[Service Connector] az webapp connection create: Add --private-endpoint to support private endpoint connection

src/azure-cli/azure/cli/command_modules/serviceconnector/_params.py

@@ -21,6 +21,7 @@
     SUPPORTED_AUTH_TYPE,
     SUPPORTED_CLIENT_TYPE,
     TARGET_SUPPORT_SERVICE_ENDPOINT,
+    TARGET_SUPPORT_PRIVATE_ENDPOINT
 )
 from ._addon_factory import AddonFactory
 
@@ -129,11 +130,22 @@ def add_new_addon_argument(context, source, target):
     def add_secret_store_argument(context):
         context.argument('key_vault_id', options_list=['--vault-id'], help='The id of key vault to store secret value')
 
-    def add_service_endpoint_argument(context):
-        context.argument('service_endpoint', options_list=['--service-endpoint'], arg_type=get_three_state_flag(),
-                         default=None, help='Connect target service by service endpoint. '
-                         'Source resource must be in the VNet and target SKU must support service endpoint feature. '
-                         'More virtual network solution(private link) for connection can be found on Azure Portal.')
+    def add_vnet_block(context, target):
+        if target not in TARGET_SUPPORT_SERVICE_ENDPOINT:
+            c.ignore('service_endpoint')
+        else:
+            context.argument('service_endpoint', options_list=['--service-endpoint'], arg_type=get_three_state_flag(),
+                             default=None, arg_group='NetworkSolution',
+                             help='Connect target service by service endpoint. Source resource must be in the VNet'
+                             ' and target SKU must support service endpoint feature.')
+
+        if target not in TARGET_SUPPORT_PRIVATE_ENDPOINT:
+            c.ignore('private_endpoint')
+        else:
+            context.argument('private_endpoint', options_list=['--private-endpoint'], arg_type=get_three_state_flag(),
+                             default=None, arg_group='NetworkSolution',
+                             help='Connect target service by private endpoint. '
+                             'The private endpoint in source virtual network must be created ahead.')
 
     def add_confluent_kafka_argument(context):
         context.argument('bootstrap_server', options_list=['--bootstrap-server'], help='Kafka bootstrap server url')
@@ -181,18 +193,14 @@ def add_confluent_kafka_argument(context):
                 add_auth_block(c, source, target)
                 add_new_addon_argument(c, source, target)
                 add_secret_store_argument(c)
-                add_service_endpoint_argument(c)
-                if target not in TARGET_SUPPORT_SERVICE_ENDPOINT:
-                    c.ignore('service_endpoint')
+                add_vnet_block(c, target)
             with self.argument_context('{} connection update {}'.format(source.value, target.value)) as c:
                 add_client_type_argument(c, source, target)
                 add_connection_name_argument(c, source)
                 add_source_resource_block(c, source)
                 add_auth_block(c, source, target)
                 add_secret_store_argument(c)
-                add_service_endpoint_argument(c)
-                if target not in TARGET_SUPPORT_SERVICE_ENDPOINT:
-                    c.ignore('service_endpoint')
+                add_vnet_block(c, target)
 
         # special target resource: independent implementation
         target = RESOURCE.ConfluentKafka

src/azure-cli/azure/cli/command_modules/serviceconnector/_resource_config.py

@@ -557,23 +557,47 @@ class CLIENT_TYPE(Enum):
 
