Azure · ahmadabdalla · Aug 3, 2022 · Jul 26, 2022 · Jul 26, 2022 · Jul 26, 2022
@@ -0,0 +1,9 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "<<namePrefix>>-adf-min-001"
+        }
+    }
+}
@@ -11,6 +11,18 @@
         "managedVirtualNetworkName": {
             "value": "default"
         },
+        "managedPrivateEndpoints": {
+            "value": [
+                {
+                    "name": "adp<<namePrefix>>azsax001-managed-privateEndpoint",
+                    "groupId": "blob",
+                    "fqdns": [
+                        "adp<<namePrefix>>azsax001.blob.core.windows.net"
+                    ],
+                    "privateLinkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<<namePrefix>>azsax001"
+                }
+            ]
+        },
         "integrationRuntime": {
             "value": {
                 "name": "AutoResolveIntegrationRuntime",
@@ -66,7 +78,12 @@
             "value": [
                 {
                     "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "dataFactory"
+                    "service": "dataFactory",
+                    "privateDnsZoneGroups": {
+                        "privateDNSResourceIds": [
+                            "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.datafactory.azure.net"
+                        ]
+                    }
                 }
             ]
         },

@@ -4,6 +4,9 @@ param name string
 @description('Optional. The name of the Managed Virtual Network.')
 param managedVirtualNetworkName string = ''
 
+@description('Optional. An array of managed private endpoints objects created in the Data Factory managed virtual network.')
+param managedPrivateEndpoints array = []
+
 @description('Optional. The object for the configuration of a Integration Runtime.')
 param integrationRuntime object = {}
 
@@ -206,6 +209,7 @@ module dataFactory_managedVirtualNetwork 'managedVirtualNetwork/deploy.bicep' =
   params: {
     name: managedVirtualNetworkName
     dataFactoryName: dataFactory.name
+    managedPrivateEndpoints: managedPrivateEndpoints
     enableDefaultTelemetry: enableReferencedModulesTelemetry
   }
 }
@@ -258,6 +262,26 @@ module dataFactory_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for
   }
 }]
 
+module dataFactory_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: {
+  name: '${uniqueString(deployment().name, location)}-DataFactory-PrivateEndpoint-${index}'
+  params: {
+    groupIds: [
+      privateEndpoint.service
+    ]
+    name: contains(privateEndpoint, 'name') ? privateEndpoint.name : 'pe-${last(split(dataFactory.id, '/'))}-${privateEndpoint.service}-${index}'
+    serviceResourceId: dataFactory.id
+    subnetResourceId: privateEndpoint.subnetResourceId
+    enableDefaultTelemetry: enableReferencedModulesTelemetry
+    location: reference(split(privateEndpoint.subnetResourceId, '/subnets/')[0], '2020-06-01', 'Full').location
+    lock: contains(privateEndpoint, 'lock') ? privateEndpoint.lock : lock
+    privateDnsZoneGroup: contains(privateEndpoint, 'privateDnsZoneGroup') ? privateEndpoint.privateDnsZoneGroup : {}
+    roleAssignments: contains(privateEndpoint, 'roleAssignments') ? privateEndpoint.roleAssignments : []
+    tags: contains(privateEndpoint, 'tags') ? privateEndpoint.tags : {}
+    manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : []
+    customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : []
+  }
+}]
+
 @description('The Name of the Azure Data Factory instance.')
 output name string = dataFactory.name
 

@@ -4,9 +4,14 @@ param dataFactoryName string
 @description('Required. The name of the Managed Virtual Network.')
 param name string
 
+@description('Optional. An array of managed private endpoints objects created in the Data Factory managed virtual network.')
+param managedPrivateEndpoints array = []
+
 @description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
 param enableDefaultTelemetry bool = true
 
+var enableReferencedModulesTelemetry = false
+
 resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
   name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
   properties: {
@@ -29,6 +34,19 @@ resource managedVirtualNetwork 'Microsoft.DataFactory/factories/managedVirtualNe
   properties: {}
 }
 
+module managedVirtualNetwork_managedPrivateEndpoint 'managedPrivateEndpoints/deploy.bicep' = [for (managedPrivateEndpoint, index) in managedPrivateEndpoints: {
+  name: '${deployment().name}-managedPrivateEndpoint-${index}'
+  params: {
+    dataFactoryName: dataFactoryName
+    managedVirtualNetworkName: name
+    name: managedPrivateEndpoint.name
+    fqdns: managedPrivateEndpoint.fqdns
+    groupId: managedPrivateEndpoint.groupId
+    privateLinkResourceId: managedPrivateEndpoint.privateLinkResourceId
+    enableDefaultTelemetry: enableReferencedModulesTelemetry
+  }
+}]
+
 @description('The name of the Resource Group the Managed Virtual Network was created in.')
 output resourceGroupName string = resourceGroup().name
 

