feat: Update private endpoints to the newest specs - batch 3 (#3165)

## Description Private endpoints - Update to newest specs ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.sql.server](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.sql.server.yml/badge.svg?branch=users%2Fkrbar%2FpeUpdate3&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.sql.server.yml) | | [![avm.res.synapse.private-link-hub](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.private-link-hub.yml/badge.svg?branch=users%2Fkrbar%2FpeUpdate3&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.private-link-hub.yml) | | [![avm.res.synapse.workspace](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml/badge.svg?branch=users%2Fkrbar%2FpeUpdate3&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.synapse.workspace.yml) | | [![avm.res.web.site](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml/badge.svg?branch=users%2Fkrbar%2FpeUpdate3&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml) | | [![avm.res.web.static-site](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.static-site.yml/badge.svg?branch=users%2Fkrbar%2FpeUpdate3&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.static-site.yml) | ## Type of Change  - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [x] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [x] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings
Azure · Sep 5, 2024 · 29fa993 · 29fa993
1 parent 8495bfe
commit 29fa993
Show file tree

Hide file tree

Showing 36 changed files with 2,076 additions and 612 deletions.
diff --git a/avm/res/sql/server/README.md b/avm/res/sql/server/README.md
@@ -330,9 +330,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  primaryUserAssignedIdentityId: '<primaryUserAssignedIdentityId>'
  privateEndpoints: [
  {
- privateDnsZoneResourceIds: [
- '<privateDNSZoneResourceId>'
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
+ }
+ ]
+ }
  subnetResourceId: '<subnetResourceId>'
  tags: {
  Environment: 'Non-Prod'
@@ -341,9 +345,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  }
  }
  {
- privateDnsZoneResourceIds: [
- '<privateDNSZoneResourceId>'
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
+ }
+ ]
+ }
  subnetResourceId: '<subnetResourceId>'
  }
  ]
@@ -506,9 +514,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  "privateEndpoints": {
  "value": [
  {
- "privateDnsZoneResourceIds": [
- "<privateDNSZoneResourceId>"
- ],
+ "privateDnsZoneGroup": {
+ "privateDnsZoneGroupConfigs": [
+ {
+ "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
+ }
+ ]
+ },
  "subnetResourceId": "<subnetResourceId>",
  "tags": {
  "Environment": "Non-Prod",
@@ -517,9 +529,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  }
  },
  {
- "privateDnsZoneResourceIds": [
- "<privateDNSZoneResourceId>"
- ],
+ "privateDnsZoneGroup": {
+ "privateDnsZoneGroupConfigs": [
+ {
+ "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
+ }
+ ]
+ },
  "subnetResourceId": "<subnetResourceId>"
  }
  ]
@@ -889,9 +905,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  primaryUserAssignedIdentityId: '<primaryUserAssignedIdentityId>'
  privateEndpoints: [
  {
- privateDnsZoneResourceIds: [
- '<privateDNSZoneResourceId>'
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: '<privateDnsZoneResourceId>'
+ }
+ ]
+ }
  service: 'sqlServer'
  subnetResourceId: '<subnetResourceId>'
  tags: {
@@ -1028,9 +1048,13 @@ module server 'br/public:avm/res/sql/server:<version>' = {
  "privateEndpoints": {
  "value": [
  {
- "privateDnsZoneResourceIds": [
- "<privateDNSZoneResourceId>"
- ],
+ "privateDnsZoneGroup": {
+ "privateDnsZoneGroupConfigs": [
+ {
+ "privateDnsZoneResourceId": "<privateDnsZoneResourceId>"
+ }
+ ]
+ },
  "service": "sqlServer",
  "subnetResourceId": "<subnetResourceId>",
  "tags": {
@@ -1436,8 +1460,7 @@ Configuration details for private endpoints. For security reasons, it is recomme
 | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. |
 | [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. |
 | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. |
-| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. |
-| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. |
+| [`privateDnsZoneGroup`](#parameter-privateendpointsprivatednszonegroup) | object | The private DNS zone group to configure for the private endpoint. |
 | [`privateLinkServiceConnectionName`](#parameter-privateendpointsprivatelinkserviceconnectionname) | string | The name of the private link connection to create. |
 | [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Private Endpoint into a different resource group than the main resource. |
 | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. |
@@ -1621,19 +1644,64 @@ The name of the private endpoint.
 - Required: No
 - Type: string
 
-### Parameter: `privateEndpoints.privateDnsZoneGroupName`
+### Parameter: `privateEndpoints.privateDnsZoneGroup`
 
-The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.
+The private DNS zone group to configure for the private endpoint.
 
