From b795aca3d2881a28a0839d95972e1a74b0a85206 Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Boll <jboll@redhat.com>
Date: Thu, 14 Nov 2024 10:37:55 +0100
Subject: [PATCH] Use endpoint module for cosmosdb

---
 .../modules/private-endpoint.bicep            |  5 ++
 dev-infrastructure/modules/rp-cosmos.bicep    | 62 +++----------------
 2 files changed, 14 insertions(+), 53 deletions(-)

diff --git a/dev-infrastructure/modules/private-endpoint.bicep b/dev-infrastructure/modules/private-endpoint.bicep
index 4f2148077..0d159d307 100644
--- a/dev-infrastructure/modules/private-endpoint.bicep
+++ b/dev-infrastructure/modules/private-endpoint.bicep
@@ -4,6 +4,7 @@ param location string
 @allowed([
   'eventgrid'
   'keyvault'
+  'cosmosdb'
 ])
 param serviceType string
 
@@ -11,6 +12,7 @@ param serviceType string
 @allowed([
   'topicspace'
   'vault'
+  'Sql'
 ])
 param groupId string
 
@@ -30,6 +32,9 @@ var endpointConfig = {
   keyvault: {
     vault: 'privatelink.vaultcore.azure.net'
   }
+  cosmosdb: {
+    Sql: 'privatelink.documents.azure.com'
+  }
 }
 
 resource eventGridPrivateEndpointDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
diff --git a/dev-infrastructure/modules/rp-cosmos.bicep b/dev-infrastructure/modules/rp-cosmos.bicep
index 9695aff95..c125de5f2 100644
--- a/dev-infrastructure/modules/rp-cosmos.bicep
+++ b/dev-infrastructure/modules/rp-cosmos.bicep
@@ -82,59 +82,15 @@ resource cosmosDbAccount 'Microsoft.DocumentDB/databaseAccounts@2023-11-15' = {
   }
 }
 
-resource cosmosDbPrivateEndpoint 'Microsoft.Network/privateEndpoints@2023-09-01' = {
-  name: '${name}-private-endpoint'
-  location: location
-  properties: {
-    privateLinkServiceConnections: [
-      {
-        name: '${name}-private-endpoint'
-        properties: {
-          privateLinkServiceId: cosmosDbAccount.id
-          groupIds: [
-            'Sql'
-          ]
-        }
-      }
-    ]
-    subnet: {
-      id: aksNodeSubnetId
-    }
-  }
-}
-
-resource cosmosPrivateEndpointDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
-  // https://github.com/Azure/bicep/issues/12482
-  // There is no environments().suffixes constant for this
-  name: 'privatelink.documents.azure.com'
-  location: 'global'
-  properties: {}
-}
-
-resource cosmosPrivateEndpointDnsZoneLink 'Microsoft.Network/privateDnsZones/virtualNetworkLinks@2020-06-01' = {
-  parent: cosmosPrivateEndpointDnsZone
-  name: 'link'
-  location: 'global'
-  properties: {
-    registrationEnabled: false
-    virtualNetwork: {
-      id: vnetId
-    }
-  }
-}
-
-resource cosmosPrivateEndpointDnsGroup 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2023-09-01' = {
-  parent: cosmosDbPrivateEndpoint
-  name: '${name}-dns-group'
-  properties: {
-    privateDnsZoneConfigs: [
-      {
-        name: 'config1'
-        properties: {
-          privateDnsZoneId: cosmosPrivateEndpointDnsZone.id
-        }
-      }
-    ]
+module serviceCosmosdbPrivateEndpoint '../modules/private-endpoint.bicep' = {
+  name: '${deployment().name}-svcs-kv-pe'
+  params: {
+    location: location
+    subnetIds: [aksNodeSubnetId]
+    vnetId: vnetId
+    privateLinkServiceId: cosmosDbAccount.id
+    serviceType: 'cosmosdb'
+    groupId: 'Sql'
   }
 }