Forum Discussion
Override Managed Private Endpoint during deployements
I want to override Managed Private Endpoint (MPE) during deployements, just like we do for linked services. This is because the MPE to my storage account is different on my development environment compared to the other environments of DTAP. So I want to change the Target/Linked resource ID
- task: Synapse workspace deployment@2
displayName: 'Validate and deploy Synapse'
inputs:
operation: validateDeploy
ArtifactsFolder: '$(Pipeline.Workspace)/SynapseArtifact'
azureSubscription: ${{ parameters.SerCon }}
ResourceGroupName: ${{ parameters.Synapse_ResourceGroupName }}
TargetWorkspaceName: ${{ parameters.Synapse_WorkspaceName }}
DeleteArtifactsNotInTemplate: true
DeployManagedPrivateEndpoints: true
OverrideArmParameters: '
-LS_AKV_DataPlatform_properties_typeProperties_baseUrl https://${{parameters.KeyVault_Name}}.vault.azure.net/
-MPE_ADL_DataPlatform_properties_privateLinkResourceId /subscriptions/${{parameters.SubId}}/resourceGroups/${{parameters.rgName}}/providers/Microsoft.Storage/storageAccounts/${{parameters.adlName}}
'
but in TemplateParametersForWorkspace.json or TemplateForWorkspace.json this parameter is not available. Any suggestions on how this works?
Example (name of MPE is different than above code)
At the moment the only (dirty) way I can think of is by editing the managed private endpoint json files in the artifact folder on the agent with some YAML powershell step/code (just before the deployment step itself).
For sure there should be a better solution...
Unfortunately adding something like this to the arm-template-parameters-definition.json file doesn't work. So I'm afraid we have to do some PowerShell scripting:
"Microsoft.Synapse/workspaces/managedVirtualNetworks/managedPrivateEndpoints": { "properties": { "privateLinkResourceId": "=" } }
Are there any other/better solutions, because I'm for sure we are not the first one encountering this problem in Synapse/DevOps?
