Add module for private endpoint DNS zone groups

[l3ender]

SUMMARY

This PR adds a new module for configuring private endpoint DNS zone groups and is comparable to the similar function in azure-cli. This is necessary when adding a private endpoint to a resource so that the private DNS entry will be used for the resource from within the vnet.

Consider the following example, where a Postgres server has already been created and added to an existing virtual network. The endpoint can be created:

- name: Create private endpoint
  azure_rm_privateendpoint:
    name: my-private-endpoint
    resource_group: my-resource-group
    private_link_service_connections:
      - name: my-postgres-link
        private_link_service_id: "{{ postgres_server_output.id }}"
        group_ids:
          - postgresqlServer

However, the above by itself does not assign a private IP address to the Postgres server. The following must be done in order for that to occur:

- name: Create private DNS zone for postgres
  azure_rm_privatednszone:
    name: privatelink.postgres.database.azure.com
    resource_group: my-resource-group

- name: Create virtual network link
  azure_rm_privatednszonelink:
    name: my-private-link
    resource_group: my-resource-group
    zone_name: privatelink.postgres.database.azure.com
    virtual_network: my-vnet-name

- name: Create zone group for private endpoint
  azure_rm_privateendpointdnszonegroup:
    name: my-zone-group
    private_endpoint: my-private-endpoint
    resource_group: my-resource-group
    private_dns_zone_configs:
      - name: default
        private_dns_zone: privatelink.postgres.database.azure.com

Here is output from a sample usage of the azure_rm_privateendpointdnszonegroup module:

{
    "changed": true,
    "invocation": {
        "module_args": {
            "ad_user": null,
            "adfs_authority_url": null,
            "api_profile": "latest",
            "auth_source": "auto",
            "cert_validation_mode": null,
            "client_id": null,
            "cloud_environment": "AzureCloud",
            "log_mode": null,
            "log_path": null,
            "name": "zone-group-ef45326965",
            "password": null,
            "private_dns_zone_configs": [
                {
                    "name": "default",
                    "private_dns_zone_id": "/subscriptions/xxx/resourceGroups/automated-testing/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com"
                }
            ],
            "private_endpoint": "privateendpoint-ef45326965",
            "profile": null,
            "resource_group": "automated-testing",
            "secret": null,
            "state": "present",
            "subscription_id": null,
            "tenant": null
        }
    },
    "state": {
        "id": "/subscriptions/xxx/resourceGroups/automated-testing/providers/Microsoft.Network/privateEndpoints/privateendpoint-ef45326965/privateDnsZoneGroups/zone-group-ef45326965",
        "name": "zone-group-ef45326965",
        "private_dns_zone_configs": [
            {
                "name": "default",
                "private_dns_zone_id": "/subscriptions/xxx/resourceGroups/automated-testing/providers/Microsoft.Network/privateDnsZones/privatelink.postgres.database.azure.com",
                "record_sets": [
                    {
                        "fqdn": "postgresqlsrv-ef45326965.privatelink.postgres.database.azure.com",
                        "ip_addresses": [
                            "10.1.0.4"
                        ],
                        "provisioning_state": "Succeeded",
                        "record_set_name": "postgresqlsrv-ef45326965",
                        "record_type": "A",
                        "ttl": 10
                    }
                ]
            }
        ],
        "provisioning_state": "Succeeded"
    }
}

Within the vnet, the hostname postgresqlsrv-ef45326965.postgres.database.azure.com can now be queried and it will return the private IP address for the Postgres server:

-> nslookup postgresqlsrv-ef45326965.postgres.database.azure.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
postgresqlsrv-ef45326965.postgres.database.azure.com	canonical name = postgresqlsrv-ef45326965.privatelink.postgres.database.azure.com.
Name:	postgresqlsrv-ef45326965.privatelink.postgres.database.azure.com
Address: 10.1.0.4

ISSUE TYPE

• New Module Pull Request

COMPONENT NAME

azure_rm_privateendpointdnszonegroup
azure_rm_privateendpointdnszonegroup_info

ADDITIONAL INFORMATION

I found similar type of configuration in the azure_rm_privateendpoint module, but it was not functional and the private endpoint SDK did not support it. I have removed it to clarify usage.

Test coverage has been added (and acts as an example) in tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml. It can be tested with the following playbook:

---
- name: "Playbook for testing."
  hosts: "localhost"
  connection: "local"
  gather_facts: false
  vars:
    resource_group: "automated-testing"
    resource_group_secondary: "automated-testing-secondary"
  collections:
    - azure.azcollection

  tasks:
    - name: "Include tests"
      include_tasks: "tests/integration/targets/azure_rm_privateendpointdnszonegroup/tasks/main.yml"

[l3ender]

Hello @Fred-sun, here is the PR I mentioned for private endpoint. It turns out no update to azure.mgmt.network dependency was required.

Please review and advise--thank you!

[Fred-sun]

@l3ender Okay, we'll move forward with the merger as soon as possible. Thank you for your contribution!

[l3ender]

Thanks for the review, @Fred-sun. The reference to extending tag documentation was a mistake: this resource does not support tags. I have updated that and also fixed lint issues.

Please review again and let me know if there are any other items!

[l3ender]

Hello, wondering if there is anything else I can do for this PR? Thank you!

[Fred-sun]

@l3ender We are reviewing and will push forward the merger as soon as possible. Thank you very much!

[xuzhang3]

LGTM