Closed Gossef closed 6 days ago
microsoft-github-policy-service[bot]
commented
1 week ago [!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!
[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.
avm-team-linter[bot]
commented
1 week ago @Gossef, thanks for submitting this issue for the avm/res/databricks/workspace module!
[!IMPORTANT] A member of the @Azure/avm-res-databricks-workspace-module-owners-bicep or @Azure/avm-res-databricks-workspace-module-contributors-bicep team will review it soon!
clintgrove
commented
6 days ago I will look into this and let you know soon, sorry for the delay
clintgrove
commented
6 days ago hi , upon inspection it seems you may be doing something wrong. you have to have at least these parameters if you want to make your Databricks workspace private.
module workspace 'br/public:avm/res/databricks/workspace:0.8.5' = {
dependsOn: [
vnetwork
nsg
]
name: '${uniqueString(deployment().name, 'uksouth')}-databricksworkspace'
params: {
name: workspaceName
customPrivateSubnetName: vnetwork.outputs.subnetNames[0]
customPublicSubnetName: vnetwork.outputs.subnetNames[1]
customVirtualNetworkResourceId: vnetwork.outputs.resourceId
disablePublicIp: true
location: 'uksouth'
publicIpName: 'nat-gw-public-ip'
natGatewayName: 'nat-gateway' //nsg.outputs.name
prepareEncryption: true
publicNetworkAccess: 'Disabled'
requiredNsgRules: 'NoAzureDatabricksRules'
requireInfrastructureEncryption: true
skuName: 'premium'
storageAccountName: 'dev2${uniqueString(resourceGroup().id)}stg'
storageAccountSkuName: 'Standard_ZRS'
vnetAddressPrefix: vnetAddressPrefixParam
accessConnectorResourceId: accessConnector.id
privateEndpoints: [
{
privateDnsZoneGroup: {
privateDnsZoneGroupConfigs: [
{
privateDnsZoneResourceId: privateDnsZone.outputs.resourceId
}
]
}
service: 'databricks_ui_api'
subnetResourceId: vnetwork.outputs.subnetResourceIds[2]
}
]
}
}specifically things like disablePublicIp which should be set to true and others like publicNetworkAccess . As well as making sure your service: 'databricks_ui_api' and its subnet are set to the "defaultSubnet" in your virtual network (mine was the third subnet, hence the [2], [0] being the first)
if you want a closer look on how I have done it, please see my public repo here which shows a full deployment https://github.com/[clintgrove/databricksws-avm](https://github.com/clintgrove/databricksws-avm/)/
Check for previous/existing GitHub issues
Issue Type?
Bug
Module Name
avm/res/databricks/workspace
(Optional) Module Version
0.8.5
Description
The below deployment of a Databricks workspace fails whenever the Private Endpoint is added. If the entire privateEndpoints section is removed, it deploys properly. When it's added it throws this error: 'The language expression property array index '1' is out of bounds.'
What are we doing wrong, or is the module broken?
(Optional) Correlation Id
No response