 
 # The dict defines the targets which supports service endpoint
-TARGET_SUPPORT_SERVICE_ENDPOINT = {
-    RESOURCE.Postgres: True,
-    RESOURCE.Mysql: True,
-    RESOURCE.Sql: True,
-    RESOURCE.StorageBlob: True,
-    RESOURCE.StorageQueue: True,
-    RESOURCE.StorageFile: True,
-    RESOURCE.StorageTable: True,
-    RESOURCE.KeyVault: True,
-    RESOURCE.CosmosSql: True,
-    RESOURCE.CosmosCassandra: True,
-    RESOURCE.CosmosGremlin: True,
-    RESOURCE.CosmosMongo: True,
-    RESOURCE.CosmosTable: True,
-    RESOURCE.ServiceBus: True,
-    RESOURCE.EventHub: True,
-}
+TARGET_SUPPORT_SERVICE_ENDPOINT = [
+    RESOURCE.Postgres,
+    RESOURCE.Mysql,
+    RESOURCE.Sql,
+    RESOURCE.StorageBlob,
+    RESOURCE.StorageQueue,
+    RESOURCE.StorageFile,
+    RESOURCE.StorageTable,
+    RESOURCE.KeyVault,
+    RESOURCE.CosmosSql,
+    RESOURCE.CosmosCassandra,
+    RESOURCE.CosmosGremlin,
+    RESOURCE.CosmosMongo,
+    RESOURCE.CosmosTable,
+    RESOURCE.ServiceBus,
+    RESOURCE.EventHub,
+]
+
+
+TARGET_SUPPORT_PRIVATE_ENDPOINT = [
+    RESOURCE.AppConfig,
+    RESOURCE.CosmosSql,
+    RESOURCE.CosmosCassandra,
+    RESOURCE.CosmosGremlin,
+    RESOURCE.CosmosMongo,
+    RESOURCE.CosmosTable,
+    RESOURCE.Redis,
+    RESOURCE.Postgres,
+    RESOURCE.Mysql,
+    RESOURCE.EventHub,
+    RESOURCE.KeyVault,
+    RESOURCE.SignalR,
+    RESOURCE.WebPubSub,
+    RESOURCE.Sql,
+    RESOURCE.StorageBlob,
+    RESOURCE.StorageQueue,
+    RESOURCE.StorageFile,
+    RESOURCE.StorageTable,
+    RESOURCE.ServiceBus,
+]
+
 
 # The dict defines the parameters used to provide auth info
 AUTH_TYPE_PARAMS = {

src/azure-cli/azure/cli/command_modules/serviceconnector/custom.py

@@ -155,6 +155,7 @@ def connection_create(cmd, client,  # pylint: disable=too-many-locals
                       service_principal_auth_info_secret=None,
                       key_vault_id=None,
                       service_endpoint=None,
+                      private_endpoint=None,
                       new_addon=False, no_wait=False,
                       cluster=None, scope=None, enable_csi=False,            # Resource.KubernetesCluster
                       site=None,                                             # Resource.WebApp
@@ -219,6 +220,11 @@ def connection_create(cmd, client,  # pylint: disable=too-many-locals
         parameters['v_net_solution'] = {
             'type': 'serviceEndpoint'
         }
+    if private_endpoint:
+        client = set_user_token_header(client, cmd.cli_ctx)
+        parameters['v_net_solution'] = {
+            'type': 'privateLink'
+        }
 
     if enable_csi:
         parameters['target_service']['resource_properties'] = {
@@ -263,6 +269,7 @@ def connection_update(cmd, client,  # pylint: disable=too-many-locals
                       service_principal_auth_info_secret=None,
                       key_vault_id=None,
                       service_endpoint=None,
+                      private_endpoint=None,
                       no_wait=False,
                       scope=None,
                       cluster=None, enable_csi=False,                         # Resource.Kubernetes
@@ -332,8 +339,14 @@ def connection_update(cmd, client,  # pylint: disable=too-many-locals
         parameters['v_net_solution'] = {
             'type': 'serviceEndpoint'
         }
+    if private_endpoint:
+        parameters['v_net_solution'] = {
+            'type': 'privateLink'
+        }
     elif service_endpoint is False and linker.get('vNetSolution').get('type') == 'serviceEndpoint':
         parameters['v_net_solution'] = None
+    elif private_endpoint is False and linker.get('vNetSolution').get('type') == 'privateLink':
+        parameters['v_net_solution'] = None
 
     return auto_register(sdk_no_wait, no_wait,
                          client.begin_create_or_update,