feat: workspace bindings support; catalog's managed locations support

oleh_mykolaishyn · oleh_mykolaishyn · commit 868ce29c04b2 · 2024-03-14T17:53:20.000+02:00
diff --git a/main.tf b/main.tf
@@ -23,12 +23,14 @@ resource "databricks_grants" "metastore" {
 resource "databricks_catalog" "this" {
   for_each = var.catalog
 
-  metastore_id  = var.metastore_id
-  name          = each.key
-  owner         = each.value.catalog_owner
-  comment       = lookup(each.value, "catalog_comment", "default comment")
-  properties    = merge(lookup(each.value, "catalog_properties", {}), { env = var.env })
-  force_destroy = true
+  metastore_id   = var.metastore_id
+  name           = each.key
+  owner          = each.value.catalog_owner
+  storage_root   = each.value.catalog_storage_root
+  isolation_mode = each.value.catalog_isolation_mode
+  comment        = lookup(each.value, "catalog_comment", "default comment")
+  properties     = lookup(each.value, "catalog_properties", {})
+  force_destroy  = true
 }
 
 # Catalog grants
@@ -72,7 +74,7 @@ resource "databricks_schema" "this" {
   name          = each.value.schema
   owner         = each.value.owner
   comment       = each.value.comment
-  properties    = merge(each.value.properties, { env = var.env })
+  properties    = each.value.properties
   force_destroy = true
 }
 
@@ -99,3 +101,14 @@ resource "databricks_grants" "schema" {
     privileges = each.value.permission
   }
 }
+
+# ISOLATED Catalogs binding
+resource "databricks_catalog_workspace_binding" "this" {
+  for_each = {
+    for object in var.isolated_unmanaged_catalog_bindings : object.catalog_name => object
+  }
+
+  workspace_id   = var.workspace_id
+  securable_name = each.value.catalog_name
+  binding_type   = each.value.binding_type
+}
diff --git a/variables.tf b/variables.tf
@@ -1,8 +1,3 @@
-variable "env" {
-  type        = string
-  description = "Environment name"
-}
-
 variable "metastore_id" {
   type        = string
   description = "Unity Catalog Metastore Id that is located in separate environment. Provide this value to associate Databricks Workspace with target Metastore"
@@ -19,22 +14,40 @@ variable "metastore_grants" {
     principal  = string
     privileges = list(string)
   }))
-  description = "Permissions to give on metastore to group"
+  description = "Permissions to give on metastore to user, group or service principal"
   default     = []
 }
 
 variable "catalog" {
   type = map(object({
-    catalog_grants     = optional(map(list(string)))
-    catalog_owner      = optional(string)
-    catalog_comment    = optional(string)
-    catalog_properties = optional(map(string))
-    schema_name        = optional(list(string))
-    schema_grants      = optional(map(list(string)))
-    schema_owner       = optional(string)
-    schema_comment     = optional(string)
-    schema_properties  = optional(map(string))
+    catalog_grants         = optional(map(list(string)))
+    catalog_owner          = optional(string)         # Username/groupname/sp application_id of the catalog owner.
+    catalog_storage_root   = optional(string)         # Location in cloud storage where data for managed tables will be stored
+    catalog_isolation_mode = optional(string, "OPEN") # Whether the catalog is accessible from all workspaces or a specific set of workspaces. Can be ISOLATED or OPEN.
+    catalog_comment        = optional(string)         # User-supplied free-form text
+    catalog_properties     = optional(map(string))    # Extensible Catalog Tags.
+    schema_name            = optional(list(string))   # List of Schema names relative to parent catalog.
+    schema_grants          = optional(map(list(string)))
+    schema_owner           = optional(string) # Username/groupname/sp application_id of the schema owner.
+    schema_comment         = optional(string)
+    schema_properties      = optional(map(string))
   }))
   description = "Map of catalog name and its parameters"
   default     = {}
 }
+
+variable "isolated_unmanaged_catalog_bindings" {
+  type = list(object({
+    catalog_name = string                                      # Name of ISOLATED catalog
+    binding_type = optional(string, "BINDING_TYPE_READ_WRITE") # Binding mode. Possible values are BINDING_TYPE_READ_ONLY, BINDING_TYPE_READ_WRITE
+  }))
+  description = "List of objects with parameters to configure Catalog Bindings"
+  default     = []
+}
+
+variable "workspace_id" {
+  type        = string
+  description = "ID of the target workspace."
+  default     = null
+}
+
diff --git a/versions.tf b/versions.tf
@@ -4,7 +4,7 @@ terraform {
   required_providers {
     databricks = {
       source  = "databricks/databricks"
-      version = ">=1.14.2"
+      version = ">=1.38.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ terraform {`
`4`	`4`	`required_providers {`
`5`	`5`	`databricks = {`
`6`	`6`	`source = "databricks/databricks"`
`7`		`- version = ">=1.14.2"`
	`7`	`+ version = ">=1.38.0"`
`8`	`8`	`}`
`9`	`9`	`}`
`10`	`10`	`}`