fix: private endpoint

README.md

@@ -53,12 +53,14 @@ If your deployment creates multiple managed private endpoints for different Azur
 | Name | Version |
 |------|---------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_azapi"></a> [azapi](#requirement\_azapi) | 1.12.1 |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) | >= 3.40.0 |
 
 ## Providers
 
 | Name | Version |
 |------|---------|
+| <a name="provider_azapi"></a> [azapi](#provider\_azapi) | 1.12.1 |
 | <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 3.40.0 |
 
 ## Modules
@@ -69,12 +71,16 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [azapi_update_resource.adls](https://registry.terraform.io/providers/Azure/azapi/1.12.1/docs/resources/update_resource) | resource |
+| [azapi_update_resource.databricks_approval](https://registry.terraform.io/providers/Azure/azapi/1.12.1/docs/resources/update_resource) | resource |
+| [azapi_update_resource.keyvault_approval](https://registry.terraform.io/providers/Azure/azapi/1.12.1/docs/resources/update_resource) | resource |
 | [azurerm_data_factory.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory) | resource |
 | [azurerm_data_factory_integration_runtime_azure.auto_resolve](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_integration_runtime_azure) | resource |
 | [azurerm_data_factory_integration_runtime_self_hosted.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_integration_runtime_self_hosted) | resource |
 | [azurerm_data_factory_managed_private_endpoint.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/data_factory_managed_private_endpoint) | resource |
 | [azurerm_monitor_diagnostic_setting.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/monitor_diagnostic_setting) | resource |
 | [azurerm_role_assignment.data_factory](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
+| [azapi_resource.this](https://registry.terraform.io/providers/Azure/azapi/1.12.1/docs/data-sources/resource) | data source |
 | [azurerm_monitor_diagnostic_categories.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/monitor_diagnostic_categories) | data source |
 
 ## Inputs
@@ -90,16 +96,17 @@ No modules.
 | <a name="input_custom_diagnostics_name"></a> [custom\_diagnostics\_name](#input\_custom\_diagnostics\_name) | Specifies the name of Diagnostic Settings that monitors ADF | `string` | `null` | no |
 | <a name="input_custom_shir_name"></a> [custom\_shir\_name](#input\_custom\_shir\_name) | Specifies the name of Self Hosted Integration runtime | `string` | `null` | no |
 | <a name="input_env"></a> [env](#input\_env) | Environment name | `string` | n/a | yes |
-| <a name="input_global_parameter"></a> [global\_parameter](#input\_global\_parameter) | Configuration of data factory global parameters | <pre>list(object({<br>    name  = string<br>    type  = optional(string, "String")<br>    value = string<br>  }))</pre> | `[]` | no |
+| <a name="input_global_parameter"></a> [global\_parameter](#input\_global\_parameter) | Configuration of adf global parameters | <pre>list(object({<br>    name  = string<br>    type  = optional(string, "String")<br>    value = string<br>  }))</pre> | `[]` | no |
 | <a name="input_location"></a> [location](#input\_location) | Azure location | `string` | n/a | yes |
 | <a name="input_log_analytics_workspace"></a> [log\_analytics\_workspace](#input\_log\_analytics\_workspace) | Log Analytics Workspace Name to ID map | `map(string)` | `{}` | no |
-| <a name="input_managed_private_endpoint"></a> [managed\_private\_endpoint](#input\_managed\_private\_endpoint) | The ID  and sub resource name of the Private Link Enabled Remote Resource which this Data Factory Private Endpoint should be connected to | <pre>set(object({<br>    name               = string<br>    target_resource_id = string<br>    subresource_name   = string<br>  }))</pre> | `[]` | no |
+| <a name="input_managed_private_endpoint"></a> [managed\_private\_endpoint](#input\_managed\_private\_endpoint) | The ID  and sub resource name of the Private Link Enabled Remote Resource which this Data Factory Private Endpoint should be connected to | <pre>set(object({<br>    name               = string<br>    target_resource_id = string<br>    subresource_name   = string<br>    type               = optional(string)<br>    resource_id        = optional(string)<br>  }))</pre> | `[]` | no |
 | <a name="input_managed_virtual_network_enabled"></a> [managed\_virtual\_network\_enabled](#input\_managed\_virtual\_network\_enabled) | Is Managed Virtual Network enabled? | `bool` | `true` | no |
 | <a name="input_permissions"></a> [permissions](#input\_permissions) | Data Factory permision map | `list(map(string))` | <pre>[<br>  {<br>    "object_id": null,<br>    "role": null<br>  }<br>]</pre> | no |
 | <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
 | <a name="input_public_network_enabled"></a> [public\_network\_enabled](#input\_public\_network\_enabled) | Is the Data Factory visible to the public network? | `bool` | `false` | no |
 | <a name="input_resource_group"></a> [resource\_group](#input\_resource\_group) | The name of the resource group in which to create the storage account | `string` | n/a | yes |
 | <a name="input_self_hosted_integration_runtime_enabled"></a> [self\_hosted\_integration\_runtime\_enabled](#input\_self\_hosted\_integration\_runtime\_enabled) | Self Hosted Integration runtime | `bool` | `false` | no |
+| <a name="input_storage_account_id"></a> [storage\_account\_id](#input\_storage\_account\_id) | storage Account Id | `string` | `null` | no |
 | <a name="input_tags"></a> [tags](#input\_tags) | A mapping of tags to assign to the resource | `map(any)` | `{}` | no |
 | <a name="input_time_to_live_min"></a> [time\_to\_live\_min](#input\_time\_to\_live\_min) | TTL for Integration runtime | `string` | `15` | no |
 | <a name="input_virtual_network_enabled"></a> [virtual\_network\_enabled](#input\_virtual\_network\_enabled) | Managed Virtual Network for Integration runtime | `bool` | `true` | no |

