Conversation
Contributor
ashkan-db
commented
Apr 20, 2026
ashkan-db
commented
- Uniform resource naming: ${resource_prefix}--${deployment_suffix}
- Add serverless workspace support (compute_mode = SERVERLESS)
- Add flexible DNS for PSC: create zone + records, use existing zone, or manual
- Add tunnel. DNS A-record for SCC relay (fixes cluster launch timeout)
- Add workspace hardening: IP access lists, verbose audit, DBFS browser off, 90-day tokens
- Add resource_owner admin assignment with skip_user_lookup for safe destroy
- Add use_cmek master flag; support creating fresh KMS keyring+key or reusing existing
- Replace deprecated default_catalog_name with databricks_default_namespace_setting
- Gate db_subnet_ingress firewall on !use_existing_vpc (BYO creates zero GCP resources)
- Decouple Databricks VPC endpoint registration from use_existing_vpc
- Fix network_name exceeding 30-char Databricks API limit
- Fix DNS record count depending on computed attributes (plan-time error)
- Comment out GCS backend in examples (default to local state)
- Bump Databricks provider to >=1.113.0
- Update end-to-end example: enable PSC + CMEK + hardened network
- Document googleapis.com DNS zone prerequisite for PSC + hardened network
- Uniform resource naming: ${resource_prefix}-<resource>-${deployment_suffix}
- Add serverless workspace support (compute_mode = SERVERLESS)
- Add flexible DNS for PSC: create zone + records, use existing zone, or manual
- Add tunnel.<region> DNS A-record for SCC relay (fixes cluster launch timeout)
- Add workspace hardening: IP access lists, verbose audit, DBFS browser off, 90-day tokens
- Add resource_owner admin assignment with skip_user_lookup for safe destroy
- Add use_cmek master flag; support creating fresh KMS keyring+key or reusing existing
- Replace deprecated default_catalog_name with databricks_default_namespace_setting
- Gate db_subnet_ingress firewall on !use_existing_vpc (BYO creates zero GCP resources)
- Decouple Databricks VPC endpoint registration from use_existing_vpc
- Fix network_name exceeding 30-char Databricks API limit
- Fix DNS record count depending on computed attributes (plan-time error)
- Comment out GCS backend in examples (default to local state)
- Bump Databricks provider to >=1.113.0
- Update end-to-end example: enable PSC + CMEK + hardened network
- Document googleapis.com DNS zone prerequisite for PSC + hardened network
Contributor
AleksCallebat
left a comment
AleksCallebat
left a comment
There was a problem hiding this comment.
great job - 2 small issues ;
- one bit I don't understand and am afraid it's missing (causing potential errors at use if the uuid is not specified).
- one bit where the firewall rule is not defined in the right place
| # value = databricks_mws_workspaces.this.token[0].token_value | ||
| # sensitive = true | ||
| # } No newline at end of file | ||
| output "deployment_suffix" { |
Contributor
There was a problem hiding this comment.
Which part generates the deployment_suffix in case it's empty in the tfvars? We need to validate that if it's empty the suffix is generated via uuid as advertised
| direction = "EGRESS" | ||
| priority = 1000 | ||
| destination_ranges = [ | ||
| # ADD REGIONAL IPS as listed here: https://docs.databricks.com/gcp/en/resources/ip-domain-region |
Contributor
There was a problem hiding this comment.
This will make the rule empty by default (nobody will scroll till there)
Need to :
- Add a variable which are the ip-domain
- Add this link to documentation as part of the var file
Conscious this is a default previous version already had
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.