Creating multiple Databricks Workspace private endpoints concurrently erroring

q-thomaseastgate commented 2 weeks ago

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.4.7

AzureRM Provider Version

3.108.0

Affected Resource(s)/Data Source(s)

azurerm_private_endpoint

Terraform Configuration Files

resource "azurerm_private_endpoint" "databricks_private_endpoint" {
  name                = "pe-databricks"
  resource_group_name = <resource_group_name>
  location            = <location>
  subnet_id           = <databricks_private_endpoint>.id

  private_service_connection {
    name                           = "${local.deployment_id}-psc"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_databricks_workspace.databricks_workspace.id
    subresource_names              = ["databricks_ui_api"]
  }

  # Add DNS A record to map connection to workspace
  private_dns_zone_group {
    name                 = "private-dns-zone-uiapi"
    private_dns_zone_ids = [<private_databricks_dns_zone>.id]
  }
}

resource "azurerm_private_endpoint" "databricks_auth_endpoint" {
  name                = "auth-databricks"
  resource_group_name = <resource_group_name>
  location            = <location>
  subnet_id           = <databricks_private_endpoint>.id

  private_service_connection {
    name                           = "psc-auth"
    private_connection_resource_id = azurerm_databricks_workspace.databricks_workspace.id
    is_manual_connection           = false
    subresource_names              = ["browser_authentication"]
  }

  # Add DNS A record to map connection to web auth
  private_dns_zone_group {
    name                 = "private-dns-zone-auth"
    private_dns_zone_ids = [<private_databricks_dns_zone>.id]
  }
}

Debug Output/Panic Output

API Response:
----[start]----
{"status":"Failed","error":{"code":"ConcurrentUpdateError","message":"Call to Microsoft.Databricks/workspaces failed. Error message: Workspace update could not be completed because it has been updated by another process.","details":[]}}
-----[end]-----

Expected Behaviour

The 2 Private links should have correctly created

Actual Behaviour

The Databricks workspace would only allow the creation of 1 private endpoint at a time, so when the concurrency lock was removed by https://github.com/hashicorp/terraform-provider-azurerm/issues/26005, creating 2 Private endpoints for a Databricks workspace in parallel started to fail.

Steps to Reproduce

Create a Databricks Workspace in Terraform
Create 2 Private Endpoints attaching to the Databricks Workspace

Important Factoids

No response

References

https://github.com/hashicorp/terraform-provider-azurerm/pull/26006

dghubble commented 1 week ago

Has creating different private links in parallel caused a problem? Or is the issue that the private links should have created correctly in general (independent of serial vs parallel)?

tombuildsstuff commented 1 week ago

@lonegunmanb can you take a look into this one?

hashicorp / terraform-provider-azurerm