Enabled Multiple Private ENdpoints for Azure ML (#78)

Azure · Sep 6, 2021 · 9c4b63b · 9c4b63b
1 parent e1cbf61
commit 9c4b63b
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 52 deletions.
diff --git a/infra/main.json b/infra/main.json
@@ -5,7 +5,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.4.613.9944",
-      "templateHash": "7888017075736619877"
+      "templateHash": "1700505257903612354"
     }
   },
   "parameters": {
@@ -902,7 +902,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.4.613.9944",
-              "templateHash": "9695930882477716907"
+              "templateHash": "17791774633133493240"
             }
           },
           "parameters": {
@@ -1126,6 +1126,48 @@
                 "[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints', parameters('datafactoryName'), 'default', replace(variables('keyVault001Name'), '-', ''))]",
                 "[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', parameters('datafactoryName'), variables('datafactoryDefaultManagedVnetIntegrationRuntimeName'))]"
               ]
+            },
+            {
+              "type": "Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints",
+              "apiVersion": "2018-06-01",
+              "name": "[format('{0}/{1}/{2}', parameters('datafactoryName'), 'default', replace(variables('machineLearning001Name'), '-', ''))]",
+              "properties": {
+                "fqdns": [],
+                "groupId": "amlworkspace",
+                "privateLinkResourceId": "[parameters('machineLearning001Id')]"
+              },
+              "dependsOn": [
+                "[resourceId('Microsoft.DataFactory/factories', parameters('datafactoryName'))]",
+                "[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks', parameters('datafactoryName'), 'default')]"
+              ]
+            },
+            {
+              "type": "Microsoft.DataFactory/factories/linkedservices",
+              "apiVersion": "2018-06-01",
+              "name": "[format('{0}/{1}', parameters('datafactoryName'), replace(variables('machineLearning001Name'), '-', ''))]",
+              "properties": {
+                "type": "AzureMLService",
+                "annotations": [],
+                "connectVia": {
+                  "type": "IntegrationRuntimeReference",
+                  "referenceName": "[variables('datafactoryDefaultManagedVnetIntegrationRuntimeName')]",
+                  "parameters": {}
+                },
+                "description": "Machine Learning for executing Pipelines.",
+                "parameters": {},
+                "typeProperties": {
+                  "tenant": "[subscription().tenantId]",
+                  "subscriptionId": "[variables('machineLearning001SubscriptionId')]",
+                  "resourceGroupName": "[variables('machineLearning001ResourceGroupName')]",
+                  "mlWorkspaceName": "[variables('machineLearning001Name')]",
+                  "authentication": "MSI"
+                }
+              },
+              "dependsOn": [
+                "[resourceId('Microsoft.DataFactory/factories', parameters('datafactoryName'))]",
+                "[resourceId('Microsoft.DataFactory/factories/integrationRuntimes', parameters('datafactoryName'), variables('datafactoryDefaultManagedVnetIntegrationRuntimeName'))]",
+                "[resourceId('Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints', parameters('datafactoryName'), 'default', replace(variables('machineLearning001Name'), '-', ''))]"
+              ]
             }
           ],
           "outputs": {
@@ -2144,7 +2186,7 @@
             "_generator": {
               "name": "bicep",
               "version": "0.4.613.9944",
-              "templateHash": "16463397985929739690"
+              "templateHash": "6516904727605558714"
             }
           },
           "parameters": {
@@ -2228,7 +2270,7 @@
           "resources": [
             {
               "type": "Microsoft.MachineLearningServices/workspaces",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[parameters('machineLearningName')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2253,13 +2295,14 @@
                 "applicationInsights": "[parameters('applicationInsightsId')]",
                 "containerRegistry": "[parameters('containerRegistryId')]",
                 "keyVault": "[parameters('keyVaultId')]",
-                "storageAccount": "[parameters('storageAccountId')]"
+                "storageAccount": "[parameters('storageAccountId')]",
+                "publicNetworkAccess": "Disabled"
               }
             },
             {
               "condition": "[not(empty(parameters('aksId')))]",
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'kubernetes001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2277,7 +2320,7 @@
             {
               "condition": "[and(and(and(parameters('enableRoleAssignments'), not(empty(parameters('databricksWorkspaceId')))), not(empty(parameters('databricksWorkspaceUrl')))), not(empty(parameters('databricksAccessToken'))))]",
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'databricks001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2316,7 +2359,7 @@
             {
               "condition": "[and(and(parameters('enableRoleAssignments'), not(empty(parameters('synapseId')))), not(empty(parameters('synapseBigDataPoolId'))))]",
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'bigdatapool001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2337,7 +2380,7 @@
             },
             {
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'cpucluster001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2374,7 +2417,7 @@
             },
             {
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'gpucluster001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",
@@ -2412,7 +2455,7 @@
             {
               "condition": "[not(empty(parameters('machineLearningComputeInstance001AdministratorObjectId')))]",
               "type": "Microsoft.MachineLearningServices/workspaces/computes",
-              "apiVersion": "2021-04-01",
+              "apiVersion": "2021-07-01",
               "name": "[format('{0}/{1}', parameters('machineLearningName'), 'computeinstance001')]",
               "location": "[parameters('location')]",
               "tags": "[parameters('tags')]",

