Bug Report: Policy initiative for HDInsight private endpoints uses "cluster" groupId, when available ones are "headnode" and "gateway"

Revisiting this issue as follow-up on #1510  ...
The built-in policy [PrivateDNSZone_DINE.json](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/HDInsight/PrivateDNSZone_DINE.json) uses a parameter for groupId, it is not hardcoded in the policy.

The issue is that the custom initiative specifies "cluster" for the parameter value, when the acceptable values are "gateway" and "headnode".

![Image](https://github.com/user-attachments/assets/267ddf56-5956-427f-8a68-45f3f6ea0c9a)

The initiative would also need two policyDefinitionReferenceIds, i.e. "DINE-Private-DNS-Azure-HDInsightHeadnode" and "DINE-Private-DNS-Azure-HDInsightGateway" or similar.

It is noticeable, however, that during my tests assigning the built-in policy with the correct groupId values, the zone is correctly associated with both gateway and headnode PEs, but no records are populated in them. 

![Image](https://github.com/user-attachments/assets/dd329476-d3ef-4ee1-b999-3d7dcca020fa)
![Image](https://github.com/user-attachments/assets/487af44d-ca72-456b-a0bd-c14cb1e92708)

According to [documentation](https://learn.microsoft.com/azure/hdinsight/hdinsight-private-link#ConfigureDNS), DNS entries are manual.

Cheers.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug Report: Policy initiative for HDInsight private endpoints uses "cluster" groupId, when available ones are "headnode" and "gateway" #2011

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bug Report: Policy initiative for HDInsight private endpoints uses "cluster" groupId, when available ones are "headnode" and "gateway" #2011

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions