feat: Added the ability to specify a custom resource group when deplo…

…ying a private endpoint (#787)
Azure · Apr 4, 2024 · c5bead3 · c5bead3
1 parent da0cbf9
commit c5bead3
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 8 deletions.
diff --git a/docs/static/includes/interfaces/int.pe.input.bicep b/docs/static/includes/interfaces/int.pe.input.bicep
@@ -1,17 +1,18 @@
 privateEndpoints: {
   {
-    roleAssignments : [...]
     lock: 'CanNotDelete'
-    tags: {...}
+    tags: {
+      'hidden-title': 'This is visible in the resource name'
+    }
     service: 'vault'
-    subnetResourceId: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}'
+    subnetResourceId: '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mysubnet'
     privateDnsZoneResourceIds: [
-      '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/privateDnsZones/{dnsZoneName}'
+      '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/privateDnsZones/myZone'
     ]
     applicationSecurityGroupResourceIds: [
-      '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/applicationSecurityGroups/{asgName}'
+      '/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/myRg/providers/Microsoft.Network/applicationSecurityGroups/myAsg'
     ]
-    customDnsConfigs: [ // this is an output in TF, check please
+    customDnsConfigs: [
       {
         fqdn: 'fqdn1.example.com'
         ipAddresses: [
@@ -29,5 +30,18 @@ privateEndpoints: {
         privateIpAddress: '10.0.0.7'
       }
     ]
+    roleAssignments: [
+      {
+        roleDefinitionIdOrName: 'Owner'
+        principalId: '11111111-1111-1111-1111-111111111111'
+        principalType: 'ServicePrincipal'
+      }
+      {
+        roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions','acdd72a7-3385-48ef-bd42-f606fba81ae7')
+        principalId: '11111111-1111-1111-1111-111111111111'
+        principalType: 'ServicePrincipal'
+      }
+    ]
+    resourceGroupName: 'mySecondaryRg'
   }
 }
diff --git a/docs/static/includes/interfaces/int.pe.udt.schema1.bicep b/docs/static/includes/interfaces/int.pe.udt.schema1.bicep
@@ -69,13 +69,17 @@ type privateEndpointType = {
 
   @description('Optional. Enable/Disable usage telemetry for module.')
   enableTelemetry: bool?
+
+  @description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.')
+  resourceGroupName: string?
 }[]?
 
 @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints privateEndpointType
 
 module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): {
   name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}'
+  scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
   params: {
     // Variant 1: A default service can be assumed (i.e., for services that only have one private endpoint type)
     name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}'
@@ -94,7 +98,7 @@ module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/pr
       {
         name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.?service ?? '>defaultServiceName<'}-${index}'
         properties: {
-          privateLinkServiceId: workspace.id
+          privateLinkServiceId: >singularMainResourceType<.id
           groupIds: [
             privateEndpoint.?service ?? '>defaultServiceName<'
           ]

diff --git a/docs/static/includes/interfaces/int.pe.udt.schema2.bicep b/docs/static/includes/interfaces/int.pe.udt.schema2.bicep
@@ -69,13 +69,17 @@ type privateEndpointType = {
 
   @description('Optional. Enable/Disable usage telemetry for module.')
   enableTelemetry: bool?
+
+  @description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.')
+  resourceGroupName: string?
 }[]?
 
 @description('Optional. Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible.')
 param privateEndpoints privateEndpointType
 
 module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/private-endpoint:X.Y.Z' = [for (privateEndpoint, index) in (privateEndpoints ?? []): {
   name: '${uniqueString(deployment().name, location)}->singularMainResourceType<-PrivateEndpoint-${index}'
+  scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
   params: {
     // Variant 2: A default service cannot be assumed (i.e., for services that have more than one private endpoint type, like Storage Account)
     name: privateEndpoint.?name ?? 'pep-${last(split(>singularMainResourceType>.id, '/'))}-${privateEndpoint.service}-${index}'
@@ -94,7 +98,7 @@ module >singularMainResourceType<_privateEndpoints 'br/public:avm/res/network/pr
       {
         name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(>singularMainResourceType<.id, '/'))}-${privateEndpoint.service}-${index}'
         properties: {
-          privateLinkServiceId: workspace.id
+          privateLinkServiceId: >singularMainResourceType<.id
           groupIds: [
             privateEndpoint.service
           ]