upd

MyroslavLevchyk · MyroslavLevchyk · commit 5a374174d09c · 2024-12-05T11:16:22.000+02:00
diff --git a/README.md b/README.md
@@ -28,7 +28,7 @@ No modules.
 |------|------|
 | [databricks_cluster.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource |
 | [databricks_entitlements.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/entitlements) | resource |
-| [databricks_ip_access_list.allowed-list](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/ip_access_list) | resource |
+| [databricks_ip_access_list.allowed_list](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/ip_access_list) | resource |
 | [databricks_permissions.clusters](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/permissions) | resource |
 | [databricks_permissions.sql_endpoints](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/permissions) | resource |
 | [databricks_secret.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret) | resource |
@@ -37,29 +37,27 @@ No modules.
 | [databricks_workspace_conf.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/workspace_conf) | resource |
 | [databricks_current_metastore.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/current_metastore) | data source |
 | [databricks_group.account_groups](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/group) | data source |
-| [databricks_group.admins](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/group) | data source |
 | [databricks_sql_warehouses.all](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/sql_warehouses) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_cloud_name"></a> [cloud\_name](#input\_cloud\_name) | Cloud Name | `string` | n/a | yes |
-| <a name="input_clusters"></a> [clusters](#input\_clusters) | Set of objects with parameters to configure Databricks clusters and assign permissions to it for certain custom groups | <pre>set(object({<br/>    cluster_name            = string<br/>    spark_version           = optional(string, "14.3.x-scala2.12")<br/>    node_type_id            = optional(string, "m5d.large")<br/>    autotermination_minutes = optional(number, 20)<br/>    min_workers             = optional(number, 1)<br/>    max_workers             = optional(number, 2)<br/>    availability            = optional(string, "ON_DEMAND")<br/>    zone_id                 = optional(string, "auto")<br/>    first_on_demand         = optional(number, 1)<br/>    spot_bid_price_percent  = optional(number, 100)<br/>    data_security_mode      = optional(string, "USER_ISOLATION")<br/>    ebs_volume_count        = optional(number, 1)<br/>    ebs_volume_size         = optional(number, 100)<br/>    ebs_volume_type         = optional(string, "GENERAL_PURPOSE_SSD")<br/>    permissions = optional(list(object({<br/>      group_name       = string,<br/>      permission_level = string<br/>    })), []),<br/>  }))</pre> | `[]` | no |
-| <a name="input_custom_config"></a> [custom\_config](#input\_custom\_config) | Map of AD databricks workspace custom config | `map(string)` | <pre>{<br/>  "enable-X-Content-Type-Options": "true",<br/>  "enable-X-Frame-Options": "true",<br/>  "enable-X-XSS-Protection": "true",<br/>  "enableDbfsFileBrowser": "false",<br/>  "enableExportNotebook": "false",<br/>  "enableIpAccessLists": "true",<br/>  "enableNotebookTableClipboard": "false",<br/>  "enableResultsDownloading": "false",<br/>  "enableUploadDataUis": "false",<br/>  "enableVerboseAuditLogs": "true",<br/>  "enforceUserIsolation": "true",<br/>  "storeInteractiveNotebookResultsInCustomerAccount": "true"<br/>}</pre> | no |
-| <a name="input_iam_account_groups"></a> [iam\_account\_groups](#input\_iam\_account\_groups) | List of objects with group name and entitlements for this group | <pre>list(object({<br/>    group_name   = optional(string)<br/>    entitlements = optional(list(string))<br/>  }))</pre> | `[]` | no |
-| <a name="input_ip_addresses"></a> [ip\_addresses](#input\_ip\_addresses) | n/a | `map(string)` | <pre>{<br/>  "all": "0.0.0.0/0"<br/>}</pre> | no |
-| <a name="input_region"></a> [region](#input\_region) | AWS region | `string` | n/a | yes |
-| <a name="input_secret_scopes"></a> [secret\_scopes](#input\_secret\_scopes) | n/a | <pre>list(object({<br/>    scope_name = string<br/>    scope_permissions = optional(set(object({<br/>      group_name       = string<br/>      permission_level = string<br/>    })))<br/>    secrets = optional(list(object({<br/>      key   = string<br/>      value = string<br/>    })), [])<br/>  }))</pre> | `[]` | no |
