Skip to content

Commit 9e11240

Browse files
owlleg6owlleg6
authored
Merge pull request #1 from data-platform-hq/add-module
feat: add module
2 parents 8f11438 + 0fff7b9 commit 9e11240

File tree

6 files changed

+286
-3
lines changed

6 files changed

+286
-3
lines changed

README.md

Lines changed: 56 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,65 @@
1-
# Azure <> Terraform module
2-
Terraform module for creation Azure <>
1+
# Databricks Premium Workspace Terraform module
2+
Terraform module used for managment of Databricks Premium Resources
33

44
## Usage
55

66
<!-- BEGIN_TF_DOCS -->
7+
## Requirements
78

9+
| Name | Version |
10+
| ---------------------------------------------------------------------------- | -------- |
11+
| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
12+
| <a name="requirement_databricks"></a> [databricks](#requirement\_databricks) | >= 1.4.0 |
13+
14+
## Providers
15+
16+
| Name | Version |
17+
| ---------------------------------------------------------------------- | ------- |
18+
| <a name="provider_databricks"></a> [databricks](#provider\_databricks) | 1.4.0 |
19+
20+
## Modules
21+
22+
No modules.
23+
24+
## Resources
25+
26+
| Name | Type |
27+
| ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
28+
| [databricks_group.admins](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | data |
29+
| [databricks_group.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource |
30+
| [databricks_user.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user) | resource |
31+
| [databricks_service_principal.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/service_principal) | resource |
32+
| [databricks_group_member.admin_users](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource |
33+
| [databricks_group_member.admin_service_principals](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource |
34+
| [databricks_group_member.users](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource |
35+
| [databricks_group_member.service_principals](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group_member) | resource |
36+
| [databricks_permissions.sql_endpoint](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/permissions) | resource |
37+
| [databricks_permissions.token](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/permissions) | resource |
38+
| [databricks_workspace_conf.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/workspace_conf) | resource |
39+
| [databricks_ip_access_list.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/ip_access_list) | resource |
40+
| [databricks_sql_endpoint.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/sql_endpoint) | resource |
41+
42+
## Inputs
43+
44+
| Name | Description | Type | Default | Required |
45+
| ------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------: |
46+
| <a name="input_env"></a> [env](#input\_env) | Environment name | `string` | n/a | yes |
47+
| <a name="input_project"></a> [project](#input\_project) | Project name | `string` | n/a | yes |
48+
| <a name="input_user_object_ids"></a> [user_object_ids](#input\_user\_object\_ids) | Map of AD usernames and corresponding object IDs | `map(string)` | {} | no |
49+
| <a name="input_iam"></a> [iam](#input\_iam) | Map of groups and members of users and service principals to be created. You can add you own groups and members. E.g., `'group' = { user = ['user1','user2'] service_principal = ['sp1']}` and etc | <pre> map(object({ <br> user = list(string) <br> service_principal = list(string) <br> }))</pre> | <pre> { <br> "admins" = { <br> "user" = [] <br> "service_principal" = [] <br> } <br> "default" = { <br> "user" = [] <br> "service_principal" = [] <br> } <br> } </pre> | no |
50+
| <a name="input_iam_permissions"></a> [iam\_permissions](#input\_iam\_permissions) | Map of permission for groups. You can provide certain permission on services to groups. E.g., 'sql_endpoint'={'CAN_USE'=['group1', 'group2'] CAN_MANAGE=['group3']} | <pre> map(object({ <br> CAN_USE = list(string) <br> CAN_MANAGE = list(string)<br> })) </pre> | <pre> { <br> "sql_endpoint" = { <br> "CAN_USE" = ["default"] <br> "CAN_MANAGE" = [] <br> } <br> "token" = { <br> "CAN_USE" = ["default"] <br> "CAN_MANAGE" = [] <br> } <br> } </pre> | no |
51+
| <a name="input_ip_rules"></a> [ip\_rules](#input\_ip\_rules) | Map of IP addresses permitted for access to DB | `map(string)` | {} | no |
52+
| <a name="input_sql_endpoint"></a> [sql\_endpoint](#input\_sql\_endpoint) | Map of SQL Endoints to be deployed in Databricks Workspace | `map(map(string))` | {} | no |
53+
| <a name="input_default_values_sql_endpoint"></a> [default\_values\_sql\_endpoint](#input\_default\_values\_sql\_endpoint) | Default values for SQL Endpoint | <pre> object({ <br> cluster_size = string <br> min_num_clusters = number <br> max_num_clusters = number <br> auto_stop_mins = string <br> enable_photon = bool <br> enable_serverless_compute = bool <br> }) </pre> | <pre> { <br> cluster_size = "2X-Small" <br> min_num_clusters = 0 <br> max_num_clusters = 1 <br> auto_stop_mins = "30" <br> enable_photon = false <br> enable_serverless_compute = false <br> } </pre> | no |
54+
55+
## Outputs
56+
57+
| Name | Description |
58+
| ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- |
59+
| <a name="output_sql_endpoint_jdbc_url"></a> [sql\_endpoint\_jdbc\_url](#output\_sql\_endpoint\_jdbc\_url) | JDBC connection string of SQL Endpoint |
60+
| <a name="output_sql_endpoint_data_source_id"></a> [sql\_endpoint\_data\_source\_id](#output\_sql\_endpoint\_data\_source\_id) | ID of the data source for this endpoint |
861
<!-- END_TF_DOCS -->
962

