feat: set network ACLs default actions (#68)

main.tf

@@ -34,7 +34,7 @@ resource "azurerm_key_vault" "this" {
   public_network_access_enabled = var.public_network_access_enabled
 
   network_acls {
-    default_action             = "Deny"
+    default_action             = var.network_acls_default_action
     bypass                     = var.network_acls_bypass_azure_services ? "AzureServices" : "None"
     ip_rules                   = var.network_acls_ip_rules
     virtual_network_subnet_ids = var.network_acls_virtual_network_subnet_ids

variables.tf

@@ -48,6 +48,17 @@ variable "public_network_access_enabled" {
   default     = true
 }
 
+variable "network_acls_default_action" {
+  description = "The default action of the network ACLs of this Key Vault."
+  type        = string
+  default     = "Deny"
+
+  validation {
+    condition     = contains(["Allow", "Deny"], var.network_acls_default_action)
+    error_message = "Default action must be \"Allow\" or \"Deny\"."
+  }
+}
+
 variable "network_acls_bypass_azure_services" {
   description = "Should Azure services be allowed to bypass the network ACLs of this Key Vault?."
   type        = bool