From f745b162dbd437fe2f3636bb20010dd7013a674a Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Tue, 26 Jul 2022 22:28:59 +1000 Subject: [PATCH 1/6] Added managed private endpoints to vnets --- .../factories/.test/min.parameters.json | 9 ++ .../factories/.test/parameters.json | 28 +++- .../factories/deploy.bicep | 24 +++ .../managedVirtualNetwork/deploy.bicep | 16 ++ .../managedPrivateEndpoints/deploy.bicep | 59 ++++++++ .../managedPrivateEndpoints/readme.md | 49 ++++++ .../managedPrivateEndpoints/version.json | 0 .../factories/managedVirtualNetwork/readme.md | 51 +++++++ .../Microsoft.DataFactory/factories/readme.md | 143 +++++++++++++++++- .../datafactoryportal.parameters.json | 17 +++ .../staticValidation/module.tests.ps1 | 2 +- 11 files changed, 395 insertions(+), 3 deletions(-) create mode 100644 modules/Microsoft.DataFactory/factories/.test/min.parameters.json create mode 100644 modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/deploy.bicep create mode 100644 modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/readme.md create mode 100644 modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json create mode 100644 utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json diff --git a/modules/Microsoft.DataFactory/factories/.test/min.parameters.json b/modules/Microsoft.DataFactory/factories/.test/min.parameters.json new file mode 100644 index 0000000000..6292c1631a --- /dev/null +++ b/modules/Microsoft.DataFactory/factories/.test/min.parameters.json @@ -0,0 +1,9 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-adf-001" + } + } +} diff --git a/modules/Microsoft.DataFactory/factories/.test/parameters.json b/modules/Microsoft.DataFactory/factories/.test/parameters.json index e1fa770665..628aa9d1b6 100644 --- a/modules/Microsoft.DataFactory/factories/.test/parameters.json +++ b/modules/Microsoft.DataFactory/factories/.test/parameters.json @@ -11,6 +11,18 @@ "managedVirtualNetworkName": { "value": "default" }, + "managedPrivateEndpoints": { + "value": [ + { + "name": "adp<>azsax001-managed-privateEndpoint", + "groupId": "blob", + "fqdns": [ + "adp<>azsax001.blob.core.windows.net" + ], + "privateLinkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + } + ] + }, "integrationRuntime": { "value": { "name": "AutoResolveIntegrationRuntime", @@ -66,7 +78,21 @@ "value": [ { "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "dataFactory" + "service": "dataFactory", + "privateDnsZoneGroups": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net" + ] + } + }, + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "portal", + "privateDnsZoneGroups": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com" + ] + } } ] }, diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index 28829aa852..7f43e0820b 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -4,6 +4,9 @@ param name string @description('Optional. The name of the Managed Virtual Network.') param managedVirtualNetworkName string = '' +@description('Optional. Configuration Details for managed private endpoints in the managed virtual network.') +param managedPrivateEndpoints array = [] + @description('Optional. The object for the configuration of a Integration Runtime.') param integrationRuntime object = {} @@ -206,6 +209,7 @@ module dataFactory_managedVirtualNetwork 'managedVirtualNetwork/deploy.bicep' = params: { name: managedVirtualNetworkName dataFactoryName: dataFactory.name + managedPrivateEndpoints: managedPrivateEndpoints enableDefaultTelemetry: enableReferencedModulesTelemetry } } @@ -258,6 +262,26 @@ module dataFactory_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for } }] +module dataFactory_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { + name: '${uniqueString(deployment().name, location)}-DataFactory-PrivateEndpoint-${index}' + params: { + groupIds: [ + privateEndpoint.service + ] + name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(dataFactory.id, '/'))}-${privateEndpoint.service}-${index}' + serviceResourceId: dataFactory.id + subnetResourceId: privateEndpoint.subnetResourceId + enableDefaultTelemetry: enableReferencedModulesTelemetry + location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location + lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock + privateDnsZoneGroup: contains(privateEndpoint, 'privateDnsZoneGroup') ? privateEndpoint.privateDnsZoneGroup : {} + roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : [] + tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {} + manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] + customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] + } +}] + @description('The Name of the Azure Data Factory instance.') output name string = dataFactory.name diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep index 5542692daf..58954920cc 100644 --- a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep @@ -4,6 +4,9 @@ param dataFactoryName string @description('Required. The name of the Managed Virtual Network.') param name string +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param managedPrivateEndpoints array = [] + @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true @@ -29,6 +32,19 @@ resource managedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNe properties: {} } +module managedVirtualNetwork_managedPrivateEndpoint 'managedPrivateEndpoints/deploy.bicep' = [for (managedPrivateEndpoint, index) in managedPrivateEndpoints: { + name: '${deployment().name}-managedPrivateEndpoint-${index}' + params: { + dataFactoryName: dataFactoryName + managedVirtualNetworkName: name + name: managedPrivateEndpoint.name + fqdns: managedPrivateEndpoint.fqdns + groupId: managedPrivateEndpoint.groupId + privateLinkResourceId: managedPrivateEndpoint.privateLinkResourceId + enableDefaultTelemetry: enableDefaultTelemetry + } +}] + @description('The name of the Resource Group the Managed Virtual Network was created in.') output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/deploy.bicep b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/deploy.bicep new file mode 100644 index 