diff --git a/infra/modules/services/datafactory.bicep b/infra/modules/services/datafactory.bicep
@@ -174,41 +174,41 @@ resource keyVault001LinkedService 'Microsoft.DataFactory/factories/linkedservice
   }
 }
 
-// resource machineLearning001ManagedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {  // Not supported yet, as a Machine Learning workspace only supports a single private endpoint today. Will be updated as soon as this is supported.
-//   parent: datafactoryManagedVirtualNetwork
-//   name: replace(machineLearning001Name, '-', '')
-//   properties: {
-//     fqdns: []
-//     groupId: 'amlworkspace'
-//     privateLinkResourceId: machineLearning001Id
-//   }
-// }
+resource machineLearning001ManagedPrivateEndpoint 'Microsoft.DataFactory/factories/managedVirtualNetworks/managedPrivateEndpoints@2018-06-01' = {  // Not supported yet, as a Machine Learning workspace only supports a single private endpoint today. Will be updated as soon as this is supported.
+  parent: datafactoryManagedVirtualNetwork
+  name: replace(machineLearning001Name, '-', '')
+  properties: {
+    fqdns: []
+    groupId: 'amlworkspace'
+    privateLinkResourceId: machineLearning001Id
+  }
+}
 
-// resource machineLearning001LinkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
-//   parent: datafactory
-//   name: replace(machineLearning001Name, '-', '')
-//   dependsOn: [
-//     machineLearning001ManagedPrivateEndpoint
-//   ]
-//   properties: {
-//     type: 'AzureMLService'
-//     annotations: []
-//     connectVia: {
-//       type: 'IntegrationRuntimeReference'
-//       referenceName: datafactoryManagedIntegrationRuntime001.name
-//       parameters: {}
-//     }
-//     description: 'Machine Learning for executing Pipelines.'
-//     parameters: {}
-//     typeProperties: {
-//       tenant: subscription().tenantId
-//       subscriptionId: machineLearning001SubscriptionId
-//       resourceGroupName: machineLearning001ResourceGroupName
-//       mlWorkspaceName: machineLearning001Name
-//       authentication: 'MSI'
-//     }
-//   }
-// }
+resource machineLearning001LinkedService 'Microsoft.DataFactory/factories/linkedservices@2018-06-01' = {
+  parent: datafactory
+  name: replace(machineLearning001Name, '-', '')
+  dependsOn: [
+    machineLearning001ManagedPrivateEndpoint
+  ]
+  properties: {
+    type: 'AzureMLService'
+    annotations: []
+    connectVia: {
+      type: 'IntegrationRuntimeReference'
+      referenceName: datafactoryManagedIntegrationRuntime001.name
+      parameters: {}
+    }
+    description: 'Machine Learning for executing Pipelines.'
+    parameters: {}
+    typeProperties: {
+      tenant: subscription().tenantId
+      subscriptionId: machineLearning001SubscriptionId
+      resourceGroupName: machineLearning001ResourceGroupName
+      mlWorkspaceName: machineLearning001Name
+      authentication: 'MSI'
+    }
+  }
+}
 
