Changes to comply with WAF Aligned specs (#68)

README.md

@@ -479,11 +479,11 @@ Default: `[]`
 
 ### <a name="input_local_authentication_disabled"></a> [local\_authentication\_disabled](#input\_local\_authentication\_disabled)
 
-Description: Defaults to `false`. Ignored for non SQL APIs accounts. Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Can be set only when using the SQL API.
+Description: Defaults to `true`. Ignored for non SQL APIs accounts. Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Can be set only when using the SQL API.
 
 Type: `bool`
 
-Default: `false`
+Default: `true`
 
 ### <a name="input_lock"></a> [lock](#input\_lock)
 
@@ -655,7 +655,7 @@ Type: `bool`
 
 Default: `false`
 
-### <a name="input_network_acl_bypass_ids"></a> [network\_acl\_bypass\_ids](#input\_network\_acl\_bypass\_ids)
+### <a name="input_network_acl_bypass_resource_ids"></a> [network\_acl\_bypass\_resource\_ids](#input\_network\_acl\_bypass\_resource\_ids)
 
 Description: Defaults to `[]`. The list of resource Ids for Network Acl Bypass for this Cosmos DB account.
 
@@ -751,11 +751,11 @@ Default: `true`
 
 ### <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled)
 
-Description: Defaults to `true`. Whether or not public network access is allowed for this CosmosDB account.
+Description: Defaults to `false`. Whether or not public network access is allowed for this CosmosDB account.
 
 Type: `bool`
 
-Default: `true`
+Default: `false`
 
 ### <a name="input_role_assignments"></a> [role\_assignments](#input\_role\_assignments)
 

examples/max-account/README.md

@@ -61,12 +61,12 @@ module "cosmos" {
   resource_group_name                = azurerm_resource_group.example.name
   location                           = azurerm_resource_group.example.location
   name                               = "${module.naming.cosmosdb_account.name_unique}-${local.prefix}"
-  public_network_access_enabled      = true
-  enable_telemetry                   = true
+  public_network_access_enabled      = false
+  enable_telemetry                   = false
   access_key_metadata_writes_enabled = true
   analytical_storage_enabled         = true
-  automatic_failover_enabled         = true
-  local_authentication_disabled      = true
+  automatic_failover_enabled         = false
+  local_authentication_disabled      = false
   partition_merge_enabled            = false
   multiple_write_locations_enabled   = true
 

examples/max-account/main.tf

@@ -55,12 +55,12 @@ module "cosmos" {
   resource_group_name                = azurerm_resource_group.example.name
   location                           = azurerm_resource_group.example.location
   name                               = "${module.naming.cosmosdb_account.name_unique}-${local.prefix}"
-  public_network_access_enabled      = true
-  enable_telemetry                   = true
+  public_network_access_enabled      = false
+  enable_telemetry                   = false
   access_key_metadata_writes_enabled = true
   analytical_storage_enabled         = true
-  automatic_failover_enabled         = true
-  local_authentication_disabled      = true
+  automatic_failover_enabled         = false
+  local_authentication_disabled      = false
   partition_merge_enabled            = false
   multiple_write_locations_enabled   = true
 

main.tf

@@ -12,12 +12,12 @@ resource "azurerm_cosmosdb_account" "this" {
   is_virtual_network_filter_enabled     = length(var.virtual_network_rules) > 0 ? true : false
   key_vault_key_id                      = local.normalized_cmk_key_url
   kind                                  = length(var.mongo_databases) > 0 ? "MongoDB" : "GlobalDocumentDB"
-  local_authentication_disabled         = var.local_authentication_disabled
+  local_authentication_disabled         = length(var.sql_databases) > 0 ? var.local_authentication_disabled : false
   minimal_tls_version                   = var.minimal_tls_version
   mongo_server_version                  = length(var.mongo_databases) > 0 ? var.mongo_server_version : null
   multiple_write_locations_enabled      = var.backup.type == local.periodic_backup_policy ? var.multiple_write_locations_enabled : false
   network_acl_bypass_for_azure_services = var.network_acl_bypass_for_azure_services
-  network_acl_bypass_ids                = var.network_acl_bypass_ids
+  network_acl_bypass_ids                = var.network_acl_bypass_resource_ids
   partition_merge_enabled               = var.partition_merge_enabled
   public_network_access_enabled         = var.public_network_access_enabled
   tags                                  = var.tags

variables.account.network.tf

@@ -13,8 +13,8 @@ variable "minimal_tls_version" {
 variable "public_network_access_enabled" {
   type        = bool
   nullable    = false
-  default     = true
-  description = "Defaults to `true`. Whether or not public network access is allowed for this CosmosDB account."
+  default     = false
+  description = "Defaults to `false`. Whether or not public network access is allowed for this CosmosDB account."
 }
 
 variable "network_acl_bypass_for_azure_services" {
@@ -24,7 +24,7 @@ variable "network_acl_bypass_for_azure_services" {
   description = "Defaults to `false`. If Azure services can bypass ACLs."
 }
 
-variable "network_acl_bypass_ids" {
+variable "network_acl_bypass_resource_ids" {
   type        = set(string)
   nullable    = false
   default     = []

variables.account.optionals.tf

@@ -33,8 +33,8 @@ variable "geo_locations" {
 variable "local_authentication_disabled" {
   type        = bool
   nullable    = false
-  default     = false
-  description = "Defaults to `false`. Ignored for non SQL APIs accounts. Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Can be set only when using the SQL API."
+  default     = true
+  description = "Defaults to `true`. Ignored for non SQL APIs accounts. Disable local authentication and ensure only MSI and AAD can be used exclusively for authentication. Can be set only when using the SQL API."
 }
 
 variable "analytical_storage_enabled" {