Added AI created module implementation.

variables.tf

@@ -0,0 +1,43 @@
+variable "scope" {
+  type        = string
+  description = "Scope ID at which to assign roles (subscription, resource group, resource, etc.)."
+}
+
+variable "principal_id" {
+  type        = string
+  description = "Object ID of the principal (service principal, user, group, managed identity)."
+}
+
+variable "roles" {
+  type        = list(string)
+  default     = []
+  description = "Unconditional role definition names to assign to principal_id at scope."
+
+  validation {
+    condition     = length(distinct(var.roles)) == length(var.roles)
+    error_message = "roles must not contain duplicates."
+  }
+}
+
+variable "delegable_roles" {
+  type        = list(string)
+  default     = []
+  description = "Role definition names that RBAC Administrator is allowed to assign/delete via ABAC condition. When empty, RBAC Administrator assignment is not created."
+
+  validation {
+    condition     = length(distinct(var.delegable_roles)) == length(var.delegable_roles)
+    error_message = "delegable_roles must not contain duplicates."
+  }
+}
+
+variable "principal_type" {
+  type        = string
+  default     = "ServicePrincipal"
+  description = "Value for azurerm_role_assignment.principal_type (e.g., ServicePrincipal, User, Group)."
+}
+
+variable "skip_service_principal_aad_check" {
+  type        = bool
+  default     = true
+  description = "Whether to skip the Azure AD check for service principals."
+}