@@ -0,0 +1,59 @@
+@description('Conditional. The name of the parent data factory. Required if the template is used in a standalone deployment.')
+param dataFactoryName string
+
+@description('Required. The name of the parent managed virtual network.')
+param managedVirtualNetworkName string
+
+@description('Required. The managed privated endpoint resource name.')
+param name string
+
+@description('Required. The groupId to which the managed private endpoint is created.')
+param groupId string
+
+@description('Required. Fully qualified domain names.')
+param fqdns array
+
+@description('Required. The ARM resource ID of the resource to which the managed private endpoint is created.')
+param privateLinkResourceId string
+
+@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).')
+param enableDefaultTelemetry bool = true
+
+resource datafactory 'Microsoft.DataFactory/factories@2018-06-01' existing = {
+  name: dataFactoryName
+
+  resource managedVirtualNetwork 'managedVirtualNetworks@2018-06-01' existing = {
+    name: managedVirtualNetworkName
+  }
+}
+
+resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) {
+  name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}'
+  properties: {
+    mode: 'Incremental'
+    template: {
+      '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
+      contentVersion: '1.0.0.0'
+      resources: []
+    }
+  }
+}
+
+resource managedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {
+  name: name
+  parent: datafactory::managedVirtualNetwork
+  properties: {
+    fqdns: fqdns
+    groupId: groupId
+    privateLinkResourceId: privateLinkResourceId
+  }
+}
+
+@description('The name of the deployed managed private endpoint.')
+output name string = managedPrivateEndpoint.name
+
+@description('The resource ID of the deployed managed private endpoint.')
+output resourceId string = managedPrivateEndpoint.id
+
+@description('The resource group of the deployed managed private endpoint.')
+output resourceGroupName string = resourceGroup().name
@@ -0,0 +1,49 @@
+# DataFactory Factories ManagedVirtualNetwork ManagedPrivateEndpoints `[Microsoft.DataFactory/factories/managedVirtualNetwork/managedPrivateEndpoints]`
+
+This module deploys a Managed Private Endpoint in a Managed Virtual Network for an Azure Data Factory
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks/managedPrivateEndpoints) |
+
+## Parameters
+
+**Required parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `fqdns` | array | Fully qualified domain names. |
+| `groupId` | string | The groupId to which the managed private endpoint is created. |
+| `managedVirtualNetworkName` | string | The name of the parent managed virtual network. |
+| `name` | string | The managed privated endpoint resource name. |
+| `privateLinkResourceId` | string | The ARM resource ID of the resource to which the managed private endpoint is created. |
+
+**Conditional parameters**
+| Parameter Name | Type | Description |
+| :-- | :-- | :-- |
+| `dataFactoryName` | string | The name of the parent data factory. Required if the template is used in a standalone deployment. |
+
+**Optional parameters**
+| Parameter Name | Type | Default Value | Description |
+| :-- | :-- | :-- | :-- |
+| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+
+
+### Parameter Usage: `<ParameterPlaceholder>`
+
+// TODO: Fill in Parameter usage
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the deployed managed private endpoint. |
+| `resourceGroupName` | string | The resource group of the deployed managed private endpoint. |
+| `resourceId` | string | The resource ID of the deployed managed private endpoint. |
@@ -0,0 +1,4 @@
+{
+    "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json",
+    "version": "0.4"
+}
@@ -13,6 +13,7 @@ This module deploys a Managed Virtual Network for an Azure Data Factory
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.DataFactory/factories/managedVirtualNetworks` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) |
+| `Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks/managedPrivateEndpoints) |
 
 ## Parameters
 
@@ -30,8 +31,58 @@ This module deploys a Managed Virtual Network for an Azure Data Factory
 | Parameter Name | Type | Default Value | Description |
 | :-- | :-- | :-- | :-- |
 | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). |
+| `managedPrivateEndpoints` | _[managedPrivateEndpoints](managedPrivateEndpoints/readme.md)_ array | `[]` | An array of managed private endpoints objects created in the Data Factory managed virtual network. |
 
 
+### Parameter Usage: `managedPrivateEndpoints`
+
+To use Managed Private Endpoints the following dependencies must be deployed:
+
+- Destination private link resource must be created before and permissions allow requesting a private link connection to that resource.
+
+<details>
+
+<summary>Parameter JSON format</summary>
+
+```json
+"managedPrivateEndpoints": {
+    "value": [
+        {
+            "name": "mystorageaccount-managed-privateEndpoint", // Required: The managed privated endpoint resource name
+            "groupId": "blob", // Required: The groupId to which the managed private endpoint is created
+            "fqdns": [
+                "mystorageaccount.blob.core.windows.net" // Required: Fully qualified domain names
+            ],
+            "privateLinkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount"
+            // Required: The ARM resource ID of the resource to which the managed private endpoint is created.
+        }
+    ]
+}
+```
+
+</details>
+
+<details>
+
+<summary>Bicep format</summary>
+
+```bicep
+managedPrivateEndpoints:  [
+    // Example showing all available fields
+    {
+        name: 'mystorageaccount-managed-privateEndpoint' // Required: The managed privated endpoint resource name
+        groupId: 'blob' // Required: The groupId to which the managed private endpoint is created
+        fqdns: [
+          'mystorageaccount.blob.core.windows.net' // Required: Fully qualified domain names
+        ]
+        privateLinkResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount'
+    } // Required: The ARM resource ID of the resource to which the managed private endpoint is created.
+]
+```
+
+</details>
+<p>
+
 ## Outputs
 
 | Output Name | Type | Description |