main.tf

@@ -25,7 +25,6 @@ resource "azurerm_data_factory" "this" {
       value = global_parameter.value.value
     }
   }
-
   dynamic "vsts_configuration" {
     for_each = length(var.vsts_configuration) == 0 ? [] : [var.vsts_configuration]
 

managed_endpoints.tf

@@ -12,3 +12,88 @@ resource "azurerm_data_factory_managed_private_endpoint" "this" {
   target_resource_id = each.value.target_resource_id
   subresource_name   = each.value.subresource_name
 }
+
+data "azapi_resource" "this" {
+  for_each = { for i in var.managed_private_endpoint : i.name => i }
+
+  type                   = each.value.type
+  resource_id            = each.value.subresource_name == "dfs" ? var.storage_account_id : each.value.target_resource_id
+  response_export_values = ["properties.privateEndpointConnections"]
+
+  depends_on = [
+    azurerm_data_factory_managed_private_endpoint.this
+  ]
+}
+
+# Adls
+resource "azapi_update_resource" "adls" {
+  for_each = { for i in var.managed_private_endpoint : i.name => i if i.type == "Microsoft.Storage/storageAccounts@2023-01-01" }
+
+  name = one([
+    for connection in jsondecode(data.azapi_resource.this[each.key].output).properties.privateEndpointConnections
+    : connection.name
+    if
+    endswith(connection.properties.privateLinkServiceConnectionState.description, "${each.key}-${var.env}")
+  ])
+  type      = "Microsoft.Storage/storageAccounts/privateEndpointConnections@2023-01-01"
+  parent_id = each.value.subresource_name == "dfs" ? var.storage_account_id : each.value.target_resource_id
+
+  body = jsonencode({
+    properties = {
+      privateLinkServiceConnectionState = {
+        description = "Approved via Terraform ${azurerm_data_factory_managed_private_endpoint.this["${each.key}-dev"].name}"
+        status      = "Approved"
+      }
+    }
+  })
+
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+# key vault
+resource "azapi_update_resource" "keyvault_approval" {
+  for_each = { for i in var.managed_private_endpoint : i.name => i if i.type == "Microsoft.KeyVault/vaults@2022-07-01" }
+
+  name = "${basename([for connection in [for connection in jsondecode(data.azapi_resource.this[each.key].output).properties.privateEndpointConnections : connection]
+  : connection.properties.privateEndpoint.id][0])}-conn"
+  type      = "Microsoft.KeyVault/vaults/privateEndpointConnections@2022-07-01"
+  parent_id = each.value.target_resource_id
+
+  body = jsonencode({
+    properties = {
+      privateLinkServiceConnectionState = {
+        description = "Approved via Terraform, azapi_update_resource."
+        status      = "Approved"
+      }
+    }
+  })
+
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+# Databricks workspace 
+resource "azapi_update_resource" "databricks_approval" {
+  for_each = { for i in var.managed_private_endpoint : i.name => i if i.type == "Microsoft.Databricks/workspaces@2023-02-01" }
+
+  name = "${basename([for i in [for connection in [for connection in jsondecode(data.azapi_resource.this[each.key].output).properties.privateEndpointConnections : connection]
+  : connection.properties.privateEndpoint.id] : i if strcontains(i, "adf")][0])}-conn"
+  type      = "Microsoft.Databricks/workspaces/privateEndpointConnections@2023-02-01"
+  parent_id = each.value.target_resource_id
+
+  body = jsonencode({
+    properties = {
+      privateLinkServiceConnectionState = {
+        description = "Approved via Terraform, azapi_update_resource."
+        status      = "Approved"
+      }
+    }
+  })
+
+  lifecycle {
+    ignore_changes = all
+  }
+}

variables.tf

@@ -131,6 +131,8 @@ variable "managed_private_endpoint" {
     name               = string
     target_resource_id = string
     subresource_name   = string
+    type               = optional(string)
+    resource_id        = optional(string)
   }))
   description = "The ID  and sub resource name of the Private Link Enabled Remote Resource which this Data Factory Private Endpoint should be connected to"
   default     = []
@@ -143,5 +145,11 @@ variable "global_parameter" {
     value = string
   }))
   default     = []
-  description = "Configuration of data factory global parameters"
+  description = "Configuration of adf global parameters"
+}
+
+variable "storage_account_id" {
+  type        = string
+  default     = null
+  description = "storage Account Id"
 }

versions.tf

@@ -6,5 +6,9 @@ terraform {
       source  = "hashicorp/azurerm"
       version = ">= 3.40.0"
     }
+    azapi = {
+      source  = "Azure/azapi"
+      version = "1.12.1"
+    }
   }
 }