Azure · AlexanderSehr · Jan 5, 2022 · Jan 3, 2022 · Jan 3, 2022 · Jan 4, 2022
diff --git a/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml b/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml
@@ -0,0 +1,63 @@
+name: 'Synapse - PrivateLinkHubs'
+
+parameters:
+  - name: removeDeployment
+    displayName: Remove deployed module
+    type: boolean
+    default: true
+  - name: versioningOption
+    displayName: The mode to handle the version increments [major|minor|patch]
+    type: string
+    default: patch
+    values:
+      - patch
+      - minor
+      - major
+  - name: customVersion
+    displayName: Custom version to apply. Used only if higher than latest
+    type: string
+    default: '0.0.1'
+
+trigger:
+  batch: true
+  branches:
+    include:
+      - main
+  paths:
+    include:
+      - '/.azuredevops/modulePipelines/ms.synapse.privatelinkhubs.yml'
+      - '/.azuredevops/pipelineTemplates/module.*.yml'
+      - '/arm/Microsoft.Synapse/privateLinkHubs/*'
+    exclude:
+      - '/**/*.md'
+
+variables:
+  - template: '/.azuredevops/pipelineVariables/global.variables.yml'
+  - group: 'PLATFORM_VARIABLES'
+  - name: modulePath
+    value: '/arm/Microsoft.Synapse/privateLinkHubs'
+
+stages:
+  - stage: Validation
+    displayName: Pester tests
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/module.jobs.validate.yml
+
+  - stage: Deployment
+    displayName: Deployment tests
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/module.jobs.deploy.yml
+        parameters:
+          removeDeployment: '${{ parameters.removeDeployment }}'
+          deploymentBlocks:
+            - path: $(modulePath)/.parameters/min.parameters.json
+            - path: $(modulePath)/.parameters/parameters.json
+
+  - stage: Publishing
+    displayName: Publish module
+    condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main'))
+    jobs:
+      - template: /.azuredevops/pipelineTemplates/module.jobs.publish.yml
+        parameters:
+          versioningOption: '${{ parameters.versioningOption }}'
+          customVersion: '${{ parameters.customVersion }}'
diff --git a/.github/workflows/ms.synapse.privatelinkhubs.yml b/.github/workflows/ms.synapse.privatelinkhubs.yml
@@ -0,0 +1,146 @@
+name: 'Synapse: PrivateLinkHubs'
+
+on:
+  workflow_dispatch:
+    inputs:
+      removeDeployment:
+        type: boolean
+        description: 'Remove deployed module'
+        required: false
+        default: 'true'
+      versioningOption:
+        type: choice
+        description: 'The mode to handle the version increments [major|minor|patch]'
+        required: false
+        default: 'patch'
+        options:
+          - major
+          - minor
+          - patch
+      customVersion:
+        description: 'Custom version to apply. Used only if higher than latest'
+        required: false
+        default: '0.0.1'
+  push:
+    branches:
+      - main
+    paths:
+      - '.github/actions/templates/**'
+      - '.github/workflows/ms.synapse.privatelinkhubs.yml'
+      - 'arm/Microsoft.Synapse/privateLinkHubs/**'
+      - '!*/**/readme.md'
+      - 'utilities/pipelines/**'
+      - '!utilities/pipelines/dependencies/**'
+
+env:
+  modulePath: 'arm/Microsoft.Synapse/privateLinkHubs'
+  workflowPath: '.github/workflows/ms.synapse.privatelinkhubs.yml'
+  AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }}
+  ARM_SUBSCRIPTION_ID: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+  ARM_MGMTGROUP_ID: '${{ secrets.ARM_MGMTGROUP_ID }}'
+  ARM_TENANT_ID: '${{ secrets.ARM_TENANT_ID }}'
+  DEPLOYMENT_SP_ID: '${{ secrets.DEPLOYMENT_SP_ID }}'
+
+jobs:
+  ############################
+  #   SET INPUT PARAMETERS   #
+  ############################
+  job_set_workflow_param:
+    runs-on: ubuntu-20.04
+    name: 'Set input parameters to output variables'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: 'Set input parameters'
+        id: get-workflow-param
+        uses: ./.github/actions/templates/getWorkflowInput
+        with:
+          workflowPath: '${{ env.workflowPath}}'
+    outputs:
+      removeDeployment: ${{ steps.get-workflow-param.outputs.removeDeployment }}
+      versioningOption: ${{ steps.get-workflow-param.outputs.versioningOption }}
+      customVersion: ${{ steps.get-workflow-param.outputs.customVersion }}
+
+  ####################
+  #   Pester Tests   #
+  ####################
+  job_module_pester_validation:
+    runs-on: ubuntu-20.04
+    name: 'Pester tests'
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: 'Run tests'
+        uses: ./.github/actions/templates/validateModulePester
+        with:
+          modulePath: '${{ env.modulePath }}'
+
+  ####################
