You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_sp_key_secret_name"></a> [sp\_key\_secret\_name](#input\_sp\_key\_secret\_name)| The name of Azure Key Vault secret that contains client secret of Service Principal to access in Azure Key Vault |`string`| n/a | yes |
135
134
| <aname="input_tenant_id_secret_name"></a> [tenant\_id\_secret\_name](#input\_tenant\_id\_secret\_name)| The name of Azure Key Vault secret that contains tenant ID secret of Service Principal to access in Azure Key Vault |`string`| n/a | yes |
136
135
| <aname="input_key_vault_id"></a> [key\_vault\_id](#input\_key\_vault\_id)| ID of the Key Vault instance where the Secret resides |`string`| n/a | yes |
137
-
| <aname="input_sku"></a> [sku](#input\_sku)| The sku to use for the Databricks Workspace: [standard \ premium \ trial]|`string`| "standard" | no |
138
136
| <aname="input_pat_token_lifetime_seconds"></a> [pat\_token\_lifetime\_seconds](#input\_pat\_token\_lifetime\_seconds)| The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely |`number`| 315569520 | no |
139
137
| <aname="input_users"></a> [users](#input\_users)| List of users to access Databricks |`list(string)`|[]| no |
| <aname="input_custom_cluster_policies"></a> [custom\_cluster\_policies](#input\_custom\_cluster\_policies)| Provides an ability to create custom cluster policy, assign it to cluster and grant CAN_USE permissions on it to certain custom groups | <pre>list(object({<br> name = string<br> can_use = list(string)<br> definition = any<br> assigned = bool<br>}))</pre> | <pre>[{<br> name = null<br> can_use = null<br> definition = null<br> assigned = false<br>}]</pre> | no |
142
139
| <aname="input_cluster_nodes_availability"></a> [cluster\_nodes\_availability](#input\_cluster\_nodes\_availability)| Availability type used for all subsequent nodes past the first_on_demand ones: [SPOT_AZURE \ SPOT_WITH_FALLBACK_AZURE \ ON_DEMAND_AZURE]|`string`| null | no |
143
140
| <aname="input_first_on_demand"></a> [first\_on\_demand](#input\_first\_on\_demand)| The first first_on_demand nodes of the cluster will be placed on on-demand instances: [[\:number ]]|`number`| 0 | no |
144
141
| <aname="input_spot_bid_max_price"></a> [spot\_bid\_max\_price](#input\_spot\_bid\_max\_price)| The max price for Azure spot instances. Use -1 to specify lowest price |`number`| -1 | no |
Copy file name to clipboardExpand all lines: variables.tf
+42Lines changed: 42 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -141,3 +141,45 @@ variable "mountpoints" {
141
141
description="Mountpoints for databricks"
142
142
default={}
143
143
}
144
+
145
+
# Secret Scope variables
146
+
variable"secret_scope" {
147
+
type=list(object({
148
+
scope_name =string
149
+
acl =optional(list(object({
150
+
principal =string
151
+
permission =string
152
+
})))
153
+
secrets =optional(list(object({
154
+
key =string
155
+
string_value =string
156
+
})))
157
+
}))
158
+
description=<<-EOT
159
+
Provides an ability to create custom Secret Scope, store secrets in it and assigning ACL for access management
160
+
scope_name - name of Secret Scope to create;
161
+
acl - list of objects, where 'principal' custom group name, this group is created in 'Premium' module; 'permission' is one of "READ", "WRITE", "MANAGE";
162
+
secrets - list of objects, where object's 'key' param is created key name and 'string_value' is a value for it;
163
+
EOT
164
+
default=[{
165
+
scope_name =null
166
+
acl =null
167
+
secrets =null
168
+
}]
169
+
}
170
+
171
+
# At the nearest future, Azure will allow acquiring AAD tokens by service principals,
172
+
# thus providing an ability to create Azure backed Key Vault with Terraform
0 commit comments