[Modules] Adding private DNS zones dependencies

.azuredevops/platformPipelines/platform.dependencies.yml

@@ -998,9 +998,72 @@ stages:
       - template: /.azuredevops/pipelineTemplates/jobs.validateModuleDeployment.yml
         parameters:
           deploymentBlocks:
-            - path: $(dependencyPath)/$(resourceType)/parameters/parameters.json
+            - path: $(dependencyPath)/$(resourceType)/parameters/automation.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Automation Account Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azconfig.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: App Configuration Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azurecr.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: ACR Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azureml.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Machine Learning Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azurestaticapps.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Static Apps Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azuresynapse.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Azure Synapse Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/azurewebsites.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Web Sites Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/batch.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Batch Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/blob.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Storage Blob Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/cognitiveservices.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Cognitive Services Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/database.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Database Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/datafactory.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Data Factory Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/eventgrid.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Event Grid Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/file.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Storage Files Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/monitor.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Monitoring Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/queue.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Storage Queue Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/redis.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Redis Cache Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/servicebus.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Service Bus Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/siterecovery.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Recovery Services Vault Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/table.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Storage Table Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/vaultcore.parameters.json
+              templateFilePath: $(templateFilePath)
+              displayName: Key Vault Private DNS Zone
+            - path: $(dependencyPath)/$(resourceType)/parameters/webpubsub.parameters.json
               templateFilePath: $(templateFilePath)
-              displayName: Default Private DNS Zones
+              displayName: Web PubSub Private DNS Zone
 
   - stage: deploy_vm
     displayName: Deploy virtual machines

.github/workflows/ms.cache.redis.yml

@@ -71,7 +71,7 @@ jobs:
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-          - name: Set environment variables
+      - name: Set environment variables
         uses: ./.github/actions/templates/setEnvironmentVariables
         with:
           variablesPath: ${{ env.variablesPath }}

.github/workflows/platform.dependencies.yml

@@ -1399,13 +1399,36 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        parameterFilePaths: ['parameters.json']
+        parameterFilePaths:
+          [
+            'automation.parameters.json',
+            'azconfig.parameters.json',
+            'azurecr.parameters.json',
+            'azureml.parameters.json',
+            'azurestaticapps.parameters.json',
+            'azuresynapse.parameters.json',
+            'azurewebsites.parameters.json',
+            'batch.parameters.json',
+            'blob.parameters.json',
+            'cognitiveservices.parameters.json',
+            'database.parameters.json',
+            'datafactory.parameters.json',
+            'eventgrid.parameters.json',
+            'file.parameters.json',
+            'monitor.parameters.json',
+            'queue.parameters.json',
+            'redis.parameters.json',
+            'servicebus.parameters.json',
+            'siterecovery.parameters.json',
+            'table.parameters.json',
+            'vaultcore.parameters.json',
+            'webpubsub.parameters.json'
+          ]
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v2
         with:
           fetch-depth: 0
-
       - name: 'Deploy module'
         uses: ./.github/actions/templates/validateModuleDeployment
         with:

docs/wiki/The CI environment - Pipeline design.md

@@ -228,7 +228,29 @@ This group of resources has a dependency on one or more resources in the groups
 This group of resources has a dependency on one or more resources in the groups above.
 