0000000000..377b29ed3c --- /dev/null +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/deploy.bicep @@ -0,0 +1,59 @@ +@description('Conditional. The name of the parent data factory. Required if the template is used in a standalone deployment.') +param dataFactoryName string + +@description('Required. The name of the parent managed virtual network.') +param managedVirtualNetworkName string + +@description('Required. The managed privated endpoint resource name.') +param name string + +@description('Required. The groupId to which the managed private endpoint is created.') +param groupId string + +@description('Required. Fully qualified domain names.') +param fqdns array + +@description('Required. The ARM resource ID of the resource to which the managed private endpoint is created.') +param privateLinkResourceId string + +@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +param enableDefaultTelemetry bool = true + +resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' existing = { + name: dataFactoryName + + resource managedVirtualNetwork 'managedVirtualNetworks@2018-06-01' existing = { + name: managedVirtualNetworkName + } +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource managedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = { + name: name + parent: datafactory::managedVirtualNetwork + properties: { + fqdns: fqdns + groupId: groupId + privateLinkResourceId: privateLinkResourceId + } +} + +@description('The name of the deployed managed private endpoint.') +output name string = managedPrivateEndpoint.name + +@description('The resource ID of the deployed managed private endpoint.') +output resourceId string = managedPrivateEndpoint.id + +@description('The resource group of the deployed managed private endpoint.') +output resourceGroupName string = resourceGroup().name diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/readme.md b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/readme.md new file mode 100644 index 0000000000..95167dcece --- /dev/null +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/readme.md @@ -0,0 +1,49 @@ +# DataFactory Factories ManagedVirtualNetwork ManagedPrivateEndpoints `[Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints]` + +This module deploys a Managed Private Endpoint in a Managed Virtual Network for an Azure Data Factory + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks/managedPrivateEndpoints) | + +## Parameters + +**Required parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `fqdns` | array | Fully qualified domain names. | +| `groupId` | string | The groupId to which the managed private endpoint is created. | +| `managedVirtualNetworkName` | string | The name of the parent managed virtual network. | +| `name` | string | The managed privated endpoint resource name. | +| `privateLinkResourceId` | string | The ARM resource ID of the resource to which the managed private endpoint is created. | + +**Conditional parameters** +| Parameter Name | Type | Description | +| :-- | :-- | :-- | +| `dataFactoryName` | string | The name of the parent data factory. Required if the template is used in a standalone deployment. | + +**Optional parameters** +| Parameter Name | Type | Default Value | Description | +| :-- | :-- | :-- | :-- | +| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | + + +### Parameter Usage: `` + +// TODO: Fill in Parameter usage + +## Outputs + +| Output Name | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the deployed managed private endpoint. | +| `resourceGroupName` | string | The resource group of the deployed managed private endpoint. | +| `resourceId` | string | The resource ID of the deployed managed private endpoint. | diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json new file mode 100644 index 0000000000..e69de29bb2 diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md index 9744293605..d4779e58c6 100644 --- a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md @@ -13,6 +13,7 @@ This module deploys a Managed Virtual Network for an Azure Data Factory | Resource Type | API Version | | :-- | :-- | | `Microsoft.DataFactory/factories/managedVirtualNetworks` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) | +| `Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks/managedPrivateEndpoints) | ## Parameters @@ -30,8 +31,58 @@ This module deploys a Managed Virtual Network for an Azure Data Factory | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `managedPrivateEndpoints` | _[managedPrivateEndpoints](managedPrivateEndpoints/readme.md)_ array | `[]` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +### Parameter Usage: `managedPrivateEndpoints` + +To use Managed Private Endpoints the following dependencies must be deployed: + +- Destination private link resource must be created before and permissions allow requesting a private link connection to that resource. + +
+ +Parameter JSON format + +```json +"managedPrivateEndpoints": { + "value": [ + { + "name": "mystorageaccount-managed-privateEndpoint", // Required: The managed privated endpoint resource name + "groupId": "blob", // Required: The groupId to which the managed private endpoint is created + "fqdns": [ + "mystorageaccount.blob.core.windows.net" // Required: Fully qualified domain names + ], + "privateLinkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount" + // Required: The ARM resource ID of the resource to which the managed private endpoint is created. + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +managedPrivateEndpoints: [ + // Example showing all available fields + { + name: 'mystorageaccount-managed-privateEndpoint' // Required: The managed privated endpoint resource name + groupId: 'blob' // Required: The groupId to which the managed private endpoint is created + fqdns: [ + 'mystorageaccount.blob.core.windows.net' // Required: Fully qualified domain names + ] + privateLinkResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount' + } // Required: The ARM resource ID of the resource to which the managed private endpoint is created. +] +``` + +
+

