Skip to content

Latest commit

 

History

History
110 lines (84 loc) · 4.39 KB

private-link-resource-example.md

File metadata and controls

110 lines (84 loc) · 4.39 KB

Prerequisite

API for Get private link resource and private endpoint connection need to be ready at:

Private Link Resource API

"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources"
"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateLinkResources/{PrivateLinkResource-Name}"

Get Private Endpoint Connection API

"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections/{PrivateEndpointConnection-Name}"

List Private Endpoint Connection API

"/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}/privateEndpointConnections"

if "List Private Endpoint Connection API" is not available, Private Endpoint Connection will be retrieved from top resource "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{provider}/{Top-Level-Resource}/{Top-Level-Resource-Name}" privateEndpointConnections need to be defined under this API

Code Changes Needed

Add corresponding {Provider}, {Top-Level-Resource} and {API-Version} into ProviderConfiguration.cs in following pattern:

RegisterConfiguration("{Provider}/{Top-Level-Resource}", "{API-Version}")

For example:

if "List Private Endpoint Connection API" is available,

RegisterConfiguration("Microsoft.Sql/servers", "2018-06-01-preview")

if "List Private Endpoint Connection API" is not available, provide extra bool parameter 'false'

RegisterConfiguration("Microsoft.Storage/storageAccounts", "2019-06-01", false)

End-To-End Test

Item Needed

  • Top level resource
New-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}

$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}
  • private link resource
$PrivateLinkResource = Get-AzPrivateLinkResource -PrivateLinkResourceId $TopLevelResource.Id
  • subnet config (object in memory)
$SubnetConfig = New-AzVirtualNetworkSubnetConfig -Name {config_name} -AddressPrefix "11.0.1.0/24"      -PrivateEndpointNetworkPolicies "Disabled"
  • virtual network
New-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name} -Location {location} -AddressPrefix "11.0.0.0/16" -Subnet $SubnetConfig

$VNet=Get-AzVirtualNetwork -ResourceGroupName {rg_name} -Name {vnet_name}
  • private link service connection (object in memory)
$PLSConnection = New-AzPrivateLinkServiceConnection -Name {pls_connection_name} -PrivateLinkServiceId $TopLevelResource.Id -GroupId $TopLevelResource.GroupId
  • endpoint
New-AzPrivateEndpoint -ResourceGroupName {rg_name} -Name {endpoint_name} -Location {location} -Subnet $VNet.subnets[0] -PrivateLinkServiceConnection $PLSConnection -ByManualRequest

step-by-step

  • Add Network.csproj to {Module}.sln, and Microsoft.Azure.Management.Network to {Module}.Test.csproj

  • Create listed items above

  • To get the connection, if list for private endpoint connection was supported,

$connection = Get-AzPrivateEndpointConnection -PrivateLinkResourceId $TopLevelResource.Id
  • To get the connection, if list for private endpoint connection was not supported,
$TopLevelResource = Get-Az{Top-Level-Resource} -ResourceGroupName {rg_name} -Name {top_level_resource_name}

$ConnectionId = $TopLevelResource.PrivateEndpointConnection[0].Id

$Connection = Get-AzPrivateEndpointConnection -ResourceId $ConnectionId
  • Approve/Deny the connection
Approve-AzPrivateEndpointConnection -ResourceId $ConnectionId

or

Deny-AzPrivateEndpointConnection -ResourceId $ConnectionId
  • Connection cannot be approved after rejection

  • One top level resource can have maximum 3 private end point connection