ACR - Update Private Endpoints schema

avm/res/container-registry/registry/main.bicep

@@ -179,7 +179,7 @@ var builtInRoleNames = {
  Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
  Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
  Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
- 'Role Based Access Control Administrator (Preview)': subscriptionResourceId(
+ 'Role Based Access Control Administrator': subscriptionResourceId(
  'Microsoft.Authorization/roleDefinitions',
  'f58310d9-a9f6-439a-9e8d-f62e7b41a168'
  )
@@ -443,7 +443,7 @@ resource registry_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-
  }
 ]
 
-module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.1' = [
+module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [
  for (privateEndpoint, index) in (privateEndpoints ?? []): {
  name: '${uniqueString(deployment().name, location)}-registry-PrivateEndpoint-${index}'
  scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
@@ -484,8 +484,7 @@ module registry_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4
  'Full'
  ).location
  lock: privateEndpoint.?lock ?? lock
- privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
- privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
+ privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup
  roleAssignments: privateEndpoint.?roleAssignments
  tags: privateEndpoint.?tags ?? tags
  customDnsConfigs: privateEndpoint.?customDnsConfigs
@@ -524,6 +523,17 @@ output credentialSetsResourceIds array = [
  for index in range(0, length(credentialSets)): registry_credentialSets[index].outputs.resourceId
 ]
 
+@description('The private endpoints of the Azure container registry.')
+output privateEndpoints array = [
+ for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): {
+ name: registry_privateEndpoints[i].outputs.name
+ resourceId: registry_privateEndpoints[i].outputs.resourceId
+ groupId: registry_privateEndpoints[i].outputs.groupId
+ customDnsConfig: registry_privateEndpoints[i].outputs.customDnsConfig
+ networkInterfaceIds: registry_privateEndpoints[i].outputs.networkInterfaceIds
+ }
+]
+
 // =============== //
 // Definitions //
 // =============== //
@@ -586,11 +596,20 @@ type privateEndpointType = {
  @description('Required. Resource ID of the subnet where the endpoint needs to be created.')
  subnetResourceId: string
 
- @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.')
- privateDnsZoneGroupName: string?
+ @description('Optional. The private DNS zone group to configure for the private endpoint.')
+ privateDnsZoneGroup: {
+ @description('Optional. The name of the Private DNS Zone Group.')
+ name: string?
+
+ @description('Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.')
+ privateDnsZoneGroupConfigs: {
+ @description('Optional. The name of the private DNS zone group config.')
+ name: string?
 
- @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
- privateDnsZoneResourceIds: string[]?
+ @description('Required. The resource id of the private DNS zone.')
+ privateDnsZoneResourceId: string
+ }[]
+ }?
 
  @description('Optional. If Manual Private Link Connection is required.')
  isManualConnection: bool?

avm/res/container-registry/registry/tests/e2e/max/main.test.bicep

@@ -96,9 +96,13 @@ module testDeployment '../../../main.bicep' = [
  privateEndpoints: [
  {
  subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId
+ }
+ ]
+ }
  tags: {
  'hidden-title': 'This is visible in the resource name'
  Environment: 'Non-Prod'
@@ -107,9 +111,13 @@ module testDeployment '../../../main.bicep' = [
  }
  {
  subnetResourceId: nestedDependencies.outputs.subnetResourceId
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSZoneResourceId
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId
+ }
+ ]
+ }
  }
  ]
  networkRuleSetIpRules: [

avm/res/container-registry/registry/tests/e2e/waf-aligned/dependencies.bicep

@@ -93,4 +93,4 @@ output pairedRegionName string = getPairedRegionScript.properties.outputs.paired
 output subnetResourceId string = virtualNetwork.properties.subnets[0].id
 
 @description('The resource ID of the created Private DNS Zone.')
-output privateDNSResourceId string = privateDNSZone.id
+output privateDNSZoneResourceId string = privateDNSZone.id

avm/res/container-registry/registry/tests/e2e/waf-aligned/main.test.bicep

@@ -97,9 +97,13 @@ module testDeployment '../../../main.bicep' = [
  }
  privateEndpoints: [
  {
- privateDnsZoneResourceIds: [
- nestedDependencies.outputs.privateDNSResourceId
- ]
+ privateDnsZoneGroup: {
+ privateDnsZoneGroupConfigs: [
+ {
+ privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId
+ }
+ ]
+ }
  subnetResourceId: nestedDependencies.outputs.subnetResourceId
  }
  ]

avm/res/container-registry/registry/version.json

@@ -1,6 +1,6 @@
 {
  "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
- "version": "0.4",
+ "version": "0.5",
  "pathFilters": [
  "./main.json"
  ]