <pre>map(object({<br>    name                               = string<br>    vnet_rg_name                       = string<br>    vnet_name                          = string<br>    subnet_name                        = string<br>    dns_zone_virtual_network_link_name = optional(string, "dns_zone_link")<br>    private_dns_entry_enabled          = optional(bool, false)<br>    private_service_connection_name    = optional(string, "privateserviceconnection")<br>    is_manual_connection               = optional(bool, false)<br>  }))</pre> | `{}` | no |
+| <a name="input_private_endpoint"></a> [private\_endpoint](#input\_private\_endpoint) | A map of objects that represent the configuration for a private endpoint."<br>type = map(object({<br>  name                               = (Required) Specifies the Name of the Private Endpoint. Changing this forces a new resource to be created.<br>  vnet\_rg\_name                       = (Required) Specifies the name of the Resource Group where the Private Endpoint's Virtual Network Subnet exists. Changing this forces a new resource to be created.<br>  vnet\_name                          = (Required) Specifies the name of the Virtual Network where the Private Endpoint's Subnet exists. Changing this forces a new resource to be created.<br>  subnet\_name                        = (Required) Specifies the name of the Subnet which Private IP Addresses will be allocated for this Private Endpoint. Changing this forces a new resource to be created.<br>  dns\_zone\_virtual\_network\_link\_name = (Optional) The name of the Private DNS Zone Virtual Network Link. Changing this forces a new resource to be created. Default to `dns_zone_link`.<br>  private\_dns\_entry\_enabled          = (Optional) Whether or not to create a `private_dns_zone_group` block for the Private Endpoint. Default to `false`.<br>  private\_service\_connection\_name    = (Optional) Specifies the Name of the Private Service Connection. Changing this forces a new resource to be created. Default to `privateserviceconnection`.<br>  is\_manual\_connection               = (Optional) Does the Private Endpoint require Manual Approval from the remote resource owner? Changing this forces a new resource to be created. Default to `false`.<br>})) | <pre>map(object({<br>    name                               = string<br>    vnet_rg_name                       = string<br>    vnet_name                          = string<br>    subnet_name                        = string<br>    location                           = optional(string, null)<br>    dns_zone_virtual_network_link_name = optional(string, "dns_zone_link")<br>    private_dns_entry_enabled          = optional(bool, false)<br>    private_service_connection_name    = optional(string, "privateserviceconnection")<br>    is_manual_connection               = optional(bool, false)<br>  }))</pre> | `{}` | no |
 | <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | Whether public network access is allowed for the Cognitive Account. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | Name of the azure resource group to use. The resource group must exist. | `string` | n/a | yes |
 | <a name="input_sku_name"></a> [sku\_name](#input\_sku\_name) | Specifies the SKU Name for this Cognitive Service Account. Possible values are `F0`, `F1`, `S0`, `S`, `S1`, `S2`, `S3`, `S4`, `S5`, `S6`, `P0`, `P1`, `P2`, `E0` and `DC0`. Default to `S0`. | `string` | `"S0"` | no |
diff --git a/private_endpoint.tf b/private_endpoint.tf
index 4b5fba4..d63d2bd 100644
--- a/private_endpoint.tf
+++ b/private_endpoint.tf
@@ -6,7 +6,7 @@ locals {
 resource "azurerm_private_endpoint" "this" {
   for_each = var.private_endpoint
 
-  location            = data.azurerm_resource_group.pe_vnet_rg[each.key].location
+  location            = each.value.location != null ? each.value.location : data.azurerm_resource_group.pe_vnet_rg[each.key].location
   name                = each.value.name
   resource_group_name = data.azurerm_resource_group.pe_vnet_rg[each.key].name
   subnet_id           = data.azurerm_subnet.pe_subnet[each.key].id
@@ -79,4 +79,4 @@ resource "azurerm_private_dns_zone_virtual_network_link" "dns_zone_link" {
     } /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/), (/*<box>*/ (var.tracing_tags_enabled ? { for k, v in /*</box>*/ {
     avm_yor_name = "dns_zone_link"
   } /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
-}
\ No newline at end of file
+}
diff --git a/variables.tf b/variables.tf
index a97352e..09f93f2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -226,6 +226,7 @@ variable "private_endpoint" {
     vnet_rg_name                       = string
     vnet_name                          = string
     subnet_name                        = string
+    location                           = optional(string, null)
     dns_zone_virtual_network_link_name = optional(string, "dns_zone_link")
     private_dns_entry_enabled          = optional(bool, false)
     private_service_connection_name    = optional(string, "privateserviceconnection")