+  # Deployment tests #
+  ####################
+  job_module_deploy_validation:
+    runs-on: ubuntu-20.04
+    name: 'Deployment tests'
+    needs:
+      - job_set_workflow_param
+      - job_module_pester_validation
+    strategy:
+      fail-fast: false
+      matrix:
+        parameterFilePaths: ['min.parameters.json', 'parameters.json']
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: deep-mm/set-variables@v1.0
+        with:
+          variableFileName: 'global.variables'
+      - name: 'Using parameter file [${{ matrix.parameterFilePaths }}]'
+        uses: ./.github/actions/templates/validateModuleDeployment
+        with:
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          parameterFilePath: '${{ env.modulePath }}/.parameters/${{ matrix.parameterFilePaths }}'
+          location: '${{ env.defaultLocation }}'
+          resourceGroupName: '${{ env.resourceGroupName }}'
+          subscriptionId: '${{ secrets.ARM_SUBSCRIPTION_ID }}'
+          managementGroupId: '${{ secrets.ARM_MGMTGROUP_ID }}'
+          removeDeployment: '${{ needs.job_set_workflow_param.outputs.removeDeployment }}'
+
+  ###############
+  #   PUBLISH   #
+  ###############
+  job_publish_module:
+    name: 'Publish module'
+    if: contains(fromJson('["refs/heads/main", "refs/heads/master"]'), github.ref)
+    runs-on: ubuntu-20.04
+    needs:
+      - job_set_workflow_param
+      - job_module_deploy_validation
+    steps:
+      - name: 'Checkout'
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Set environment variables
+        uses: deep-mm/set-variables@v1.0
+        with:
+          variableFileName: 'global.variables'
+      - name: 'Publish module'
+        uses: ./.github/actions/templates/publishModule
+        with:
+          templateFilePath: '${{ env.modulePath }}/deploy.bicep'
+          versioningOption: '${{ needs.job_set_workflow_param.outputs.versioningOption }}'
+          customVersion: '${{ needs.job_set_workflow_param.outputs.customVersion }}'
+          templateSpecsRGName: '${{ env.templateSpecsRGName }}'
+          templateSpecsRGLocation: '${{ env.templateSpecsRGLocation }}'
+          templateSpecsDescription: '${{ env.templateSpecsDescription }}'
+          templateSpecsDoPublish: '${{ env.templateSpecsDoPublish }}'
+          bicepRegistryName: '${{ env.bicepRegistryName }}'
+          bicepRegistryRGName: '${{ env.bicepRegistryRGName }}'
+          bicepRegistryDoPublish: '${{ env.bicepRegistryDoPublish }}'
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -1,45 +1,43 @@
 {
-    "[bicep]": {
-        "editor.insertSpaces": true,
-        "editor.tabSize": 2
-    },
-    "[markdown]": {
-        "files.encoding": "utf8"
-    },
-    "[powershell]": {
-        "editor.insertSpaces": true,
-        "editor.tabSize": 4,
-        "files.encoding": "utf8bom"
-    },
-    "[yaml]": {
-        "editor.insertSpaces": true,
-        "editor.tabSize": 2
-    },
-    "editor.formatOnPaste": true,
-    "editor.formatOnSave": true,
+  "[bicep]": {
     "editor.insertSpaces": true,
-    "files.insertFinalNewline": true,
-    "files.trimTrailingWhitespace": true,
-    "markdown.extension.orderedList.marker": "one",
-    "markdown.extension.tableFormatter.enabled": false,
-    "markdownlint.config": {
-        "MD034": true
-    },
-    "powershell.codeFormatting.autoCorrectAliases": true,
-    "powershell.codeFormatting.newLineAfterCloseBrace": false,
-    "powershell.codeFormatting.pipelineIndentationStyle": "IncreaseIndentationForFirstPipeline",
-    "powershell.codeFormatting.preset": "OTBS",
-    "powershell.codeFormatting.trimWhitespaceAroundPipe": true,
-    "powershell.codeFormatting.useConstantStrings": true,
-    "powershell.codeFormatting.useCorrectCasing": true,
-    "powershell.codeFormatting.whitespaceBetweenParameters": true,
-    "spellright.documentTypes": [
-        "markdown",
-        "latex",
-        "plaintext"
-    ],
-    "spellright.language": [
-        "en"
-    ],
-    "yaml.format.singleQuote": true
+    "editor.tabSize": 2
+  },
+  "[markdown]": {
+    "files.encoding": "utf8"
+  },
+  "[powershell]": {
+    "editor.insertSpaces": true,
+    "editor.tabSize": 4,
+    "files.encoding": "utf8bom"
+  },
+  "[yaml]": {
+    "editor.insertSpaces": true,
+    "editor.tabSize": 2
+  },
+  "editor.formatOnPaste": true,
+  "editor.formatOnSave": true,
+  "editor.insertSpaces": true,
+  "files.insertFinalNewline": true,
+  "files.trimTrailingWhitespace": true,
+  "markdown.extension.orderedList.marker": "one",
+  "markdown.extension.tableFormatter.enabled": false,
+  "markdownlint.config": {
+    "MD034": true,
+    "MD028": false,
+    "MD025": {
+      "front_matter_title": ""
+    }
