Update PrivateEndpoints to new child-resource structure (#438)

* Updated Private EndPoints resource and child-resources to new child resource structure

.github/workflows/ms.network.privateendpoints.yml

@@ -97,7 +97,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        parameterFilePaths: ['parameters.json']
+        parameterFilePaths: ['parameters.json', 'min.parameters.json']
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v2
@@ -132,7 +132,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        parameterFilePaths: ['parameters.json']
+        parameterFilePaths: ['parameters.json', 'min.parameters.json']
     steps:
       - name: 'Checkout'
         uses: actions/checkout@v2

arm/Microsoft.Network/privateEndpoints/.bicep/nested_rbac.bicep

@@ -19,7 +19,7 @@ var builtInRoleNames = {
   'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
 }
 
-resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' existing = {
+resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' existing = {
   name: resourceName
 }
 

arm/Microsoft.Network/privateEndpoints/.parameters/min.parameters.json

@@ -0,0 +1,20 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "privateEndpointName": {
+            "value": "iacs-keyvault-endpoint-simple"
+        },
+        "targetSubnetId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-005-privateEndpoints"
+        },
+        "serviceResourceId": {
+            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001"
+        },
+        "groupId": {
+            "value": [
+                "vault"
+            ]
+        }
+    }
+}

arm/Microsoft.Network/privateEndpoints/.parameters/parameters.json

@@ -8,9 +8,6 @@
         "targetSubnetId": {
             "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-sxx-az-vnet-x-001/subnets/sxx-az-subnet-x-005-privateEndpoints"
         },
-        "privateDNSId": {
-            "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
-        },
         "serviceResourceId": {
             "value": "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-sxx-az-kv-x-001"
         },
@@ -19,6 +16,15 @@
                 "vault"
             ]
         },
+        "privateDnsZoneGroups": {
+            "value": [
+                {
+                    "privateDNSIds": [
+                        "/subscriptions/<<subscriptionId>>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.vaultcore.azure.net"
+                    ]
+                }
+            ]
+        },
         "roleAssignments": {
             "value": [
                 {

arm/Microsoft.Network/privateEndpoints/deploy.bicep

@@ -10,8 +10,8 @@ param serviceResourceId string
 @description('Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to.')
 param groupId array
 
-@description('Optional. Resource id of the private DNS zone.')
-param privateDNSId string = ''
+@description('Optional. Array of Private DNS zone groups configuration on the private endpoint.')
+param privateDnsZoneGroups array = []
 
 @description('Optional. Location for all Resources.')
 param location string = resourceGroup().location
@@ -38,7 +38,7 @@ module pid_cuaId '.bicep/nested_pid.bicep' = if (!empty(cuaId)) {
   params: {}
 }
 
-resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = {
+resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = {
   name: privateEndpointName
   location: location
   tags: tags
@@ -58,21 +58,15 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = {
     }
     customDnsConfigs: []
   }
+}
 
-  resource privateDnsZoneGroup 'privateDnsZoneGroups@2021-02-01' = if (!empty(privateDNSId)) {
-    name: 'default'
-    properties: {
-      privateDnsZoneConfigs: [
-        {
-          name: privateEndpoint.name
-          properties: {
-            privateDnsZoneId: privateDNSId
-          }
-        }
-      ]
-    }
+module privateEndpoint_privateDnsZoneGroups 'privateDnsZoneGroups/deploy.bicep' = [for (privateDnsZoneGroup, index) in privateDnsZoneGroups: {
+  name: '${deployment().name}-privateDnsZoneGroup-${index}'
+  params: {
+    privateDNSIds: privateDnsZoneGroup.privateDNSIds
+    privateEndpointName: privateEndpoint.name
   }
-}
+}]
 
 resource privateEndpoint_lock 'Microsoft.Authorization/locks@2016-09-01' = if (lock != 'NotSpecified') {
   name: '${privateEndpoint.name}-${lock}-lock'

arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/deploy.bicep

@@ -0,0 +1,28 @@
+@description('Required. The name of the private endpoint')
+param privateEndpointName string
+
+@description('Required. List of private DNS Ids')
+param privateDNSIds array
+
+var privateDnsZoneConfigs = [for privateDNSId in privateDNSIds: {
+  name: privateEndpointName
+  properties: {
+    privateDnsZoneId: privateDNSId
+  }
+}]
+
+resource privateDnsZoneGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-03-01' = {
+  name: '${privateEndpointName}/default'
+  properties: {
+    privateDnsZoneConfigs: privateDnsZoneConfigs
+  }
+}
+
+@description('The name of the private endpoint DNS zone group')
+output privateDnsZoneGroupName string = privateDnsZoneGroup.name
+
+@description('The resourceId of the private endpoint DNS zone group')
+output privateDnsZoneGroupResourceId string = privateDnsZoneGroup.id
+
+@description('The resource group the private endpoint DNS zone group was deployed into')
+output privateDnsZoneGroupResourceGroup string = resourceGroup().name

arm/Microsoft.Network/privateEndpoints/privateDnsZoneGroups/readme.md

@@ -0,0 +1,32 @@
+# NetworkPrivateendpointsPrivatednszonegroups `[Microsoft.Network/privateEndpoints/privateDnsZoneGroups]`
+
+// TODO: Replace Resource and fill in description
+
+## Resource Types
+
+| Resource Type | Api Version |
+| :-- | :-- |
+| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 |
+
+## Parameters
+
+| Parameter Name | Type | Default Value | Possible Values | Description |
+| :-- | :-- | :-- | :-- | :-- |
+| `privateDNSIds` | array |  |  | Required. List of private DNS Ids |
+| `privateEndpointName` | string |  |  | Required. The name of the private endpoint |
+
+### Parameter Usage: `<ParameterPlaceholder>`
+
+// TODO: Fill in Parameter usage
+
+## Outputs
+
+| Output Name | Type | Description |
+| :-- | :-- | :-- |
+| `privateDnsZoneGroupName` | string | The name of the private endpoint DNS zone group |
+| `privateDnsZoneGroupResourceGroup` | string | The resource group the private endpoint DNS zone group was deployed into |
+| `privateDnsZoneGroupResourceId` | string | The resourceId of the private endpoint DNS zone group |
+
+## Template references
+
+- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups)

arm/Microsoft.Network/privateEndpoints/readme.md

@@ -8,8 +8,8 @@ This template deploys private Endpoint for a generic service.
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | 2016-09-01 |
 | `Microsoft.Authorization/roleAssignments` | 2020-04-01-preview |
-| `Microsoft.Network/privateEndpoints` | 2021-05-01 |
-| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-02-01 |
+| `Microsoft.Network/privateEndpoints` | 2021-03-01 |
+| `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | 2021-03-01 |
 
 ### Resource dependency
 
@@ -29,7 +29,7 @@ The following resources are required to be able to deploy this resource:
 | `groupId` | array |  |  | Required. Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. |
 | `location` | string | `[resourceGroup().location]` |  | Optional. Location for all Resources. |
 | `lock` | string | `NotSpecified` | `[CanNotDelete, NotSpecified, ReadOnly]` | Optional. Specify the type of lock. |
-| `privateDNSId` | string |  |  | Optional. Resource id of the private DNS zone. |
+| `privateDnsZoneGroups` | _[privateDnsZoneGroups](privateDnsZoneGroups/readme.md)_ array | `[]` |  | Optional. Array of Private DNS zone groups configuration on the private endpoint. |
 | `privateEndpointName` | string |  |  | Required. Name of the private endpoint resource to create. |
 | `roleAssignments` | array | `[]` |  | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' |
 | `serviceResourceId` | string |  |  | Required. Resource Id of the resource that needs to be connected to the network. |
@@ -94,5 +94,5 @@ Tag names and tag values can be provided as needed. A tag can be left without a
 
 - [Locks](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2016-09-01/locks)
 - [Roleassignments](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments)
-- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/privateEndpoints)
-- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-02-01/privateEndpoints/privateDnsZoneGroups)
+- [Privateendpoints](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints)
+- [Privateendpoints/Privatednszonegroups](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-03-01/privateEndpoints/privateDnsZoneGroups)