You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[DOC] Fix missing GCP IAM permissions for workspace creation (#5114) (#5123)
## Changes
<!-- Summary of your changes that are easy to understand -->
Add PSC/CMK-related permissions to GCP workspace creation guides.
This fixes workspace creation failures caused by missing permissions:
- Added compute.forwardingRules.get and .list (for Private Service
Connect)
- Added cloudkms.cryptoKeys permissions as commented examples (for CMK)
- Reorganized permissions with descriptive comments
- Added clarifying note to PSC guide
## Tests
<!--
How is this tested? Please see the checklist below and also describe any
other relevant tests
-->
- [ ] `make test` run locally
- [x] relevant change in `docs/` folder
- [ ] covered with integration tests in `internal/acceptance`
- [ ] using Go SDK
- [ ] using TF Plugin Framework
- [x] has entry in `NEXT_CHANGELOG.md` file
Copy file name to clipboardExpand all lines: NEXT_CHANGELOG.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,6 +17,8 @@
17
17
18
18
### Documentation
19
19
20
+
* Fix missing GCP IAM permissions for workspace creation in GCP guides ([#5123](https://github.com/databricks/terraform-provider-databricks/pull/5123)).
Copy file name to clipboardExpand all lines: docs/guides/gcp-private-service-connect-workspace.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,6 +12,8 @@ Secure a workspace with private connectivity and mitigate data exfiltration risk
12
12
13
13
To work with Databricks in GCP in an automated way, please create a service account and manually add it in the [Accounts Console](https://accounts.gcp.databricks.com/users) as an account admin. Databricks account-level APIs can only be called by account owners and account admins, and can only be authenticated using Google-issued OIDC tokens. The simplest way to do this would be via [Google Cloud CLI](https://cloud.google.com/sdk/gcloud). For details, please refer to [Provisioning Databricks workspaces on GCP](gcp-workspace.md).
14
14
15
+
-> **Note** When using Private Service Connect, ensure that your service account has the `compute.forwardingRules.get` and `compute.forwardingRules.list` permissions in addition to the base permissions listed in the [gcp-workspace.md](gcp-workspace.md) guide. These permissions are required for managing VPC endpoints.
16
+
15
17
## Creating a VPC network
16
18
17
19
The very first step is VPC creation with the necessary resources. Please consult [main documentation page](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/customer-managed-vpc.html) for **the most complete and up-to-date details on networking**. A GCP VPC is registered as [databricks_mws_networks](../resources/mws_networks.md) resource.
0 commit comments