Override Managed Private Endpoint during deployements

Copper Contributor

I want to override Managed Private Endpoint (MPE) during deployements, just like we do for linked services. This is because the MPE to my storage account is different on my development environment compared to the other environments of DTAP. So I want to change the Target/Linked resource ID


 

            - task: Synapse workspace deployment@2
              displayName: 'Validate and deploy Synapse'
              inputs:
                operation: validateDeploy
                ArtifactsFolder: '$(Pipeline.Workspace)/SynapseArtifact'
                azureSubscription: ${{ parameters.SerCon }}
                ResourceGroupName: ${{ parameters.Synapse_ResourceGroupName }}
                TargetWorkspaceName: ${{ parameters.Synapse_WorkspaceName }}
                DeleteArtifactsNotInTemplate: true
                DeployManagedPrivateEndpoints: true
                OverrideArmParameters: '
                  -LS_AKV_DataPlatform_properties_typeProperties_baseUrl    https://${{parameters.KeyVault_Name}}.vault.azure.net/
                  -MPE_ADL_DataPlatform_properties_privateLinkResourceId    /subscriptions/${{parameters.SubId}}/resourceGroups/${{parameters.rgName}}/providers/Microsoft.Storage/storageAccounts/${{parameters.adlName}}
		'

 

 but in TemplateParametersForWorkspace.json or TemplateForWorkspace.json this parameter is not available. Any suggestions on how this works? 

Example (name of MPE is different than above code)

Joost_van_Rossum_0-1700228591224.png

 

At the moment the only (dirty) way I can think of is by editing the managed private endpoint json files in the artifact folder on the agent with some YAML powershell step/code (just before the deployment step itself). 

Joost_van_Rossum_1-1700228949385.png

For sure there should be a better solution... 



1 Reply

Unfortunately adding something like this to the arm-template-parameters-definition.json file doesn't work. So I'm afraid we have to do some PowerShell scripting:

"Microsoft.Synapse/workspaces/managedVirtualNetworks/managedPrivateEndpoints": {
    "properties": {
        "privateLinkResourceId": "="
    }
}

 
Are there any other/better solutions, because I'm for sure we are not the first one encountering this problem in Synapse/DevOps?