When deploying Azure Synapse artifacts from a DEV environment to a UAT environment using Azure DevOps pipelines, managing private endpoints requires careful attention. The Synapse workspace deployment
task includes parameters like DeployManagedPrivateEndpoints
and DeleteArtifactsNotInTemplate
to control the deployment behavior.
In your scenario, setting DeployManagedPrivateEndpoints
to false
ensures that private endpoints from DEV are not deployed to UAT. However, setting DeleteArtifactsNotInTemplate
to true
causes the pipeline to attempt deletion of artifacts in UAT that are not present in the DEV template, including managed private endpoints. This leads to a 403 Forbidden
error when the pipeline tries to delete these endpoints, as they are not defined in the template and may have different names or configurations in UAT.
To address this issue, consider the following approaches:
Set DeleteArtifactsNotInTemplate
to false
: This prevents the pipeline from deleting any artifacts in UAT that are not present in the DEV template, including private endpoints. While this approach avoids deletion errors, it may leave obsolete artifacts in UAT.
Manually manage private endpoints: Before running the deployment pipeline, manually ensure that the necessary private endpoints exist in UAT and are correctly configured. This approach requires additional manual effort but provides precise control over private endpoint configurations.
Customize the deployment process: Modify the deployment pipeline to exclude private endpoints from the artifacts considered for deletion. This can be achieved by customizing the deployment scripts or using additional tasks to filter out private endpoints from the deletion list.
It's important to note that managed private endpoints are only supported in Synapse workspaces with a Managed workspace Virtual Network.
By carefully managing the deployment parameters and processes, you can ensure that private endpoints are appropriately handled during the deployment of Synapse artifacts between environments.