fix: Private DNS Zones Bug (#695)

[jtracey93]

Overview/Summary

This PR Fixes the Private DNS Zones Bug #695

Related Issues/Work Items

Fixes #695

This PR fixes/adds/changes/removes

• Fixes Bicep Accelerator Private DNS Zone for "privatelink.*.backup.windowsazure.com" Incorrectly lists uksouth #695

Breaking Changes

A number of breaking changes

Draft Release Notes

The local private DNS zones modules (privateDnsZones.bicep) has been replaced in the networking related modules in this repo with the AVM Pattern module of avm/ptn/network/private-link-private-dns-zones to resolve bug #695.

This has meant some breaking changes to each of the networking modules that are detailed below.

privateDnsZones.bicep

• This module has been removed as of v0.20.0 and replaced with the AVM Pattern Module of avm/ptn/network/private-link-private-dns-zones. Please use this module going forward.

hubNetworking.bicep & hubNetworking-multiRegion.bicep

• parPrivateDnsZones default value changed to an empty array ([])
  • Only enter values in here if you want to override the defaults in the underlying AVM pattern module. See: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones
• parPrivateDnsZoneAutoMergeAzureBackupZone removed from module
• parVirtualNetworkResourceIdsToLinkTo added to module, you can prefer to use this parameter instead of parVirtualNetworkIdToLink & parVirtualNetworkIdToLinkFailover if you wish (they are automatically all merged together by the module anyway)
• The value returned in outPrivateDnsZones has changed

From:

[
  {
    "name": "privatelink.api.azureml.ms",
    "id": "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
  },
  {
    "name": "privatelink.notebooks.azure.net",
    "id": "subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
  },
  …
]

To:

[
  {
    "pdnsZoneName": "privatelink.api.azureml.ms",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  {
    "pdnsZoneName": "privatelink.notebooks.azure.net",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  …
]

vwanConnectivity.bicep

• parPrivateDnsZones default value changed to an empty array ([])
  • Only enter values in here if you want to override the defaults in the underlying AVM pattern module. See: https://github.com/Azure/bicep-registry-modules/tree/main/avm/ptn/network/private-link-private-dns-zones#parameter-privatelinkprivatednszones
• parVirtualNetworkIdToLink & parVirtualNetworkIdToLinkFailover removed from module and replaced with parVirtualNetworkResourceIdsToLinkTo
• The value returned in outPrivateDnsZones has changed

From:

[
  {
    "name": "privatelink.api.azureml.ms",
    "id": "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.api.azureml.ms"
  },
  {
    "name": "privatelink.notebooks.azure.net",
    "id": "subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/privateDnsZones/privatelink.notebooks.azure.net"
  },
  …
]

To:

[
  {
    "pdnsZoneName": "privatelink.api.azureml.ms",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  {
    "pdnsZoneName": "privatelink.notebooks.azure.net",
    "virtualNetworkResourceIdsToLinkTo": [
      "/subscriptions/<subID>/resourceGroups/<rgID>/providers/Microsoft.Network/virtualNetworks/alz-hub-uksouth"
    ]
  },
  …
]

Testing Evidence

As part of this Pull Request I have

• Read the Contribution Guide and ensured this PR is compliant with the guide
• Ensured the resource API versions in .bicep file/s I am adding/editing are using the latest API version possible
• Checked for duplicate Pull Requests
• Associated it with relevant GitHub Issues
• (ALZ Bicep Core Team Only) Associated it with relevant ADO Items
• Ensured my code/branch is up-to-date with the latest changes in the main branch
• Performed testing and provided evidence.
• Updated one or more of the following tests (if required)
  • Unit
  • Linting
  • E2E (End-To-End)
  • ValidateAzCloud (Base validation in Azure Cloud)
  • ValidateMcCloud (Base validation in Azure China Cloud)
• Updated relevant and associated documentation (e.g. Contribution Guide, Module READMEs, Wiki Docs etc.)
• If relevant, created or updated Code Tours here

[jtracey93]

@oZakari & @sebassem would appreciate a review here. Especially around the accelerator and multi region angle

[sebassem]

LGTM , should we add an example specifically for multi-region to make it clear how to add region-aware private dns zones ?

[jtracey93]

LGTM , should we add an example specifically for multi-region to make it clear how to add region-aware private dns zones ?

@sebassem is this not already in the hub spoke multi-region, where i call the DNS zones twice with a different location.

I actually plan on adding the feature to my AVM modules to make it a simpler toggle

[oZakari]

LGTM and you're good with the multi-region adjustments you made from my point of view.

I also tested the Accelerator, and all looks good. Thanks much!

[oZakari]

/azp run validateazcloud

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).