github Azure/terraform-azurerm-avm-ptn-network-private-link-private-dns-zones v0.20.0
on GitHub

10 hours ago

Changes

Breaking Change: Removed ability to create resource group as part of module

  • Moved virtual network link configuration from each zone entry to a set of new variables. The purpose is to prevent users from having to enumerate all of the private link private DNS zones if they wish to modify the resolution policy for a specific zone and virtual network link. This only changes how inputs are supplied.
  • Resource addressing stays the same, so upgrades from v0.18.0 to v0.20.0 do not need moved or refactoring blocks. If you are upgrading from a release earlier than v0.18.0, you must still follow the migration steps documented in the README.

New Variables Added

  • virtual_network_links_default: A map of objects of Virtual Network Resource IDs to link to all the Private Link Private DNS Zones created. The map key is deliberately arbitrary to avoid issues where map keys may be unknown at plan time.
    • This is what the variable virtual_network_resource_ids_to_link_to in v0.18.0 and prior was used for.
  • virtual_network_link_overrides: A map of maps overrides for specific Virtual Network Links.
    • The first key is the Private DNS Zone map key from the private_link_private_dns_zones or private_link_private_dns_zones_additional variables.
    • The second key is the Virtual Network Link map key from virtual_network_links.
    • In v0.19.0 this is functionality that the virtual_network_links within each private dns zone provided in the private_link_private_dns_zones or private_link_private_dns_zones_additional variables.
  • virtual_network_links_per_zone: A map of maps of objects of Virtual Network Resource IDs to link to specific Private Link Private DNS Zones.
    • The first key is the the Private DNS Zone map key from the private_link_private_dns_zones or private_link_private_dns_zones_additional variables.
    • The second key is an arbitrary map key for the Virtual Network Link. If this key matches a key in the virtual_network_links_default variable, this entry will take precedence.
    • Use this variable when it is necessary to override the virtual_network_resource_id property of a virtual network link since the variable virtual_network_link_overrides only allows for the override of the resolution policy and virtual network link name.

Example resource declaration

v0.18.0 and prior
module "test" {
  source = "../../"

  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
  enable_telemetry    = var.enable_telemetry
  private_link_private_dns_zones = {
    "custom_zone_1" = {
      zone_name                              = "custom-example-1.int"
      private_dns_zone_supports_private_link = false
    }
    "custom_zone_2" = {
      zone_name                              = "custom-example-2.local"
      private_dns_zone_supports_private_link = false
    }
    "custom_zone_3" = {
      zone_name                              = "custom-example-3-{regionName}.local"
      private_dns_zone_supports_private_link = false
    }
    "custom_zone_4" = {
      zone_name                              = "custom-example-4-{regionCode}.local"
      private_dns_zone_supports_private_link = false
    }
  }
  virtual_network_resource_ids_to_link_to = {
    "vnet1" = {
      vnet_resource_id  = azurerm_virtual_network.this_1.id
      resolution_policy = "Default"
    }
    "vnet2" = {
      vnet_resource_id  = azurerm_virtual_network.this_2.id
      resolution_policy = "NxDomainRedirect" # This won't be passed through as the zones above are marked as not supporting private link
    }
  }
  resource_group_creation_enabled = false
  tags = {
    "env"             = "example"
    "example-tag-key" = "example tag value"
  }
}
v0.19.0 code example

module "test" {
  source = "../../"

  location            = azurerm_resource_group.this.location
  resource_group_name = azurerm_resource_group.this.name
  enable_telemetry    = var.enable_telemetry
  private_link_private_dns_zones = {
    "custom_zone_1" = {
      zone_name                              = "custom-example-1.int"
      private_dns_zone_supports_private_link = false
      virtual_network_links = {
        "vnet1" = {
          virtual_network_resource_id = azurerm_virtual_network.this_1.id
          resolution_policy           = "Default"
        }
        "vnet2" = {
          virtual_network_resource_id = azurerm_virtual_network.this_2.id
          resolution_policy           = "NxDomainRedirect" # This won't be passed through as the zones above are marked as not supporting private link
        }
      }
    }
    "custom_zone_2" = {
      zone_name                              = "custom-example-2.local"
      private_dns_zone_supports_private_link = false
      virtual_network_links = {
        "vnet1" = {
          virtual_network_resource_id = azurerm_virtual_network.this_1.id
          resolution_policy           = "Default"
        }
        "vnet2" = {
          virtual_network_resource_id = azurerm_virtual_network.this_2.id
          resolution_policy           = "NxDomainRedirect" # This won't be passed through as the zones above are marked as not supporting private link
        }
      }
    }
    "custom_zone_3" = {
      zone_name                              = "custom-example-3-{regionName}.local"
      private_dns_zone_supports_private_link = false
      virtual_network_links = {
        "vnet1" = {
          virtual_network_resource_id = azurerm_virtual_network.this_1.id
          resolution_policy           = "Default"
        }
        "vnet2" = {
          virtual_network_resource_id = azurerm_virtual_network.this_2.id
          resolution_policy           = "NxDomainRedirect" # This won't be passed through as the zones above are marked as not supporting private link
        }
      }
    }
    "custom_zone_4" = {
      zone_name                              = "custom-example-4-{regionCode}.local"
      private_dns_zone_supports_private_link = false
      virtual_network_links = {
        "vnet1" = {
          virtual_network_resource_id = azurerm_virtual_network.this_1.id
          resolution_policy           = "Default"
        }
        "vnet2" = {
          virtual_network_resource_id = azurerm_virtual_network.this_2.id
          resolution_policy           = "NxDomainRedirect" # This won't be passed through as the zones above are marked as not supporting private link
        }
      }
    }
  }
  resource_group_creation_enabled = false
  tags = {
    "env"             = "example"
    "example-tag-key" = "example tag value"
  }
}
v0.20.0 code example

module "test" {
  source = "../../"

  location         = local.regions_with_geo_code[random_integer.region_index.result].name
  parent_id        = azurerm_resource_group.this.id
  enable_telemetry = var.enable_telemetry
  private_link_excluded_zones = [
    "azure_ml_notebooks",
    "privatelink.{regionName}.azurecontainerapps.io",
    "privatelink.tip1.powerquery.microsoft.com"
  ]
  virtual_network_link_overrides = {
    azure_container_apps = {
      vnet2 = {
        resolution_policy = "NxDomainRedirect"
      }
    }
    azure_ml_notebooks = {
      vnet2 = {
        resolution_policy = "NxDomainRedirect"
      }
    }
    azure_power_bi_power_query = {
      vnet2 = {
        resolution_policy = "NxDomainRedirect"
      }
    }
  }
  virtual_network_links_default = {
    "vnet1" = {
      virtual_network_resource_id                 = azurerm_virtual_network.this_1.id
      virtual_network_link_name_template_override = "vnet1-link"
    }
    "vnet2" = {
      virtual_network_resource_id                 = azurerm_virtual_network.this_2.id
      virtual_network_link_name_template_override = "$${vnet_key}-link"
    }
  }
}
Check out latest releases or
releases around Azure/terraform-azurerm-avm-ptn-network-private-link-private-dns-zones v0.20.0

Don't miss a new terraform-azurerm-avm-ptn-network-private-link-private-dns-zones release

NewReleases is sending notifications on new releases.

Get notifications