private_endpoint_rules
Creates, updates, deletes, gets or lists a private_endpoint_rules resource.
Overview
| Name | private_endpoint_rules |
| Type | Resource |
| Id | databricks_account.settings.private_endpoint_rules |
Fields
The following fields are returned by SELECT queries:
- get_private_endpoint_rule
- list_private_endpoint_rules
| Name | Datatype | Description |
|---|---|---|
account_id | string | Databricks account ID. You can find your account ID from the Accounts Console. |
group_id | string | Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. |
network_connectivity_config_id | string | The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. |
resource_id | string | The Azure resource ID of the target resource. |
rule_id | string | The ID of a private endpoint rule. |
vpc_endpoint_id | string | The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks. |
endpoint_name | string | The name of the Azure private endpoint resource. |
connection_state | string | The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console before they take effect. The possible values are: - PENDING: The endpoint has been created and pending approval. - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. - REJECTED: Connection was rejected by the private link resource owner. - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING. - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details. (CREATE_FAILED, CREATING, DISCONNECTED, ESTABLISHED, EXPIRED, PENDING, REJECTED) |
creation_time | integer | Time in epoch milliseconds when this object was created. |
deactivated | boolean | Whether this private endpoint is deactivated. |
deactivated_at | integer | Time in epoch milliseconds when this object was deactivated. |
domain_names | array | Only used by private endpoints to customer-managed private endpoint services. Domain names of target private link service. When updating this field, the full list of target domain_names must be specified. |
enabled | boolean | Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. |
endpoint_service | string | The full target AWS endpoint service name that connects to the destination resources of the private endpoint. |
error_message | string | |
resource_names | array | Only used by private endpoints towards AWS S3 service. The globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. When updating this field, we perform full update on this field. Please ensure a full list of desired resource_names is provided. |
updated_time | integer | Time in epoch milliseconds when this object was updated. |
| Name | Datatype | Description |
|---|---|---|
account_id | string | Databricks account ID. You can find your account ID from the Accounts Console. |
group_id | string | Not used by customer-managed private endpoint services. The sub-resource type (group ID) of the target resource. Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. |
network_connectivity_config_id | string | The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. |
resource_id | string | The Azure resource ID of the target resource. |
rule_id | string | The ID of a private endpoint rule. |
vpc_endpoint_id | string | The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by Databricks. |
endpoint_name | string | The name of the Azure private endpoint resource. |
connection_state | string | The current status of this private endpoint. The private endpoint rules are effective only if the connection state is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console before they take effect. The possible values are: - PENDING: The endpoint has been created and pending approval. - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. - REJECTED: Connection was rejected by the private link resource owner. - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING. - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details. (CREATE_FAILED, CREATING, DISCONNECTED, ESTABLISHED, EXPIRED, PENDING, REJECTED) |
creation_time | integer | Time in epoch milliseconds when this object was created. |
deactivated | boolean | Whether this private endpoint is deactivated. |
deactivated_at | integer | Time in epoch milliseconds when this object was deactivated. |
domain_names | array | Only used by private endpoints to customer-managed private endpoint services. Domain names of target private link service. When updating this field, the full list of target domain_names must be specified. |
enabled | boolean | Only used by private endpoints towards an AWS S3 service. Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. |
endpoint_service | string | The full target AWS endpoint service name that connects to the destination resources of the private endpoint. |
error_message | string | |
resource_names | array | Only used by private endpoints towards AWS S3 service. The globally unique S3 bucket names that will be accessed via the VPC endpoint. The bucket names must be in the same region as the NCC/endpoint service. When updating this field, we perform full update on this field. Please ensure a full list of desired resource_names is provided. |
updated_time | integer | Time in epoch milliseconds when this object was updated. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_private_endpoint_rule | select | account_id, network_connectivity_config_id, private_endpoint_rule_id | Gets the private endpoint rule. | |
list_private_endpoint_rules | select | account_id, network_connectivity_config_id | page_token | Gets an array of private endpoint rules. |
create_private_endpoint_rule | insert | account_id, network_connectivity_config_id, private_endpoint_rule | Create a private endpoint rule for the specified network connectivity config object. Once the object | |
update_private_endpoint_rule | update | account_id, network_connectivity_config_id, private_endpoint_rule_id, update_mask, private_endpoint_rule | Updates a private endpoint rule. Currently only a private endpoint rule to customer-managed resources | |
delete_private_endpoint_rule | delete | account_id, network_connectivity_config_id, private_endpoint_rule_id | Initiates deleting a private endpoint rule. If the connection state is PENDING or EXPIRED, the private |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
network_connectivity_config_id | string | Your Network Connectvity Configuration ID. |
private_endpoint_rule_id | string | Your private endpoint rule ID. |
update_mask | string | |
page_token | string | Pagination token to go to next page based on previous query. |
SELECT examples
- get_private_endpoint_rule
- list_private_endpoint_rules
Gets the private endpoint rule.
