如何使用 Terraform 批准 Blob 存储 ADLS Gen2 上的托管专用端点？

Question

I have created several managed private endpoints on a Synapse Analytics workspace using Terraform. Now I do not know how to "Approve" them since I cannot seem to find the right resource to perform this action.

To do it manually I need to go to the Storage account -> Networks -> Private Endpoints, selected the ones to be "Approved" and press Approve.

Answer 1

If you're still interested, I've done this in Terraform like so:

resource "null_resource" "endpoint_approval" {
  depends_on = [module.sql_managed_endpoint, module.storage_managed_endpoint]
  provisioner "local-exec" {
    command     = <<-EOT
          $sql_id = $(az network private-endpoint-connection list --id ${module.mssql_server.id} --query "[?contains(properties.privateEndpoint.id, 'vnet')].id" -o json) | ConvertFrom-Json
          $storage_id = $(az network private-endpoint-connection list --id ${module.storage_account.storage_account_id} --query "[?contains(properties.privateEndpoint.id, 'vnet')].id" -o json) | ConvertFrom-Json
          az network private-endpoint-connection approve --id $sql_id --description "Approved in Terraform"
          az network private-endpoint-connection approve --id $storage_id --description "Approved in Terraform"
        EOT
    interpreter = ["pwsh", "-Command"]
  }
}

Answer 2

As of today, you can't approve a Managed Private Endpoint using Terraform.

You may checkout the Synapse Managed Private Endpoint - auto_approval option which has already asked in the hashicorp.

Note: Azure PowerShell and Azure CLI are the preferred methods for managing Private Endpoint connections on Microsoft Partner Services or customer owned services.

For more details, refer to Manage Private Endpoint connections on a customer/partner owned Private Link service .