feat: Update PE implementation in alignment to latest schema (1) (#1087)

## Description


Follow up to #1070
- Applied latest PE schema accross all modules
- Ensured that all modules deploy at least 2 PEs to wnsure there is no
concurrency issue
- Removed several dedicated `private-endpoint` tests cases if already
implemented in max

## Pipeline Reference
| Pipeline |
| - |

[![avm.res.automation.automation-account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.automation.automation-account.yml)

[![avm.res.batch.batch-account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.batch.batch-account.yml)

[![avm.res.cache.redis](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cache.redis.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cache.redis.yml)

[![avm.res.cognitive-services.account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cognitive-services.account.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.cognitive-services.account.yml)

[![avm.res.container-registry.registry](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.container-registry.registry.yml)

[![avm.res.data-factory.factory](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.data-factory.factory.yml/badge.svg?branch=feat%2Fpe-adjustments-962-946-1042&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.data-factory.factory.yml)

## Type of Change

<!-- Use the check-boxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utlities (Non-module effecting
changes)
- [x] Azure Verified Module updates:
- [x] Bugfix containing backwards compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [x] Update to documentation

---------

Co-authored-by: Sebastian Gräf <sebastian@graef.io>
Co-authored-by: Kris Baranek <k.baranek@microsoft.com>
Co-authored-by: ChrisSidebotham-MSFT <48600046+ChrisSidebotham@users.noreply.github.com>

avm/res/automation/automation-account/README.md

@@ -233,6 +233,18 @@ module automationAccount 'br/public:avm/res/automation/automation-account:<versi
  Role: 'DeploymentValidation'
  }
  }
+ {
+ privateDnsZoneResourceIds: [
+ '<privateDNSZoneResourceId>'
+ ]
+ service: 'Webhook'
+ subnetResourceId: '<subnetResourceId>'
+ tags: {
+ Environment: 'Non-Prod'
+ 'hidden-title': 'This is visible in the resource name'
+ Role: 'DeploymentValidation'
+ }
+ }
  {
  privateDnsZoneResourceIds: [
  '<privateDNSZoneResourceId>'
@@ -467,6 +479,18 @@ module automationAccount 'br/public:avm/res/automation/automation-account:<versi
  "Role": "DeploymentValidation"
  }
  },
+ {
+ "privateDnsZoneResourceIds": [
+ "<privateDNSZoneResourceId>"
+ ],
+ "service": "Webhook",
+ "subnetResourceId": "<subnetResourceId>",
+ "tags": {
+ "Environment": "Non-Prod",
+ "hidden-title": "This is visible in the resource name",
+ "Role": "DeploymentValidation"
+ }
+ },
  {
  "privateDnsZoneResourceIds": [
  "<privateDNSZoneResourceId>"
@@ -1420,7 +1444,7 @@ Configuration details for private endpoints. For security reasons, it is recomme
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". |
+| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". |
 | [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. |
 
 **Optional parameters**
@@ -1432,9 +1456,10 @@ Configuration details for private endpoints. For security reasons, it is recomme
 | [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. |
 | [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. |
 | [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. |
+| [`isManualConnection`](#parameter-privateendpointsismanualconnection) | bool | If Manual Private Link Connection is required. |
 | [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. |
 | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. |
-| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. |
+| [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. |
 | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. |
 | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. |
 | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. |
@@ -1443,7 +1468,7 @@ Configuration details for private endpoints. For security reasons, it is recomme
 
 ### Parameter: `privateEndpoints.service`
 
-The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".
+The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".
 
 - Required: Yes
 - Type: string
@@ -1561,6 +1586,13 @@ A private ip address obtained from the private endpoint's subnet.
 - Required: Yes
 - Type: string
 
+### Parameter: `privateEndpoints.isManualConnection`
+
+If Manual Private Link Connection is required.
+
+- Required: No
+- Type: bool
+
 ### Parameter: `privateEndpoints.location`
 
 The location to deploy the private endpoint to.
@@ -1604,12 +1636,12 @@ Specify the name of lock.
 - Required: No
 - Type: string
 
-### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections`
+### Parameter: `privateEndpoints.manualConnectionRequestMessage`
 
-Manual PrivateLink Service Connections.
+A message passed to the owner of the remote resource with the manual connection request.
 
