Skip to content

Commit

Permalink
AVD Private Link (#692)
Browse files Browse the repository at this point in the history 
* uncommented private link from avm modules

* added private endpoints for avd

* updated readme links

* updated avd private link documentation

* deployment launcher fix (#696)

* PR 696 fix (#697)

* deployment launcher fix

* pr 696 fix

---------

Co-authored-by: Dany Contreras <[email protected]>
  • Loading branch information
@chbragg @danycontre
chbragg and danycontre authored Oct 31, 2024
1 parent aa5139e commit a3c4133
Show file tree
Hide file tree
Showing 10 changed files with 4,405 additions and 1,866 deletions.
200 changes: 100 additions & 100 deletions avm/1.0.0/res/desktop-virtualization/host-pool/main.bicep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,8 @@ param hostPoolType string = 'Pooled'
])
param publicNetworkAccess string = 'Enabled'

// @sys.description('Optional. Configuration details for private endpoints.')
// param privateEndpoints privateEndpointType
@sys.description('Optional. Configuration details for private endpoints.')
param privateEndpoints privateEndpointType

@sys.description('Optional. Set the type of assignment for a Personal Host Pool type.')
@allowed([
Expand Down Expand Up @@ -218,58 +218,58 @@ module keyVaultHostPoolSecret '../../../../../avm/1.0.0/res/key-vault/vault/secr
}
}

// module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.1' = [
// for (privateEndpoint, index) in (privateEndpoints ?? []): {
// name: '${uniqueString(deployment().name, location)}-hostPool-PrivateEndpoint-${index}'
// scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
// params: {
// name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
// privateLinkServiceConnections: privateEndpoint.?isManualConnection != true
// ? [
// {
// name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
// properties: {
// privateLinkServiceId: hostPool.id
// groupIds: [
// privateEndpoint.?service ?? 'connection'
// ]
// }
// }
// ]
// : null
// manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true
// ? [
// {
// name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
// properties: {
// privateLinkServiceId: hostPool.id
// groupIds: [
// privateEndpoint.?service ?? 'connection'
// ]
// requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.'
// }
// }
// ]
// : null
// subnetResourceId: privateEndpoint.subnetResourceId
// enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry
// location: privateEndpoint.?location ?? reference(
// split(privateEndpoint.subnetResourceId, '/subnets/')[0],
// '2020-06-01',
// 'Full'
// ).location
// lock: privateEndpoint.?lock ?? lock
// privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
// privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
// roleAssignments: privateEndpoint.?roleAssignments
// tags: privateEndpoint.?tags ?? tags
// customDnsConfigs: privateEndpoint.?customDnsConfigs
// ipConfigurations: privateEndpoint.?ipConfigurations
// applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds
// customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName
// }
// }
// ]
module hostPool_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.1' = [
for (privateEndpoint, index) in (privateEndpoints ?? []): {
name: '${uniqueString(deployment().name, location)}-hostPool-PrivateEndpoint-${index}'
scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
params: {
name: privateEndpoint.?name ?? 'pep-${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
privateLinkServiceConnections: privateEndpoint.?isManualConnection != true
? [
{
name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
properties: {
privateLinkServiceId: hostPool.id
groupIds: [
privateEndpoint.?service ?? 'connection'
]
}
}
]
: null
manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true
? [
{
name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(hostPool.id, '/'))}-${privateEndpoint.?service ?? 'connection'}-${index}'
properties: {
privateLinkServiceId: hostPool.id
groupIds: [
privateEndpoint.?service ?? 'connection'
]
requestMessage: privateEndpoint.?manualConnectionRequestMessage ?? 'Manual approval required.'
}
}
]
: null
subnetResourceId: privateEndpoint.subnetResourceId
enableTelemetry: privateEndpoint.?enableTelemetry ?? enableTelemetry
location: privateEndpoint.?location ?? reference(
split(privateEndpoint.subnetResourceId, '/subnets/')[0],
'2020-06-01',
'Full'
).location
// lock: privateEndpoint.?lock ?? lock
privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName
privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds
roleAssignments: privateEndpoint.?roleAssignments
tags: privateEndpoint.?tags ?? tags
customDnsConfigs: privateEndpoint.?customDnsConfigs
ipConfigurations: privateEndpoint.?ipConfigurations
applicationSecurityGroupResourceIds: privateEndpoint.?applicationSecurityGroupResourceIds
customNetworkInterfaceName: privateEndpoint.?customNetworkInterfaceName
}
}
]

// resource hostPool_lock 'Microsoft.Authorization/locks@2020-05-01' =
// if (!empty(lock ?? {}) && lock.?kind != 'None') {
Expand Down Expand Up @@ -402,64 +402,64 @@ type diagnosticSettingType = {
// delegatedManagedIdentityResourceId: string?
// }[]?

