Doc updates for databricks_table and databricks_mws_vpc_endpoint (#1616)

nkvuong · web-flow · commit 5a6a22432ff8 · 2022-09-22T15:31:14.000Z
* update privatelink guide with autoaccept * remove databricks_table resource from doc * close #1609 * fix following suggestions
diff --git a/README.md b/README.md
@@ -79,8 +79,7 @@
 | [databricks_sql_warehouses](docs/data-sources/sql_warehouses.md) data
 | [databricks_sql_widget](docs/resources/sql_widget.md)
 | [databricks_storage_credential](docs/resources/storage_credential.md)
-| [databricks_table](docs/resources/table.md)
-| [databricks_tables](docs/data-sources/table.md) data
+| [databricks_tables](docs/data-sources/tables.md) data
 | [databricks_token](docs/resources/token.md)
 | [databricks_user](docs/resources/user.md)
 | [databricks_user_role](docs/resources/user_role.md)
diff --git a/docs/data-sources/catalogs.md b/docs/data-sources/catalogs.md
@@ -29,6 +29,5 @@ This data source exports the following attributes:
 
 The following resources are used in the same context:
 
-* [databricks_table](../resources/table.md) to manage tables within Unity Catalog.
 * [databricks_schema](../resources/schema.md) to manage schemas within Unity Catalog.
 * [databricks_catalog](../resources/catalog.md) to manage catalogs within Unity Catalog.
diff --git a/docs/data-sources/schemas.md b/docs/data-sources/schemas.md
@@ -35,6 +35,5 @@ This data source exports the following attributes:
 
 The following resources are used in the same context:
 
-* [databricks_table](../resources/table.md) to manage tables within Unity Catalog.
 * [databricks_schema](../resources/schema.md) to manage schemas within Unity Catalog.
 * [databricks_catalog](../resources/catalog.md) to manage catalogs within Unity Catalog.
diff --git a/docs/data-sources/tables.md b/docs/data-sources/tables.md
@@ -38,12 +38,11 @@ resource "databricks_grants" "things" {
 
 This data source exports the following attributes:
 
-* `ids` - set of [databricks_table](../resources/table.md) full names: *`catalog`.`schema`.`table`*
+* `ids` - set of databricks_table full names: *`catalog`.`schema`.`table`*
 
 ## Related Resources
 
 The following resources are used in the same context:
 
-* [databricks_table](../resources/table.md) to manage tables within Unity Catalog.
 * [databricks_schema](../resources/schema.md) to manage schemas within Unity Catalog.
 * [databricks_catalog](../resources/catalog.md) to manage catalogs within Unity Catalog.
diff --git a/docs/data-sources/views.md b/docs/data-sources/views.md
@@ -38,12 +38,11 @@ resource "databricks_grants" "things" {
 
 This data source exports the following attributes:
 
-* `ids` - set of [databricks_table](../resources/table.md) full names: *`catalog`.`schema`.`view`*
+* `ids` - set of databricks_view full names: *`catalog`.`schema`.`view`*
 
 ## Related Resources
 
 The following resources are used in the same context:
 
-* [databricks_table](../resources/table.md) to manage tables within Unity Catalog.
 * [databricks_schema](../resources/schema.md) to manage schemas within Unity Catalog.
 * [databricks_catalog](../resources/catalog.md) to manage catalogs within Unity Catalog.
diff --git a/docs/guides/aws-private-link-workspace.md b/docs/guides/aws-private-link-workspace.md
@@ -4,7 +4,7 @@ page_title: "Provisioning Databricks on AWS with PrivateLink"
 
 # Deploying pre-requisite resources and enabling PrivateLink connections (AWS Preview)
 
--> **Private Preview** This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html). Contact your Databricks representative to request access. 
+-> **Public Preview** This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html). Contact your Databricks representative to request access.
 
