Merge pull request #156 from PerfectThymeTech/marvinbuss/private_endpoints

marvinbuss · web-flow · commit 438365a1910c · 2025-02-25T22:55:41.000+01:00
Enable creation of additional external private endpoints per app
diff --git a/main.tf b/main.tf
@@ -96,6 +96,7 @@ module "data_application" {
   storage_account_ids          = module.core.storage_account_ids
   databricks_workspace_details = module.core.databricks_workspace_details
   ai_services                  = try(each.value.ai_services, {})
+  private_endpoints            = try(each.value.private_endpoints, {})
   search_service_details       = try(each.value.ai_search, {})
   data_factory_details = {
     enabled = try(each.value.data_factory.enabled, false)
diff --git a/modules/dataapplication/privateendpoint.tf b/modules/dataapplication/privateendpoint.tf
@@ -0,0 +1,32 @@
+resource "azurerm_private_endpoint" "private_endpoint" {
+  for_each = var.private_endpoints
+
+  name                = "${local.prefix}-${each.key}-pe"
+  resource_group_name = azurerm_resource_group.resource_group_app.name
+  location            = var.location
+
+  custom_network_interface_name = "${local.prefix}-${each.key}-nic"
+  private_service_connection {
+    name                           = "${local.prefix}-${each.key}-svc"
+    is_manual_connection           = true
+    private_connection_resource_id = each.value.resource_id
+    request_message                = "Private Endpoint Connection Request from Data Landing Zone Stamp Application with prefix: ${local.prefix}"
+    subresource_names              = [each.value.subresource_name]
+  }
+  subnet_id = var.subnet_id_app
+  dynamic "private_dns_zone_group" {
+    for_each = each.value.private_dns_zone_id == "" ? [] : [1]
+    content {
+      name = "${local.prefix}-${each.key}-arecord"
+      private_dns_zone_ids = [
+        each.value.private_dns_zone_id
+      ]
+    }
+  }
+
+  lifecycle {
+    ignore_changes = [
+      private_dns_zone_group
+    ]
+  }
+}
diff --git a/modules/dataapplication/variables.tf b/modules/dataapplication/variables.tf
@@ -108,6 +108,25 @@ variable "ai_services" {
   }
 }
 
+variable "private_endpoints" {
+  description = "Specifies the map of private endpoints to be created for this application."
+  type = map(object({
+    resource_id         = string
+    subresource_name    = string
+    private_dns_zone_id = optional(string, "")
+  }))
+  sensitive = false
+  nullable  = false
+  default   = {}
+  validation {
+    condition = alltrue([
+      length([for resource_id in values(var.private_endpoints)[*].resource_id : resource_id if length(split("/", resource_id)) != 9]) <= 0,
+      length([for private_dns_zone_id in values(var.private_endpoints)[*].private_dns_zone_id : private_dns_zone_id if(private_dns_zone_id != "" && length(split("/", private_dns_zone_id)) != 9)]) <= 0,
+    ])
+    error_message = "Please specify a valid ai service configuration."
+  }
+}
+
 variable "data_factory_details" {
   description = "Specifies the data factory configuration details."
   type = object({
diff --git a/schemas/app.schema.json b/schemas/app.schema.json
@@ -310,6 +310,33 @@
         }
       }
     },
+    "private_endpoints": {
+      "description": "Specifies the private endpoints to be deployed for the application.",
+      "type": "object",
+      "patternProperties": {
+        "^.*$": {
+          "properties": {
+            "resource_id": {
+              "description": "Specifies the resource id to which the private endpoint should connect.",
+              "type": "string"
+            },
+            "subresource_name": {
+              "description": "Specifies the subresource name of the private endpoint.",
+              "type": "string"
+            },
+            "private_dns_zone_id": {
+              "description": "Specifies the private dns zone for the private endpoint.",
+              "type": "string"
+            }
+          },
+          "required": [
+            "resource_id",
+            "subresource_name"
+          ],
+          "additionalProperties": false
+        }
+      }
+    },
     "ai_search": {
       "description": "Specifies the ai search configuration for the app.",
       "type": "object",
diff --git a/tests/e2e/data-applications/app001.yml b/tests/e2e/data-applications/app001.yml
@@ -54,3 +54,8 @@ ai_search:
 
 data_factory:
   enabled: true
+
+private_endpoints:
+  stg:
+    resource_id: "/subscriptions/1fdab118-1638-419a-8b12-06c9543714a0/resourceGroups/tfmodule-test-rg/providers/Microsoft.Storage/storageAccounts/mytfteststg"
+    subresource_name: "blob"
diff --git a/tests/e2e/terraform.tf b/tests/e2e/terraform.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     azurerm = {
       source  = "hashicorp/azurerm"
-      version = "4.19.0"
+      version = "4.20.0"
     }
     azapi = {
       source  = "azure/azapi"

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`azurerm = {`
`6`	`6`	`source = "hashicorp/azurerm"`
`7`		`- version = "4.19.0"`
	`7`	`+ version = "4.20.0"`
`8`	`8`	`}`
`9`	`9`	`azapi = {`
`10`	`10`	`source = "azure/azapi"`