Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: Private Endpoints policy initiative has a missing parameter for AML workspaces private endpoints #1486

Closed
juanandmsft opened this issue Nov 27, 2023 · 3 comments
Closed

Bug Report: Private Endpoints policy initiative has a missing parameter for AML workspaces private endpoints #1486

juanandmsft opened this issue Nov 27, 2023 · 3 comments
Assignees
@rozkurt
Labels
Area: Private Link/DNS policy
Milestone
policy-refresh-fy...

Comments

@juanandmsft
Copy link

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Versions

terraform:

azure provider:

module:

Description

Describe the bug

The built-in policy to manage private endpoints for Azure Machine Learning workspaces ("Configure Azure Machine Learning workspace to use private DNS zones", ee40564d-486e-4f68-a5ca-7a621edae0fb) has two zone parameters, privateDnsZoneId and secondPrivateDnsZoneId, to cover "privatelink.api.azureml.ms" and "privatelink.notebooks.azure.net" zones respectively.

However, the ALZ policy initiative definition at [modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json] only supports one parameter, leaving AML private endpoints incomplete.

Steps to Reproduce

  1. Create AML workspace private endpoint with ALZ initiative applied to the scope.
  2. Configure the initiative with either "privatelink.api.azureml.ms" or "privatelink.notebooks.azure.net" as parameter, as the initiative only supports one zone.
  3. The private endpoint does not get properly configured.

Screenshots

Missing blocks in the policy initiative definition:
image

image

Additional context
@matt-FFFFFF matt-FFFFFF transferred this issue from Azure/terraform-azurerm-caf-enterprise-scale Nov 30, 2023
@Springstone Springstone added this to the policy-refresh-fy24-q3 milestone Dec 11, 2023
@Springstone
Copy link
Member

Springstone commented Dec 11, 2023
edited
Loading

@juanandmsft thanks for raising this issue. We will address this but may not make it in this CY. It's on the backlog, so we will address this asap. AB#32352

See related issue #1482

@Springstone Springstone mentioned this issue Dec 11, 2023
Closed
@Springstone
Copy link
Member

@rozkurt please investigate.

@Springstone
Copy link
Member

Springstone commented Apr 29, 2024
edited
Loading

@juanandmsft We have a PR awaiting merge to Policy-Refresh addressing this issue: #1621
As no further action is needed, I'll be closing this issue.

jtracey93 added a commit that referenced this issue May 3, 2024
@rozkurt @github-actions
@Springstone @jtracey93
Fix on GH issue #1486 (#1621)
b646a5d 
Co-authored-by: Recep Ozkurt <recepo@microsoft.com>
Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: Sacha Narinx <Springstone@users.noreply.github.com>
Co-authored-by: Jack Tracey <41163455+jtracey93@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rozkurt rozkurt

Labels
Area: Private Link/DNS policy
Projects
None yet
Milestone
policy-refresh-fy24-h2
Development

No branches or pull requests
4 participants
@Springstone @matt-FFFFFF @juanandmsft @rozkurt