Forum Discussion

Joost_van_Rossum's avatar
Joost_van_Rossum
Copper Contributor
Nov 17, 2023

Override Managed Private Endpoint during deployements

I want to override Managed Private Endpoint (MPE) during deployements, just like we do for linked services. This is because the MPE to my storage account is different on my development environment compared to the other environments of DTAP. So I want to change the Target/Linked resource ID


 

            - task: Synapse workspace deployment@2
              displayName: 'Validate and deploy Synapse'
              inputs:
                operation: validateDeploy
                ArtifactsFolder: '$(Pipeline.Workspace)/SynapseArtifact'
                azureSubscription: ${{ parameters.SerCon }}
                ResourceGroupName: ${{ parameters.Synapse_ResourceGroupName }}
                TargetWorkspaceName: ${{ parameters.Synapse_WorkspaceName }}
                DeleteArtifactsNotInTemplate: true
                DeployManagedPrivateEndpoints: true
                OverrideArmParameters: '
                  -LS_AKV_DataPlatform_properties_typeProperties_baseUrl    https://${{parameters.KeyVault_Name}}.vault.azure.net/
                  -MPE_ADL_DataPlatform_properties_privateLinkResourceId    /subscriptions/${{parameters.SubId}}/resourceGroups/${{parameters.rgName}}/providers/Microsoft.Storage/storageAccounts/${{parameters.adlName}}
		'

 

 but in TemplateParametersForWorkspace.json or TemplateForWorkspace.json this parameter is not available. Any suggestions on how this works? 

Example (name of MPE is different than above code)

 

At the moment the only (dirty) way I can think of is by editing the managed private endpoint json files in the artifact folder on the agent with some YAML powershell step/code (just before the deployment step itself). 

For sure there should be a better solution... 



  • ssisjoost's avatar
    ssisjoost
    Copper Contributor

    Unfortunately adding something like this to the arm-template-parameters-definition.json file doesn't work. So I'm afraid we have to do some PowerShell scripting:

    "Microsoft.Synapse/workspaces/managedVirtualNetworks/managedPrivateEndpoints": {
        "properties": {
            "privateLinkResourceId": "="
        }
    }

     
    Are there any other/better solutions, because I'm for sure we are not the first one encountering this problem in Synapse/DevOps?

Resources