feat: add module

Author: owlleg6

iam.tf

@@ -0,0 +1,95 @@
+data "databricks_group" "admins" {
+  display_name = "admins"
+}
+
+resource "databricks_group" "this" {
+  for_each = toset([for group in keys(var.iam) : group if group != "admins"])
+
+  display_name = each.key
+  lifecycle { ignore_changes = [external_id] }
+}
+
+resource "databricks_user" "this" {
+  for_each = toset(flatten([for k, v in { for group, member in var.iam : group => member["user"] } : distinct(flatten(v))]))
+
+  user_name             = each.value
+  databricks_sql_access = true
+  lifecycle { ignore_changes = [external_id] }
+}
+
+resource "databricks_service_principal" "this" {
+  for_each = toset(flatten([for k, v in { for group, member in var.iam : group => member["service_principal"] } : distinct(flatten(v))]))
+
+  display_name          = each.value
+  application_id        = lookup(var.user_object_ids, each.value)
+  databricks_sql_access = true
+}
+
+resource "databricks_group_member" "admin_users" {
+  for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
+    group = group, member = member
+  } if group == "admins" && type == types["user"]]]]) : "${entry.group}.${entry.member}" => entry }
+
+  group_id  = data.databricks_group.admins.id
+  member_id = databricks_user.this[each.value.member].id
+}
+
+resource "databricks_group_member" "admin_service_principals" {
+  for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
+    group = group, member = member
+  } if group == "admins" && type == types["service_principal"]]]]) : "${entry.group}.${entry.member}" => entry }
+
+  group_id  = data.databricks_group.admins.id
+  member_id = databricks_service_principal.this[each.value.member].id
+}
+
+resource "databricks_group_member" "users" {
+  for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
+    group = group, member = member
+  } if group != "admins" && group != "users" && type == types["user"]]]]) : "${entry.group}.${entry.member}" => entry }
+
+  group_id  = databricks_group.this[each.value.group].id
+  member_id = databricks_user.this[each.value.member].id
+}
+
+resource "databricks_group_member" "service_principals" {
+  for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
+    group = group, member = member
+  } if group != "admins" && group != "users" && type == types["service_principal"]]]]) : "${entry.group}.${entry.member}" => entry }
+
+  group_id  = databricks_group.this[each.value.group].id
+  member_id = databricks_service_principal.this[each.value.member].id
+}
+
+resource "databricks_permissions" "sql_endpoint" {
+  for_each = { for entry in databricks_sql_endpoint.this : "${entry.name}" => "${entry.id}" }
+
+  sql_endpoint_id = each.value
+
+  dynamic "access_control" {
+    for_each = { for entry in flatten([for resource, permissions in var.iam_permissions : [for permission, groups in permissions : [for group in groups : {
+      resource = resource, permission = permission, group = group
+    } if resource == "sql_endpoint"]]]) : "${entry.resource}.${entry.permission}.${entry.group}" => entry }
+    content {
+      group_name       = access_control.value.group
+      permission_level = access_control.value.permission
+    }
+  }
+
+  depends_on = [databricks_group.this]
+}
+
+resource "databricks_permissions" "token" {
+  authorization = "tokens"
+
+  dynamic "access_control" {
+    for_each = { for entry in flatten([for resource, permissions in var.iam_permissions : [for permission, groups in permissions : [for group in groups : {
+      resource = resource, permission = permission, group = group
+    } if resource == "token"]]]) : "${entry.resource}.${entry.permission}.${entry.group}" => entry }
+    content {
+      group_name       = access_control.value.group
+      permission_level = access_control.value.permission
+    }
+  }
+  depends_on = [databricks_group.this]
+}