 - Required: No
-- Type: array
+- Type: string
 
 ### Parameter: `privateEndpoints.name`
 
@@ -1905,7 +1937,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
 | Reference | Type |
 | :-- | :-- |
 | `res/operational-insights/workspace/linked-service` | Local reference |
-| `br/public:avm/res/network/private-endpoint:0.3.1` | Remote reference |
+| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference |
 | `br/public:avm/res/operations-management/solution:0.1.0` | Remote reference |
 
 ## Data Collection

avm/res/automation/automation-account/main.bicep

@@ -328,34 +328,45 @@ resource automationAccount_diagnosticSettings 'Microsoft.Insights/diagnosticSett
  scope: automationAccount
 }]
 
-module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.3.1' = [for (privateEndpoint, index) in (privateEndpoints ?? []): {
+module automationAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [for (privateEndpoint, index) in (privateEndpoints ?? []): {
  name: '${uniqueString(deployment().name, location)}-automationAccount-PrivateEndpoint-${index}'
  params: {
- privateLinkServiceConnections: [
+ name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}'
+ privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true ? [
  {
- name: name
+ name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}'
  properties: {
  privateLinkServiceId: automationAccount.id
  groupIds: [
- privateEndpoint.?service ?? 'automationaccount'
+ privateEndpoint.service
  ]
  }
  }
- ]
- name: privateEndpoint.?name ?? 'pep-${last(split(automationAccount.id, '/'))}-${privateEndpoint.?service ?? privateEndpoint.service}-${index}'
+ ] : null
+ manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true ? [
+ {
+ name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(automationAccount.id, '/'))}-${privateEndpoint.service}-${index}'
+ properties: {
+ privateLinkServiceId: automationAccount.id
+ groupIds: [
+ privateEndpoint.service
+ ]
+ requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.'
+ }
+ }
+ ] : null
  subnetResourceId: privateEndpoint.subnetResourceId
+ enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry
  location: privateEndpoint.?location ?? reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location
  lock: privateEndpoint.?lock ?? lock
  privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
  privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
  roleAssignments: privateEndpoint.?roleAssignments
  tags: privateEndpoint.?tags ?? tags
- manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections
  customDnsConfigs: privateEndpoint.?customDnsConfigs
  ipConfigurations: privateEndpoint.?ipConfigurations
  applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds
  customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName
- enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry
  }
 }]
 
@@ -438,7 +449,7 @@ type privateEndpointType = {
  @description('Optional. The location to deploy the private endpoint to.')
  location: string?
 
- @description('Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob".')
+ @description('Required. The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".')
  service: string
 
  @description('Required. Resource ID of the subnet where the endpoint needs to be created.')
@@ -450,6 +461,13 @@ type privateEndpointType = {
  @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
  privateDnsZoneResourceIds: string[]?
 
+ @description('Optional. If Manual Private Link Connection is required.')
+ isManualConnection: bool?
+
+ @description('Optional. A message passed to the owner of the remote resource with the manual connection request.')
+ @maxLength(140)
+ manualConnectionRequestMessage: string?
+
  @description('Optional. Custom DNS configurations.')
  customDnsConfigs: {
  @description('Required. Fqdn that resolves to private endpoint ip address.')
@@ -492,9 +510,6 @@ type privateEndpointType = {
  @description('Optional. Tags to be applied on all resources/resource groups in this deployment.')
  tags: object?
 
- @description('Optional. Manual PrivateLink Service Connections.')
- manualPrivateLinkServiceConnections: array?
-
  @description('Optional. Enable/Disable usage telemetry for module.')
  enableTelemetry: bool?
 }[]?