Update 101-virtual-network-manager-create-mesh

quickstart/101-virtual-network-manager-create-mesh/main.tf

@@ -58,14 +58,56 @@ resource "azurerm_network_manager_network_group" "network_group" {
   network_manager_id = azurerm_network_manager.network_manager_instance.id
 }
 
-# Add the three virtual networks to the network group as static members
+# Add three virtual networks to a network group as dynamic members with Azure Policy
 
-resource "azurerm_network_manager_static_member" "static_members" {
-  count = 3
+resource "random_pet" "network_group_policy_name" {
+  prefix = "network-group-policy"
+}
+
+resource "azurerm_policy_definition" "network_group_policy" {
+  name         = "${random_pet.network_group_policy_name.id}"
+  policy_type  = "Custom"
+  mode         = "Microsoft.Network.Data"
+  display_name = "Policy Definition for Network Group"
+
+  metadata = <<METADATA
+    {
+      "category": "Azure Virtual Network Manager"
+    }
+  METADATA
+
+  policy_rule = <<POLICY_RULE
+    {
+      "if": {
+        "allOf": [
+          {
+              "field": "type",
+              "equals": "Microsoft.Network/virtualNetworks"
+          },
+          {
+            "allOf": [
+              {
+              "field": "Name",
+              "contains": "vnet"
+              }
+            ]
+          }
+        ]
+      },
+      "then": {
+        "effect": "addToNetworkGroup",
+        "details": {
+          "networkGroupId": "${azurerm_network_manager_network_group.network_group.id}"
+        }
+      }
+    }
+  POLICY_RULE
+}
 
-  name                      = "static-member-0${count.index}"
-  network_group_id          = azurerm_network_manager_network_group.network_group.id
-  target_virtual_network_id = azurerm_virtual_network.vnet[count.index].id
+resource "azurerm_subscription_policy_assignment" "azure_policy_assignment" {
+  name                 = "${random_pet.network_group_policy_name.id}-policy-assignment"
+  policy_definition_id = azurerm_policy_definition.network_group_policy.id
+  subscription_id      = data.azurerm_subscription.current.id
 }
 
 # Create a connectivity configuration

quickstart/101-virtual-network-manager-create-mesh/readme.md

@@ -10,7 +10,8 @@ This template deploys an Azure Virtual Network Manager instance with a connectiv
 - [azurerm_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet)
 - [azurerm_virtual_network_manager](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_manager)
 - [azurerm_network_manager_network_group](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_manager_network_group)
-- [azurerm_network_manager_static_member](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_manager_static_member)
+- [azurerm_policy_definition](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/policy_definition)
+- [azurerm_subscription_policy_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subscription_policy_assignment)
 - [azurerm_network_manager_connectivity_configuration](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_manager_connectivity_configuration)
 - [azurerm_network_manager_deployment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_manager_deployment)