Open alyssons-db opened 1 year ago
nkvuong
commented
1 year ago This is where the issue arises, as the provider verifies that the workspace is reachable https://github.com/databricks/terraform-provider-databricks/blob/master/mws/resource_mws_workspaces.go#L179
@alexott we can add a parameter to relax this check, what do you think?
alexott
commented
1 year ago we can, but we still need to perform some check to make sure that workspace is created & reachable. Maybe we need to check if workspace is with private link, and use some other URL?
alyssons-db
commented
1 year ago Can we just call the Account API to check if the status of the workspace is RUNNING? https://accounts.cloud.databricks.com/api/2.0 /accounts/{account_id}/workspaces/{workspace_id}
https://docs.databricks.com/dev-tools/api/latest/account.html#operation/get-workspace
[image: email_signature_logo_sm]
Alysson Souza
Specialist Solutions Architect - Cloud Infra & Security
Mobile: +61 420533927
On Thu, Sep 29, 2022 at 2:41 PM Alex Ott @.***> wrote:
we can, but we still need to perform some check to make sure that workspace is created & reachable. Maybe we need to check if workspace is with private link, and use some other URL?
— Reply to this email directly, view it on GitHub https://github.com/databricks/terraform-provider-databricks/issues/1645#issuecomment-1262221180, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2OTJM5FSXK7BPIN4QFP4TTWAWE7JANCNFSM6AAAAAAQYXHINU . You are receiving this because you authored the thread.Message ID: @.*** com>
alexott
commented
1 year ago Issue is not only make sure that workspace is running, but also that DNS is propagated...
alyssons-db
commented
1 year ago I don't think this is an issue for private workspaces. There won't be a public DNS record to propagate because the IP is private. Customers will need to register on their own DNS servers or use something like Route53 hosted zones to register before accessing the workspace.
At least the above is my understanding, or am I missing something?
[image: email_signature_logo_sm]
Alysson Souza
Specialist Solutions Architect - Cloud Infra & Security
Mobile: +61 420533927
On Thu, Sep 29, 2022 at 5:02 PM Alex Ott @.***> wrote:
Issue is not only make sure that workspace is running, but also that DNS is propagated...
— Reply to this email directly, view it on GitHub https://github.com/databricks/terraform-provider-databricks/issues/1645#issuecomment-1262410755, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2OTJM5NNBVY73EZ2CHZ4K3WAWVO7ANCNFSM6AAAAAAQYXHINU . You are receiving this because you authored the thread.Message ID: @.*** com>
nfx
commented
1 year ago I'm okay with adding skip_dns_verify, but i'd rather wait for provider split, which will use the Go SDK.
jtthackery
commented
2 months ago Hi, I'm also running into this issue, was skip_dns_verify (or another solution) implemented?
Expected Behavior
Expect the workspace to be successfully created and terraform apply to complete successfully when creating a workspace with front end PrivateLink
Actual Behavior
Although the workspace is created successfully, the apply fails because there is a health check at the end that calls the /api/2.0/token/list API. Since the hostname itself needs to be first registered in the DNS to point to the private IP of the endpoint, the check fails saying that the endpoint is not reachable.
Error: cannot create mws workspaces: workspace https://aso-workspace.cloud.databricks.com/ is not yet reachable: Get "https://aso-workspace.cloud.databricks.com/api/2.0/token/list": context deadline exceeded - rate limited: context deadline exceededIf I created the DNS record prior to trying to create the workspace, the apply completes successfully.
Steps to Reproduce
Terraform and provider versions
Terraform v1.2.7