2

I have coded a powershell script to set an existing subnet to function as a service endpoint for multiple services. However, when I run the command line in the script, it doesn't add a new service endpoint, it just changes the existing one.

I am trying to parameterise this through Jenkins as well, which may be an added complication. I think if I can get the base syntax right then that shouldn't be a problem.

Syntax I am using is:

#Get vnet
$virtualnetwork = Get-AzureRmVirtualNetwork -Name $VN -ResourceGroupName $RG

#Configure service endpoint
Add-AzureRmVirtualNetworkSubnetConfig -Name $SN -AddressPrefix $SAP -  
VirtualNetwork $virtualnetwork -ServiceEndpoint $EP

#Set configuration
$virtualnetwork | Set-AzureRmVirtualNetwork
iheartnetworks
  • 139
  • 1
  • 15
  • 1
    this should work, unless you have some race condition, i dont expect this to fail – 4c74356b41 Feb 07 '19 at 17:48
  • That's what I thought, and it does work - but it just overwrites the existing service endpoint in that subnet instead of adding a new one. For example, the subnet I am adding the service endpoint Microsoft.KeyVault to already has the Microsoft.Storage endpoint on it. I check the subnet in the portal after deployment, and now it only has the Microsoft.KeyVault endpoint. The previous endpoint has disappeared! – iheartnetworks Feb 07 '19 at 17:57
  • 1
    Hmm. Glanced at a script I had that did something like this and I'd written it as `Add-AzureRmVirtualNetworkSubnetConfig ... | Set-AzureRmVirtualNetwork`. – Adam Feb 07 '19 at 19:24

3 Answers3

2

You can use something like this to add as many endpoints as required:

$rgname = "amgar-dtl"
$vnName = "Dtlamgar-dtl"
$sname = "Dtlamgar-dtlSubnet"
$subnetPrefix = "10.0.0.0/20"

#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName |  Get-AzureRmVirtualNetworkSubnetConfig -Name $sname

#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }

#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $rgname -Name $vnName | Set-AzureRmVirtualNetworkSubnetConfig -Name $sname  -AddressPrefix $subnetPrefix -ServiceEndpoint $ServiceEndPoint.Add("Microsoft.KeyVault") | Set-AzureRmVirtualNetwork

Hope this helps!

AmanGarg-MSFT
  • 1,123
  • 6
  • 10
  • Thanks! Just one thing I am unsure of though: What goes in the string parameter here? 'System.Collections.Generic.List[String]' Do I need to define the string or do I need to find out what it is from Azure? Why a string and not an array? – iheartnetworks Feb 08 '19 at 13:45
  • 1
    You have to use it as it is. The parameter '-ServiceEndpoint' is of type 'System.Collections.Generic.List[String]'. Here is the [document](https://learn.microsoft.com/en-us/powershell/module/azurerm.network/set-azurermvirtualnetworksubnetconfig?view=azurermps-6.13.0#optional-parameters) for your reference. – AmanGarg-MSFT Feb 08 '19 at 15:26
  • I've tried a few variations but so far the result I'm getting seems to be that the existing service endpoint is removed from the test subnet and no new service endpoints are added, leaving me with nothing. I think what you’re saying is solid and seems to marry up to the documentation and advice I’ve received thus far. I just can’t seem to get the syntax right. Any more specific advice will be appreciated. – iheartnetworks Feb 08 '19 at 16:56
  • Ideally you just need to substitute the first 4 variables with your information and copy paste rest of the script as is. Basically it fetches the existing Service Endpoints and appends an extra Endpoint as mentioned in the last line. In this case it is $ServiceEndPoint.Add("Microsoft.KeyVault"). You can add any other Endpoint of your choice. – AmanGarg-MSFT Feb 08 '19 at 19:12
  • I've spoken to a Microsoft engineer. Looks like this is along the right lines but Powershell does not appear to support the command $ServiceEndPoint.Add("Microsoft.KeyVault") with “|”. Once it was executed separately, the script worked. – iheartnetworks Feb 11 '19 at 14:47
  • 1
    I was using Powershell ISE. Thank you for the tip. You are welcome :) – AmanGarg-MSFT Feb 13 '19 at 05:05
1

Here is another version for those looking to process multiple subnets and to validate that the subnet doesn't already have the service endpoint enabled because it will error out if the same service is listed twice when modifying the subnet.

$subscription = "Enter Subscription ID here"
$subnets = @('my-subnet-1','my-subnet-2','my-subnet-3')
$vnetName = "MY-VNET"
$vnetRgName = "MY-VNET-RG"
$newEndpoint = "Microsoft.AzureCosmosDB"

Set-AzContext -Subscription $subscription
foreach($snet in $subnets){
    Write-Host "Modifying Service Endpoints for subnet: $snet" -fore red -back white
    $virtualNetwork = Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Get-AzVirtualNetworkSubnetConfig -Name $snet
    $addrPrefix = $virtualNetwork.AddressPrefix

    #Get existing service endpoints
    $ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
    $virtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
    if ($ServiceEndPoint -notcontains $newEndPoint){
        $ServiceEndPoint.Add($newEndpoint)
    }

    #Add new service endpoint
    Get-AzVirtualNetwork -Name $vnetName -ResourceGroupName $vnetRgName | Set-AzVirtualNetworkSubnetConfig -Name $snet -AddressPrefix $addrPrefix -ServiceEndpoint $ServiceEndPoint | Set-AzVirtualNetwork
}
Dharman
  • 30,962
  • 25
  • 85
  • 135
RoloColorado
  • 17
  • 2
0

Successful syntax is:

#Vnet
$VN = "$ENV:VNET_NAME"
#Resource Group
$RG = "$ENV:RESOURCEGROUP_NAME"
#Subnet
$SN = "$ENV:SUBNET_NAME"
#Subnet Address Prexifx
$SAP = "$ENV:ADDRESS_PREFIX"
#ServiceEndpoint
$EP = "$ENV:SERVICE_ENDPOINT" 

Write-Host "Importing the AzureRM module into the PowerShell session"
Import-Module AzureRM

Write-Host "Connect service principle account to Azure RM"
Connect-AzureRmAccount -ServicePrincipal -Credential $CREDS -TenantId $TID -Subscription $SID

#Get vnet
$VirtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN |  Get-AzureRmVirtualNetworkSubnetConfig -Name $SN

#Get existing service endpoints
$ServiceEndPoint = New-Object 'System.Collections.Generic.List[String]'
$VirtualNetwork.ServiceEndpoints | ForEach-Object { $ServiceEndPoint.Add($_.service) }
$ServiceEndPoint.Add($EP)

#Add new service endpoint
Get-AzureRmVirtualNetwork -ResourceGroupName $RG -Name $VN | Set-AzureRmVirtualNetworkSubnetConfig -Name $SN  -AddressPrefix $SAP -ServiceEndpoint $ServiceEndPoint | Set-AzureRmVirtualNetwork

Powershell does not appear to support the command $ServiceEndPoint.Add("Microsoft.KeyVault") with “|”. Once it was executed separately, the script worked.

iheartnetworks
  • 139
  • 1
  • 15