conditionally deploy private endpoint resources (#324)

* conditionally deploy private endpoint resources #266

.azurepipelines/contoso-traders-cloud-testing.yml

@@ -274,6 +274,7 @@ stages:
                 az containerapp update -n $(CARTS_ACA_NAME)$(SUFFIX) -g $(RESOURCE_GROUP_NAME)$(SUFFIX) --image $(ACR_NAME)$(SUFFIX).azurecr.io/$(CARTS_ACR_REPOSITORY_NAME):$(Build.SourceVersion)
           - task: AzureCLI@1
             displayName: deploy to aca (internal)
+            condition: ne(variables['DEPLOYPRIVATEENDPOINTS'], '')
             inputs:
               azureSubscription: SERVICEPRINCIPAL
               scriptLocation: inlineScript
@@ -612,6 +613,7 @@ stages:
                 ]
 
       - job: load_tests_carts_internal_api
+        condition: ne(variables['DEPLOYPRIVATEENDPOINTS'], '')
         dependsOn: [provision, playwright_tests_ui]
         steps:
           - task: AzureCLI@1

.github/workflows/contoso-traders-cloud-testing.yml

@@ -154,7 +154,7 @@ jobs:
           region: ${{ vars.DEPLOYMENTREGION }}
           resourceGroupName: ${{ env.RESOURCE_GROUP_NAME }}${{ vars.SUFFIX }}
           template: ./iac/createResources.bicep
-          parameters: ./iac/createResources.parameters.json suffix=${{ vars.SUFFIX }} sqlPassword=${{ secrets.SQLPASSWORD }}
+          parameters: ./iac/createResources.parameters.json suffix=${{ vars.SUFFIX }} sqlPassword=${{ secrets.SQLPASSWORD }} deployPrivateEndpoints=${{ vars.DEPLOYPRIVATEENDPOINTS }}
       # Add the logged-in service principal to the key vault access policy
       - name: add service principal to kv access policy
         uses: azure/CLI@v1
@@ -219,6 +219,7 @@ jobs:
             az config set extension.use_dynamic_install=yes_without_prompt
             az containerapp update -n ${{ env.CARTS_ACA_NAME }}${{ vars.SUFFIX }} -g ${{ env.RESOURCE_GROUP_NAME }}${{ vars.SUFFIX }} --image ${{ env.ACR_NAME }}${{ vars.SUFFIX }}.azurecr.io/${{ env.CARTS_ACR_REPOSITORY_NAME }}:${{ github.sha }}
       - name: deploy to aca (internal)
+        if: ${{ vars.DEPLOYPRIVATEENDPOINTS }}
         uses: azure/CLI@v1
         with:
           inlineScript: |
@@ -506,6 +507,7 @@ jobs:
             ]
 
   load-tests-carts-internal-api:
+    if: ${{ vars.DEPLOYPRIVATEENDPOINTS }}
     needs: [provision, playwright-tests-ui]
     runs-on: ubuntu-22.04
     concurrency:

demo-scripts/azure-load-testing/private-endpoints.md

@@ -9,6 +9,9 @@ We'll demonstrate Azure Load Testing service's capability to generate load from
 
 Please execute the steps outlined in the [deployment instructions](../../docs/deployment-instructions.md) to provision the infrastructure in your own Azure subscription.
 
+> **Warning**
+To deploy the additional resources for this walkthrough ensure you have set the GitHub Action's variable `DEPLOYPRIVATEENDPOINTS` to `true`.
+
 Specifically, here's what happens behind the scenes:
 
 * An Azure virtual network (VNET) is created with three subnets:

docs/deployment-instructions.md

@@ -106,6 +106,12 @@ Manually create an Azure Cognitive Service resource in your subscription tempora
     | `SUFFIX`           | A unique environment suffix (max 6 characters, alphanumeric, lower case only, no whitespace, no special chars). E.g. 'test51' or '1stg'                                                     |
     | `DEPLOYMENTREGION` | The Azure region to deploy the application in. Must be one of: `australiaeast`,`centralus`,`eastus`,`eastus2`,`japaneast`,`northcentralus`,`uksouth`,`westcentralus`,`westeurope` |
 
+3. (optional) if you would like to deploy the additional resources to test private endpoints, set the following variable:'
+
+    | Variable Name      | Variable Value                                                                                                                                                                              |
+    | ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+    | `DEPLOYPRIVATEENDPOINTS`           | `true`
+
 ### Deploy the Application
 
 1. Go to your forked repo's `Actions` tab, selecting the `contoso-traders-cloud-testing` workflow, and click on the `Run workflow` button.

iac/createResources.bicep

@@ -29,6 +29,9 @@ param prefixHyphenated string = 'contoso-traders'
 // sql
 param sqlServerHostName string = environment().suffixes.sqlServerHostname
 
+// use param to conditionally deploy private endpoint resources
+param deployPrivateEndpoints bool = false
+
 // variables
 ////////////////////////////////////////////////////////////////////////////////
 
@@ -256,7 +259,7 @@ resource kv 'Microsoft.KeyVault/vaults@2022-07-01' = {
   }
 
   // secret
-  resource kv_secretCartsInternalApiEndpoint 'secrets' = {
+  resource kv_secretCartsInternalApiEndpoint 'secrets' = if (deployPrivateEndpoints) {
     name: kvSecretNameCartsInternalApiEndpoint
     tags: resourceTags
     properties: {
@@ -1484,7 +1487,7 @@ resource jumpboxvmschedule 'Microsoft.DevTestLab/schedules@2018-09-15' = {
 // private dns zone
 //
 
-module privateDnsZone './createPrivateDnsZone.bicep' = {
+module privateDnsZone './createPrivateDnsZone.bicep' = if (deployPrivateEndpoints) {
   name: 'createPrivateDnsZone'
   params: {
     privateDnsZoneName: join(skip(split(cartsinternalapiaca.properties.configuration.ingress.fqdn, '.'), 2), '.')
@@ -1497,7 +1500,7 @@ module privateDnsZone './createPrivateDnsZone.bicep' = {
 }
 
 // aca environment (internal)
-resource cartsinternalapiacaenv 'Microsoft.App/managedEnvironments@2022-06-01-preview' = {
+resource cartsinternalapiacaenv 'Microsoft.App/managedEnvironments@2022-06-01-preview' = if (deployPrivateEndpoints) {
   name: cartsInternalApiAcaEnvName
   location: resourceLocation
   tags: resourceTags
@@ -1514,7 +1517,7 @@ resource cartsinternalapiacaenv 'Microsoft.App/managedEnvironments@2022-06-01-pr
 }
 
 // aca (internal)
-resource cartsinternalapiaca 'Microsoft.App/containerApps@2022-06-01-preview' = {
+resource cartsinternalapiaca 'Microsoft.App/containerApps@2022-06-01-preview' = if (deployPrivateEndpoints) {
   name: cartsInternalApiAcaName
   location: resourceLocation
   tags: resourceTags