main.tf

@@ -0,0 +1,33 @@
+locals {
+  ip_rules = var.ip_rules == null ? null : values(var.ip_rules)
+}
+
+resource "databricks_workspace_conf" "this" {
+  count = local.ip_rules == null ? 0 : 1
+
+  custom_config = {
+    "enableIpAccessLists" : true
+  }
+}
+
+resource "databricks_ip_access_list" "this" {
+  count = local.ip_rules == null ? 0 : 1
+
+  label        = "allow_in"
+  list_type    = "ALLOW"
+  ip_addresses = local.ip_rules
+
+  depends_on = [databricks_workspace_conf.this]
+}
+
+resource "databricks_sql_endpoint" "this" {
+  for_each = var.sql_endpoint
+
+  name                      = "${each.key}-${var.env}"
+  cluster_size              = lookup(each.value, "cluster_size", var.default_values_sql_endpoint["cluster_size"])
+  min_num_clusters          = lookup(each.value, "min_num_clusters", var.default_values_sql_endpoint["min_num_clusters"])
+  max_num_clusters          = lookup(each.value, "max_num_clusters", var.default_values_sql_endpoint["max_num_clusters"])
+  auto_stop_mins            = lookup(each.value, "auto_stop_mins", var.default_values_sql_endpoint["auto_stop_mins"])
+  enable_photon             = lookup(each.value, "enable_photon", var.default_values_sql_endpoint["enable_photon"])
+  enable_serverless_compute = lookup(each.value, "enable_serverless_compute", var.default_values_sql_endpoint["enable_serverless_compute"])
+}

outputs.tf

@@ -0,0 +1,9 @@
+output "sql_endpoint_jdbc_url" {
+  value       = [for n in databricks_sql_endpoint.this : n.jdbc_url]
+  description = "JDBC connection string of SQL Endpoint"
+}
+
+output "sql_endpoint_data_source_id" {
+  value       = [for n in databricks_sql_endpoint.this : n.data_source_id]
+  description = "ID of the data source for this endpoint"
+}

variables.tf

@@ -0,0 +1,94 @@
+variable "env" {
+  type        = string
+  description = "Environment name"
+}
+
+variable "project" {
+  type        = string
+  description = "Project name"
+}
+
+variable "workspace_id" {
+  type        = string
+  description = "Id of Databricks workspace"
+}
+
+variable "sku" {
+  type        = string
+  description = "The sku to use for the Databricks Workspace: [standard|premium|trial]"
+}
+
+# Optional
+variable "user_object_ids" {
+  type        = map(string)
+  description = "Map of AD usernames and corresponding object IDs"
+  default     = {}
+}
+
+variable "iam" {
+  type = map(object({
+    user              = list(string)
+    service_principal = list(string)
+  }))
+  description = "Map of groups and members of users and service principals to be created. You can add you own groups and members. E.g., `'group' = { user = ['user1','user2'] service_principal = ['sp1']}` and etc."
+  default = {
+    "admins" = {
+      "user"              = []
+      "service_principal" = []
+    }
+    "default" = {
+      "user"              = []
+      "service_principal" = []
+    }
+  }
+}
+
+variable "iam_permissions" {
+  type = map(object({
+    CAN_USE    = list(string)
+    CAN_MANAGE = list(string)
+  }))
+  description = "Map of permission for groups. You can provide certain permission on services to groups. E.g., `'sql_endpoint'={'CAN_USE'=['group1', 'group2'] CAN_MANAGE=['group3']}"
+  default = {
+    "sql_endpoint" = {
+      "CAN_USE"    = ["default"]
+      "CAN_MANAGE" = []
+    }
+    "token" = {
+      "CAN_USE"    = ["default"]
+      "CAN_MANAGE" = []
+    }
+  }
+}
+
+variable "ip_rules" {
+  type        = map(string)
+  description = "Map of IP addresses permitted for access to DB"
+  default     = {}
+}
+
+variable "sql_endpoint" {
+  type        = map(map(string))
+  description = "Map of SQL Endoints to be deployed in Databricks Workspace"
+  default     = {}
+}
+
+variable "default_values_sql_endpoint" {
+  description = "Default values for SQL Endpoint"
+  type = object({
+    cluster_size              = string
+    min_num_clusters          = number
+    max_num_clusters          = number
+    auto_stop_mins            = string
+    enable_photon             = bool
+    enable_serverless_compute = bool
+  })
+  default = {
+    cluster_size              = "2X-Small"
+    min_num_clusters          = 0
+    max_num_clusters          = 1
+    auto_stop_mins            = "30"
+    enable_photon             = false
+    enable_serverless_compute = false
+  }
+}

versions.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">=1.0.0"
+
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = "=1.4.0"
+    }
+  }
+}