+ ## Outputs | Output Name | Type | Description | diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 5eb2f05bfe..39dd677513 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -16,7 +16,10 @@ | `Microsoft.DataFactory/factories` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories) | | `Microsoft.DataFactory/factories/integrationRuntimes` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/integrationRuntimes) | | `Microsoft.DataFactory/factories/managedVirtualNetworks` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) | +| `Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks/managedPrivateEndpoints) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | +| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | ## Parameters @@ -51,6 +54,7 @@ | `integrationRuntime` | _[integrationRuntime](integrationRuntime/readme.md)_ object | `{object}` | | The object for the configuration of a Integration Runtime. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | +| `managedPrivateEndpoints` | array | `[]` | | Configuration Details for managed private endpoints in the managed virtual network. | | `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | @@ -270,6 +274,56 @@ privateEndpoints: [

+### Parameter Usage: `managedPrivateEndpoints` + +To use Managed Private Endpoints the following dependencies must be deployed: + +- The `managedVirtualNetworkName` property must be set to allow provisioning of a managed virtual network in Azure Data Factory. +- Destination private link resource must be created before and permissions allow requesting a private link connection to that resource. + +

+ +Parameter JSON format + +```json +"managedPrivateEndpoints": { + "value": [ + { + "name": "mystorageaccount-managed-privateEndpoint", // Required: The managed privated endpoint resource name + "groupId": "blob", // Required: The groupId to which the managed private endpoint is created + "fqdns": [ + "mystorageaccount.blob.core.windows.net" // Required: Fully qualified domain names + ], + "privateLinkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount" + // Required: The ARM resource ID of the resource to which the managed private endpoint is created. + } + ] +} +``` + +
+ +
+ +Bicep format + +```bicep +managedPrivateEndpoints: [ + // Example showing all available fields + { + name: 'mystorageaccount-managed-privateEndpoint' // Required: The managed privated endpoint resource name + groupId: 'blob' // Required: The groupId to which the managed private endpoint is created + fqdns: [ + 'mystorageaccount.blob.core.windows.net' // Required: Fully qualified domain names + ] + privateLinkResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount' + } // Required: The ARM resource ID of the resource to which the managed private endpoint is created. +] +``` + +
+

+ ## Outputs | Output Name | Type | Description | @@ -286,7 +340,44 @@ The following module usage examples are retrieved from the content of the files >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Parameters

+

Example 1: Min

+ +
+ +via Bicep module + +```bicep +module factories './Microsoft.DataFactory/factories/deploy.bicep' = { + name: '${uniqueString(deployment().name)}-factories' + params: { + name: '<>-adf-001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "<>-adf-001" + } + } +} +``` + +
+

