Home > Back-end >  Azure Synapse Private Endpoint Approve
Azure Synapse Private Endpoint Approve

Time:09-23

Via some Terraform scripts within a CICD process I am trying to create a Managed private Endpoint for an Azure SQL Server Linked service. This is successful using the following code:

resource "azurerm_synapse_managed_private_endpoint" "mi_metadata_transform_sql_server_private_endpoint" {
name                 = "mi_synapse_metadata_transform_private_endpoint"
subresource_name     = "sqlServer"
synapse_workspace_id = module.mi_synapse_workspace.synapse_workspace_id
target_resource_id   = azurerm_mssql_server.mi-metadata-transform-sql-server.id}

But that leaves the Endpoint in a "Pending Approval State". So adding the code below which is based on some of our existing code that approves some storage via Bash, I decided to copy that code and adjust accordingly for SQL Server. And this is where my problem begins.....

function enable_sql_private_endpoint {
        endpoints=$(az sql server show --name $1 -g ${{ parameters.resourceGroupName }} --subscription $(serviceConnection) --query  "privateEndpointConnections[?properties.privateLinkServiceConnectionState.status=='Pending'].id" -o tsv)        
        for endpoint in $endpoints 
        do
          az sql server private-endpoint-connection approve --account-name $1 --name $endpoint --resource-group ${{ parameters.resourceGroupName }} --subscription  $(serviceConnection)
        done
        }


    sqlServers="$(az sql server list -g ${{ parameters.resourceGroupName }} --query '[].name' --subscription $(serviceConnection) -o tsv)"

    for sqlServerName in $sqlServers
    do
        echo "Processing $sqlServerName ========================================="
        enable_sql_private_endpoint  $sqlServerName
    done

The code above is executed in a further step in a YAML file and in it's simplest terms:

  • YAML Orchestrator File executed via CICD
  • Terraform Script called to create resource (code snippet 1)
  • Another YAML file executed to approve endpoints using inline Bash (code snippet 2)

The problem is with az sql server private-endpoint-connection approve and that it doesn't exist. When I review this link I cannot see anything remotely like the approve option for SQL Server Endpoints like what Storage or MySQL have. Any help would be appreciated on how this can be achieved

CodePudding user response:

Currently, you can't approve a Managed Private Endpoint using Terraform.

Note: Azure PowerShell and Azure CLI are the preferred methods for managing Private Endpoint connections on Microsoft Partner Services or customer owned services.

For more details, refer to Manage Private Endpoint connections on a customer/partner owned Private Link service.

CodePudding user response:

In the end, this is what I used in my YAML / Bash to get things working:

        sqlServers="$(az sql server list -g ${{ parameters.resourceGroupName }} --query '[].name' --subscription $(serviceConnection) -o tsv)"

    for sqlServerName in $sqlServers
    do
      echo "Processing $sqlServerName ========================================="
      enable_sql_private_endpoint  $sqlServerName
    done

and

        function enable_sql_private_endpoint {
    endpoints=$(az sql server show --name $1 -g ${{ parameters.resourceGroupName }} --subscription $(serviceConnection) --query  "privateEndpointConnections[?properties.privateLinkServiceConnectionState.status=='Pending'].id" -o tsv)        
    for endpoint in $endpoints 
    do
      az network private-endpoint-connection approve -g  ${{ parameters.resourceGroupName }} --subscription $(serviceConnection) --id $endpoint  --type Microsoft.Sql/servers --description "Approved" --resource-name $1
    done
    }

With the following line being the key syntax to use if anyone ever encounters such a similar scenario in their CICD with Syanpse and Managed Private Endpoints:

az storage account private-endpoint-connection approve --account-name $1 --name $endpoint --resource-group ${{ parameters.resourceGroupName }} --subscription  $(serviceConnection)
  • Related