add private dns zone name check

Author: lonegunmanb

locals.tf

@@ -58,4 +58,10 @@ locals {
   subnet_ids                                            = toset([for id in local.potential_subnet_ids : id if id != null])
   use_brown_field_gw_for_ingress                        = var.brown_field_application_gateway_for_ingress != null
   use_green_field_gw_for_ingress                        = var.green_field_application_gateway_for_ingress != null
+  valid_private_dns_zone_regexs = [
+    "private\\.[a-z]+\\.azmk8s\\.io",
+    "privatelink\\.[a-z]+\\.azmk8s\\.io",
+    "[a-zA-Z0-9\\-]{1,32}\\.private\\.[a-z]+\\.azmk8s\\.io",
+    "[a-zA-Z0-9\\-]{1,32}\\.privatelink\\.[a-z]+\\.azmk8s\\.io",
+  ]
 }

main.tf

@@ -636,6 +636,10 @@ resource "azurerm_kubernetes_cluster" "main" {
       condition     = var.dns_prefix_private_cluster != null || var.identity_type == "UserAssigned" || var.client_id != ""
       error_message = "A user assigned identity or a service principal must be used when using a custom private dns zone"
     }
+    precondition {
+      condition     = var.private_dns_zone_id == null ? true : (anytrue([for r in local.valid_private_dns_zone_regexs : try(regex(r, reverse(split("/", var.private_dns_zone_id))[0]) == reverse(split("/", var.private_dns_zone_id))[0], false)]))
+      error_message = "Private DNS zone must be in one of the following format: `privatelink.<region>.azmk8s.io`, `<subzone>.privatelink.<region>.azmk8s.io`, `private.<region>.azmk8s.io`, `<subzone>.private.<region>.azmk8s.io`"
+    }
   }
 }