Share via

Private Endpoint SQL Server

Rahul 21 Reputation points
2022-03-30T10:03:41.993+00:00

Hey , I have to write a cspm code for the following check "SQL Server Private Endpoints Configured"

Now, if the private endpoint is created, should the state be "Approved" for it to be used? I tried to reject it but got the following error. Pls help me out. 188366-capture1.jpg

188356-capture.jpg

now normally i would write the code like this 

 if len(server_info["properties"]["privateEndpointConnections"]) == 0:  
            sql["is_private_endpoint_enabled"] = 0  
        else:  
            sql["is_private_endpoint_enabled"] = 1

But if the state has to be approved as well, then i have to add another if condition.

Also, for your reference, i am using this link to get the sqlserver data https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Sql/servers?api-version=2019-06-01-preview

Please help me out with this.

Azure SQL Database
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
551 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anurag Sharma 17,631 Reputation points
    2022-03-31T07:19:39.483+00:00

    Hi @Rahul , welcome to Microsoft Q&A forum.

    As per your query, you want to check if the 'private End points are configured' for your Azure SQL Server or not using REST API calls.

    Firstly we need to understand that private end points can be auto-approved or manually approved. In case of manual approval process, again the status could be approved or rejected.

    So this check becomes important in those specific scenarios to check the status of private link service connections.

    I was using below api call to get the response of specific SQL Server: 

    GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Sql/servers/{serverName}?api-version=2020-11-01-preview

    Below is the response I received (just keeping the private end points details in json): 

    "privateEndpointConnections": [  
      {  
        "id": "/subscriptions/<sub-id>/resourceGroups/anurag/providers/Microsoft.Sql/servers/<servername>/privateEndpointConnections/<pri-endpoint>",  
        "properties": {  
          "privateEndpoint": {  
            "id": "/subscriptions/<sub-id>/resourceGroups/<resr-grp>/providers/Microsoft.Network/privateEndpoints/<pri-endpoint>"  
          },  
          "groupIds": [  
            "sqlServer"  
          ],  
          "privateLinkServiceConnectionState": {  
            "status": "Approved",  
            "description": "Auto-approved",  
            "actionsRequired": "None"  
          },  
          "provisioningState": "Ready"  
        }  
      }  
    ]

    So in addition to just checking if private end point is enabled, its better to check if these private end points are approved as well using the above response JSON, otherwise there could be many end points and all of them could be rejected as well.. However you need to re-verify your requirement if we this extra condition is needed or just presence of private end points is enough.

    Also the error you are getting when rejecting the end point is because the private end point is already approved. Only in pending status can be rejected. Approved can be removed not rejected.

    Please let me know if this helps or else we can discuss further on the same.

    ----------

    If answer is helpful please click on 188644-image.png as it could help other members of the Microsoft Q&A community who have similar questions and are looking for solutions. Thank you for helping to improve Microsoft Q&A!

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.