Azure / bicep-registry-modules

Bicep registry modules
MIT License
515 stars 362 forks source link

[AVM Module Issue]: Private Endpoint creation in Databricks fails with Index out of Bounds error #3784

Closed Gossef closed 6 days ago

Gossef commented 1 week ago

Check for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/databricks/workspace

(Optional) Module Version

0.8.5

Description

The below deployment of a Databricks workspace fails whenever the Private Endpoint is added. If the entire privateEndpoints section is removed, it deploys properly. When it's added it throws this error: 'The language expression property array index '1' is out of bounds.'

What are we doing wrong, or is the module broken?

module workspace 'br/public:avm/res/databricks/workspace:0.8.5' = {
  name: 'workspaceDeployment'
  params: {
    // Required params
    name: 'dbw-emc-hdp-${environment}-weu-001'
    // Non-required params
    location: location
    skuName: 'premium'
    accessConnectorResourceId: databricksAccessConnector.id
    privateEndpoints: [
      {
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: privateDnsZoneDatabricks.id
            }
          ]
        }
        service: 'databricks_ui_api'
        subnetResourceId: subnetPrivateDatabricks.id
        tags: {
          Environment: environment
          Role: 'DeploymentValidation'
        }
      }
    ]
    tags: {
      Environment: environment
      'hidden-title': 'AVM bouwblokken development'
      Role: 'DeploymentValidation'
      Application: 'Databricks'
      Maintainer: 'Team Platform'
      Contact: 'healthdataplatform@erasmusmc.nl'
    }
  }
}

(Optional) Correlation Id

No response

microsoft-github-policy-service[bot] commented 1 week ago

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

avm-team-linter[bot] commented 1 week ago

@Gossef, thanks for submitting this issue for the avm/res/databricks/workspace module!

[!IMPORTANT] A member of the @Azure/avm-res-databricks-workspace-module-owners-bicep or @Azure/avm-res-databricks-workspace-module-contributors-bicep team will review it soon!

clintgrove commented 6 days ago

I will look into this and let you know soon, sorry for the delay

clintgrove commented 6 days ago

hi , upon inspection it seems you may be doing something wrong. you have to have at least these parameters if you want to make your Databricks workspace private.

module workspace 'br/public:avm/res/databricks/workspace:0.8.5' = {
  dependsOn: [
    vnetwork
    nsg
  ]
  name: '${uniqueString(deployment().name, 'uksouth')}-databricksworkspace'
  params: {
    name: workspaceName
    customPrivateSubnetName: vnetwork.outputs.subnetNames[0]
    customPublicSubnetName: vnetwork.outputs.subnetNames[1]
    customVirtualNetworkResourceId: vnetwork.outputs.resourceId
    disablePublicIp: true
    location: 'uksouth'
    publicIpName: 'nat-gw-public-ip'
    natGatewayName: 'nat-gateway' //nsg.outputs.name
    prepareEncryption: true
    publicNetworkAccess: 'Disabled'
    requiredNsgRules: 'NoAzureDatabricksRules'
    requireInfrastructureEncryption: true
    skuName: 'premium'
    storageAccountName: 'dev2${uniqueString(resourceGroup().id)}stg'
    storageAccountSkuName: 'Standard_ZRS'
    vnetAddressPrefix: vnetAddressPrefixParam
    accessConnectorResourceId: accessConnector.id
    privateEndpoints: [
      {
        privateDnsZoneGroup: {
          privateDnsZoneGroupConfigs: [
            {
              privateDnsZoneResourceId: privateDnsZone.outputs.resourceId
            }
          ]
        }
        service: 'databricks_ui_api'
        subnetResourceId: vnetwork.outputs.subnetResourceIds[2]
      }
    ]
  }
}

specifically things like disablePublicIp which should be set to true and others like publicNetworkAccess . As well as making sure your service: 'databricks_ui_api' and its subnet are set to the "defaultSubnet" in your virtual network (mine was the third subnet, hence the [2], [0] being the first)

if you want a closer look on how I have done it, please see my public repo here which shows a full deployment https://github.com/[clintgrove/databricksws-avm](https://github.com/clintgrove/databricksws-avm/)/