[Feature Request]: Discuss environment() function usage vs hardcoded value for privateDNSZone names

[eriqua]

Description

This issue is related to modules supporting Private Endpoints.
As part of the self-contained dependencies module testing, we are deploying privateDNSZone resources.
For some modules, currently only storage accounts and sql servers, we are leveraging the environment() function to derive the name of the privateDNSZone to create.

e.g. 'privatelink.blob.${environment().suffixes.storage}' = 'privatelink.blob.core.windows.net'

There are currently inconsistencies in environment() suffixes formatting, either including initial dot or not (Check https://learn.microsoft.com/en-us/azure/azure-resource-manager/bicep/bicep-functions-deployment#example-1)

  "suffixes": {
    "acrLoginServer": ".azurecr.io",
    "azureDatalakeAnalyticsCatalogAndJob": "azuredatalakeanalytics.net",
    "azureDatalakeStoreFileSystem": "azuredatalakestore.net",
    "azureFrontDoorEndpointSuffix": "azurefd.net",
    "keyvaultDns": ".vault.azure.net",
    "sqlServerHostname": ".database.windows.net",
    "storage": "core.windows.net"
  }

This is also tracked by Azure/bicep#5103

Discuss advantages of leveraging the environment() function (OPT1) vs the hardcoded value (OPT2).
Depending on the above:

1. OPT1 Align all privateDNSZone names to leverage the environment() function where not used (e.g. KeyVault, ACR)
2. OPT2 Align all privateDNSZone names to use hardcoded values

[ahmadabdalla]

@eriqua Interestingly I've just updated the service bus namespace to the new dependency approach and bicep didn't complain about hardcoding 'privatelink.servicebus.windows.net', unlike when I updated the storage account module. So could we also say that the experience is different for each resource type? And not just the "dot"?

[rahalan]

Team decides for option 1: Align all privateDNSZone names to leverage the environment() function where not used (e.g. KeyVault, ACR)

[rahalan]

This issue is not just about private DNS zone, but all other ones that are related to environments, like storage account for example

[AlexanderSehr]

Full output object for reference:

{
  "Type": "Object",
  "Value": {
    "name": "AzureCloud",
    "gallery": "https://gallery.azure.com/",
    "graph": "https://graph.windows.net/",
    "portal": "https://portal.azure.com",
    "graphAudience": "https://graph.windows.net/",
    "activeDirectoryDataLake": "https://datalake.azure.net/",
    "batch": "https://batch.core.windows.net/",
    "media": "https://rest.media.azure.net",
    "sqlManagement": "https://management.core.windows.net:8443/",
    "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json",
    "resourceManager": "https://management.azure.com/",
    "authentication": {
      "loginEndpoint": "https://login.microsoftonline.com/",
      "audiences": [
        "https://management.core.windows.net/",
        "https://management.azure.com/"
      ],
      "tenant": "common",
      "identityProvider": "AAD"
    },
    "suffixes": {
      "acrLoginServer": ".azurecr.io",
      "azureDatalakeAnalyticsCatalogAndJob": "azuredatalakeanalytics.net",
      "azureDatalakeStoreFileSystem": "azuredatalakestore.net",
      "azureFrontDoorEndpointSuffix": "azurefd.net",
      "keyvaultDns": ".vault.azure.net",
      "sqlServerHostname": ".database.windows.net",
      "storage": "core.windows.net"
    }
  }
}