Menu
I am developing an ARM template for Azure Data Factory with managed private endpoints to SQL Server and Azure Datalake. However, when the ARM template completes execution, the managed private endpoints are in "Pending" state. How can I provision the managed private endpoint so that it gets provisioned as "Approved" once ADF is completely provisioned using ARM Template. Following is my template.json file:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"environment": {
"type": "string",
"metadata": {
"description": "name of environment for deployment"
}
},
"project": {
"type": "string",
"metadata": {
"description": "name of the project for building the name of resources"
}
},
"location": {
"defaultValue": "eastus",
"type": "string"
},
"adfFactoryName": {
"type": "string"
},
"adfVersion": {
"type": "string"
},
"tags": {
"type": "object",
"metadata": {
"description": "tags to add to resources"
}
},
"adfVNetEnabled": {
"type": "bool"
},
"adfPublicNetworkAccess": {
"type": "bool"
},
"adfAzureDatabricksDomain": {
"type": "string",
"metadata": "Azure Databricks existing cluster Id"
},
"adfAzureDatabricksExistingClusterId": {
"type": "string",
"metadata": "Azure Databricks existing cluster Id"
},
"adfDataLakeConnectionString": {
"type": "string",
"metadata": "Azure Data Lake connection string"
},
"adfDataFactoryIdentity": {
"type": "string",
"metadata": "Identity type for data factory"
},
"adfLSASDBConnectionString": {
"type": "string",
"metadata": "SQL DB connection string"
},
"adfKVBaseURL": {
"type": "string",
"metadata": "Keyvault connection string"
},
"adfDataLakeStorageName": {
"type": "string",
"metadata": "Azure Data lake Storage Name"
},
"adfDataLakeStorageGroupId": {
"type": "string",
"metadata": "Azure Data lake Storage Group ID"
},
"adfSqlServerName": {
"type": "string",
"metadata": "Azure SQL Server name"
},
"adfSqlServerGroupId": {
"type": "string",
"metadata": "Azure SQL Server Group ID"
}
},
"variables": {
"factoryId": "[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]",
"managedVirtualNetworkName": "[concat(parameters('adfFactoryName'), '/default')]"
},
"resources": [
{
"condition": "[equals(parameters('adfVersion'), 'V2')]",
"type": "Microsoft.DataFactory/factories",
"apiVersion": "2018-06-01",
"name": "[parameters('adfFactoryName')]",
"location": "[parameters('location')]",
"identity": {
"type": "[parameters('adfDataFactoryIdentity')]"
},
"properties": {
"publicNetworkAccess": "[if(bool(parameters('adfPublicNetworkAccess')), 'Enabled', 'Disabled')]"
},
"tags": "[parameters('tags')]",
"resources": [
{
"condition": "[and(equals(parameters('adfVersion'), 'V2'), parameters('adfVNetEnabled'))]",
"name": "[concat(parameters('adfFactoryName'), '/default')]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks",
"apiVersion": "2018-06-01",
"properties": {},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]"
]
},
{
"condition": "[and(equals(parameters('adfVersion'), 'V2'), parameters('adfVNetEnabled'))]",
"name": "[concat(parameters('adfFactoryName'), '/DDIR')]",
"type": "Microsoft.DataFactory/factories/integrationRuntimes",
"apiVersion": "2018-06-01",
"properties": {
"type": "Managed",
"managedVirtualNetwork": {
"referenceName": "default",
"type": "ManagedVirtualNetworkReference"
},
"typeProperties": {
"computeProperties": {
"location": "[parameters('location')]"
}
}
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'))]",
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureKeyVault')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureKeyVault",
"typeProperties": {
"baseUrl": "[parameters('adfKVBaseURL')]"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureDatabricks_LinkedService')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureDatabricks",
"typeProperties": {
"domain": "[parameters('adfAzureDatabricksDomain')]",
"accessToken": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault",
"type": "LinkedServiceReference"
},
"secretName": "[concat('kvs-databricks-',parameters('environment'), 'aue', parameters('project'))]"
},
"existingClusterId": "[parameters('adfAzureDatabricksExistingClusterId')]"
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]",
"[concat(variables('factoryId'), '/linkedServices/AzureKeyVault')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/AzureDatalake_DDIR')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureBlobFS",
"typeProperties": {
"url": "[parameters('adfDataLakeConnectionString')]"
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/LS_ASDB')]",
"type": "Microsoft.DataFactory/factories/linkedServices",
"apiVersion": "2018-06-01",
"properties": {
"annotations": [],
"type": "AzureSqlDatabase",
"typeProperties": {
"connectionString": "[parameters('adfLSASDBConnectionString')]",
"password": {
"type": "AzureKeyVaultSecret",
"store": {
"referenceName": "AzureKeyVault",
"type": "LinkedServiceReference"
},
"secretName": "kvs-synapsepwd-devauegteng"
}
},
"connectVia": {
"referenceName": "DDIR",
"type": "IntegrationRuntimeReference"
}
},
"dependsOn": [
"[parameters('adfFactoryName')]",
"[concat(variables('factoryId'), '/integrationRuntimes/DDIR')]",
"[concat(variables('factoryId'), '/linkedServices/AzureKeyVault')]"
]
}
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/default/',parameters('adfDataLakeStorageName'))]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"properties": {
"privateLinkResourceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('adfDataLakeStorageName'))]",
"groupId": "[parameters('adfDataLakeStorageGroupId')]"
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
},
{
"name": "[concat(parameters('adfFactoryName'), '/default/',parameters('adfSqlServerName'))]",
"type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
"apiVersion": "2018-06-01",
"properties": {
"privateLinkResourceId": "[resourceId('Microsoft.Sql/servers', parameters('adfSqlServerName'))]",
"groupId": "[parameters('adfSqlServerGroupId')]"
},
"dependsOn": [
"[concat('Microsoft.DataFactory/factories/', parameters('adfFactoryName'), '/managedVirtualNetworks/default')]"
]
}
]
}
723
Azure Private Link Center and Approving Private EndpointsIn Azure, search for Private Link and then select Private Link from the list of services returned. Once in the Private Link Center go to Pending Connections, from here, you can approve, reject or remove any connections that may be pending.
Approve the managed private endpointIn the Azure portal, navigate to your Event Hubs service and then select Networking. Select Private endpoint connections, select the managed private endpoint you created, and then select Approve. In the Connection state column, verify that the managed private endpoint is approved.
Select + New under Managed private endpoints. Select the Azure SQL Database tile from the list, and select Continue. Enter the name of the SQL server you selected. Select Create.
I ran in the same problem and created a Az Powershell script function to help me out.
function ApprovePrivateEndpointConnections {
param (
[string] $ResourceGroupName,
[string] $ResourceName
)
$Resource = Get-AzResource -Name $ResourceName -ResourceGroupName $ResourceGroup
if ($Resource) {
$ResourcePendingConnection = Get-AzPrivateEndpointConnection -PrivatelinkResourceId $Resource.ResourceId | Where-Object -FilterScript {$_.PrivateLinkServiceConnectionState.Status -EQ 'Pending'}
if ($ResourcePendingConnection) {
foreach ($Connection in $ResourcePendingConnection)
{
Approve-AzPrivateEndpointConnection -ResourceId $Connection.Id
}
}
else
{
Write-Output 'No pending connections for Resource: ' $ResourceName
}
}
else
{
Write-Output 'No resource found with name: ' $ResourceName
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