-| <a name="input_sql_endpoint"></a> [sql\_endpoint](#input\_sql\_endpoint) | Set of objects with parameters to configure SQL Endpoint and assign permissions to it for certain custom groups | <pre>set(object({<br/>    name                      = string<br/>    cluster_size              = optional(string, "2X-Small")<br/>    auto_stop_mins            = optional(number, 15)<br/>    max_num_clusters          = optional(number, 1)<br/>    enable_photon             = optional(bool, false)<br/>    enable_serverless_compute = optional(bool, true)<br/>    spot_instance_policy      = optional(string, "COST_OPTIMIZED")<br/>    warehouse_type            = optional(string, "PRO")<br/>    key                       = optional(string, "user")<br/>    value                     = optional(string, "terraform")<br/>    permissions = optional(list(object({<br/>      group_name       = string,<br/>      permission_level = string<br/>    })), []),<br/>  }))</pre> | `[]` | no |
+| <a name="input_clusters"></a> [clusters](#input\_clusters) | Set of objects with parameters to configure Databricks clusters and assign permissions to it for certain custom groups | <pre>set(object({<br>    cluster_name            = string<br>    spark_version           = optional(string, "14.3.x-scala2.12")<br>    node_type_id            = optional(string, "m5d.large")<br>    autotermination_minutes = optional(number, 20)<br>    min_workers             = optional(number, 1)<br>    max_workers             = optional(number, 2)<br>    availability            = optional(string, "ON_DEMAND")<br>    zone_id                 = optional(string, "auto")<br>    first_on_demand         = optional(number, 1)<br>    spot_bid_price_percent  = optional(number, 100)<br>    data_security_mode      = optional(string, "USER_ISOLATION")<br>    ebs_volume_count        = optional(number, 1)<br>    ebs_volume_size         = optional(number, 100)<br>    ebs_volume_type         = optional(string, "GENERAL_PURPOSE_SSD")<br>    permissions = optional(list(object({<br>      group_name       = string,<br>      permission_level = string<br>    })), []),<br>  }))</pre> | `[]` | no |
+| <a name="input_custom_config"></a> [custom\_config](#input\_custom\_config) | Map of AD databricks workspace custom config | `map(string)` | <pre>{<br>  "enable-X-Content-Type-Options": "true",<br>  "enable-X-Frame-Options": "true",<br>  "enable-X-XSS-Protection": "true",<br>  "enableDbfsFileBrowser": "false",<br>  "enableExportNotebook": "false",<br>  "enableIpAccessLists": "true",<br>  "enableNotebookTableClipboard": "false",<br>  "enableResultsDownloading": "false",<br>  "enableUploadDataUis": "false",<br>  "enableVerboseAuditLogs": "true",<br>  "enforceUserIsolation": "true",<br>  "storeInteractiveNotebookResultsInCustomerAccount": "true"<br>}</pre> | no |
+| <a name="input_iam_account_groups"></a> [iam\_account\_groups](#input\_iam\_account\_groups) | List of objects with group name and entitlements for this group | <pre>list(object({<br>    group_name   = optional(string)<br>    entitlements = optional(list(string))<br>  }))</pre> | `[]` | no |
+| <a name="input_ip_addresses"></a> [ip\_addresses](#input\_ip\_addresses) | A map of IP address ranges | `map(string)` | <pre>{<br>  "all": "0.0.0.0/0"<br>}</pre> | no |
+| <a name="input_secret_scopes"></a> [secret\_scopes](#input\_secret\_scopes) | A list of secret scopes to be created | <pre>list(object({<br>    scope_name = string<br>    scope_permissions = optional(set(object({<br>      group_name       = string<br>      permission_level = string<br>    })))<br>    secrets = optional(list(object({<br>      key   = string<br>      value = string<br>    })), [])<br>  }))</pre> | `[]` | no |
+| <a name="input_sql_endpoint"></a> [sql\_endpoint](#input\_sql\_endpoint) | Set of objects with parameters to configure SQL Endpoint and assign permissions to it for certain custom groups | <pre>set(object({<br>    name                      = string<br>    cluster_size              = optional(string, "2X-Small")<br>    auto_stop_mins            = optional(number, 15)<br>    max_num_clusters          = optional(number, 1)<br>    enable_photon             = optional(bool, false)<br>    enable_serverless_compute = optional(bool, true)<br>    spot_instance_policy      = optional(string, "COST_OPTIMIZED")<br>    warehouse_type            = optional(string, "PRO")<br>    key                       = optional(string, "user")<br>    value                     = optional(string, "terraform")<br>    permissions = optional(list(object({<br>      group_name       = string,<br>      permission_level = string<br>    })), []),<br>  }))</pre> | `[]` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| <a name="output_metastore_id"></a> [metastore\_id](#output\_metastore\_id) | n/a |
-| <a name="output_sql_warehouses_list"></a> [sql\_warehouses\_list](#output\_sql\_warehouses\_list) | n/a |
-| <a name="output_test"></a> [test](#output\_test) | n/a |
+| <a name="output_metastore_id"></a> [metastore\_id](#output\_metastore\_id) | The ID of the current metastore in the Databricks workspace. |
+| <a name="output_sql_warehouses_list"></a> [sql\_warehouses\_list](#output\_sql\_warehouses\_list) | List of IDs of all SQL warehouses in the Databricks workspace. |
+| <a name="output_test"></a> [test](#output\_test) | Full list of IAM account groups for the workspace. |
 <!-- END_TF_DOCS -->
 
