Hi,
After migrating a project to an organization, we are unable to create a workspace without encountering errors. Previously working workspaces are also failing.
I have granted admin/owner access to all users who need Databricks. The latest error involves a mishmash with the service account, leading to its auto-deletion, and ultimately affecting GKE clusters.
I tried creating a custom VPC following the documentation (https://docs.gcp.databricks.com/en/security/network/classic/customer-managed-vpc.html#overview), but encountered a 400 error on step 3.7.d.
Additionally, I have configured `constraints/iam.allowedPolicyMemberDomains` with information from the Domain Restricted Sharing documentation here: https://docs.gcp.databricks.com/en/admin/account-settings-gcp/create-subscription.html#create-a-subs...
I found my Organization ID using this command: gcloud organizations describe YOUR_ORGANIZATION_ID
However, I'm interested in knowing how to confirm this configuration, as it currently triggers alerts when changing user permissions in my project where Databricks is used:
"IAM policy update failed
The 'Domain Restricted Sharing' organization policy (constraints/iam.allowedPolicyMemberDomains) is enforced. Only principals in allowed domains can be added as principals in the policy. Correct the principal emails and try again. Learn more about domain restricted sharing."
Could errors on creations of workspace to be related to a new billing plan configuration that needs to be done?
Two days of debugging has been enough 😅
Any assistance or suggestions would be greatly appreciated!
