feat: Updated PE scope to create the PE next to the primary resource by default #4449
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
microsoft-github-policy-service
bot
added
the
Needs: Triage 🔍
|
Important The "Needs: Triage 🔍" label must be removed once the triage process is complete! Tip For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation. |
|
Important If this is a module-related PR, being submitted by the sole owner of the module, the AVM core team must review and approve it (as module owners can't approve their own PRs). To indicate this PR needs the core team''s attention, apply the "Needs: Core Team 🧞" label! The core team will only review and approve PRs that have this label applied! |
avm-team-linter
bot
added
the
Needs: Core Team 🧞
anderseide
pushed a commit
to anderseide/avm-bicep-registry-modules
that referenced
this pull request
Feb 19, 2025
…by default (Azure#4449) ## Description Background: Azure#3835 (comment) Linked to: Azure/Azure-Verified-Modules#1857 Changes the deployment so that the main resource's (e.g., Key Vaults) RG is used as the default location for the PE. The already implemented `resourceGroupResourceId` will continue to allow the user to specify a different RG (in a different subscription, if needed). The primary change is from ```bicep scope: resourceGroup( split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] ) ``` to ```bicep scope: resourceGroup( split(privateEndpoint.?resourceGroupResourceId ?? resourceGroup().id, '/')[2], split(privateEndpoint.?resourceGroupResourceId ?? resourceGroup().id, '/')[4] ) ``` I'll quote from @ahmadabdalla on this matter > In most scenarios, PEs are deployed alongside their main resource in their own RG vs. the VNET RG. Customer app teams may have subnet join permissions on a centralised VNET in a Landing zone, but may not have permissions to deploy into it. Also considering billing and resource lifecycle perspective. cc: @JamesDawson Ref: Azure#4449 ## Pipeline Reference <!-- Insert your Pipeline Status Badge below --> | Pipeline | | -------- | | | ## Type of Change <!-- Use the checkboxes [x] on the options that are relevant. --> - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [x] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation
1 task
1 task
anderseide
pushed a commit
to anderseide/avm-bicep-registry-modules
that referenced
this pull request
Feb 23, 2025
…by default (Azure#4449) ## Description Background: Azure#3835 (comment) Linked to: Azure/Azure-Verified-Modules#1857 Changes the deployment so that the main resource's (e.g., Key Vaults) RG is used as the default location for the PE. The already implemented `resourceGroupResourceId` will continue to allow the user to specify a different RG (in a different subscription, if needed). The primary change is from ```bicep scope: resourceGroup( split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[2], split(privateEndpoint.?resourceGroupResourceId ?? privateEndpoint.?subnetResourceId, '/')[4] ) ``` to ```bicep scope: resourceGroup( split(privateEndpoint.?resourceGroupResourceId ?? resourceGroup().id, '/')[2], split(privateEndpoint.?resourceGroupResourceId ?? resourceGroup().id, '/')[4] ) ``` I'll quote from @ahmadabdalla on this matter > In most scenarios, PEs are deployed alongside their main resource in their own RG vs. the VNET RG. Customer app teams may have subnet join permissions on a centralised VNET in a Landing zone, but may not have permissions to deploy into it. Also considering billing and resource lifecycle perspective. cc: @JamesDawson Ref: Azure#4449 ## Pipeline Reference <!-- Insert your Pipeline Status Badge below --> | Pipeline | | -------- | | | ## Type of Change <!-- Use the checkboxes [x] on the options that are relevant. --> - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [x] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Background: #3835 (comment)
Linked to: Azure/Azure-Verified-Modules#1857
Changes the deployment so that the main resource's (e.g., Key Vaults) RG is used as the default location for the PE. The already implemented
resourceGroupResourceIdwill continue to allow the user to specify a different RG (in a different subscription, if needed).The primary change is from
to
I'll quote from @ahmadabdalla on this matter
cc: @JamesDawson
Ref: #4449
Pipeline Reference
Type of Change
version.json:version.json.version.json.