From 2bef078219710110c3f291866f34dfa3dd332bbf Mon Sep 17 00:00:00 2001 From: kachihro Date: Thu, 18 Sep 2025 11:19:58 +1000 Subject: [PATCH 1/3] Fix issue with BICEP, deployment template validation error --- infra/private-endpoints.bicep | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/infra/private-endpoints.bicep b/infra/private-endpoints.bicep index 9037fcd274..16289e4a5e 100644 --- a/infra/private-endpoints.bicep +++ b/infra/private-endpoints.bicep @@ -52,8 +52,9 @@ var privateEndpointInfo = [ resourceId: resourceId }) ] -module privateEndpoints './core/networking/private-endpoint.bicep' = [for privateEndpointInfo in flatten(privateEndpointInfo): { - name: '${privateEndpointInfo.name}-privateendpoint' + +module privateEndpoints './core/networking/private-endpoint.bicep' = [for (privateEndpointInfo, i) in flatten(privateEndpointInfo): { + name: '${privateEndpointInfo.name}-${i}-privateendpoint' params: { location: location name: '${privateEndpointInfo.name}${abbrs.privateEndpoint}${resourceToken}' @@ -82,6 +83,7 @@ module monitorDnsZones './core/networking/private-dns-zones.bicep' = [for monito virtualNetworkName: vnetName } }] + // Get blob DNS zone index for monitor private link var blobEndpointInfo = filter(flatten(privateEndpointInfo), info => info.groupId == 'blob') // Assert that blob endpoints exist (required for this application) From 1d31be25dffc1b3345b148c30bc4add43848776a Mon Sep 17 00:00:00 2001 From: kachihro Date: Thu, 18 Sep 2025 13:14:31 +1000 Subject: [PATCH 2/3] Update private-endpoint.bicep --- infra/core/networking/private-endpoint.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/core/networking/private-endpoint.bicep b/infra/core/networking/private-endpoint.bicep index 07178d6675..8bce328aa2 100644 --- a/infra/core/networking/private-endpoint.bicep +++ b/infra/core/networking/private-endpoint.bicep @@ -47,7 +47,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-02-01' = { properties: { privateDnsZoneConfigs: !empty(dnsZoneId) ? [ { - name: 'config1' + name: 'config-${name}-${dnsZoneId}' properties: { privateDnsZoneId: dnsZoneId } From 29836a849a382171a95ff38245736a097f46d388 Mon Sep 17 00:00:00 2001 From: Pamela Fox Date: Fri, 19 Sep 2025 12:22:16 -0700 Subject: [PATCH 3/3] Resolve issue with OpenAI missing A record due to duplicate inclusion --- infra/main.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/infra/main.bicep b/infra/main.bicep index 146ba32ff4..91af1d8420 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1212,8 +1212,9 @@ var cognitiveServicesPrivateEndpointConnection = (usePrivateEndpoint && (!useLoc { groupId: 'account' dnsZoneName: 'privatelink.cognitiveservices.azure.com' + // Only include generic Cognitive Services-based resources (Form Recognizer / Vision / Content Understanding) + // Azure OpenAI uses its own privatelink.openai.azure.com zone and already has a separate private endpoint above. resourceIds: concat( - [openAi.outputs.resourceId], !useLocalPdfParser ? [documentIntelligence.outputs.resourceId] : [], useMultimodal ? [vision.outputs.resourceId] : [], useMediaDescriberAzureCU ? [contentUnderstanding.outputs.resourceId] : []