Add multiple DNS zones for Foundry private endpoint#16051
Open
eerhardt wants to merge 1 commit intomicrosoft:mainfrom
Open
Add multiple DNS zones for Foundry private endpoint#16051eerhardt wants to merge 1 commit intomicrosoft:mainfrom
eerhardt wants to merge 1 commit intomicrosoft:mainfrom
Conversation
Foundry has multiple DNS names it can use, we should support the common ones when creating a private endpoint to a Foundry resource. This involves a minor binary breaking change on IAzurePrivateEndpointTarget, which is public but experimental.
Member
Author
|
FYI - @ericsuh |
Contributor
|
🚀 Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.sh | bash -s -- 16051Or
iex "& { $(irm https://raw.githubusercontent.com/microsoft/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 16051" |
Contributor
There was a problem hiding this comment.
Pull request overview
Updates Azure private endpoint support to allow targets (notably Foundry) to associate multiple Private DNS zones with a single private endpoint, reflecting that some services use multiple privatelink.* DNS names.
Changes:
- Introduce
IAzurePrivateEndpointTarget.GetPrivateDnsZoneNames()(replacing the singular zone method) and update all implementers. - Update private endpoint provisioning to create/configure multiple Private DNS zone configs for a single endpoint.
- Add unit test + verified bicep snapshot covering a multi-zone target (Foundry).
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| tests/Aspire.Hosting.Azure.Tests/Snapshots/AzurePrivateEndpointExtensionsTests.AddPrivateEndpoint_CreatesMultipleDnsZones_ForMultiZoneTarget.verified.bicep | Adds snapshot verifying a PE references multiple private DNS zones. |
| tests/Aspire.Hosting.Azure.Tests/AzurePrivateEndpointExtensionsTests.cs | Updates existing assertions and adds a new multi-zone PE test. |
| src/Aspire.Hosting.Foundry/FoundryResource.cs | Updates Foundry to return multiple private DNS zone names. |
| src/Aspire.Hosting.Azure/IAzurePrivateEndpointTarget.cs | Changes contract to return multiple private DNS zone names. |
| src/Aspire.Hosting.Azure/CompatibilitySuppressions.xml | Adds package validation suppressions for the intentional interface break. |
| src/Aspire.Hosting.Azure.WebPubSub/AzureWebPubSubResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Storage/AzureTableStorageResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Storage/AzureQueueStorageResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Storage/AzureDataLakeStorageResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Storage/AzureBlobStorageResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Sql/AzureSqlServerResource.cs | Updates private DNS zone API implementation (including nested type). |
| src/Aspire.Hosting.Azure.SignalR/AzureSignalRResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.ServiceBus/AzureServiceBusResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Search/AzureSearchResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Redis/AzureManagedRedisResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.PostgreSQL/AzurePostgresFlexibleServerResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.Network/AzurePrivateEndpointResource.cs | Replaces single DNS zone reference with a list of zones on the PE resource. |
| src/Aspire.Hosting.Azure.Network/AzurePrivateEndpointExtensions.cs | Updates PE provisioning to create/configure multiple DNS zone configs. |
| src/Aspire.Hosting.Azure.KeyVault/AzureKeyVaultResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.EventHubs/AzureEventHubsResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.CosmosDB/AzureCosmosDBResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.CognitiveServices/AzureOpenAIResource.cs | Updates private DNS zone API implementation. |
| src/Aspire.Hosting.Azure.AppConfiguration/AzureAppConfigurationResource.cs | Updates private DNS zone API implementation. |
Comment on lines
24
to
+30
| IEnumerable<string> GetPrivateLinkGroupIds(); | ||
|
|
||
| /// <summary> | ||
| /// Gets the private DNS zone name for this resource type (e.g., "privatelink.blob.core.windows.net" for blob storage). | ||
| /// Gets the private DNS zone names for this resource type (e.g., "privatelink.blob.core.windows.net" for blob storage). | ||
| /// </summary> | ||
| /// <returns>The private DNS zone name for the private endpoint.</returns> | ||
| string GetPrivateDnsZoneName(); | ||
| /// <returns>A collection of private DNS zone names for the private endpoint.</returns> | ||
| IEnumerable<string> GetPrivateDnsZoneNames(); |
There was a problem hiding this comment.
The checked-in public API baseline sources under src/*/api/*.cs don't appear to be updated for this interface change. For example, src/Aspire.Hosting.Azure/api/Aspire.Hosting.Azure.cs still declares IAzurePrivateEndpointTarget.GetPrivateDnsZoneName(), which will cause the public API validation to fail (and may leave other package API baselines out of sync as well). Please regenerate/update the api/*.cs baselines for the affected packages to reflect GetPrivateDnsZoneNames() and the removal of GetPrivateDnsZoneName().
Member
Author
|
/deployment-test |
Contributor
|
🚀 Deployment tests starting on PR #16051... This will deploy to real Azure infrastructure. Results will be posted here when complete. |
Contributor
|
❌ Deployment E2E Tests failed — 23 passed, 7 failed, 0 cancelled View test results and recordings
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Foundry has multiple DNS names it can use, we should support the common ones when creating a private endpoint to a Foundry resource.
This involves a minor binary breaking change on IAzurePrivateEndpointTarget, which is public but experimental.
Checklist
<remarks />and<code />elements on your triple slash comments?