you can reference doc: https://learn.microsoft.com/en-us/azure/databricks/security/network/ip-access-list
To check if your workspace has the IP access list feature enabled, call the get feature status API (GET /workspace-conf). Pass keys=enableIpAccessLists as arguments to the request.
In the response, the enableIpAccessLists field specifies either true or false.
For example:
curl -X -n https://<databricks-instance>/api/2.0/workspace-conf?keys=enableIpAccessLists
Example response:
{"enableIpAccessLists": "true"}
Enable or disable the IP access list feature for a workspace
To enable or disable the IP access list feature for a workspace, call the enable or disable the IP access list API (PATCH /workspace-conf).
In a JSON request body, specify enableIpAccessLists as true (enabled) or false (disabled).
For example, to enable the feature:
curl -X PATCH -n https://<databricks-instance>/api/2.0/workspace-conf -d '{"enableIpAccessLists": "true"}'
Example response:
{
"enableIpAccessLists": "true"
}
Add an IP access list
To add an IP access list, call the add an IP access list API (POST /ip-access-lists).
In the JSON request body, specify:
label— Label for this list.
list_type— Either ALLOW (allow list) or BLOCK (a block list, which means exclude even if in allow list).
ip_addresses— A JSON array of IP addresses and CIDR ranges, as String values.
The response is a copy of the object that you passed in, but with some additional fields, most importantly the list_id field. You may want to save that value so you can update or delete the list later. If you do not save it, you are still able to get the ID later by querying the full set of IP access lists with a GET request to the /ip-access-lists endpoint.
For example, to add an allow list:
curl -X POST -n \
https://<databricks-instance>/api/2.0/ip-access-lists
-d '{
"label": "office",
"list_type": "ALLOW",
"ip_addresses": [
"1.1.1.1",
"2.2.2.2/21"
]
}'
Example response:
{
"ip_access_list": {
"list_id": "<list-id>",
"label": "office",
"ip_addresses": [
"1.1.1.1",
"2.2.2.2/21"
],
"address_count": 2,
"list_type": "ALLOW",
"created_at": 1578423494457,
"created_by": 6476783916686816,
"updated_at": 1578423494457,
"updated_by": 6476783916686816,
"enabled": true
}
}
To add a block list, do the same thing but with list_type set to BLOCK.
Update an IP access list
To update an IP access list:
Call the list all IP access lists API(GET /ip-access-lists), and find the ID of the list you want to update.
Call the update an IP access list API(PATCH /ip-access-lists/<list-id>).
In the JSON request body, specify at least one of the following values to update:
label— Label for this list.
list_type— Either ALLOW (allow list) or BLOCK (block list, which means exclude even if in allow list).
ip_addresses— A JSON array of IP addresses and CIDR ranges, as String values.
enabled— Specifies whether this list is enabled. Pass true or false.
The response is a copy of the object that you passed in with additional fields for the ID and modification dates.
For example, to update a list to disable it:
curl -X PATCH -n \
https://<databricks-instance>/api/2.0/ip-access-lists/<list-id>
-d '{ "enabled": "false" }'
Replace an IP access list
To replace an IP access list:
Call the list all IP access lists API(GET /ip-access-lists), and find the ID of the list you want to replace.
Call the replace an IP access list API(PUT /ip-access-lists/<list-id>).
In the JSON request body, specify:
label— Label for this list.
list_type— Either ALLOW (allow list) or BLOCK (block list, which means exclude even if in allow list).
ip_addresses— A JSON array of IP addresses and CIDR ranges, as String values.
enabled— Specifies whether this list is enabled. Pass true or false.
The response is a copy of the object that you passed in with additional fields for the ID and modification dates.
For example, to replace the contents of the specified list with the following values:
curl -X PUT -n \
https://<databricks-instance>/api/2.0/ip-access-lists/<list-id>
-d '{
"label": "office",
"list_type": "ALLOW",
"ip_addresses": [
"1.1.1.1",
"2.2.2.2/21"
],
"enabled": "false"
}'
Delete an IP access list
To delete an IP access list:
Call the list all IP access lists API(GET /ip-access-lists), and find the ID of the list you want to delete.
Call the delete an IP access list API(DELETE /ip-access-lists/<list-id>). There is no request body.
curl -X DELETE -n https://<databricks-instance>/api/2.0/ip-access-lists/<list-id>