   1. Virtual Machine: This resource is depending on the \[virtual networks] and \[Key Vault] deployed above. This resource is leveraged by the \[network watcher] resource.
-  1. Private DNS zone: This resource is depending on the \[virtual networks] deployed above. This resource is leveraged by the \[private endpoint] resource.
+  1. Private DNS zones: This resource is depending on the \[virtual networks] deployed above. This resource is leveraged by the \[private endpoint] resource which is cross-referenced from all modules providing a private endpoint connection. Multiple instances are deployed:
+      - '_privatelink.azconfig.io_': Leveraged by the \[configuration store] resource.
+      - '_privatelink.azure-automation.net_': Leveraged by the \[automation account] resource.
+      - '_privatelink.batch.azure.com_': Leveraged by the \[batch account] resource.
+      - '_privatelink.redis.cache.windows.net_': Leveraged by the \[redis cache] resource.
+      - '_privatelink.cognitiveservices.azure.com_': Leveraged by the \[cognitive services account] resource.
+      - '_privatelink.azurecr.io_': Leveraged by the \[azure container registry] resource.
+      - '_privatelink.datafactory.azure.net_': Leveraged by the \[data factory] resource.
+      - '_privatelink.eventgrid.azure.net_': Leveraged by the \[event grid topic] resource.
+      - '_privatelink.servicebus.windows.net_': Leveraged by the \[service bus and event hub] resources.
+      - '_privatelink.monitor.azure.com_': Leveraged by the \[private link scope] resource.
+      - '_privatelink.api.azureml.ms_': Leveraged by the \[machine learning workspace] resource.
+      - '_privatelink.siterecovery.windowsazure.com_': Leveraged by the \[recovery services vault] resource.
+      - '_privatelink.azuresynapse.net_': Leveraged by the \[synapse] resource.
+      - '_privatelink.database.windows.net_': Leveraged by the \[sql server] resource.
+      - '_privatelink.azurewebsites.net_': Leveraged by the \[web site] resource.
+      - '_privatelink.azurestaticapps.net_': Leveraged by the \[web static site] resource.
+      - '_privatelink.blob.azure.com_': Leveraged by the \[storage account (blob)] resource.
+      - '_privatelink.file.azure.com_': Leveraged by the \[storage account (file)] resource.
+      - '_privatelink.queue.azure.com_': Leveraged by the \[storage account (queue)] resource.
+      - '_privatelink.table.azure.com_': Leveraged by the \[storage account (table)] resource.
+      - '_privatelink.vaultcore.azure.net_': Leveraged by the \[key vault] resource.
+      - '_privatelink.webpubsub.azure.net_': Leveraged by the \[web pubsub] resource.
 
 ### Required secrets and keys
 

modules/Microsoft.KeyVault/vaults/.test/parameters.json

@@ -18,7 +18,14 @@
             "value": [
                 {
                     "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "vault"
+                    "service": "vault",
+                    "privateDnsZoneGroups": [
+                        {
+                            "privateDNSResourceIds": [
+                                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
+                            ]
+                        }
+                    ]
                 }
             ]
         },

modules/Microsoft.KeyVault/vaults/readme.md

@@ -439,7 +439,14 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = {
             "value": [
                 {
                     "subnetResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints",
-                    "service": "vault"
+                    "service": "vault",
+                    "privateDnsZoneGroups": [
+                        {
+                            "privateDNSResourceIds": [
+                                "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
+                            ]
+                        }
+                    ]
                 }
             ]
         },
@@ -572,6 +579,13 @@ module vaults './Microsoft.KeyVault/vaults/deploy.bicep' = {
       {
         subnetResourceId: '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001/subnets/<<namePrefix>>-az-subnet-x-005-privateEndpoints'
         service: 'vault'
+        privateDnsZoneGroups: [
+          {
+            privateDNSResourceIds: [
+              '/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net'
+            ]
+          }
+        ]
       }
     ]
     networkAcls: {

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/automation.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azure-automation.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azconfig.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azconfig.io"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azurecr.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azurecr.io"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azureml.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.api.azureml.ms"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azurestaticapps.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azurestaticapps.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azuresynapse.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azuresynapse.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/azurewebsites.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.azurewebsites.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/batch.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.batch.azure.com"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/blob.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.blob.core.windows.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/cognitiveservices.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.cognitiveservices.azure.com"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}

utilities/pipelines/dependencies/Microsoft.Network/privateDnsZones/parameters/database.parameters.json

@@ -0,0 +1,17 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "name": {
+            "value": "privatelink.database.windows.net"
+        },
+        "virtualNetworkLinks": {
+            "value": [
+                {
+                    "virtualNetworkResourceId": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<<namePrefix>>-az-vnet-x-001",
+                    "registrationEnabled": false
+                }
+            ]
+        }
+    }
+}