+ +

Example 2: Parameters

@@ -319,12 +410,36 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { } } lock: 'CanNotDelete' + managedPrivateEndpoints: [ + { + fqdns: [ + 'adp<>azsax001.blob.core.windows.net' + ] + groupId: 'blob' + name: 'adp<>azsax001-managed-privateEndpoint' + privateLinkResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' + } + ] managedVirtualNetworkName: 'default' privateEndpoints: [ { + privateDnsZoneGroups: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net' + ] + } service: 'dataFactory' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' } + { + privateDnsZoneGroups: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com' + ] + } + service: 'portal' + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -402,14 +517,40 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { "lock": { "value": "CanNotDelete" }, + "managedPrivateEndpoints": { + "value": [ + { + "fqdns": [ + "adp<>azsax001.blob.core.windows.net" + ], + "groupId": "blob", + "name": "adp<>azsax001-managed-privateEndpoint", + "privateLinkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" + } + ] + }, "managedVirtualNetworkName": { "value": "default" }, "privateEndpoints": { "value": [ { + "privateDnsZoneGroups": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net" + ] + }, "service": "dataFactory", "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + }, + { + "privateDnsZoneGroups": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com" + ] + }, + "service": "portal", + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" } ] }, diff --git a/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json new file mode 100644 index 0000000000..e9400eef5d --- /dev/null +++ b/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "name": { + "value": "privatelink.adf.azure.com" + }, + "virtualNetworkLinks": { + "value": [ + { + "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001", + "registrationEnabled": false + } + ] + } + } +} diff --git a/utilities/pipelines/staticValidation/module.tests.ps1 b/utilities/pipelines/staticValidation/module.tests.ps1 index f56ade5995..5a61910060 100644 --- a/utilities/pipelines/staticValidation/module.tests.ps1 +++ b/utilities/pipelines/staticValidation/module.tests.ps1 @@ -1063,7 +1063,7 @@ Describe "API version tests [All apiVersions in the template should be 'recent'] } break } - { $PSItem -like '*privateEndpoints' } { + { $PSItem -like '*privateEndpoints' -and ($PSItem -notlike '*managedPrivateEndpoints') } { $testCases += @{ moduleName = $moduleFolderName resourceType = 'privateEndpoints' From a2d936e5d63ed1dc5d3d554e71c1f3215e4f3c22 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Tue, 26 Jul 2022 22:37:31 +1000 Subject: [PATCH 2/6] updated min-adf name --- .../Microsoft.DataFactory/factories/.test/min.parameters.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/Microsoft.DataFactory/factories/.test/min.parameters.json b/modules/Microsoft.DataFactory/factories/.test/min.parameters.json index 6292c1631a..f432bf3874 100644 --- a/modules/Microsoft.DataFactory/factories/.test/min.parameters.json +++ b/modules/Microsoft.DataFactory/factories/.test/min.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-adf-001" + "value": "<>-adf-min-001" } } } From 6d5e9a0ea3ae8fa2f3e18ac728968fbe9014011b Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Tue, 26 Jul 2022 22:42:56 +1000 Subject: [PATCH 3/6] updated readme name --- modules/Microsoft.DataFactory/factories/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 39dd677513..27e59417c9 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -350,7 +350,7 @@ The following module usage examples are retrieved from the content of the files module factories './Microsoft.DataFactory/factories/deploy.bicep' = { name: '${uniqueString(deployment().name)}-factories' params: { - name: '<>-adf-001' + name: '<>-adf-min-001' } } ``` @@ -368,7 +368,7 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-adf-001" + "value": "<>-adf-min-001" } } } From 898b78f5f95c849b3316c904d702f6d55ce0cfe8 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Fri, 29 Jul 2022 12:45:37 +1000 Subject: [PATCH 4/6] Removed additional PE --- .../factories/.test/parameters.json | 9 --------- .../Microsoft.DataFactory/factories/readme.md | 18 ------------------ .../datafactoryportal.parameters.json | 17 ----------------- 3 files changed, 44 deletions(-) delete mode 100644 utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json diff --git a/modules/Microsoft.DataFactory/factories/.test/parameters.json b/modules/Microsoft.DataFactory/factories/.test/parameters.json index 628aa9d1b6..53bdc9cc7b 100644 --- a/modules/Microsoft.DataFactory/factories/.test/parameters.json +++ b/modules/Microsoft.DataFactory/factories/.test/parameters.json @@ -84,15 +84,6 @@ "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net" ] } - }, - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "portal", - "privateDnsZoneGroups": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com" - ] - } } ] }, diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 27e59417c9..671627fd48 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -431,15 +431,6 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { service: 'dataFactory' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' } - { - privateDnsZoneGroups: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com' - ] - } - service: 'portal' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } ] publicNetworkAccess: 'Disabled' roleAssignments: [ @@ -542,15 +533,6 @@ module factories './Microsoft.DataFactory/factories/deploy.bicep' = { }, "service": "dataFactory", "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - { - "privateDnsZoneGroups": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.adf.azure.com" - ] - }, - "service": "portal", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" } ] }, diff --git a/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json b/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json deleted file mode 100644 index e9400eef5d..0000000000 --- a/utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/datafactoryportal.parameters.