 // Outputs
 output datafactoryId string = datafactory.id
diff --git a/infra/modules/services/machinelearning.bicep b/infra/modules/services/machinelearning.bicep
@@ -32,7 +32,7 @@ param enableRoleAssignments bool = false
 var machineLearningPrivateEndpointName = '${machineLearning.name}-private-endpoint'
 
 // Resources
-resource machineLearning 'Microsoft.MachineLearningServices/workspaces@2021-04-01' = {
+resource machineLearning 'Microsoft.MachineLearningServices/workspaces@2021-07-01' = {
   name: machineLearningName
   location: location
   tags: tags
@@ -58,10 +58,11 @@ resource machineLearning 'Microsoft.MachineLearningServices/workspaces@2021-04-0
     containerRegistry: containerRegistryId
     keyVault: keyVaultId
     storageAccount: storageAccountId
+    publicNetworkAccess: 'Disabled'
   }
 }
 
-resource machineLearningKubernetes001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (!empty(aksId)) {
+resource machineLearningKubernetes001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = if (!empty(aksId)) {
   parent: machineLearning
   name: 'kubernetes001'
   location: location
@@ -75,7 +76,7 @@ resource machineLearningKubernetes001 'Microsoft.MachineLearningServices/workspa
   }
 }
 
-resource machineLearningDatabricks001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (enableRoleAssignments && !empty(databricksWorkspaceId) && !empty(databricksWorkspaceUrl) && !empty(databricksAccessToken)) {
+resource machineLearningDatabricks001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = if (enableRoleAssignments && !empty(databricksWorkspaceId) && !empty(databricksWorkspaceUrl) && !empty(databricksAccessToken)) {
   parent: machineLearning
   name: 'databricks001'
   location: location
@@ -106,7 +107,7 @@ resource machineLearningSynapse001 'Microsoft.MachineLearningServices/workspaces
   }
 }
 
-resource machineLearningSynapse001BigDataPool001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (enableRoleAssignments && !empty(synapseId) && !empty(synapseBigDataPoolId)) {
+resource machineLearningSynapse001BigDataPool001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = if (enableRoleAssignments && !empty(synapseId) && !empty(synapseBigDataPoolId)) {
   parent: machineLearning
   name: 'bigdatapool001'
   location: location
@@ -126,7 +127,7 @@ resource machineLearningSynapse001BigDataPool001 'Microsoft.MachineLearningServi
   }
 }
 
-resource machineLearningCpuCluster001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = {
+resource machineLearningCpuCluster001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = {
   parent: machineLearning
   name: 'cpucluster001'
   dependsOn: [
@@ -162,7 +163,7 @@ resource machineLearningCpuCluster001 'Microsoft.MachineLearningServices/workspa
   }
 }
 
-resource machineLearningGpuCluster001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = {
+resource machineLearningGpuCluster001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = {
   parent: machineLearning
   name: 'gpucluster001'
   dependsOn: [
@@ -198,7 +199,7 @@ resource machineLearningGpuCluster001 'Microsoft.MachineLearningServices/workspa
   }
 }
 
-resource machineLearningComputeInstance001 'Microsoft.MachineLearningServices/workspaces/computes@2021-04-01' = if (!empty(machineLearningComputeInstance001AdministratorObjectId)) {
+resource machineLearningComputeInstance001 'Microsoft.MachineLearningServices/workspaces/computes@2021-07-01' = if (!empty(machineLearningComputeInstance001AdministratorObjectId)) {
   parent: machineLearning
   name: 'computeinstance001'
   dependsOn: [