Resolve issues with colliding private endpoint names, and redundant private endpoints (#2740)

kachihro · pamelafox · web-flow · commit 07d26359ea7f · 2025-09-19T12:47:32.000-07:00
* Fix issue with BICEP, deployment template validation error

* Update private-endpoint.bicep

* Resolve issue with OpenAI missing A record due to duplicate inclusion

---------

Co-authored-by: Pamela Fox &lt;pamela.fox@gmail.com&gt;
diff --git a/infra/core/networking/private-endpoint.bicep b/infra/core/networking/private-endpoint.bicep
@@ -47,7 +47,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = {
     properties: {
       privateDnsZoneConfigs: !empty(dnsZoneId) ? [
         {
-          name: 'config1'
+          name: 'config-${name}-${dnsZoneId}'
           properties: {
             privateDnsZoneId: dnsZoneId
           }
diff --git a/infra/main.bicep b/infra/main.bicep
@@ -1212,8 +1212,9 @@ var cognitiveServicesPrivateEndpointConnection = (usePrivateEndpoint && (!useLoc
       {
         groupId: 'account'
         dnsZoneName: 'privatelink.cognitiveservices.azure.com'
+        // Only include generic Cognitive Services-based resources (Form Recognizer / Vision / Content Understanding)
+        // Azure OpenAI uses its own privatelink.openai.azure.com zone and already has a separate private endpoint above.
         resourceIds: concat(
-          [openAi.outputs.resourceId],
           !useLocalPdfParser ? [documentIntelligence.outputs.resourceId] : [],
           useMultimodal ? [vision.outputs.resourceId] : [],
           useMediaDescriberAzureCU ? [contentUnderstanding.outputs.resourceId] : []
diff --git a/infra/private-endpoints.bicep b/infra/private-endpoints.bicep
@@ -52,8 +52,9 @@ var privateEndpointInfo = [
     resourceId: resourceId
   })
 ]
-module privateEndpoints './core/networking/private-endpoint.bicep' = [for privateEndpointInfo in flatten(privateEndpointInfo): {
-  name: '${privateEndpointInfo.name}-privateendpoint'
+
+module privateEndpoints './core/networking/private-endpoint.bicep' = [for (privateEndpointInfo, i) in flatten(privateEndpointInfo): {
+  name: '${privateEndpointInfo.name}-${i}-privateendpoint'
   params: {
     location: location
     name: '${privateEndpointInfo.name}${abbrs.privateEndpoint}${resourceToken}'
@@ -82,6 +83,7 @@ module monitorDnsZones './core/networking/private-dns-zones.bicep' = [for monito
     virtualNetworkName: vnetName
   }
 }]
+
 // Get blob DNS zone index for monitor private link
 var blobEndpointInfo = filter(flatten(privateEndpointInfo), info => info.groupId == 'blob')
 // Assert that blob endpoints exist (required for this application)

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = {`
`47`	`47`	`properties: {`
`48`	`48`	`privateDnsZoneConfigs: !empty(dnsZoneId) ? [`
`49`	`49`	`{`
`50`		`- name: 'config1'`
	`50`	`+ name: 'config-${name}-${dnsZoneId}'`
`51`	`51`	`properties: {`
`52`	`52`	`privateDnsZoneId: dnsZoneId`
`53`	`53`	`}`