SELECT
account_id,
group_id,
network_connectivity_config_id,
resource_id,
rule_id,
vpc_endpoint_id,
endpoint_name,
connection_state,
creation_time,
deactivated,
deactivated_at,
domain_names,
enabled,
endpoint_service,
error_message,
resource_names,
updated_time
FROM databricks_account.settings.private_endpoint_rules
WHERE account_id = '{{ account_id }}' -- required
AND network_connectivity_config_id = '{{ network_connectivity_config_id }}' -- required
AND private_endpoint_rule_id = '{{ private_endpoint_rule_id }}' -- required
;
Gets an array of private endpoint rules.
SELECT
account_id,
group_id,
network_connectivity_config_id,
resource_id,
rule_id,
vpc_endpoint_id,
endpoint_name,
connection_state,
creation_time,
deactivated,
deactivated_at,
domain_names,
enabled,
endpoint_service,
error_message,
resource_names,
updated_time
FROM databricks_account.settings.private_endpoint_rules
WHERE account_id = '{{ account_id }}' -- required
AND network_connectivity_config_id = '{{ network_connectivity_config_id }}' -- required
AND page_token = '{{ page_token }}'
;
INSERT examples
- create_private_endpoint_rule
- Manifest
Create a private endpoint rule for the specified network connectivity config object. Once the object
INSERT INTO databricks_account.settings.private_endpoint_rules (
private_endpoint_rule,
account_id,
network_connectivity_config_id
)
SELECT
'{{ private_endpoint_rule }}' /* required */,
'{{ account_id }}',
'{{ network_connectivity_config_id }}'
RETURNING
account_id,
group_id,
network_connectivity_config_id,
resource_id,
rule_id,
vpc_endpoint_id,
endpoint_name,
connection_state,
creation_time,
deactivated,
deactivated_at,
domain_names,
enabled,
endpoint_service,
error_message,
resource_names,
updated_time
;
# Description fields are for documentation purposes
- name: private_endpoint_rules
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the private_endpoint_rules resource.
- name: network_connectivity_config_id
value: "{{ network_connectivity_config_id }}"
description: Required parameter for the private_endpoint_rules resource.
- name: private_endpoint_rule
description: |
:returns: :class:`NccPrivateEndpointRule`
value:
domain_names:
- "{{ domain_names }}"
endpoint_service: "{{ endpoint_service }}"
error_message: "{{ error_message }}"
group_id: "{{ group_id }}"
resource_id: "{{ resource_id }}"
resource_names:
- "{{ resource_names }}"
UPDATE examples
- update_private_endpoint_rule
Updates a private endpoint rule. Currently only a private endpoint rule to customer-managed resources
UPDATE databricks_account.settings.private_endpoint_rules
SET
private_endpoint_rule = '{{ private_endpoint_rule }}'
WHERE
account_id = '{{ account_id }}' --required
AND network_connectivity_config_id = '{{ network_connectivity_config_id }}' --required
AND private_endpoint_rule_id = '{{ private_endpoint_rule_id }}' --required
AND update_mask = '{{ update_mask }}' --required
AND private_endpoint_rule = '{{ private_endpoint_rule }}' --required
RETURNING
account_id,
group_id,
network_connectivity_config_id,
resource_id,
rule_id,
vpc_endpoint_id,
endpoint_name,
connection_state,
creation_time,
deactivated,
deactivated_at,
domain_names,
enabled,
endpoint_service,
error_message,
resource_names,
updated_time;
DELETE examples
- delete_private_endpoint_rule
Initiates deleting a private endpoint rule. If the connection state is PENDING or EXPIRED, the private
DELETE FROM databricks_account.settings.private_endpoint_rules
WHERE account_id = '{{ account_id }}' --required
AND network_connectivity_config_id = '{{ network_connectivity_config_id }}' --required
AND private_endpoint_rule_id = '{{ private_endpoint_rule_id }}' --required
;