From 03170abb4c4ed6ea455c89e7de732601d31e0ef2 Mon Sep 17 00:00:00 2001 From: Sebastian Graef Date: Fri, 17 Nov 2023 17:07:31 +1000 Subject: [PATCH 1/2] Adding support for Private Link Service Connection type auto and manual --- avm/res/network/private-endpoint/main.bicep | 29 ++++++++++++++++----- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/avm/res/network/private-endpoint/main.bicep b/avm/res/network/private-endpoint/main.bicep index 72caaaeb85..3d610a8a90 100644 --- a/avm/res/network/private-endpoint/main.bicep +++ b/avm/res/network/private-endpoint/main.bicep @@ -23,6 +23,10 @@ param ipConfigurations ipConfigurationsType @description('Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to.') param groupIds array +@description('Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars.') +@maxLength(140) +param requestMessage string? + @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') param privateDnsZoneGroupName string? @@ -44,8 +48,12 @@ param tags object? @description('Optional. Custom DNS configurations.') param customDnsConfigs customDnsConfigType -@description('Optional. Manual PrivateLink Service Connections.') -param manualPrivateLinkServiceConnections array? +@description('Optional. Private Link Service Connection type.') +@allowed([ + 'auto' + 'manual' +]) +param privateLinkServiceConnectionType string = 'auto' @description('Optional. Enable/Disable usage telemetry for module.') param enableTelemetry bool = true @@ -92,16 +100,25 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = { customDnsConfigs: customDnsConfigs ?? [] customNetworkInterfaceName: customNetworkInterfaceName ?? '' ipConfigurations: ipConfigurations ?? [] - manualPrivateLinkServiceConnections: manualPrivateLinkServiceConnections ?? [] - privateLinkServiceConnections: [ + manualPrivateLinkServiceConnections: privateLinkServiceConnectionType == 'manual' ? [ + { + name: name + properties: { + privateLinkServiceId: serviceResourceId + groupIds: groupIds ?? [] + requestMessage: requestMessage ?? null + } + } + ] : [] + privateLinkServiceConnections: privateLinkServiceConnectionType == 'auto' ? [ { name: name properties: { privateLinkServiceId: serviceResourceId - groupIds: groupIds + groupIds: groupIds ?? [] } } - ] + ] : [] subnet: { id: subnetResourceId } From 56fb07fdb9a78ef683448e7c359958c0f767547e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Gr=C3=A4f?= Date: Sun, 19 Nov 2023 23:17:17 +0000 Subject: [PATCH 2/2] adjusted --- avm/res/network/private-endpoint/README.md | 41 ++++++++++--------- avm/res/network/private-endpoint/main.json | 34 ++++++++------- .../tests/e2e/defaults/main.test.bicep | 1 - .../tests/e2e/max/main.test.bicep | 1 - .../tests/e2e/waf-aligned/main.test.bicep | 1 - 5 files changed, 41 insertions(+), 37 deletions(-) diff --git a/avm/res/network/private-endpoint/README.md b/avm/res/network/private-endpoint/README.md index a4fdd9de76..fdebc75c4d 100644 --- a/avm/res/network/private-endpoint/README.md +++ b/avm/res/network/private-endpoint/README.md @@ -60,7 +60,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = ipConfigurations: [] location: '' lock: {} - manualPrivateLinkServiceConnections: [] privateDnsZoneGroupName: '' privateDnsZoneResourceIds: [] roleAssignments: [] @@ -115,9 +114,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = "lock": { "value": {} }, - "manualPrivateLinkServiceConnections": { - "value": [] - }, "privateDnsZoneGroupName": { "value": "" }, @@ -185,7 +181,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = kind: 'CanNotDelete' name: 'myCustomLockName' } - manualPrivateLinkServiceConnections: [] privateDnsZoneGroupName: 'default' privateDnsZoneResourceIds: [ '' @@ -273,9 +268,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = "name": "myCustomLockName" } }, - "manualPrivateLinkServiceConnections": { - "value": [] - }, "privateDnsZoneGroupName": { "value": "default" }, @@ -348,7 +340,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = kind: 'CanNotDelete' name: 'myCustomLockName' } - manualPrivateLinkServiceConnections: [] privateDnsZoneGroupName: 'default' privateDnsZoneResourceIds: [ '' @@ -429,9 +420,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = "name": "myCustomLockName" } }, - "manualPrivateLinkServiceConnections": { - "value": [] - }, "privateDnsZoneGroupName": { "value": "default" }, @@ -486,9 +474,10 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:' = | [`ipConfigurations`](#parameter-ipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | | [`location`](#parameter-location) | string | Location for all Resources. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | -| [`manualPrivateLinkServiceConnections`](#parameter-manualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | | [`privateDnsZoneGroupName`](#parameter-privatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | | [`privateDnsZoneResourceIds`](#parameter-privatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. | +| [`privateLinkServiceConnectionType`](#parameter-privatelinkserviceconnectiontype) | string | Private Link Service Connection type. | +| [`requestMessage`](#parameter-requestmessage) | string | A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | @@ -631,12 +620,6 @@ Optional. Specify the name of lock. - Required: No - Type: string -### Parameter: `manualPrivateLinkServiceConnections` - -Manual PrivateLink Service Connections. -- Required: No -- Type: array - ### Parameter: `name` Name of the private endpoint resource to create. @@ -655,6 +638,26 @@ The private DNS zone groups to associate the private endpoint. A DNS zone group - Required: No - Type: array +### Parameter: `privateLinkServiceConnectionType` + +Private Link Service Connection type. +- Required: No +- Type: string +- Default: `'auto'` +- Allowed: + ```Bicep + [ + 'auto' + 'manual' + ] + ``` + +### Parameter: `requestMessage` + +A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars. +- Required: No +- Type: string + ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. diff --git a/avm/res/network/private-endpoint/main.json b/avm/res/network/private-endpoint/main.json index da4a0ba3b9..76bbba000a 100644 --- a/avm/res/network/private-endpoint/main.json +++ b/avm/res/network/private-endpoint/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "13477311172998188302" + "templateHash": "7602734043719523424" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -215,6 +215,14 @@ "description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to." } }, + "requestMessage": { + "type": "string", + "nullable": true, + "maxLength": 140, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } + }, "privateDnsZoneGroupName": { "type": "string", "nullable": true, @@ -261,11 +269,15 @@ "description": "Optional. Custom DNS configurations." } }, - "manualPrivateLinkServiceConnections": { - "type": "array", - "nullable": true, + "privateLinkServiceConnectionType": { + "type": "string", + "defaultValue": "auto", + "allowedValues": [ + "auto", + "manual" + ], "metadata": { - "description": "Optional. Manual PrivateLink Service Connections." + "description": "Optional. Private Link Service Connection type." } }, "enableTelemetry": { @@ -330,16 +342,8 @@ "customDnsConfigs": "[coalesce(parameters('customDnsConfigs'), createArray())]", "customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]", "ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]", - "manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]", - "privateLinkServiceConnections": [ - { - "name": "[parameters('name')]", - "properties": { - "privateLinkServiceId": "[parameters('serviceResourceId')]", - "groupIds": "[parameters('groupIds')]" - } - } - ], + "manualPrivateLinkServiceConnections": "[if(equals(parameters('privateLinkServiceConnectionType'), 'manual'), createArray(createObject('name', parameters('name'), 'properties', createObject('privateLinkServiceId', parameters('serviceResourceId'), 'groupIds', coalesce(parameters('groupIds'), createArray()), 'requestMessage', coalesce(parameters('requestMessage'), null())))), createArray())]", + "privateLinkServiceConnections": "[if(equals(parameters('privateLinkServiceConnectionType'), 'auto'), createArray(createObject('name', parameters('name'), 'properties', createObject('privateLinkServiceId', parameters('serviceResourceId'), 'groupIds', coalesce(parameters('groupIds'), createArray())))), createArray())]", "subnet": { "id": "[parameters('subnetResourceId')]" } diff --git a/avm/res/network/private-endpoint/tests/e2e/defaults/main.test.bicep b/avm/res/network/private-endpoint/tests/e2e/defaults/main.test.bicep index 56faf05417..40f8d07ec1 100644 --- a/avm/res/network/private-endpoint/tests/e2e/defaults/main.test.bicep +++ b/avm/res/network/private-endpoint/tests/e2e/defaults/main.test.bicep @@ -69,7 +69,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ipConfigurations: [] customDnsConfigs: [] privateDnsZoneResourceIds: [] - manualPrivateLinkServiceConnections: [] tags: {} } }] diff --git a/avm/res/network/private-endpoint/tests/e2e/max/main.test.bicep b/avm/res/network/private-endpoint/tests/e2e/max/main.test.bicep index 3a8cc5081e..857b0e08cc 100644 --- a/avm/res/network/private-endpoint/tests/e2e/max/main.test.bicep +++ b/avm/res/network/private-endpoint/tests/e2e/max/main.test.bicep @@ -102,6 +102,5 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' } // Workaround for PSRule privateDnsZoneGroupName: 'default' - manualPrivateLinkServiceConnections: [] } }] diff --git a/avm/res/network/private-endpoint/tests/e2e/waf-aligned/main.test.bicep b/avm/res/network/private-endpoint/tests/e2e/waf-aligned/main.test.bicep index 84638f4b7d..0e2e383629 100644 --- a/avm/res/network/private-endpoint/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/network/private-endpoint/tests/e2e/waf-aligned/main.test.bicep @@ -95,6 +95,5 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' // Workaround for PSRule privateDnsZoneGroupName: 'default' customDnsConfigs: [] - manualPrivateLinkServiceConnections: [] } }]