-
Notifications
You must be signed in to change notification settings - Fork 37
/
private_link.go
73 lines (64 loc) · 2.6 KB
/
private_link.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
package apierr
import (
"fmt"
"net/url"
"strings"
"github.com/databricks/databricks-sdk-go/common/environment"
)
// Metadata about the private link product. Private link redirects users to the
// login page with a query parameter that indicates the error. This struct
// contains information about the private link service, the endpoint name, and a
// reference page for more information.
//
// Eventually, the REST API should return an error directly when a request is
// made from a network that does not have access to the workspace. Once that
// happens, this struct can be removed.
type privateLinkInfo struct {
// The name of the private link service (e.g. AWS PrivateLink, Azure Private
// Link, etc.)
serviceName string
// The name of the private link endpoint (e.g. AWS VPC endpoint, Azure Private
// Link endpoint, etc.)
endpointName string
// A reference page for more information about the private link service.
referencePage string
}
func (p privateLinkInfo) errorMessage() string {
privateLinkValidationError := fmt.Sprintf(
`The requested workspace has %[1]s enabled and is not accessible from
the current network. Ensure that %[1]s is properly configured and that your
device has access to the %s. For more information, see %s.`,
p.serviceName, p.endpointName, p.referencePage)
return strings.ReplaceAll(privateLinkValidationError, "\n", " ")
}
// Map of private link information by cloud.
var privateLinkInfoMap = map[environment.Cloud]privateLinkInfo{
environment.CloudAWS: {
serviceName: "AWS PrivateLink",
endpointName: "AWS VPC endpoint",
referencePage: "https://docs.databricks.com/en/security/network/classic/privatelink.html",
},
environment.CloudAzure: {
serviceName: "Azure Private Link",
endpointName: "Azure Private Link endpoint",
referencePage: "https://learn.microsoft.com/en-us/azure/databricks/security/network/classic/private-link-standard#authentication-troubleshooting",
},
environment.CloudGCP: {
serviceName: "Private Service Connect",
endpointName: "GCP VPC endpoint",
referencePage: "https://docs.gcp.databricks.com/en/security/network/classic/private-service-connect.html",
},
}
func isPrivateLinkRedirect(url *url.URL) bool {
return strings.Contains(url.RawQuery, "error=private-link-validation-error") && url.EscapedPath() == "/login.html"
}
func privateLinkValidationError(url *url.URL) *APIError {
env := environment.GetEnvironmentForHostname(url.Host)
info := privateLinkInfoMap[env.Cloud]
return &APIError{
ErrorCode: "PRIVATE_LINK_VALIDATION_ERROR",
StatusCode: 403,
Message: info.errorMessage(),
unwrap: ErrPermissionDenied,
}
}