+  },
+  "powershell.codeFormatting.autoCorrectAliases": true,
+  "powershell.codeFormatting.newLineAfterCloseBrace": false,
+  "powershell.codeFormatting.pipelineIndentationStyle": "IncreaseIndentationForFirstPipeline",
+  "powershell.codeFormatting.preset": "OTBS",
+  "powershell.codeFormatting.trimWhitespaceAroundPipe": true,
+  "powershell.codeFormatting.useConstantStrings": true,
+  "powershell.codeFormatting.useCorrectCasing": true,
+  "powershell.codeFormatting.whitespaceBetweenParameters": true,
+  "spellright.documentTypes": ["markdown", "latex", "plaintext"],
+  "spellright.language": ["en"],
+  "yaml.format.singleQuote": true
 }
diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_cuaId.bicep b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_cuaId.bicep
@@ -0,0 +1 @@
+
diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_privateEndpoint.bicep b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_privateEndpoint.bicep
@@ -0,0 +1,50 @@
+param privateEndpointResourceId string
+param privateEndpointVnetLocation string
+param privateEndpointObj object
+param tags object
+
+var privateEndpointResourceName = last(split(privateEndpointResourceId, '/'))
+var privateEndpoint_var = {
+  name: contains(privateEndpointObj, 'name') ? (empty(privateEndpointObj.name) ? '${privateEndpointResourceName}-${privateEndpointObj.service}' : privateEndpointObj.name) : '${privateEndpointResourceName}-${privateEndpointObj.service}'
+  subnetResourceId: privateEndpointObj.subnetResourceId
+  service: [
+    privateEndpointObj.service
+  ]
+  privateDnsZoneResourceIds: contains(privateEndpointObj, 'privateDnsZoneResourceIds') ? (empty(privateEndpointObj.privateDnsZoneResourceIds) ? [] : privateEndpointObj.privateDnsZoneResourceIds) : []
+  customDnsConfigs: contains(privateEndpointObj, 'customDnsConfigs') ? (empty(privateEndpointObj.customDnsConfigs) ? null : privateEndpointObj.customDnsConfigs) : null
+}
+
+resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-03-01' = {
+  name: privateEndpoint_var.name
+  location: privateEndpointVnetLocation
+  tags: tags
+  properties: {
+    privateLinkServiceConnections: [
+      {
+        name: privateEndpoint_var.name
+        properties: {
+          privateLinkServiceId: privateEndpointResourceId
+          groupIds: privateEndpoint_var.service
+        }
+      }
+    ]
+    manualPrivateLinkServiceConnections: []
+    subnet: {
+      id: privateEndpoint_var.subnetResourceId
+    }
+    customDnsConfigs: privateEndpoint_var.customDnsConfigs
+  }
+}
+
+resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-03-01' = if (!empty(privateEndpoint_var.privateDnsZoneResourceIds)) {
+  name: 'default'
+  properties: {
+    privateDnsZoneConfigs: [for privateDnsZoneResourceId in privateEndpoint_var.privateDnsZoneResourceIds: {
+      name: last(split(privateDnsZoneResourceId, '/'))
+      properties: {
+        privateDnsZoneId: privateDnsZoneResourceId
+      }
+    }]
+  }
+  parent: privateEndpoint
+}
diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep b/arm/Microsoft.Synapse/privateLinkHubs/.bicep/nested_rbac.bicep
@@ -0,0 +1,32 @@
+param principalIds array
+param roleDefinitionIdOrName string
+param resourceId string
+
+var builtInRoleNames = {
+  'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
+  'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
+  'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
+  'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293')
+  'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893')
+  'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e')
+  'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae')
+  'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44')
+  'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa')
+  'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb')
+  'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05')
+  'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608')
+  'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
+}
+
+resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' existing = {
+  name: last(split(resourceId, '/'))
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: {
+  name: guid(privateLinkHub.name, principalId, roleDefinitionIdOrName)
+  properties: {
+    roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName
+    principalId: principalId
+  }
+  scope: privateLinkHub
+}]
diff --git a/arm/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json b/arm/Microsoft.Synapse/privateLinkHubs/.parameters/min.parameters.json
@@ -0,0 +1,9 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "name": {
+      "value": "synplhmin001"
+    }
+  }
+}