fix: avm/res/web/static-site fixes for pdns & Identity Var

[ChrisSidebotham]

Description

Closes #4345
Closes #4701

Configured DNS Record in test:

New DNS Zone:

Pipeline Reference

Pipeline

Type of Change

• Update to CI Environment or utilities (Non-module affecting changes)
• Azure Verified Module updates:
  • Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in version.json:
    • Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description.
    • The bug was found by the module author, and no one has opened an issue to report it yet.
  • Feature update backwards compatible feature updates, and I have bumped the MINOR version in version.json.
  • Breaking changes and I have bumped the MAJOR version in version.json.
  • Update to documentation

Checklist

• I'm sure there are no other open Pull Requests for the same update/change
• I have run Set-AVMModule locally to generate the supporting module files.
• My corresponding pipelines / checks run clean and green without any errors or warnings

[AlexanderSehr]

Considering the amount of properties one is able to configure in the module I wonder if we may need to introduce a parameterObject for them - like done e.g. for the nicConfigurations parameter in the VM module.

Just thinking out loud here. If you cannot configure it to you needs you're essentially required to idempotently redeploy the DNS Zone after the deployment with another deployment. Maybe that's ok and intended - but wanted to raise the thought :)

[ChrisSidebotham]

So on this thought, for a VM the NIC is required, I guess here we do follow a smiliar pattern except the PDNS Zone is only needed for private endpoints to work. Typically the DNS Zone should sit with the rest of the DNS Zone and be configured with a vnet link.

In this current implemntation the app will still not be routable as the DNS Zone has not been linked to a Virtual Network, I need to update this so it accepts some properties. My view is this should be the bare minimal requirements to ensure PE connectivity is established and routable but any extensive configuration should be done in a dedicated module for the staticSite zone. il make an update to this today

[ChrisSidebotham]

Additional param added for virtualNetworkResourceId

[AlexanderSehr]

I wonder if that's something we should chat about some time - just to ensure we're all on the same page. The next maintainer call would come to mind 💪

[ChrisSidebotham]

can we let this go in the meantime?

[AlexanderSehr]

Define "Let go"? Should we not find together the best solution instead of potentially introducing multiple breaking changes? Hence the suggestion with the Maintainer call where these design questions would usually be brought up. Like the one last Thursday.

[ChrisSidebotham]

#4345 has been open since Jan 29th, here we are talking about a new resource call which is being updated. I would rather us push this change to resolve the current and very limited issue then look at refinements on a wider basis following this. I am unsure what we have to discuss around this, it should be a simply implementation unless the user brings there own DNS Zone?

[AlexanderSehr]

Please note. the Interface still allows the user to define a custom privateDnsZoneGroup even though the module would ignore it.
Either this module should implement its on PE interface and essentially not allow the user to set the privateDnsZoneGroup - or - this could be changed to something like

privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup ?? {

To, in theory still allow the user to bring a private DNS Zone. Otherwise it would appear quite confusing that the parameter is there, but its value would be thrown away if you catch my drift 😄

[AlexanderSehr]

Come to think of it, it would probably be a good call to call this also out in the description of the privateEndpoints parameter

[ChrisSidebotham]

This is the intended behaviour, in most cases DNS Zones are stored centrally so the user will want to BYODnsZone ...

However I have updated the PE Description now