 ## License
diff --git a/iam.tf b/iam.tf
@@ -7,10 +7,6 @@ locals {
   })
 }
 
-data "databricks_group" "admins" {
-  display_name = "admins"
-}
-
 data "databricks_group" "account_groups" {
   for_each = local.iam_account_map
 
diff --git a/main.tf b/main.tf
@@ -2,7 +2,7 @@ resource "databricks_workspace_conf" "this" {
   custom_config = var.custom_config
 }
 
-resource "databricks_ip_access_list" "allowed-list" {
+resource "databricks_ip_access_list" "allowed_list" {
   label        = "allow_in"
   list_type    = "ALLOW"
   ip_addresses = flatten([for v in values(var.ip_addresses) : v])
diff --git a/outputs.tf b/outputs.tf
@@ -1,12 +1,14 @@
 output "sql_warehouses_list" {
-  value = data.databricks_sql_warehouses.all.ids
+  value       = data.databricks_sql_warehouses.all.ids
+  description = "List of IDs of all SQL warehouses in the Databricks workspace."
 }
 
 output "metastore_id" {
-  value = data.databricks_current_metastore.this.id
+  value       = data.databricks_current_metastore.this.id
+  description = "The ID of the current metastore in the Databricks workspace."
 }
 
 output "test" {
-  value = local.iam_account_groups_full_list
+  value       = local.iam_account_groups_full_list
+  description = "Full list of IAM account groups for the workspace."
 }
-
diff --git a/variables.tf b/variables.tf
@@ -1,6 +1,6 @@
-variable "region" {
+variable "cloud_name" {
   type        = string
-  description = "AWS region"
+  description = "Cloud Name"
 }
 
