Enterprise-Scale
Enterprise-Scale copied to clipboard
Azure
Bug Report: Private Endpoints policy initiative has a missing parameter for AML workspaces private endpoints
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Versions
terraform:
azure provider:
module:
Description
Describe the bug
The built-in policy to manage private endpoints for Azure Machine Learning workspaces ("Configure Azure Machine Learning workspace to use private DNS zones", ee40564d-486e-4f68-a5ca-7a621edae0fb) has two zone parameters, privateDnsZoneId and secondPrivateDnsZoneId, to cover "privatelink.api.azureml.ms" and "privatelink.notebooks.azure.net" zones respectively.
However, the ALZ policy initiative definition at [modules/archetypes/lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.tmpl.json] only supports one parameter, leaving AML private endpoints incomplete.
Steps to Reproduce
- Create AML workspace private endpoint with ALZ initiative applied to the scope.
- Configure the initiative with either "privatelink.api.azureml.ms" or "privatelink.notebooks.azure.net" as parameter, as the initiative only supports one zone.
- The private endpoint does not get properly configured.
Screenshots
Missing blocks in the policy initiative definition:
Additional context
@juanandmsft thanks for raising this issue. We will address this but may not make it in this CY. It's on the backlog, so we will address this asap. AB#32352
See related issue #1482
@juanandmsft We have a PR awaiting merge to Policy-Refresh addressing this issue: https://github.com/Azure/Enterprise-Scale/pull/1621 As no further action is needed, I'll be closing this issue.