Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[AVM Module Issue]: DataFactory Private Endpoint issue #3878

Closed
1 task done
kevin-381ecc2e opened this issue Dec 4, 2024 · 6 comments · Fixed by #3892
Closed
1 task done

[AVM Module Issue]: DataFactory Private Endpoint issue #3878

kevin-381ecc2e opened this issue Dec 4, 2024 · 6 comments · Fixed by #3892
Assignees
@krbar @clintgrove
Labels
Class: Resource Module 📦 This is a resource module Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working

Comments

@kevin-381ecc2e
Copy link

kevin-381ecc2e commented Dec 4, 2024
edited
Loading

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/data-factory/factory

(Optional) Module Version

0.6.2'

Description

We're trying to provision DataFactories with Private Endpoints. However we're unable to provision a privateEndpoint with the groupId: 'portal'.
The template has a hardcoded groupId of 'dataFactory' under the privateLink configuration.

https://github.com/Azure/bicep-registry-modules/blob/main/avm/res/data-factory/factory/main.bicep#L328.

I'm receiving the error:

[
PrivateIPAddress: XXX.XXX.XXX.XXX, 
GroupId: portal, 
MemberName: portal
]
 and its missing these membernames/groupids requested by Private Link service [GroupId: dataFactory, MemberName: dataFactory]. Private Endpoint needs to be reconfigured with missing memberNames.

(Optional) Correlation Id

No response
@kevin-381ecc2e kevin-381ecc2e added Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue labels Dec 4, 2024
@microsoft-github-policy-service Microsoft GitHub Policy Service
Copy link

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

@microsoft-github-policy-service microsoft-github-policy-service bot added the Type: Bug 🐛 Something isn't working label Dec 4, 2024
@avm-team-linter avm-team-linter bot added the Class: Resource Module 📦 This is a resource module label Dec 4, 2024
@avm-team-linter AVM Team Linter
Copy link

@kevin-381ecc2e, thanks for submitting this issue for the avm/res/data-factory/factory module!

Important

A member of the @Azure/avm-res-datafactory-factory-module-owners-bicep or @Azure/avm-res-datafactory-factory-module-contributors-bicep team will review it soon!

@github-project-automation github-project-automation bot moved this to Needs: Triage in AVM - Module Issues Dec 4, 2024
@kevin-381ecc2e kevin-381ecc2e changed the title [AVM Module Issue]: [AVM Module Issue]: DataFactory Private Endpoint issue Dec 4, 2024
@clintgrove clintgrove removed the Needs: Triage 🔍 Maintainers need to triage still label Dec 5, 2024
@clintgrove clintgrove moved this from Needs: Triage to In Active Discussion in AVM - Module Issues Dec 5, 2024
@clintgrove
Copy link
Contributor

Hi @kevin-381ecc2e please can you explain more about "portal" I am not aware of this type. Also can you share a bit of the code you have implemented to give us a better idea of what the issue is?

@kevin-381ecc2e
Copy link
Author

Hi @kevin-381ecc2e please can you explain more about "portal" I am not aware of this type. Also can you share a bit of the code you have implemented to give us a better idea of what the issue is?

Sure, DataFactory consists of two private endpoints one for 'dataFactory' and one for 'portal'. However it seems when i create the portal one. It expects the groupId and memberId to be DataFactory.

    privateEndpoints: [
      {
        service: 'dataFactory'
        subnetResourceId: '/subscriptions/0000000-0000000000-00000/resourceGroups/rg-datafactory/providers/Microsoft.Network/virtualNetworks/vnet-datafactory/subnets/subnet0'
        customNetworkInterfaceName: 'nicDatafactory'
        name: 'peDatafactory'
        ipConfigurations: [
          {
            name: 'ipconfig1'
            properties: {
              groupId: 'dataFactory'
              memberName: 'dataFactory'
              privateIPAddress: '10.10.10.10'
            }
          }
        ]
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: '/subscriptions/0000000-0000000000-00000/resourceGroups/rg-datafactory/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net'
            }
          ]
        }
      }
      {
        subnetResourceId: '/subscriptions/0000000-0000000000-00000/resourceGroups/rg-datafactory/providers/Microsoft.Network/virtualNetworks/vnet-datafactory/subnets/subnet0'
        customNetworkInterfaceName: 'nicPortal'
        name: 'pePortal'
        ipConfigurations: [
          {
            name: 'ipconfig1'
            properties: {
              groupId: 'portal'
              memberName: 'portal'
              privateIPAddress: '10.10.10.11'
            }
          }
        ]
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: '/subscriptions/0000000-0000000000-00000/resourceGroups/rg-datafactory/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.net'
            }
          ]
        }
      }
    ]

from within the Azure portal i have these options.

Image

@krbar
Copy link
Contributor

krbar commented Dec 5, 2024

Hi @kevin-381ecc2e , thanks for the additional info! I believe your code will deploy successfully if you add:

service: 'portal'

as a property of the second private endpoint. If this property is not set, the module defaults to using dataFactory.

Typically, we set a default service only in modules that support a single private endpoint type. In this case, we apparently overlooked the portal sub-resource. To address this, we will release a new module version that does not include a default service.

@krbar krbar mentioned this issue Dec 5, 2024
Merged
11 tasks
@kevin-381ecc2e
Copy link
Author

Hi @kevin-381ecc2e , thanks for the additional info! I believe your code will deploy successfully if you add:

service: 'portal'
as a property of the second private endpoint. If this property is not set, the module defaults to using dataFactory.

Typically, we set a default service only in modules that support a single private endpoint type. In this case, we apparently overlooked the portal sub-resource. To address this, we will release a new module version that does not include a default service.

Thank you for your reply. It seems that adding 'service: portal' solves the issue.

@github-project-automation github-project-automation bot moved this from In Active Discussion to Done in AVM - Module Issues Dec 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@krbar krbar

@clintgrove clintgrove

Labels
Class: Resource Module 📦 This is a resource module Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working
Projects
AVM - Module Issues
Status: Done
Milestone
No milestone
3 participants
@krbar @clintgrove @kevin-381ecc2e