From 9ef6f01c86a608d14180deb18afc7b0faeb52c74 Mon Sep 17 00:00:00 2001 From: Dhruvkumar-Microsoft Date: Tue, 23 Sep 2025 11:27:23 +0530 Subject: [PATCH 1/2] enabled the public access for search service --- infra/main.bicep | 38 ++++++++++++++++++++------------------ infra/main_custom.bicep | 38 ++++++++++++++++++++------------------ 2 files changed, 40 insertions(+), 36 deletions(-) diff --git a/infra/main.bicep b/infra/main.bicep index 1b409557f..55cc21983 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1921,7 +1921,8 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { managedIdentities: { systemAssigned: true } - publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' + // publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' + publicNetworkAccess: 'Enabled' networkRuleSet: { bypass: 'AzureServices' } @@ -1951,23 +1952,24 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { principalType: 'ServicePrincipal' } ] - privateEndpoints: enablePrivateNetworking - ? [ - { - name: 'pep-search-${solutionSuffix}' - customNetworkInterfaceName: 'nic-search-${solutionSuffix}' - privateDnsZoneGroup: { - privateDnsZoneGroupConfigs: [ - { - privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.search]!.outputs.resourceId - } - ] - } - subnetResourceId: virtualNetwork!.outputs.subnetResourceIds[0] - service: 'searchService' - } - ] - : [] + privateEndpoints:[] + // privateEndpoints: enablePrivateNetworking + // ? [ + // { + // name: 'pep-search-${solutionSuffix}' + // customNetworkInterfaceName: 'nic-search-${solutionSuffix}' + // privateDnsZoneGroup: { + // privateDnsZoneGroupConfigs: [ + // { + // privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.search]!.outputs.resourceId + // } + // ] + // } + // subnetResourceId: virtualNetwork!.outputs.subnetResourceIds[0] + // service: 'searchService' + // } + // ] + // : [] } } diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index 021073c47..d9c6268ce 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -1962,7 +1962,8 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { managedIdentities: { systemAssigned: true } - publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' + // publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' + publicNetworkAccess: 'Enabled' networkRuleSet: { bypass: 'AzureServices' } @@ -1992,23 +1993,24 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { principalType: 'ServicePrincipal' } ] - privateEndpoints: enablePrivateNetworking - ? [ - { - name: 'pep-search-${solutionSuffix}' - customNetworkInterfaceName: 'nic-search-${solutionSuffix}' - privateDnsZoneGroup: { - privateDnsZoneGroupConfigs: [ - { - privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.search]!.outputs.resourceId - } - ] - } - subnetResourceId: virtualNetwork!.outputs.subnetResourceIds[0] - service: 'searchService' - } - ] - : [] + privateEndpoints:[] + // privateEndpoints: enablePrivateNetworking + // ? [ + // { + // name: 'pep-search-${solutionSuffix}' + // customNetworkInterfaceName: 'nic-search-${solutionSuffix}' + // privateDnsZoneGroup: { + // privateDnsZoneGroupConfigs: [ + // { + // privateDnsZoneResourceId: avmPrivateDnsZones[dnsZoneIndex.search]!.outputs.resourceId + // } + // ] + // } + // subnetResourceId: virtualNetwork!.outputs.subnetResourceIds[0] + // service: 'searchService' + // } + // ] + // : [] } } From ff1de98fc8f86d03ca7a54d593b24c23a8518465 Mon Sep 17 00:00:00 2001 From: Dhruvkumar-Microsoft Date: Tue, 23 Sep 2025 11:35:23 +0530 Subject: [PATCH 2/2] added the comments --- infra/main.bicep | 6 ++++++ infra/main_custom.bicep | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/infra/main.bicep b/infra/main.bicep index 55cc21983..eae09eacb 100644 --- a/infra/main.bicep +++ b/infra/main.bicep @@ -1921,6 +1921,9 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { managedIdentities: { systemAssigned: true } + + // Enabled the Public access because other services are not able to connect with search search AVM module when public access is disabled + // publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' publicNetworkAccess: 'Enabled' networkRuleSet: { @@ -1952,6 +1955,9 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { principalType: 'ServicePrincipal' } ] + + //Removing the Private endpoints as we are facing the issue with connecting to search service while comminicating with agents + privateEndpoints:[] // privateEndpoints: enablePrivateNetworking // ? [ diff --git a/infra/main_custom.bicep b/infra/main_custom.bicep index d9c6268ce..dfb8f7711 100644 --- a/infra/main_custom.bicep +++ b/infra/main_custom.bicep @@ -1962,6 +1962,9 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { managedIdentities: { systemAssigned: true } + + // Enabled the Public access because other services are not able to connect with search search AVM module when public access is disabled + // publicNetworkAccess: enablePrivateNetworking ? 'Disabled' : 'Enabled' publicNetworkAccess: 'Enabled' networkRuleSet: { @@ -1994,6 +1997,9 @@ module searchService 'br/public:avm/res/search/search-service:0.11.1' = { } ] privateEndpoints:[] + + // Removing the Private endpoints as we are facing the issue with connecting to search service while comminicating with agents + // privateEndpoints: enablePrivateNetworking // ? [ // {