1063
## License
1164

12-
Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-azurerm<>/tree/master/LICENSE)
65+
Apache 2 Licensed. For more information please see [LICENSE](https://github.com/data-platform-hq/terraform-databricks-databricks-runtime-premium/blob/main/LICENSE)

iam.tf

Lines changed: 95 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,95 @@
1+
data "databricks_group" "admins" {
2+
display_name = "admins"
3+
}
4+
5+
resource "databricks_group" "this" {
6+
for_each = toset([for group in keys(var.iam) : group if group != "admins"])
7+
8+
display_name = each.key
9+
lifecycle { ignore_changes = [external_id] }
10+
}
11+
12+
resource "databricks_user" "this" {
13+
for_each = toset(flatten([for k, v in { for group, member in var.iam : group => member["user"] } : distinct(flatten(v))]))
14+
15+
user_name = each.value
16+
databricks_sql_access = true
17+
lifecycle { ignore_changes = [external_id] }
18+
}
19+
20+
resource "databricks_service_principal" "this" {
21+
for_each = toset(flatten([for k, v in { for group, member in var.iam : group => member["service_principal"] } : distinct(flatten(v))]))
22+
23+
display_name = each.value
24+
application_id = lookup(var.user_object_ids, each.value)
25+
databricks_sql_access = true
26+
}
27+
28+
resource "databricks_group_member" "admin_users" {
29+
for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
30+
group = group, member = member
31+
} if group == "admins" && type == types["user"]]]]) : "${entry.group}.${entry.member}" => entry }
32+
33+
group_id = data.databricks_group.admins.id
34+
member_id = databricks_user.this[each.value.member].id
35+
}
36+
37+
resource "databricks_group_member" "admin_service_principals" {
38+
for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
39+
group = group, member = member
40+
} if group == "admins" && type == types["service_principal"]]]]) : "${entry.group}.${entry.member}" => entry }
41+
42+
group_id = data.databricks_group.admins.id
43+
member_id = databricks_service_principal.this[each.value.member].id
44+
}
45+
46+
resource "databricks_group_member" "users" {
47+
for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
48+
group = group, member = member
49+
} if group != "admins" && group != "users" && type == types["user"]]]]) : "${entry.group}.${entry.member}" => entry }
50+
51+
group_id = databricks_group.this[each.value.group].id
52+
member_id = databricks_user.this[each.value.member].id
53+
}
54+
55+
resource "databricks_group_member" "service_principals" {
56+
for_each = { for entry in flatten([for group, types in var.iam : [for type in types : [for member in type : {
57+
group = group, member = member
58+
} if group != "admins" && group != "users" && type == types["service_principal"]]]]) : "${entry.group}.${entry.member}" => entry }
59+
60+
group_id = databricks_group.this[each.value.group].id
61+
member_id = databricks_service_principal.this[each.value.member].id
62+
}
63+
64+
resource "databricks_permissions" "sql_endpoint" {
65+
for_each = { for entry in databricks_sql_endpoint.this : (entry.name) => (entry.id) }
66+
67+
sql_endpoint_id = each.value
68+
69+
dynamic "access_control" {
70+
for_each = { for entry in flatten([for resource, permissions in var.iam_permissions : [for permission, groups in permissions : [for group in groups : {
71+
resource = resource, permission = permission, group = group
72+
} if resource == "sql_endpoint"]]]) : "${entry.resource}.${entry.permission}.${entry.group}" => entry }
73+
content {
74+
group_name = access_control.value.group
75+
permission_level = access_control.value.permission
76+
}
77+
}
78+
79+
depends_on = [databricks_group.this]
80+
}
81+
82+
resource "databricks_permissions" "token" {
83+
authorization = "tokens"
84+
85+
dynamic "access_control" {
86+
for_each = { for entry in flatten([for resource, permissions in var.iam_permissions : [for permission, groups in permissions : [for group in groups : {
87+
resource = resource, permission = permission, group = group
88+
} if resource == "token"]]]) : "${entry.resource}.${entry.permission}.${entry.group}" => entry }
89+
content {
90+
group_name = access_control.value.group
91+
permission_level = access_control.value.permission
92+
}
93+
}
94+
depends_on = [databricks_group.this]
95+
}

