Remove auth private endpoint from databricks workspace service (#3199)

* Remove auth private endpoint from ADB ws service * Consolidate internal_connection_uri with connection_uri
microsoft · Feb 6, 2023 · d245319 · d245319
1 parent 15d9f27
commit d245319
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 36 deletions.
diff --git a/templates/workspace_services/databricks/porter.yaml b/templates/workspace_services/databricks/porter.yaml
@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-service-databricks
-version: 0.1.71
+version: 0.1.72
 description: "An Azure TRE service for Azure Databricks."
 registry: azuretre
 dockerfile: Dockerfile.tmpl
@@ -56,11 +56,6 @@ outputs:
     applyTo:
       - install
       - upgrade
-  - name: internal_connection_uri
-    type: string
-    applyTo:
-      - install
-      - upgrade
   - name: databricks_storage_account_name
     type: string
     applyTo:
@@ -123,7 +118,6 @@ install:
       outputs:
         - name: databricks_workspace_name
         - name: connection_uri
-        - name: internal_connection_uri
         - name: databricks_storage_account_name
         - name: dbfs_blob_storage_domain
         - name: metastore_addresses
@@ -150,7 +144,6 @@ upgrade:
       outputs:
         - name: databricks_workspace_name
         - name: connection_uri
-        - name: internal_connection_uri
         - name: databricks_storage_account_name
         - name: dbfs_blob_storage_domain
         - name: metastore_addresses

diff --git a/templates/workspace_services/databricks/terraform/main.tf b/templates/workspace_services/databricks/terraform/main.tf
@@ -6,7 +6,7 @@ resource "azurerm_databricks_workspace" "databricks" {
   managed_resource_group_name           = local.managed_resource_group_name
   infrastructure_encryption_enabled     = true
   public_network_access_enabled         = var.is_exposed_externally
-  network_security_group_rules_required = var.is_exposed_externally ? "AllRules" : "NoAzureDatabricksRules"
+  network_security_group_rules_required = "NoAzureDatabricksRules"
   tags                                  = local.tre_workspace_service_tags
 
   lifecycle { ignore_changes = [tags] }

diff --git a/templates/workspace_services/databricks/terraform/network.tf b/templates/workspace_services/databricks/terraform/network.tf
@@ -187,28 +187,6 @@ resource "azurerm_private_endpoint" "databricks_control_plane_private_endpoint"
   }
 }
 
-resource "azurerm_private_endpoint" "databricks_auth_private_endpoint" {
-  name                = "pe-adb-auth-${local.service_resource_name_suffix}"
-  location            = data.azurerm_resource_group.ws.location
-  resource_group_name = data.azurerm_resource_group.ws.name
-  subnet_id           = data.azurerm_subnet.services.id
-  tags                = local.tre_workspace_service_tags
-
-  lifecycle { ignore_changes = [tags] }
-
-  private_service_connection {
-    name                           = "private-service-connection-databricks-auth-${local.service_resource_name_suffix}"
-    private_connection_resource_id = azurerm_databricks_workspace.databricks.id
-    is_manual_connection           = false
-    subresource_names              = ["browser_authentication"]
-  }
-
-  private_dns_zone_group {
-    name                 = "private-dns-zone-group-databricks-auth-${local.service_resource_name_suffix}"
-    private_dns_zone_ids = [data.azurerm_private_dns_zone.databricks.id]
-  }
-}
-
 resource "azurerm_private_endpoint" "databricks_filesystem_private_endpoint" {
   name                = "pe-adb-fs-${local.service_resource_name_suffix}"
   location            = data.azurerm_resource_group.ws.location

diff --git a/templates/workspace_services/databricks/terraform/outputs.tf b/templates/workspace_services/databricks/terraform/outputs.tf
@@ -3,11 +3,7 @@ output "databricks_workspace_name" {
 }
 
 output "connection_uri" {
-  value = var.is_exposed_externally ? "https://${azurerm_databricks_workspace.databricks.workspace_url}/aad/auth?has=&Workspace=${data.azurerm_subscription.current.id}/resourceGroups/${local.resource_group_name}/providers/Microsoft.Databricks/workspaces/${local.databricks_workspace_name}&WorkspaceResourceGroupUri=${data.azurerm_subscription.current.id}/resourceGroups/${local.managed_resource_group_name}&l=en-us" : ""
-}
-
-output "internal_connection_uri" {
-  value = var.is_exposed_externally ? "" : "https://${azurerm_databricks_workspace.databricks.workspace_url}/aad/auth?has=&Workspace=${data.azurerm_subscription.current.id}/resourceGroups/${local.resource_group_name}/providers/Microsoft.Databricks/workspaces/${local.databricks_workspace_name}&WorkspaceResourceGroupUri=${data.azurerm_subscription.current.id}/resourceGroups/${local.managed_resource_group_name}&l=en-us"
+  value = "https://${azurerm_databricks_workspace.databricks.workspace_url}/aad/auth?has=&Workspace=${data.azurerm_subscription.current.id}/resourceGroups/${local.resource_group_name}/providers/Microsoft.Databricks/workspaces/${local.databricks_workspace_name}&WorkspaceResourceGroupUri=${data.azurerm_subscription.current.id}/resourceGroups/${local.managed_resource_group_name}&l=en-us"
 }
 
 output "databricks_storage_account_name" {