Skip to content

Commit 912fc9a

Browse files
danycontredanycontre
authored
Merge pull request #821 from Azure/pe-bug
Fixing Bicep/ARM and portal UI logic when deploying private endpoints only for AVD resources but not for storage or key vault.
2 parents 87e1efd + c90fe6e commit 912fc9a

File tree

4 files changed

+58
-22
lines changed

4 files changed

+58
-22
lines changed

workload/arm/deploy-baseline.json

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
"_generator": {
66
"name": "bicep",
77
"version": "0.36.1.42791",
8-
"templateHash": "17376788752550162862"
8+
"templateHash": "6318565011260401924"
99
},
1010
"name": "AVD Accelerator - Baseline Deployment",
1111
"description": "AVD Accelerator - Deployment Baseline",
@@ -4186,7 +4186,9 @@
41864186
"ddosProtectionPlanName": {
41874187
"value": "[variables('varDDosProtectionPlanName')]"
41884188
},
4189-
"deployPrivateEndpointSubnet": "[if(or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService')), createObject('value', true()), createObject('value', false()))]",
4189+
"deployPrivateEndpointKeyvaultStorage": {
4190+
"value": "[parameters('deployPrivateEndpointKeyvaultStorage')]"
4191+
},
41904192
"deployAvdPrivateLinkService": {
41914193
"value": "[parameters('deployAvdPrivateLinkService')]"
41924194
},
@@ -4222,7 +4224,7 @@
42224224
"_generator": {
42234225
"name": "bicep",
42244226
"version": "0.36.1.42791",
4225-
"templateHash": "4472577546427038675"
4227+
"templateHash": "5233584855980936984"
42264228
},
42274229
"name": "AVD LZA networking",
42284230
"description": "This module deploys vNet, NSG, ASG, UDR, private DNs zones",
@@ -4344,16 +4346,16 @@
43444346
"description": "Deploy DDoS Network Protection for virtual network."
43454347
}
43464348
},
4347-
"deployPrivateEndpointSubnet": {
4349+
"deployPrivateEndpointKeyvaultStorage": {
43484350
"type": "bool",
43494351
"metadata": {
4350-
"description": "Optional. AVD Accelerator will deploy with private endpoints by default."
4352+
"description": "Deploys private endpoints for storage and key vault Services."
43514353
}
43524354
},
43534355
"deployAvdPrivateLinkService": {
43544356
"type": "bool",
43554357
"metadata": {
4356-
"description": "Optional. Deploys private endpoints for the AVD Private Link Service. (Default: false)"
4358+
"description": "Deploys private endpoints for the AVD Private Link Service."
43574359
}
43584360
},
43594361
"vnetAddressPrefixes": {
@@ -4395,7 +4397,7 @@
43954397
"createPrivateDnsZones": {
43964398
"type": "bool",
43974399
"metadata": {
4398-
"description": "Optional. Use Azure private DNS zones for private endpoints."
4400+
"description": "Use Azure private DNS zones for private endpoints."
43994401
}
44004402
},
44014403
"location": {
@@ -5154,7 +5156,7 @@
51545156
}
51555157
},
51565158
{
5157-
"condition": "[and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet'))]",
5159+
"condition": "[and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService')))]",
51585160
"type": "Microsoft.Resources/deployments",
51595161
"apiVersion": "2022-09-01",
51605162
"name": "[format('NSG-Private-Endpoint-{0}', parameters('time'))]",
@@ -6043,7 +6045,7 @@
60436045
}
60446046
},
60456047
{
6046-
"condition": "[and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet'))]",
6048+
"condition": "[and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService')))]",
60476049
"type": "Microsoft.Resources/deployments",
60486050
"apiVersion": "2022-09-01",
60496051
"name": "[format('Route-Table-PE-{0}', parameters('time'))]",
@@ -6402,7 +6404,7 @@
64026404
"value": "[parameters('dnsServers')]"
64036405
},
64046406
"peerings": "[if(parameters('createVnetPeering'), createObject('value', createArray(createObject('remoteVirtualNetworkId', parameters('existingHubVnetResourceId'), 'name', parameters('vnetPeeringName'), 'allowForwardedTraffic', true(), 'allowGatewayTransit', false(), 'allowVirtualNetworkAccess', true(), 'doNotVerifyRemoteGateways', true(), 'useRemoteGateways', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringEnabled', true(), 'remotePeeringName', parameters('remoteVnetPeeringName'), 'remotePeeringAllowForwardedTraffic', true(), 'remotePeeringAllowGatewayTransit', if(parameters('vNetworkGatewayOnHub'), true(), false()), 'remotePeeringAllowVirtualNetworkAccess', true(), 'remotePeeringDoNotVerifyRemoteGateways', true(), 'remotePeeringUseRemoteGateways', false()))), createObject('value', createArray()))]",