main.tf

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
locals {
2+
ip_rules = var.ip_rules == null ? null : values(var.ip_rules)
3+
}
4+
5+
resource "databricks_workspace_conf" "this" {
6+
count = local.ip_rules == null ? 0 : 1
7+
8+
custom_config = {
9+
"enableIpAccessLists" : true
10+
}
11+
}
12+
13+
resource "databricks_ip_access_list" "this" {
14+
count = local.ip_rules == null ? 0 : 1
15+
16+
label = "allow_in"
17+
list_type = "ALLOW"
18+
ip_addresses = local.ip_rules
19+
20+
depends_on = [databricks_workspace_conf.this]
21+
}
22+
23+
resource "databricks_sql_endpoint" "this" {
24+
for_each = var.sql_endpoint
25+
26+
name = "${each.key}-${var.project}-${var.env}"
27+
cluster_size = lookup(each.value, "cluster_size", var.default_values_sql_endpoint["cluster_size"])
28+
min_num_clusters = lookup(each.value, "min_num_clusters", var.default_values_sql_endpoint["min_num_clusters"])
29+
max_num_clusters = lookup(each.value, "max_num_clusters", var.default_values_sql_endpoint["max_num_clusters"])
30+
auto_stop_mins = lookup(each.value, "auto_stop_mins", var.default_values_sql_endpoint["auto_stop_mins"])
31+
enable_photon = lookup(each.value, "enable_photon", var.default_values_sql_endpoint["enable_photon"])
32+
enable_serverless_compute = lookup(each.value, "enable_serverless_compute", var.default_values_sql_endpoint["enable_serverless_compute"])
33+
}

outputs.tf

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
output "sql_endpoint_jdbc_url" {
2+
value = [for n in databricks_sql_endpoint.this : n.jdbc_url]
3+
description = "JDBC connection string of SQL Endpoint"
4+
}
5+
6+
output "sql_endpoint_data_source_id" {
7+
value = [for n in databricks_sql_endpoint.this : n.data_source_id]
8+
description = "ID of the data source for this endpoint"
9+
}

0 commit comments

Comments
 (0)