ri-we
commented
10 months ago I'm running into this issue, is there an ETA for a fix? Or should I create a custom policy as a workaround?
Open juanandmsft opened 1 year ago
ri-we
commented
10 months ago I'm running into this issue, is there an ETA for a fix? Or should I create a custom policy as a workaround?
Details of the scenario you tried and the problem that is occurring
The built-in policy "Configure a private DNS Zone ID for web groupID" (9adab2a5-05ba-4fbd-831a-5bf958d04218) only filters on "groupId", but does not filter on "privateLinkServiceId" as other policies, such as "Configure Azure Synapse workspaces to use private DNS zones" (1e5ed725-f16c-478b-bd4b-7bfa2f7940b9).
Because Azure Synapse Private Link Hubs also use "web" groupId, the assignment of the web storage policy to a scope with an Azure Synapse Private Link Hub private endpoint causes it to be registered in the "privatelink.web.core.windows.net" zone, rather than in "privatelink.azuresynapse.net" zone.
Verbose logs showing the problem
Suggested solution to the issue
Modify the built-in policy for Azure Storage "web" groupId to also filter by "privateLinkServiceId", and not only by "groupId".
If policy is Guest Configuration - details about target node