Add validation for vWAN dependency on vnet_app

[davidspielmann]

Problem Statement

I believe there is an implicit dependency between the two variables enable_module_vwan and enable_module_vnet_app which is not reflected in the code. Currently, enable_module_vwan can be set to true while enable_module_vnet_app is set to false.

This would create a problem in main.tf, as the vwan module block unconditionally references module.vnet_app[0]:

module "vwan" {
  source = "./modules/vwan"

  count = var.enable_module_vwan ? 1 : 0

  dns_server          = module.vnet_shared.dns_server
  key_vault_id        = module.vnet_shared.resource_ids["key_vault"]
  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
  tags                = var.tags

  virtual_networks = {
    virtual_network_shared = module.vnet_shared.resource_ids["virtual_network_shared"]
    virtual_network_app    = module.vnet_app[0].resource_ids["virtual_network_app"]
  }

  depends_on = [module.vnet_app[0].configure_azure_files_id] # Ensures that Azure Files is configured
}

When enable_module_vnet_app = false, the vnet_app module has count = 0, so module.vnet_app[0] does not exist. Therefore, enabling vwan without also enabling vnet_app would likely result in an invalid index / empty tuple error during Terraform plan or apply.

Proposed Solution

I suggest using cross-variable validation so Terraform fails early with a clear message when vWAN is enabled without vnet_app.

Suggested change in variables.tf:

variable "enable_module_vwan" {
  type        = bool
  description = "Set to true to enable the vwan module, false to skip it."
  default     = false

  validation {
    condition     = !var.enable_module_vwan || var.enable_module_vnet_app
    error_message = "enable_module_vnet_app must be true when enable_module_vwan is true because the vwan module connects the app virtual network."
  }
}

Happy to open a PR about this, if you believe this is a valuable issue.