 Databricks PrivateLink support enables private connectivity between users and their Databricks workspaces and between clusters on the data plane and core services on the control plane within the Databricks workspace infrastructure. You can use Terraform to deploy the underlying cloud resources and the private access settings resources automatically, using a programmatic approach. This guide assumes you are deploying into an existing VPC and you have set up credentials and storage configurations as per prior examples, notably here.
 
@@ -29,6 +29,7 @@ This guide uses the following variables in configurations:
 This guide is provided as-is and you can use this guide as the basis for your custom Terraform module.
 
 To get started with AWS PrivateLink integration, this guide takes you throw the following high-level steps:
+
 - Initialize the required providers
 - Configure AWS objects
   - A subnet dedicated to your VPC relay and workspace endpoints
@@ -80,16 +81,18 @@ variable "subnet_ids" { type = list(string) }
 variable "workspace_vpce_service" {}
 variable "relay_vpce_service" {}
 variable "vpce_subnet_cidr" {}
-variable "private_dns_enabled" { default = false }
+variable "private_dns_enabled" { default = true }
 variable "tags" { default = {} }
 
 locals {
   prefix = "private-link-ws"
 }
 ```
 
-## Root bucket 
+## Root bucket
+
 Create new storage configuration with [databricks_mws_storage_configurations](../resources/mws_storage_configurations.md):
+
 ```hcl
 resource "databricks_mws_storage_configurations" "this" {
   provider                   = databricks.mws
@@ -100,7 +103,9 @@ resource "databricks_mws_storage_configurations" "this" {
 ```
 
 ## Cross-account IAM role
+
 Create new cross-account credentials with [databricks_mws_credentials](../resources/mws_credentials.md):
+
 ```hcl
 resource "databricks_mws_credentials" "this" {
   provider         = databricks.mws
@@ -111,13 +116,16 @@ resource "databricks_mws_credentials" "this" {
 ```
 
 ## Configure networking
+
 In this section, the goal is to create the two back-end VPC endpoints:
+
 - Back-end VPC endpoint for SSC relay
 - Back-end VPC endpoint for REST APIs
 
 -> **Note** If you want to implement the front-end VPC endpoint as well for the connections from the user to the workspace front-end, use the transit (bastion) VPC that terminates your AWS Direct Connect or VPN gateway connection or one that is routable from such a transit (bastion) VPC. Once the front-end endpoint is created, it can be supplied to [databricks_mws_networks](../resources/mws_networks.md) resource using vpc_endpoints argument. Use the [databricks_mws_private_access_settings](../resources/mws_private_access_settings.md) resource to control which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object.
 
 The first step is to create the required AWS objects:
+
 - A subnet dedicated to your VPC endpoints.
 - A security group dedicated to your VPC endpoints and satisfying required inbound/outbound TCP/HTTPS traffic rules on ports 443 and 6666, respectively.
 
@@ -208,18 +216,14 @@ resource "aws_security_group" "dataplane_vpce" {
 }
 ```
 
-Run terraform apply twice when configuring PrivateLink: see an [outstanding issue](https://github.com/hashicorp/terraform-provider-aws/issues/7148) for more information.
-* Run 1 - comment the `private_dns_enabled` lines.
-* Run 2 - uncomment the `private_dns_enabled` lines.
-
 ```hcl
 resource "aws_vpc_endpoint" "backend_rest" {
   vpc_id             = var.vpc_id
   service_name       = var.workspace_vpce_service
   vpc_endpoint_type  = "Interface"
   security_group_ids = [aws_security_group.dataplane_vpce.id]
   subnet_ids         = [aws_subnet.dataplane_vpce.id]
-  // private_dns_enabled = var.private_dns_enabled
+  private_dns_enabled = var.private_dns_enabled
   depends_on = [aws_subnet.dataplane_vpce]
 }
 
@@ -229,7 +233,7 @@ resource "aws_vpc_endpoint" "relay" {
   vpc_endpoint_type  = "Interface"
   security_group_ids = [aws_security_group.dataplane_vpce.id]
   subnet_ids         = [aws_subnet.dataplane_vpce.id]
-  // private_dns_enabled = var.private_dns_enabled
+  private_dns_enabled = var.private_dns_enabled
   depends_on = [aws_subnet.dataplane_vpce]
 }
 
@@ -252,8 +256,6 @@ resource "databricks_mws_vpc_endpoint" "relay" {
 }
 ```
 
-Once the VPC endpoints are created, they can be supplied in the [databricks_mws_networks](../resources/mws_networks.md) resource for workspace creation with AWS PrivateLink. After the `terraform apply` is run once (see the comment in the `aws_vpc_endpoint` resource above), run the terraform apply a second time with the line for `private_dns_enabled` set to true uncommented to set the proper DNS settings for PrivateLink. For understanding the reason that this needs to be applied twice, see this existing [issue](https://github.com/hashicorp/terraform-provider-aws/issues/7148) in the underlying AWS provider.
-
 ```hcl
 resource "databricks_mws_networks" "this" {
   provider           = databricks.mws
diff --git a/docs/resources/grants.md b/docs/resources/grants.md
@@ -84,7 +84,7 @@ resource "databricks_grants" "things" {
 
 ## Table grants
 
-You can grant `MODIFY` and `SELECT` privileges to [*`catalog`*.*`schema`*.*`table`*](table.md) specified in the `table` attribute. You can define a table through [databricks_table](table.md) resource.
+You can grant `MODIFY` and `SELECT` privileges to [*`catalog`*.*`schema`*.*`table`*](tables.md) specified in the `table` attribute.
 
 ```hcl
 resource "databricks_grants" "customers" {
@@ -122,7 +122,7 @@ resource "databricks_grants" "things" {
 
 ## View grants
 
-You can grant `SELECT` privileges to [*`catalog`*.*`schema`*.*`view`*](table.md) specified in `table` attribute. You can define a view through [databricks_table](table.md) resource.
+You can grant `SELECT` privileges to [*`catalog`*.*`schema`*.*`view`*](views.md) specified in `table` attribute.
 
 ```hcl
 resource "databricks_grants" "customer360" {
diff --git a/docs/resources/group.md b/docs/resources/group.md
@@ -5,7 +5,7 @@ subcategory: "Security"
 
 This resource allows you to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html), [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net). You can also [associate](group_member.md) Databricks users and [service principals](service_principal.md) to groups. This is useful if you are using an application to sync users & groups with SCIM API.
 
-To create groups in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using AAD tokens on Azure deployments
+To create groups in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 Recommended to use along with Identity Provider SCIM provisioning to populate users into those groups:
 
diff --git a/docs/resources/group_member.md b/docs/resources/group_member.md
@@ -5,7 +5,7 @@ subcategory: "Security"
 
 This resource allows you to attach [users](user.md), [service_principal](service_principal.md), and [groups](group.md) as group members.
 
-To attach members to groups in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using AAD tokens on Azure deployments
+To attach members to groups in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 ## Example Usage
 
diff --git a/docs/resources/metastore.md b/docs/resources/metastore.md
@@ -48,7 +48,7 @@ resource "databricks_metastore_assignment" "this" {
 The following arguments are required:
 
 * `name` - Name of metastore.
-* `storage_root` - Path on cloud storage account, where managed [databricks_table](table.md) are stored. Change forces creation of a new resource.
+* `storage_root` - Path on cloud storage account, where managed `databricks_table` are stored. Change forces creation of a new resource.
 * `owner` - (Optional) Username/groupname/sp application_id of the metastore owner.
 * `delta_sharing_scope` - (Optional) Required along with `delta_sharing_recipient_token_lifetime_in_seconds`. Used to enable delta sharing on the metastore. Valid values: INTERNAL, INTERNAL_AND_EXTERNAL.
 * `delta_sharing_recipient_token_lifetime_in_seconds` - (Optional) Required along with `delta_sharing_scope`. Used to set expiration duration in seconds on recipient data access tokens. Set to 0 for unlimited duration.
diff --git a/docs/resources/mws_vpc_endpoint.md b/docs/resources/mws_vpc_endpoint.md
@@ -23,6 +23,7 @@ resource "aws_vpc_endpoint" "workspace" {
   security_group_ids = [module.vpc.default_security_group_id]
   subnet_ids         = [aws_subnet.pl_subnet.id]
   depends_on         = [aws_subnet.pl_subnet]
+  private_dns_enabled = true  
 }
 
 resource "aws_vpc_endpoint" "relay" {
@@ -32,6 +33,7 @@ resource "aws_vpc_endpoint" "relay" {
   security_group_ids = [module.vpc.default_security_group_id]
   subnet_ids         = [aws_subnet.pl_subnet.id]
   depends_on         = [aws_subnet.pl_subnet]
+  private_dns_enabled = true  
 }
 ```
 
