azure_rm_privateendpoint missing parameter

[polocato]

SUMMARY

Private endpoint creation is failing when tenant is not authorized to access linked subscription
az cli has an option: --manual-request true

ISSUE TYPE

• Bug Report

COMPONENT NAME

azure_rm_privateendpoin

ANSIBLE VERSION

ansible 2.10.17
  config file = None
  configured module search path =  ['/home/xxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/xxx/.local/lib/python3.7/site-packages/ansible
  executable location = /home/xxxx/.local/bin/ansible
  python version = 3.7.5 (default, Dec  9 2021, 17:04:37) [GCC 8.4.0]

COLLECTION VERSION

# /home/xxx/.ansible/collections/ansible_collections
Collection         Version
------------------ -------
azure.azcollection 1.13.0

# /home/xxx/.local/lib/python3.7/site-packages/ansible_collections
Collection         Version
------------------ -------
azure.azcollection 1.4.0

CONFIGURATION

OS / ENVIRONMENT

WSL1 with ubuntu18.04

STEPS TO REPRODUCE

Setup prive endpoint when tenant is not authorized to access linked subscription ( e.g. different company)

- name: Azure
  hosts: localhost
  gather_facts: no
  collections:
    - azure.azcollection
  vars:
    az_rg: "xxxx-a.rg"
  tasks:
    - name: add endpoint
      azure_rm_privateendpoint:
        name: "private_endpoint_xxxx"
        tenant: "xxxxxxxx"
        auth_source: env
        resource_group: "xxxxx"
        private_link_service_connections:
          - name: "xxxxx"
            private_link_service_id: "xxxxx
        subnet:
          id:  "xxxxxx"   

EXPECTED RESULTS

Private endpoint gets created

ACTUAL RESULTS

Playbook fails because it cant modify resources in the subscription

"changed": false, "msg": "Error creating or updating private endpoint XXXX  (LinkedAuthorizationFailed) The client has permission to perform a
ction 'Microsoft.Network/privateLinkServices/PrivateEndpointConnectionsApproval/action' on scope XXXXXX  however the current tenant '********' is not authorized to access linked subscription 

[Fred-sun]

@polocato Thank you for your attention. I'm sorry that I don't quite understand what you mean. Do you mean to add parameter ’manual-request' or do you want to specify different tenants ? Thank you very much!

[polocato]

Hello, thank you for looking into my request.
I'd like to ask for manual-request parameter, from my perspective this is not a missing feature but a some kind of bug/missing core functionality. Without that parameter you can't create a private link between two unrelated companies.
Best Regards

[Fred-sun]

@polocato Thank you for your reply, but I have checked the latest API and found that 'manual-request' is not supported and cannot be added for the time being. Once it is supported, we will add it as soon as possible. Thank you very much!

[howardjones]

I believe this is covered by the manual_private_link_service_connections field in the PrivateEndpoint object here:
https://learn.microsoft.com/en-us/python/api/azure-mgmt-network/azure.mgmt.network.models.privateendpoint?view=azure-python

(Just ran into the same requirement)

[Fred-sun]

Added in #1745