6405-
"subnets": "[if(parameters('deployPrivateEndpointSubnet'), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(and(parameters('createVnet'), parameters('deployPrivateEndpointSubnet')), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'serviceEndpoints', createArray(createObject('service', 'Microsoft.Storage', 'locations', createArray(format('{0}', parameters('location')))), createObject('service', 'Microsoft.KeyVault', 'locations', createArray(format('{0}', parameters('location')))))))))]",
6407+
"subnets": "[if(or(and(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService')), and(parameters('deployPrivateEndpointKeyvaultStorage'), not(parameters('deployAvdPrivateLinkService')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), if(and(not(parameters('deployPrivateEndpointKeyvaultStorage')), parameters('deployAvdPrivateLinkService')), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'serviceEndpoints', createArray(createObject('service', 'Microsoft.Storage', 'locations', createArray(format('{0}', parameters('location')))), createObject('service', 'Microsoft.KeyVault', 'locations', createArray(format('{0}', parameters('location')))))), createObject('name', parameters('vnetPrivateEndpointSubnetName'), 'addressPrefix', parameters('vnetPrivateEndpointSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-Private-Endpoint-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(and(parameters('createVnet'), or(parameters('deployPrivateEndpointKeyvaultStorage'), parameters('deployAvdPrivateLinkService'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-PE-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, '')))), createObject('value', createArray(createObject('name', parameters('vnetAvdSubnetName'), 'addressPrefix', parameters('vnetAvdSubnetAddressPrefix'), 'privateEndpointNetworkPolicies', 'Disabled', 'privateLinkServiceNetworkPolicies', 'Enabled', 'networkSecurityGroupResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('NSG-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'routeTableResourceId', if(parameters('createVnet'), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('Route-Table-AVD-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value, ''), 'serviceEndpoints', createArray(createObject('service', 'Microsoft.Storage', 'locations', createArray(format('{0}', parameters('location')))), createObject('service', 'Microsoft.KeyVault', 'locations', createArray(format('{0}', parameters('location'))))))))))]",
64066408
"ddosProtectionPlanResourceId": "[if(parameters('deployDDoSNetworkProtection'), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', format('{0}', parameters('workloadSubsId')), format('{0}', parameters('networkObjectsRgName'))), 'Microsoft.Resources/deployments', format('DDoS-Protection-Plan-{0}', parameters('time'))), '2022-09-01').outputs.resourceId.value), createObject('value', ''))]",
64076409
"tags": {
64086410
"value": "[parameters('tags')]"

workload/bicep/deploy-baseline.bicep

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1141,8 +1141,10 @@ module networking './modules/networking/deploy.bicep' = if (createAvdVnet || cre
11411141
createVnetPeering: varCreateVnetPeering
11421142
deployDDoSNetworkProtection: deployDDoSNetworkProtection
11431143
ddosProtectionPlanName: varDDosProtectionPlanName
1144-
deployPrivateEndpointSubnet: (deployPrivateEndpointKeyvaultStorage || deployAvdPrivateLinkService) ? true : false //adding logic that will be used when also including AVD control plane PEs
1144+
1145+
deployPrivateEndpointKeyvaultStorage: deployPrivateEndpointKeyvaultStorage
11451146
deployAvdPrivateLinkService: deployAvdPrivateLinkService
1147+
11461148
vNetworkGatewayOnHub: vNetworkGatewayOnHub
11471149
existingHubVnetResourceId: existingHubVnetResourceId
11481150
location: avdDeploySessionHosts ? avdSessionHostLocation : avdManagementPlaneLocation

0 commit comments

Comments
 (0)