@@ -88,30 +90,6 @@ resource "databricks_mws_vpc_endpoint" "relay" {
 }
 ```
 
-Private DNS for the VPC Endpoints cannot be configured until the Endpoints have been accepted on both sides, which is after they have been registered via this resource. You can either do this [manually via the Account Console](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html#step-4-enable-private-dns-names-on-aws-vpc-endpoints-using-the-aws-console) or by running a subsequent ```terraform apply``` after you have added ```private_dns_enabled = true``` to the configuration. For example:
-
-```hcl
-resource "aws_vpc_endpoint" "workspace" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = local.private_link.workspace_service
-  vpc_endpoint_type   = "Interface"
-  security_group_ids  = [module.vpc.default_security_group_id]
-  subnet_ids          = [aws_subnet.pl_subnet.id]
-  depends_on          = [aws_subnet.pl_subnet]
-  private_dns_enabled = true
-}
-
-resource "aws_vpc_endpoint" "relay" {
-  vpc_id              = module.vpc.vpc_id
-  service_name        = local.private_link.relay_service
-  vpc_endpoint_type   = "Interface"
-  security_group_ids  = [module.vpc.default_security_group_id]
-  subnet_ids          = [aws_subnet.pl_subnet.id]
-  depends_on          = [aws_subnet.pl_subnet]
-  private_dns_enabled = true
-}
-```
-
 Typically the next steps after this would be to create a [databricks_mws_private_access_settings](mws_private_access_settings.md) and [databricks_mws_networks](mws_networks.md) configuration, before passing the `databricks_mws_private_access_settings.pas.private_access_settings_id` and `databricks_mws_networks.this.network_id` into a [databricks_mws_workspaces](mws_workspaces.md) resource:
 
 ```hcl
diff --git a/docs/resources/service_principal.md b/docs/resources/service_principal.md
@@ -5,7 +5,7 @@ subcategory: "Security"
 
 Directly manage [Service Principals](https://docs.databricks.com/administration-guide/users-groups/service-principals.html) that could be added to [databricks_group](group.md) in Databricks workspace or account.
 
-To create service principals in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using AAD tokens on Azure deployments
+To create service principals in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 ## Example Usage
 
diff --git a/docs/resources/user.md b/docs/resources/user.md
@@ -5,7 +5,7 @@ subcategory: "Security"
 
 This resource allows you to manage [users in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/users.html), [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net). You can also [associate](group_member.md) Databricks users to [databricks_group](group.md). Upon user creation the user will receive a password reset email. You can also get information about caller identity using [databricks_current_user](../data-sources/current_user.md) data source.
 
-To create users in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using AAD tokens on Azure deployments
+To create users in the Databricks account, the provider must be configured with `host = "https://accounts.cloud.databricks.com"` on AWS deployments or `host = "https://accounts.azuredatabricks.net"` and authenticate using [AAD tokens](https://registry.terraform.io/providers/databricks/databricks/latest/docs#special-configurations-for-azure) on Azure deployments
 
 ## Example Usage
 
