Synapse - create managed private endpoint for storage account

Question

Synapse - create managed private endpoint for storage account

Paolo Panvini 21

Hello,

we have a pipeline in bicep which creates a Synapse workspace.

We would like to change it in order to automatize the creation of the managed private endpoint of the storage account and we followed the bicep API described here:

https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/2021-06-01/workspaces?tabs=bicep#datalakestorageaccountdetails

so in the property DataLakeStorageAccountDetails we added the flag createManagedPrivateEndpoint with value true and then we added the resourceId with the resource Id of the storage account.

The deploy doesn't work and it ends with the error:

 [\r\n {\r\n \"code\": \"BadRequest\",\r\n \"message\": \"{\\r\\n \\\"error\\\": {\\r\\n \\\"code\\\": \\\"ValidationFailed\\\",\\r\\n \\\"message\\\": \\\"Workspace request validation failed, check error details for more information\\\",\\r\\n \\\"details\\\": [\\r\\n {\\r\\n \\\"code\\\": \\\"DefaultDataLakeStorageCannotBeUpdated\\\",\\r\\n \\\"message\\\": \\\"Default data lake storage cannot be updated. resourceId: /subscriptions/............, createManagedPrivateEndpoint: \\\"\\r\\n }\\r\\n ]\\r\\n }\\r\\n}\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}"}]}}

Do you know the reason of this error?

Thank you

Regards

Answer 1

ShaikMaheer-MSFT 30,041 Microsoft Employee

Hi @Paolo Panvini ,

Thank you for posting query in Microsoft Q&A Platform.

As per implementation, it seems data lake storage is already created and while deploying synapse workspace you are trying to update that existing data lake storage to have private end point. hence, we see error saying Data lake storage cannot be updated.

Could you please consider having Private end point for your data lake storage while deploying Data lake storage itself? So that we can avoid this error.

Please let us know how it goes. Thank you.

Paolo Panvini 21 Reputation points

2022-01-21T10:10:56.517+00:00

Hello,

thank you for the reply.

The fact is that this process is inside a CI/CD pipeline, which is run also for updating the environment, so the Data Lake storage is always there, except when we are creating a new environment by scratch.

By the way, the same error happens also when the property createManagedPrivateEndpoint is passed as false... which is strange, because I was expecting that with false we don't trigger the creation of the managed private endpoint.

Thank you
ShaikMaheer-MSFT 30,041 Reputation points Microsoft Employee

2022-01-25T06:58:37.75+00:00

Hi @Paolo Panvini ,

It seems irrespective of your createManagedPrivateEndPoint value, Somehow your ARM temple trying to either create or update existing data lake resource.

It would be great if you can review your ARM template which is getting deployed to actually see what is happening there. Feel free to share ARM template here too to check from my end as well if I can spot anything. Thank you.
ShaikMaheer-MSFT 30,041 Reputation points Microsoft Employee

2022-02-01T16:16:46.097+00:00

Hi @Paolo Panvini - Just checking if you get chance to share updates

Answer 2

Paolo Panvini 21

Hello @ShaikMaheer-MSFT

As we saw that with the bicep API https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/2021-06-01/workspaces?tabs=bicep#datalakestorageaccountdetails there was a problem,
we changed the deployment process and we used az cli for creating the managed private endpoint and to approve it on the storage account.

ShaikMaheer-MSFT 30,041 Reputation points Microsoft Employee

2022-02-07T16:29:24.367+00:00

HI @Paolo Panvini - Thank you for sharing your work around. Kindly consider marking it as Accepted Answer. Accepted answers helps community as well.

Synapse - create managed private endpoint for storage account

1 additional answer

Activity