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "privatelink.adf.azure.com" - }, - "virtualNetworkLinks": { - "value": [ - { - "virtualNetworkResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001", - "registrationEnabled": false - } - ] - } - } -} From 87f0b1bd08913ee6b6dc4e5cf809feeaa49b4a42 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Fri, 29 Jul 2022 12:49:12 +1000 Subject: [PATCH 5/6] updated version --- .../managedPrivateEndpoints/version.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json index e69de29bb2..56f8d9ca40 100644 --- a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints/version.json @@ -0,0 +1,4 @@ +{ + "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", + "version": "0.4" +} From 6cc5455cdd273d6a704806ac57ab4c6802ff42c8 Mon Sep 17 00:00:00 2001 From: Ahmad Abdalla <28486158+ahmadabdalla@users.noreply.github.com> Date: Wed, 3 Aug 2022 08:24:22 +1000 Subject: [PATCH 6/6] Updated based on PR feedback --- modules/Microsoft.DataFactory/factories/deploy.bicep | 2 +- .../factories/managedVirtualNetwork/deploy.bicep | 6 ++++-- .../factories/managedVirtualNetwork/readme.md | 2 +- modules/Microsoft.DataFactory/factories/readme.md | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index 7f43e0820b..a297914769 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -4,7 +4,7 @@ param name string @description('Optional. The name of the Managed Virtual Network.') param managedVirtualNetworkName string = '' -@description('Optional. Configuration Details for managed private endpoints in the managed virtual network.') +@description('Optional. An array of managed private endpoints objects created in the Data Factory managed virtual network.') param managedPrivateEndpoints array = [] @description('Optional. The object for the configuration of a Integration Runtime.') diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep index 58954920cc..1523bd71e1 100644 --- a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/deploy.bicep @@ -4,12 +4,14 @@ param dataFactoryName string @description('Required. The name of the Managed Virtual Network.') param name string -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') +@description('Optional. An array of managed private endpoints objects created in the Data Factory managed virtual network.') param managedPrivateEndpoints array = [] @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') param enableDefaultTelemetry bool = true +var enableReferencedModulesTelemetry = false + resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' properties: { @@ -41,7 +43,7 @@ module managedVirtualNetwork_managedPrivateEndpoint 'managedPrivateEndpoints/dep fqdns: managedPrivateEndpoint.fqdns groupId: managedPrivateEndpoint.groupId privateLinkResourceId: managedPrivateEndpoint.privateLinkResourceId - enableDefaultTelemetry: enableDefaultTelemetry + enableDefaultTelemetry: enableReferencedModulesTelemetry } }] diff --git a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md index d4779e58c6..019ba34dce 100644 --- a/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md +++ b/modules/Microsoft.DataFactory/factories/managedVirtualNetwork/readme.md @@ -31,7 +31,7 @@ This module deploys a Managed Virtual Network for an Azure Data Factory | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `managedPrivateEndpoints` | _[managedPrivateEndpoints](managedPrivateEndpoints/readme.md)_ array | `[]` | Enable telemetry via the Customer Usage Attribution ID (GUID). | +| `managedPrivateEndpoints` | _[managedPrivateEndpoints](managedPrivateEndpoints/readme.md)_ array | `[]` | An array of managed private endpoints objects created in the Data Factory managed virtual network. | ### Parameter Usage: `managedPrivateEndpoints` diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 671627fd48..643b3aca33 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -54,7 +54,7 @@ | `integrationRuntime` | _[integrationRuntime](integrationRuntime/readme.md)_ object | `{object}` | | The object for the configuration of a Integration Runtime. | | `location` | string | `[resourceGroup().location]` | | Location for all Resources. | | `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `managedPrivateEndpoints` | array | `[]` | | Configuration Details for managed private endpoints in the managed virtual network. | +| `managedPrivateEndpoints` | array | `[]` | | An array of managed private endpoints objects created in the Data Factory managed virtual network. | | `managedVirtualNetworkName` | string | `''` | | The name of the Managed Virtual Network. | | `privateEndpoints` | array | `[]` | | Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | | `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. |