 variable "sql_endpoint" {
@@ -53,23 +53,24 @@ variable "custom_config" {
   type        = map(string)
   description = "Map of AD databricks workspace custom config"
   default = {
-    "enableResultsDownloading"                         = "false", // https://docs.databricks.com/en/notebooks/notebook-outputs.html#download-results
-    "enableNotebookTableClipboard"                     = "false", // https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#enable-users-to-copy-data-to-the-clipboard-from-notebooks
-    "enableVerboseAuditLogs"                           = "true",  // https://docs.databricks.com/en/administration-guide/account-settings/verbose-logs.html
+    "enableResultsDownloading"                         = "false", # https://docs.databricks.com/en/notebooks/notebook-outputs.html#download-results
+    "enableNotebookTableClipboard"                     = "false", # https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#enable-users-to-copy-data-to-the-clipboard-from-notebooks
+    "enableVerboseAuditLogs"                           = "true",  # https://docs.databricks.com/en/administration-guide/account-settings/verbose-logs.html
     "enable-X-Frame-Options"                           = "true",
     "enable-X-Content-Type-Options"                    = "true",
     "enable-X-XSS-Protection"                          = "true",
-    "enableDbfsFileBrowser"                            = "false", // https://docs.databricks.com/en/administration-guide/workspace-settings/dbfs-browser.html
-    "enableExportNotebook"                             = "false", // https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#enable-users-to-export-notebooks
-    "enforceUserIsolation"                             = "true",  // https://docs.databricks.com/en/administration-guide/workspace-settings/enforce-user-isolation.html
-    "storeInteractiveNotebookResultsInCustomerAccount" = "true",  // https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#manage-where-notebook-results-are-stored
-    "enableUploadDataUis"                              = "false", // https://docs.databricks.com/en/ingestion/add-data/index.html
+    "enableDbfsFileBrowser"                            = "false", # https://docs.databricks.com/en/administration-guide/workspace-settings/dbfs-browser.html
+    "enableExportNotebook"                             = "false", # https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#enable-users-to-export-notebooks
+    "enforceUserIsolation"                             = "true",  # https://docs.databricks.com/en/administration-guide/workspace-settings/enforce-user-isolation.html
+    "storeInteractiveNotebookResultsInCustomerAccount" = "true",  # https://docs.databricks.com/en/administration-guide/workspace-settings/notebooks.html#manage-where-notebook-results-are-stored
+    "enableUploadDataUis"                              = "false", # https://docs.databricks.com/en/ingestion/add-data/index.html
     "enableIpAccessLists"                              = "true"
   }
 }
 
 variable "ip_addresses" {
-  type = map(string)
+  type        = map(string)
+  description = "A map of IP address ranges"
   default = {
     "all" = "0.0.0.0/0"
   }
@@ -87,7 +88,8 @@ variable "secret_scopes" {
       value = string
     })), [])
   }))
-  default = []
+  description = "A list of secret scopes to be created"
+  default     = []
 }
 
 variable "iam_account_groups" {
@@ -98,8 +100,3 @@ variable "iam_account_groups" {
   description = "List of objects with group name and entitlements for this group"
   default     = []
 }
-
-variable "cloud_name" {
-  type        = string
-  description = "Cloud Name"
-}

Original file line number	Diff line number	Diff line change
`@@ -7,10 +7,6 @@ locals {`
`7`	`7`	`})`
`8`	`8`	`}`
`9`	`9`
`10`		`-data "databricks_group" "admins" {`
`11`		`- display_name = "admins"`
`12`		`-}`
`13`		`-`
`14`	`10`	`data "databricks_group" "account_groups" {`
`15`	`11`	`for_each = local.iam_account_map`
`16`	`12`
Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,7 @@ resource "databricks_workspace_conf" "this" {`
`2`	`2`	`custom_config = var.custom_config`
`3`	`3`	`}`
`4`	`4`
`5`		`-resource "databricks_ip_access_list" "allowed-list" {`
	`5`	`+resource "databricks_ip_access_list" "allowed_list" {`
`6`	`6`	`label = "allow_in"`
`7`	`7`	`list_type = "ALLOW"`
`8`	`8`	`ip_addresses = flatten([for v in values(var.ip_addresses) : v])`
Original file line number	Diff line number	Diff line change
`@@ -1,12 +1,14 @@`
`1`	`1`	`output "sql_warehouses_list" {`
`2`		`- value = data.databricks_sql_warehouses.all.ids`
	`2`	`+ value = data.databricks_sql_warehouses.all.ids`
	`3`	`+ description = "List of IDs of all SQL warehouses in the Databricks workspace."`
`3`	`4`	`}`
`4`	`5`
`5`	`6`	`output "metastore_id" {`
`6`		`- value = data.databricks_current_metastore.this.id`
	`7`	`+ value = data.databricks_current_metastore.this.id`
	`8`	`+ description = "The ID of the current metastore in the Databricks workspace."`
`7`	`9`	`}`
`8`	`10`
`9`	`11`	`output "test" {`
`10`		`- value = local.iam_account_groups_full_list`
	`12`	`+ value = local.iam_account_groups_full_list`
	`13`	`+ description = "Full list of IAM account groups for the workspace."`
`11`	`14`	`}`
`12`		`-`