Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding support for Private Link Service Connection type auto and manual #1

Closed
wants to merge 3 commits into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 22 additions & 19 deletions avm/res/network/private-endpoint/README.md
Original file line number Diff line number Diff line change
@@ -60,7 +60,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
ipConfigurations: []
location: '<location>'
lock: {}
manualPrivateLinkServiceConnections: []
privateDnsZoneGroupName: ''
privateDnsZoneResourceIds: []
roleAssignments: []
@@ -115,9 +114,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
"lock": {
"value": {}
},
"manualPrivateLinkServiceConnections": {
"value": []
},
"privateDnsZoneGroupName": {
"value": ""
},
@@ -185,7 +181,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
manualPrivateLinkServiceConnections: []
privateDnsZoneGroupName: 'default'
privateDnsZoneResourceIds: [
'<privateDNSZoneResourceId>'
@@ -273,9 +268,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
"name": "myCustomLockName"
}
},
"manualPrivateLinkServiceConnections": {
"value": []
},
"privateDnsZoneGroupName": {
"value": "default"
},
@@ -348,7 +340,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
manualPrivateLinkServiceConnections: []
privateDnsZoneGroupName: 'default'
privateDnsZoneResourceIds: [
'<privateDNSZoneResourceId>'
@@ -429,9 +420,6 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
"name": "myCustomLockName"
}
},
"manualPrivateLinkServiceConnections": {
"value": []
},
"privateDnsZoneGroupName": {
"value": "default"
},
@@ -486,9 +474,10 @@ module privateEndpoint 'br/public:avm/res/network/private-endpoint:<version>' =
| [`ipConfigurations`](#parameter-ipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. |
| [`location`](#parameter-location) | string | Location for all Resources. |
| [`lock`](#parameter-lock) | object | The lock settings of the service. |
| [`manualPrivateLinkServiceConnections`](#parameter-manualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. |
| [`privateDnsZoneGroupName`](#parameter-privatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. |
| [`privateDnsZoneResourceIds`](#parameter-privatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. |
| [`privateLinkServiceConnectionType`](#parameter-privatelinkserviceconnectiontype) | string | Private Link Service Connection type. |
| [`requestMessage`](#parameter-requestmessage) | string | A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars. |
| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. |
| [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. |

@@ -631,12 +620,6 @@ Optional. Specify the name of lock.
- Required: No
- Type: string

### Parameter: `manualPrivateLinkServiceConnections`

Manual PrivateLink Service Connections.
- Required: No
- Type: array

### Parameter: `name`

Name of the private endpoint resource to create.
@@ -655,6 +638,26 @@ The private DNS zone groups to associate the private endpoint. A DNS zone group
- Required: No
- Type: array

### Parameter: `privateLinkServiceConnectionType`

Private Link Service Connection type.
- Required: No
- Type: string
- Default: `'auto'`
- Allowed:
```Bicep
[
'auto'
'manual'
]
```

### Parameter: `requestMessage`

A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars.
- Required: No
- Type: string

### Parameter: `roleAssignments`

Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.
29 changes: 23 additions & 6 deletions avm/res/network/private-endpoint/main.bicep
Original file line number Diff line number Diff line change
@@ -23,6 +23,10 @@ param ipConfigurations ipConfigurationsType
@description('Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to.')
param groupIds array

@description('Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars.')
@maxLength(140)
param requestMessage string?

@description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.')
param privateDnsZoneGroupName string?