// type privateEndpointType = {
// @sys.description('Optional. The name of the private endpoint.')
// name: string?
type privateEndpointType = {
@sys.description('Optional. The name of the private endpoint.')
name: string?

// @sys.description('Optional. The location to deploy the private endpoint to.')
// location: string?
@sys.description('Optional. The location to deploy the private endpoint to.')
location: string?

// @sys.description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".')
// service: string?
@sys.description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".')
service: string?

// @sys.description('Required. Resource ID of the subnet where the endpoint needs to be created.')
// subnetResourceId: string
@sys.description('Required. Resource ID of the subnet where the endpoint needs to be created.')
subnetResourceId: string

// @sys.description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.')
// privateDnsZoneGroupName: string?
@sys.description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.')
privateDnsZoneGroupName: string?

// @sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
// privateDnsZoneResourceIds: string[]?
@sys.description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.')
privateDnsZoneResourceIds: string[]?

// @sys.description('Optional. If Manual Private Link Connection is required.')
// isManualConnection: bool?
@sys.description('Optional. If Manual Private Link Connection is required.')
isManualConnection: bool?

// @sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.')
// @maxLength(140)
// manualConnectionRequestMessage: string?
@sys.description('Optional. A message passed to the owner of the remote resource with the manual connection request.')
@maxLength(140)
manualConnectionRequestMessage: string?

// @sys.description('Optional. Custom DNS configurations.')
// customDnsConfigs: {
// @sys.description('Required. Fqdn that resolves to private endpoint IP address.')
// fqdn: string?
@sys.description('Optional. Custom DNS configurations.')
customDnsConfigs: {
@sys.description('Required. Fqdn that resolves to private endpoint IP address.')
fqdn: string?

// @sys.description('Required. A list of private IP addresses of the private endpoint.')
// ipAddresses: string[]
// }[]?
@sys.description('Required. A list of private IP addresses of the private endpoint.')
ipAddresses: string[]
}[]?

// @sys.description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.')
// ipConfigurations: {
// @sys.description('Required. The name of the resource that is unique within a resource group.')
// name: string
@sys.description('Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints.')
ipConfigurations: {
@sys.description('Required. The name of the resource that is unique within a resource group.')
name: string

// @sys.description('Required. Properties of private endpoint IP configurations.')
// properties: {
// @sys.description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.')
// groupId: string
@sys.description('Required. Properties of private endpoint IP configurations.')
properties: {
@sys.description('Required. The ID of a group obtained from the remote resource that this private endpoint should connect to.')
groupId: string

// @sys.description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.')
// memberName: string
@sys.description('Required. The member name of a group obtained from the remote resource that this private endpoint should connect to.')
memberName: string

// @sys.description('Required. A private IP address obtained from the private endpoint\'s subnet.')
// privateIPAddress: string
// }
// }[]?
@sys.description('Required. A private IP address obtained from the private endpoint\'s subnet.')
privateIPAddress: string
}
}[]?

// @sys.description('Optional. Application security groups in which the private endpoint IP configuration is included.')
// applicationSecurityGroupResourceIds: string[]?
@sys.description('Optional. Application security groups in which the private endpoint IP configuration is included.')
applicationSecurityGroupResourceIds: string[]?

// @sys.description('Optional. The custom name of the network interface attached to the private endpoint.')
// customNetworkInterfaceName: string?
@sys.description('Optional. The custom name of the network interface attached to the private endpoint.')
customNetworkInterfaceName: string?

// @sys.description('Optional. Specify the type of lock.')
// lock: lockType
Expand All @@ -473,9 +473,9 @@ type diagnosticSettingType = {
// @sys.description('Optional. Enable/Disable usage telemetry for module.')
// enableTelemetry: bool?

// @sys.description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.')
// resourceGroupName: string?
// }[]?
@sys.description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.')
resourceGroupName: string?
}[]?

// type lockType = {
// @sys.description('Optional. Specify the name of lock.')
Expand Down
Loading

0 comments on commit a3c4133

Please sign in to comment.