From ecc2062ddd5f4f0a2a89fc7cfeda0e41ee9e3df3 Mon Sep 17 00:00:00 2001 From: Yabo Hu Date: Wed, 8 Apr 2020 20:23:29 +0800 Subject: [PATCH 1/2] add guide for prive link resources --- .../examples/private-link-resource-example.md | 96 +++++++++++++++++++ 1 file changed, 96 insertions(+) create mode 100644 documentation/development-docs/examples/private-link-resource-example.md diff --git a/documentation/development-docs/examples/private-link-resource-example.md b/documentation/development-docs/examples/private-link-resource-example.md new file mode 100644 index 000000000000..78f108b914c5 --- /dev/null +++ b/documentation/development-docs/examples/private-link-resource-example.md @@ -0,0 +1,96 @@ +## `Prerequisite` +API for `Get` private link resource and private endpoint connection need to be ready at: +``` +"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources" +``` +``` +"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources/{PrivateLinkResource-Name}" +``` +``` +"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections/{PrivateEndpointConnection-Name}" +``` +``` +"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections" +``` + +## `Code Changes Needed` +Add corresponding {Provider}, {Top-Level-Resource} and {API-Version} into [GenericProvider.cs](https://github.com/VeryEarly/azure-powershell/blob/guide-for-general-private-link-resource/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/GenericProvider.cs#L28) +in following pattern: +``` +{"{Provider}/{Top-Level-Resource}", "{API-Version}"} +``` +For example: +``` +{"microsoft.sql/servers", "2018-06-01-preview"} +``` +``` +{"microsoft.insights/privatelinkscopes", "2019-10-17-preview"} +``` + +## `End-To-End Test` + +### Item Needed + ++ Top level resource +``` +New-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name} + +$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name} +``` + ++ private link resource +``` +$PrivateLinkResource = Get-AzPrivateLinkResource -PrivateLinkResourceId $TopLevelResource.Id +``` + ++ subnet config (object in memory) +``` +$SubnetConfig = New-AzVirtualNetworkSubnetConfig -Name {config_name} -AddressPrefix "11.0.1.0/24" -PrivateEndpointNetworkPolicies "Disabled" +``` + ++ virtual network +``` +New-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name} -Location {location} -AddressPrefix "11.0.0.0/16" -Subnet $SubnetConfig + +$VNet=Get-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name} +``` + ++ private link service connection (object in memory) +``` +$PLSConnection = New-AzPrivateLinkServiceConnection -Name {pls_connection_name} -PrivateLinkServiceId $TopLevelResource.Id -GroupId $TopLevelResource.GroupId +``` + ++ endpoint +``` +New-AzPrivateEndpoint -ResourceGroupName {rg_name} -Name {endpoint_name} -Location {location} -Subnet $VNet.subnets[0] -PrivateLinkServiceConnection $PLSConnection -ByManualRequest +``` + +### step-by-step +1. Create listed items above + +2. To get the connection, if `list` for private endpoint connection was supported, +``` +$connection = Get-AzPrivateEndpointConnection -PrivateLinkResourceId $TopLevelResource.Id +``` + +3. To get the connection, if `list` for private endpoint connection was not supported, +``` +$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name} + +$ConnectionId = $TopLevelResource.PrivateEndpointConnection[0].Id + +$Connection = Get-AzPrivateEndpointConnection -ResourceId $ConnectionId +``` + +4. Approve/Deny the connection +``` +Approve-AzPrivateEndpointConnection -ResourceId $ConnectionId + +or + +Deny-AzPrivateEndpointConnection -ResourceId $ConnectionId +``` + +5. Connection cannot be approved after rejection + +6. One top level resource can maximum 3 private end point connection \ No newline at end of file From efe36856ddc04aa5860ab25dd1b024a34478a865 Mon Sep 17 00:00:00 2001 From: Yabo Hu Date: Mon, 13 Apr 2020 16:16:55 +0800 Subject: [PATCH 2/2] update example --- .../examples/private-link-resource-example.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/documentation/development-docs/examples/private-link-resource-example.md b/documentation/development-docs/examples/private-link-resource-example.md index 78f108b914c5..5b048e95b581 100644 --- a/documentation/development-docs/examples/private-link-resource-example.md +++ b/documentation/development-docs/examples/private-link-resource-example.md @@ -1,11 +1,15 @@ ## `Prerequisite` API for `Get` private link resource and private endpoint connection need to be ready at: + +#### Private Link Resource API ``` "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources" ``` ``` "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources/{PrivateLinkResource-Name}" ``` + +#### Private Endpoint Connection API ``` "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections/{PrivateEndpointConnection-Name}" ``` @@ -14,17 +18,18 @@ API for `Get` private link resource and private endpoint connection need to be r ``` ## `Code Changes Needed` -Add corresponding {Provider}, {Top-Level-Resource} and {API-Version} into [GenericProvider.cs](https://github.com/VeryEarly/azure-powershell/blob/guide-for-general-private-link-resource/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/GenericProvider.cs#L28) +Add corresponding {Provider}, {Top-Level-Resource} and {API-Version} into [ProviderConfiguration.cs](https://github.com/Azure/azure-powershell/blob/master/src/Network/Network/PrivateLinkService/PrivateLinkServiceProvider/ProviderConfiguration.cs#L12) in following pattern: ``` -{"{Provider}/{Top-Level-Resource}", "{API-Version}"} +RegisterConfiguration("{Provider}/{Top-Level-Resource}", "{API-Version}") ``` For example: ``` -{"microsoft.sql/servers", "2018-06-01-preview"} +RegisterConfiguration("Microsoft.Sql/servers", "2018-06-01-preview") ``` +if "Private Endpoint Connection API" is not available, provide extra bool parameter 'false' ``` -{"microsoft.insights/privatelinkscopes", "2019-10-17-preview"} +RegisterConfiguration("Microsoft.Storage/storageAccounts", "2019-06-01", false) ``` ## `End-To-End Test` @@ -93,4 +98,4 @@ Deny-AzPrivateEndpointConnection -ResourceId $ConnectionId 5. Connection cannot be approved after rejection -6. One top level resource can maximum 3 private end point connection \ No newline at end of file +6. One top level resource can have maximum 3 private end point connection \ No newline at end of file