@@ -44,8 +48,12 @@ param tags object?
@description('Optional. Custom DNS configurations.')
param customDnsConfigs customDnsConfigType

@description('Optional. Manual PrivateLink Service Connections.')
param manualPrivateLinkServiceConnections array?
@description('Optional. Private Link Service Connection type.')
@allowed([
'auto'
'manual'
])
param privateLinkServiceConnectionType string = 'auto'

@description('Optional. Enable/Disable usage telemetry for module.')
param enableTelemetry bool = true
@@ -92,16 +100,25 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = {
customDnsConfigs: customDnsConfigs ?? []
customNetworkInterfaceName: customNetworkInterfaceName ?? ''
ipConfigurations: ipConfigurations ?? []
manualPrivateLinkServiceConnections: manualPrivateLinkServiceConnections ?? []
privateLinkServiceConnections: [
manualPrivateLinkServiceConnections: privateLinkServiceConnectionType == 'manual' ? [
{
name: name
properties: {
privateLinkServiceId: serviceResourceId
groupIds: groupIds ?? []
requestMessage: requestMessage ?? null
}
}
] : []
privateLinkServiceConnections: privateLinkServiceConnectionType == 'auto' ? [
{
name: name
properties: {
privateLinkServiceId: serviceResourceId
groupIds: groupIds
groupIds: groupIds ?? []
}
}
]
] : []
subnet: {
id: subnetResourceId
}
34 changes: 19 additions & 15 deletions avm/res/network/private-endpoint/main.json
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "13477311172998188302"
"templateHash": "7602734043719523424"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -215,6 +215,14 @@
"description": "Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to."
}
},
"requestMessage": {
"type": "string",
"nullable": true,
"maxLength": 140,
"metadata": {
"description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars."
}
},
"privateDnsZoneGroupName": {
"type": "string",
"nullable": true,
@@ -261,11 +269,15 @@
"description": "Optional. Custom DNS configurations."
}
},
"manualPrivateLinkServiceConnections": {
"type": "array",
"nullable": true,
"privateLinkServiceConnectionType": {
"type": "string",
"defaultValue": "auto",
"allowedValues": [
"auto",
"manual"
],
"metadata": {
"description": "Optional. Manual PrivateLink Service Connections."
"description": "Optional. Private Link Service Connection type."
}
},
"enableTelemetry": {
@@ -330,16 +342,8 @@
"customDnsConfigs": "[coalesce(parameters('customDnsConfigs'), createArray())]",
"customNetworkInterfaceName": "[coalesce(parameters('customNetworkInterfaceName'), '')]",
"ipConfigurations": "[coalesce(parameters('ipConfigurations'), createArray())]",
"manualPrivateLinkServiceConnections": "[coalesce(parameters('manualPrivateLinkServiceConnections'), createArray())]",
"privateLinkServiceConnections": [
{
"name": "[parameters('name')]",
"properties": {
"privateLinkServiceId": "[parameters('serviceResourceId')]",
"groupIds": "[parameters('groupIds')]"
}
}
],
"manualPrivateLinkServiceConnections": "[if(equals(parameters('privateLinkServiceConnectionType'), 'manual'), createArray(createObject('name', parameters('name'), 'properties', createObject('privateLinkServiceId', parameters('serviceResourceId'), 'groupIds', coalesce(parameters('groupIds'), createArray()), 'requestMessage', coalesce(parameters('requestMessage'), null())))), createArray())]",
"privateLinkServiceConnections": "[if(equals(parameters('privateLinkServiceConnectionType'), 'auto'), createArray(createObject('name', parameters('name'), 'properties', createObject('privateLinkServiceId', parameters('serviceResourceId'), 'groupIds', coalesce(parameters('groupIds'), createArray())))), createArray())]",
"subnet": {
"id": "[parameters('subnetResourceId')]"
}
Original file line number Diff line number Diff line change
@@ -69,7 +69,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem'
ipConfigurations: []
customDnsConfigs: []
privateDnsZoneResourceIds: []
manualPrivateLinkServiceConnections: []
tags: {}
}
}]
Original file line number Diff line number Diff line change
@@ -102,6 +102,5 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem'
}
// Workaround for PSRule
privateDnsZoneGroupName: 'default'
manualPrivateLinkServiceConnections: []
}
}]
Original file line number Diff line number Diff line change
@@ -95,6 +95,5 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem'
// Workaround for PSRule
privateDnsZoneGroupName: 'default'
customDnsConfigs: []
manualPrivateLinkServiceConnections: []
}
}]