What is correct method to make Managed private endpoint to be approved automatically

[onenessboy]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.0.0

AzureRM Provider Version

3.59.0

Affected Resource(s)/Data Source(s)

azurerm_synapse_managed_private_endpoint

Terraform Configuration Files

resource "azurerm_synapse_managed_private_endpoint" "example" {
  name                 = "example-endpoint"
  synapse_workspace_id = azurerm_synapse_workspace.example.id
  target_resource_id   = azurerm_storage_account.example_connect.id
  subresource_name     = "blob"

  depends_on = [azurerm_synapse_firewall_rule.example]
}

Debug Output/Panic Output

private endpoint is getting created but, its in pending state of approval

Expected Behaviour

Should have a argument which will allow us to approve managed private endpoint to be approved

Actual Behaviour

Its just creating managed private endpoint but not approved state

Steps to Reproduce

terraform apply

Important Factoids

No response

References

#13525

Referred to above PR, but it seems it not yet completed or abondened

[marvinbuss]

This is the expected behavior as this is a cross-tenant private endpoint. These private endpoints always end up in an unapproved state and need to be approved manually or via a follow-up step.

In a project, we used a null resource in combination with an Azure CLI script which took care of this manual approval.
The null resource would look like the following:

resource "null_resource" "synapse_managed_private_endpoint_approval" {
  triggers = {
    always_run = "${timestamp()}" # Can also be updated to not trigger this on each execution
  }
  provisioner "local-exec" {
    working_dir = "${path.module}/../../scripts/"
    interpreter = ["pwsh", "-Command"] # We used a pwsh script and executed Azure CLI scripts within
    command     = "./Approve-ManagedPrivateEndpoint.ps1 -ResourceId '<resource-id-of-service-with-pe>' -SynapseWorkspaceName '<synapse-workspace-name>' -SynapseManagedPrivateEndpointName '<private-endpoint-name>'"
  }
}

In Azure CLI you can then use the following command to approve the private endpoint:

az network private-endpoint-connection approve --id "<private-endpoint-resource-id>" --description "Approved in Terraform"

[rcskosir]

Thank you for taking the time to raise this! I am going to close this with @marvinbuss‘s response as an answer. If that is not the case, please provide additional information including the version in which you are still experiencing this issue, thanks!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.