Azure-docs: include programmatic way to derive private ip address

@christiankuhtz
Thanks for your feedback! We will investigate and update as appropriate.

@christiankuhtz Please convey the use case for the finding this information. We would have wanted you to check az network private-endpoint show

But we see you have raised the issue with the same here - https://github.com/Azure/azure-cli/issues/13859 and the team has engaged. Please provide the information for the same.

Also provide your use case so we can engage from our end as well.

@christiankuhtz Please provide on the feedback https://github.com/Azure/azure-cli/issues/13859 so the team can work on it further.

@christiankuhtz Please let us know if you need any further help regarding this. We will close this thread by EOD.

@NavtejSaini-MSFT i've been out sick. give me a bit to follow up on the flood.

@kummanish Would love your input and insight regarding this.

hi @NavtejSaini-MSFT
the command is the same that we need to use.

C:\Users\manishku> az network private-endpoint show --name testambhatnaqw --resource-group ambhatna-general --query 'customDnsConfigs[0].ipAddresses[0]'
"172.16.3.8"

@christiankuhtz Please let us know if you need any further help.

customDnsConfigs does not appear to always be populated. We have private endpoints that look the same from the portal, but where one has entries in customDnsConfigs, and the other does not--even if they're both connected to the same type of resource. Both have entries for the NIC, which is attached to a network and has a valid IP, but climbing the tree to find these cumbersome.

The complete network information is included in the associated network interface, here some examples:

$nic = az network private-endpoint show -g {resourceGroup} -n {name} --query 'networkInterfaces[0].id'
az resource show --ids $nic

CustomDNSConfigs will only show up when it's not associated with a DNS zone for which requires custom DNS configuration :)

We are now pursuing a strategy of extracting the needed DNS info from the attached NICs, as you specified.

CustomDNSConfigs will only show up when it's not associated with a DNS zone for which requires custom DNS configuration

Can you clarify this? None of our private endpoints get put into DNS at creation time because the networks are linked together in a hub/spoke topology, and the DNS zones are centrally linked as well, per the documentation at https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-dns . This doesn't allow private endpoints to be registered in DNS at creation time.

We haven't been able to figure out why some endpoints have a customDNSConfigs section and some don't, even when they're the same type (e.g. keyvault), attached to the same subnet.

@malopMSFT Please check the question from @paulanguiano and help clarify the same.

customDNSConfig is relatively a new API ~May 2020, only newly created Private Endpoints will have this info.

the NIC approach should work normally without any issues.

Alternative approach using azure resource graph with this query:
Resources
| where type =~ 'Microsoft.Network/networkInterfaces'
| where properties.privateEndpoint.id != ''
| project name, properties, ipConfigs = properties.ipConfigurations
| mvexpand ipConfigs
| project ipConfigs.name, privateIPAddress = ipConfigs.properties.privateIPAddress, fqdns = ipConfigs.properties.privateLinkConnectionProperties.fqdns

@christiankuhtz if there are no further questions can we close the issue.

Did the graph query get added to the doc? Pretty complex query.

hi @christiankuhtz i am not sure how this will help in the CLI automation documentation. May be this needs to go in the private link documentation and not part of the azure mysql CLI docs.

The graph query Mario provided is complex and not obvious. It should be included in docs.

hi @christiankuhtz i don't think it is intuitive for customers to refer to azure resource graph queries combined with the regular CLI queries. I would rather recommend to put the Azure resource graph query in the private link docs and I would like to refer it to that in the MySQL/PostgreSQL/MariaDB docs.

Hi @christiankuhtz, @malopMSFT, @NavtejSaini-MSFT - This thread is around 157 days old now and @kummanish is no longer with Microsoft. Can we please close this ? I agree with Manish here that we have a pointer to your docs since resource graph query may be out of context in our documentation. Further, if there are any disagreements, we can start an internal thread. It need not have to be on this forum

I think the point here is to indicate a path to create this workflow in a programmatic fashion that doesn't require interactive digging for a property. As such, discovering this information via a programmatic instruction should be documented. If not in this doc, where should it live?

Sure @christiankuhtz . Could you or @malopMSFT propose the doc changes you are referring in this document and we can review it and merge it.