Implement IAzurePrivateEndpointTarget on more Azure resources#14360
Implement IAzurePrivateEndpointTarget on more Azure resources#14360eerhardt merged 3 commits intodotnet:mainfrom
Conversation
Follow up to dotnet#13108 Contributes to dotnet#13750
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 14360Or
iex "& { $(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 14360" |
There was a problem hiding this comment.
Pull request overview
This pull request implements the IAzurePrivateEndpointTarget interface on additional Azure resources to enable private endpoint support for secure network isolation. This is a follow-up to PR #13108 and contributes to issue #13750 which aims to support Azure Virtual Networks and Private Endpoints for critical resources.
Changes:
- Implements
IAzurePrivateEndpointTargetinterface on 13 Azure resource types (CosmosDB, SQL Server, PostgreSQL, Redis, Service Bus, Event Hubs, Key Vault, App Configuration, Search, SignalR, Web PubSub, and Storage sub-resources Table and DataLake) - Adds private endpoint detection logic to conditionally disable public network access when private endpoints are configured
- Skips firewall rule provisioning when resources use private endpoints
- Outputs resource IDs in Bicep templates for private endpoint linking
- Adds comprehensive test coverage with 11 new test methods and 2 additional storage tests
- Updates 80+ snapshot test files to include resource ID outputs
Reviewed changes
Copilot reviewed 112 out of 112 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/Aspire.Hosting.Azure.{Service}/Azure{Service}Resource.cs (13 files) | Implements IAzurePrivateEndpointTarget interface with Id property, GetPrivateLinkGroupIds(), and GetPrivateDnsZoneName() methods |
| src/Aspire.Hosting.Azure.{Service}/Azure{Service}Extensions.cs (11 files) | Adds private endpoint detection logic and conditional public network access disabling |
| tests/Aspire.Hosting.Azure.Tests/AzurePrivateEndpointLockdownTests.cs | New test file with 11 tests covering private endpoint scenarios for all supported services |
| tests/Aspire.Hosting.Azure.Tests/AzureStoragePrivateEndpointLockdownTests.cs | Adds 2 new tests for Table and DataLake storage private endpoints |
| tests/Aspire.Hosting.Azure.Tests/Snapshots/*.verified.bicep (80+ files) | Updates snapshot tests to include resource ID outputs and verify correct Bicep generation |
✅ Manual Testing Summary — Private Endpoint SupportTested the new CLI Version: Test App SetupAppHost — configured with:
API Service (ASP.NET Core minimal APIs):
ResultDeployed to Azure and verified both CosmosDB and Redis are accessible through private endpoints. Both read and write operations succeeded via the API endpoints. |
Description
Follow up to #13108
Contributes to #13750
Checklist
<remarks />and<code />elements on your triple slash comments?aspire.devissue: