@@ -9,14 +9,13 @@ The main idea behind this module is to deploy resources for Databricks Workspace
99Here we provide some examples of how to provision it with a different options.
1010
1111### In example below, these features of given module would be covered:
12- 1 . Permissions and entitlements for users and groups within Databricks
13- 2 . Clusters (i.e., for Unity Catalog and Shared Autoscaling)
14- 3 . Workspace IP Access list creation
15- 4 . ADLS Gen2 Mount
16- 5 . Create Secret Scope and assign permissions to custom groups
17- 6 . SQL Endpoint creation and configuration
18- 7 . Create Cluster policy
19- 8 . Create an Azure Key Vault-backed secret scope
12+ 1 . Clusters (i.e., for Unity Catalog and Shared Autoscaling)
13+ 2 . Workspace IP Access list creation
14+ 3 . ADLS Gen2 Mount
15+ 4 . Create Secret Scope and assign permissions to custom groups
16+ 5 . SQL Endpoint creation and configuration
17+ 6 . Create Cluster policy
18+ 7 . Create an Azure Key Vault-backed secret scope
2019
2120``` hcl
2221# Prerequisite resources
@@ -58,29 +57,7 @@ module "databricks_runtime_premium" {
5857 # Cloud provider
5958 cloud_name = cloud-name # cloud provider (e.g., aws, azure)
6059
61- # 1. Permissions and entitlements for users and groups within Databricks
62- iam_workspace_groups = {
63- dev = {
64- user = [
65- "user1@example.com",
66- "user2@example.com"
67- ]
68- service_principal = []
69- entitlements = ["allow_instance_pool_create","allow_cluster_create","databricks_sql_access"]
70- }
71- }
72-
73- iam_account_groups = [{
74- group_name = "example-gn"
75- permissions = ["ADMIN"]
76- entitlements = [
77- "allow_instance_pool_create",
78- "allow_cluster_create",
79- "databricks_sql_access"
80- ]
81- }]
82-
83- # 2. Databricks clusters configuration, and assign permission to a custom group on clusters.
60+ # 1. Databricks clusters configuration, and assign permission to a custom group on clusters.
8461 databricks_cluster_configs = [ {
8562 cluster_name = "Unity Catalog"
8663 data_security_mode = "USER_ISOLATION"
@@ -96,33 +73,33 @@ module "databricks_runtime_premium" {
9673 permissions = [{group_name = "DEVELOPERS", permission_level = "CAN_MANAGE"}]
9774 }]
9875
99- # 3 . Workspace could be accessed only from these IP Addresses:
76+ # 2 . Workspace could be accessed only from these IP Addresses:
10077 ip_rules = {
10178 "ip_range_1" = "10.128.0.0/16",
10279 "ip_range_2" = "10.33.0.0/16",
10380 }
10481
105- # 4 . ADLS Gen2 Mount
82+ # 3 . ADLS Gen2 Mount
10683 mountpoints = {
10784 storage_account_name = data.azurerm_storage_account.example.name
10885 container_name = "example_container"
10986 }
11087
111- # 5 . Create Secret Scope and assign permissions to custom groups
88+ # 4 . Create Secret Scope and assign permissions to custom groups
11289 secret_scope = [{
11390 scope_name = "extra-scope"
11491 acl = [{ principal = "DEVELOPERS", permission = "READ" }] # Only custom workspace group names are allowed. If left empty then only Workspace admins could access these keys
11592 secrets = [{ key = "secret-name", string_value = "secret-value"}]
11693 }]
11794
118- # 6 . SQL Warehouse Endpoint
95+ # 5 . SQL Warehouse Endpoint
11996 databricks_sql_endpoint = [{
12097 name = "default"
12198 enable_serverless_compute = true
12299 permissions = [{ group_name = "DEVELOPERS", permission_level = "CAN_USE" },]
123100 }]
124101
125- # 7 . Databricks cluster policies
102+ # 6 . Databricks cluster policies
126103 custom_cluster_policies = [{
127104 name = "custom_policy_1",
128105 can_use = "DEVELOPERS", # custom workspace group name, that is allowed to use this policy
@@ -135,7 +112,7 @@ module "databricks_runtime_premium" {
135112 }
136113 }]
137114
138- # 8 . Azure Key Vault-backed secret scope
115+ # 7 . Azure Key Vault-backed secret scope
139116 key_vault_secret_scope = [{
140117 name = "external"
141118 key_vault_id = data.azurerm_key_vault.example.id
0 commit comments