Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[AVM Module Issue]: Unable to create private endpoints for Private Link Scope when VNet is in different subscription #3835

Open
1 task done
JamesDawson opened this issue Nov 22, 2024 · 2 comments
Assignees
Labels
Class: Resource Module 📦 This is a resource module Needs: Triage 🔍 Maintainers need to triage still Status: Response Overdue 🚩 When an issue/PR has not been responded to for X amount of days Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working

Comments

@JamesDawson
Copy link

Check for previous/existing GitHub issues

  • I have checked for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/insights/private-link-scope

(Optional) Module Version

0.5.2

Description

A deployment failure happens when the Private Link Scope resource is in a different subscription to the Virtual Network.

Generally the error is ResourceGroupNotFound on the private endpoint resource group (since it exists in a different subscription). If a resource group happens to exist with the same name in the PLS subscription, then the deployment produces an InvalidResourceReference.

Private Endpoints must be provisioned in the same subscription as the Virtual Network they are connected to. Whilst this module allows you to customise the resource group for the private endpoint, it currently assumes the same subscription as the Private Link Scope resource.

To avoid needing another parameter, perhaps the scope on this line should infer the subscription from the subnet resource ID?

scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')

(Optional) Correlation Id

No response

@JamesDawson JamesDawson added Needs: Triage 🔍 Maintainers need to triage still Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue labels Nov 22, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Type: Bug 🐛 Something isn't working label Nov 22, 2024
@avm-team-linter avm-team-linter bot added the Class: Resource Module 📦 This is a resource module label Nov 22, 2024
Copy link

@JamesDawson, thanks for submitting this issue for the avm/res/insights/private-link-scope module!

Important

A member of the @Azure/avm-res-insights-privatelinkscope-module-owners-bicep or @Azure/avm-res-insights-privatelinkscope-module-contributors-bicep team will review it soon!

@github-project-automation github-project-automation bot moved this to Needs: Triage in AVM - Module Issues Nov 22, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Status: Response Overdue 🚩 When an issue/PR has not been responded to for X amount of days label Nov 28, 2024
@JamesDawson
Copy link
Author

JamesDawson commented Dec 2, 2024

I was looking at using the avm/res/key-vault/vault module today and noticed that this module has the same issue:

scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')

Based on a skim read of the following search results, this seems to be an issue across the board:
https://github.com/search?q=repo%3AAzure%2Fbicep-registry-modules+br%2Fpublic%3Aavm%2Fres%2Fnetwork%2Fprivate-endpoint+language%3ABicep&type=code&l=Bicep

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Class: Resource Module 📦 This is a resource module Needs: Triage 🔍 Maintainers need to triage still Status: Response Overdue 🚩 When an issue/PR has not been responded to for X amount of days Type: AVM 🅰️ ✌️ Ⓜ️ This is an AVM related issue Type: Bug 🐛 Something isn't working
Projects
Status: Needs: Triage
Development

No branches or pull requests

2 participants