Use endpoint module for cosmosdb

Azure · Nov 14, 2024 · cc09748 · cc09748
1 parent 3bf5906
commit cc09748
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 53 deletions.
diff --git a/dev-infrastructure/modules/private-endpoint.bicep b/dev-infrastructure/modules/private-endpoint.bicep
@@ -3,12 +3,14 @@ param location string
 @description('The service type the private endpoint is created for')
 @allowed([
   'eventgrid'
+  'cosmosdb'
 ])
 param serviceType string
 
 @description('The group id of the private endpoint service')
 @allowed([
   'topicspace'
+  'Sql'
 ])
 param groupId string
 
@@ -25,6 +27,9 @@ var endpointConfig = {
   eventgrid: {
     topicspace: 'privatelink.ts.eventgrid.azure.net'
   }
+  cosmosdb: {
+    Sql: 'privatelink.documents.azure.com'
+  }
 }
 
 resource eventGridPrivateEndpointDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {

diff --git a/dev-infrastructure/modules/rp-cosmos.bicep b/dev-infrastructure/modules/rp-cosmos.bicep
@@ -82,59 +82,15 @@ resource cosmosDbAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
   }
 }
 
-resource cosmosDbPrivateEndpoint 'Microsoft.Network/privateEndpoints@2023-09-01' = {
-  name: '${name}-private-endpoint'
-  location: location
-  properties: {
-    privateLinkServiceConnections: [
-      {
-        name: '${name}-private-endpoint'
-        properties: {
-          privateLinkServiceId: cosmosDbAccount.id
-          groupIds: [
-            'Sql'
-          ]
-        }
-      }
-    ]
-    subnet: {
-      id: aksNodeSubnetId
-    }
-  }
-}
-
-resource cosmosPrivateEndpointDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
-  // https://github.com/Azure/bicep/issues/12482
-  // There is no environments().suffixes constant for this
-  name: 'privatelink.documents.azure.com'
-  location: 'global'
-  properties: {}
-}
-
-resource cosmosPrivateEndpointDnsZoneLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
-  parent: cosmosPrivateEndpointDnsZone
-  name: 'link'
-  location: 'global'
-  properties: {
-    registrationEnabled: false
-    virtualNetwork: {
-      id: vnetId
-    }
-  }
-}
-
-resource cosmosPrivateEndpointDnsGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-09-01' = {
-  parent: cosmosDbPrivateEndpoint
-  name: '${name}-dns-group'
-  properties: {
-    privateDnsZoneConfigs: [
-      {
-        name: 'config1'
-        properties: {
-          privateDnsZoneId: cosmosPrivateEndpointDnsZone.id
-        }
-      }
-    ]
+module serviceCosmosdbPrivateEndpoint '../modules/private-endpoint.bicep' = {
+  name: '${deployment().name}-svcs-kv-pe'
+  params: {
+    location: location
+    subnetIds: [aksNodeSubnetId]
+    vnetId: vnetId
+    privateLinkServiceId: cosmosDbAccount.id
+    serviceType: 'cosmosdb'
+    groupId: 'Sql'
   }
 }