 - Required: No
+- Type: object
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`privateDnsZoneGroupConfigs`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the Private DNS Zone Group. |
+
+### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs`
+
+The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.
+
+- Required: Yes
+- Type: array
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`privateDnsZoneResourceId`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsprivatednszoneresourceid) | string | The resource id of the private DNS zone. |
+
+**Optional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS zone group config. |
+
+### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId`
+
+The resource id of the private DNS zone.
+
+- Required: Yes
 - Type: string
 
-### Parameter: `privateEndpoints.privateDnsZoneResourceIds`
+### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name`
 
-The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.
+The name of the private DNS zone group config.
 
 - Required: No
-- Type: array
+- Type: string
+
+### Parameter: `privateEndpoints.privateDnsZoneGroup.name`
+
+The name of the Private DNS Zone Group.
+
+- Required: No
+- Type: string
 
 ### Parameter: `privateEndpoints.privateLinkServiceConnectionName`
 
@@ -1927,6 +1995,7 @@ The vulnerability assessment configuration.
 | :-- | :-- | :-- |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the deployed SQL server. |
+| `privateEndpoints` | array | The private endpoints of the SQL server. |
 | `resourceGroupName` | string | The resource group of the deployed SQL server. |
 | `resourceId` | string | The resource ID of the deployed SQL server. |
 | `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. |
@@ -1937,7 +2006,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
 
 | Reference | Type |
 | :-- | :-- |
-| `br/public:avm/res/network/private-endpoint:0.6.1` | Remote reference |
+| `br/public:avm/res/network/private-endpoint:0.7.1` | Remote reference |
 
 ## Notes
 

diff --git a/avm/res/sql/server/main.bicep b/avm/res/sql/server/main.bicep
@@ -312,7 +312,7 @@ module server_elasticPools 'elastic-pool/main.bicep' = [
  }
 ]
 
-module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.6.1' = [
+module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [
  for (privateEndpoint, index) in (privateEndpoints ?? []): {
  name: '${uniqueString(deployment().name, location)}-server-PrivateEndpoint-${index}'
  scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
@@ -353,8 +353,7 @@ module server_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.6.1
  'Full'
  ).location
  lock: privateEndpoint.?lock ?? lock
- privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
- privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
+ privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup
  roleAssignments: privateEndpoint.?roleAssignments
  tags: privateEndpoint.?tags ?? tags
  customDnsConfigs: privateEndpoint.?customDnsConfigs
@@ -507,6 +506,17 @@ output systemAssignedMIPrincipalId string = server.?identity.?principalId ?? ''
 @description('The location the resource was deployed into.')
 output location string = server.location
 
+@description('The private endpoints of the SQL server.')
+output privateEndpoints array = [
+ for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): {
+ name: server_privateEndpoints[i].outputs.name
+ resourceId: server_privateEndpoints[i].outputs.resourceId
+ groupId: server_privateEndpoints[i].outputs.groupId
+ customDnsConfig: server_privateEndpoints[i].outputs.customDnsConfig
+ networkInterfaceIds: server_privateEndpoints[i].outputs.networkInterfaceIds
+ }
+]
+
 // =============== //
 // Definitions //
 // =============== //
@@ -569,11 +579,20 @@ type privateEndpointType = {
  @description('Required. Resource ID of the subnet where the endpoint needs to be created.')
  subnetResourceId: string
 
- @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.')
- privateDnsZoneGroupName: string?
+ @description('Optional. The private DNS zone group to configure for the private endpoint.')
+ privateDnsZoneGroup: {
+ @description('Optional. The name of the Private DNS Zone Group.')
+ name: string?
+
+ @description('Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.')
+ privateDnsZoneGroupConfigs: {
+ @description('Optional. The name of the private DNS zone group config.')
+ name: string?
 
- @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
- privateDnsZoneResourceIds: string[]?
+ @description('Required. The resource id of the private DNS zone.')
+ privateDnsZoneResourceId: string
+ }[]
+ }?
 
  @description('Optional. If Manual Private Link Connection is required.')
  isManualConnection: bool?