initial commit

Author: tomarv2

README.md

@@ -76,7 +76,7 @@ export TF_AZURE_CONTAINER=tfstate # Output of remote_state.sh
 export ARM_ACCESS_KEY=xxxxxxxxxx # Output of remote_state.sh
 ```
 
-- Update [main.tf](examples/sample/main.tf) file with required values.
+- Update [main.tf](examples/azure_databricks_new_vnet/main.tf) file with required values.
 
 - Run and verify the output before deploying:
 ```

examples/azure_databricks_new_vnet/main.tf

@@ -0,0 +1,24 @@
+module "vnet" {
+  source = "[email protected]:tomarv2/terraform-azure-vnet.git?ref=v0.0.1"
+
+  resource_group_name = "demo-resource_group"
+  location            = "westus2"
+  cidr_block          = ["10.7.7.0/24"]
+  # ---------------------------------------------
+  # Note: Do not change teamid and prjid once set.
+  teamid = var.teamid
+  prjid  = var.prjid
+}
+
+module "azure_databricks" {
+  source                = "../../"
+  deploy_resource_group = false
+  resource_group_name   = "demo-resource_group"
+  custom_parameters = {
+    virtual_network_id = module.vnet.vnet_id
+  }
+  # ---------------------------------------------
+  # Note: Do not change teamid and prjid once set.
+  teamid = var.teamid
+  prjid  = var.prjid
+}

examples/azure_databricks_new_vnet/outputs.tf

@@ -0,0 +1,23 @@
+output "resource_group_name" {
+  description = "Resource Group name"
+  value       = module.azure_databricks.resource_group_name
+}
+
+output "databricks_host" {
+  description = "Databricks hosts"
+  value       = module.azure_databricks.databricks_host
+}
+
+output "databricks_workspace_id" {
+  description = "Databricks workspace id"
+  value       = module.azure_databricks.databricks_workspace_id
+}
+
+output "databricks_managed_resource_group_name" {
+  description = "Databricks managed_resource group name"
+  value       = module.azure_databricks.managed_resource_group_name
+}
+
+output "databricks_sku" {
+  value = module.azure_databricks.databricks_sku
+}

examples/sample/variables.tf renamed to examples/azure_databricks_new_vnet/variables.tf

@@ -1,9 +1,11 @@
 variable "teamid" {
   description = "(Required) Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply'"
   type        = string
+  default     = "demo"
 }
 
 variable "prjid" {
   description = "(Required) Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply'"
   type        = string
+  default     = "databricks"
 }

main.tf

@@ -4,3 +4,15 @@ data "azurerm_client_config" "current" {
 data "external" "current_user" {
   program = ["az", "account", "show", "--query", "user"]
 }
+
+module "resource_group" {
+  source = "[email protected]:tomarv2/terraform-azure-resource-group.git?ref=v0.0.3"
+
+  deploy_resource_group = var.deploy_resource_group != false ? true : false
+  resource_group_name   = var.resource_group_name != null ? var.resource_group_name : "${var.teamid}-${var.prjid}"
+
+  # ------------------------------------------------
+  # Do not change the teamid, prjid once set.
+  teamid = var.teamid
+  prjid  = var.prjid
+}

outputs.tf

@@ -17,3 +17,7 @@ output "databricks_workspace_id" {
   description = "databricks workspace id"
   value       = azurerm_databricks_workspace.this.workspace_id
 }
+
+output "databricks_sku" {
+  value = azurerm_databricks_workspace.this.sku
+}

resource_group.tf

@@ -9,23 +9,9 @@ variable "prjid" {
 }
 
 variable "region" {
-  description = "default Azure region"
-  type        = string
-  default     = "westeurope"
-}
-
-variable "databricks_account_username" {
-  description = "databricks account username"
-  type        = string
-}
-variable "databricks_account_password" {
-  description = "databricks account password"
-  type        = string
-}
-
-variable "databricks_account_id" {
-  description = "External ID provided by third party."
+  description = " The region where the resources are created"
   type        = string
+  default     = "westus2"
 }
 
 resource "random_string" "naming" {
@@ -35,7 +21,7 @@ resource "random_string" "naming" {
 }
 
 locals {
-  suffix = random_string.naming.result
+  prefix = random_string.naming.result
 }
 
 variable "resource_group_name" {
@@ -45,56 +31,67 @@ variable "resource_group_name" {
 }
 
 variable "workspace_name" {
-  description = "Databricks workspace name"
+  description = "Specifies the name of the Databricks Workspace resource. Changing this forces a new resource to be created"
   default     = null
   type        = string
 }
 
 variable "sku" {
-  description = "Databricks sku"
-  default     = "premium"
+  description = "The sku to use for the Databricks Workspace. Possible values are standard, premium, or trial. Changing this can force a new resource to be created in some circumstances"
+  default     = "standard"
   type        = string
 }
 
-
-variable "subscription_id" {
-  description = "Azure subscription Id"
-  type        = string
+variable "custom_tags" {
+  type        = any
+  description = "Extra custom tags"
+  default     = null
 }
 
-variable "client_id" {
-  description = "Azure client Id"
-  type        = string
+variable "deploy_resource_group" {
+  description = "feature flag to deploy this resource or not"
+  type        = bool
+  default     = false
 }
 
-variable "client_secret" {
-  description = "Azure client secret"
-  type        = string
+variable "infrastructure_encryption_enabled" {
+  description = "Is the Databricks File System root file system enabled with a secondary layer of encryption with platform managed keys? Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created"
+  default     = false
+  type        = bool
 }
 
-variable "tenant_id" {
-  description = "Azure tenant Id"
-  type        = string
+variable "public_network_access_enabled" {
+  description = "Allow public access for accessing workspace. Set value to false to access workspace only via private link endpoint. Possible values include true or false. Defaults to true. Changing this forces a new resource to be created"
+  default     = false
+  type        = bool
 }
 
-variable "custom_tags" {
+variable "custom_parameters" {
+  description = "https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_workspace"
   type        = any
-  description = "Extra custom tags"
   default     = null
 }
 
-variable "deploy_resource_group" {
-  description = "feature flag to deploy this resource or not"
-  type        = bool
+variable "customer_managed_key_enabled" {
+  description = "Is the workspace enabled for customer managed key encryption? If true this enables the Managed Identity for the managed storage account. Possible values are true or false. Defaults to false. This field is only valid if the Databricks Workspace sku is set to premium. Changing this forces a new resource to be created"
   default     = false
+  type        = bool
 }
 
-resource "random_string" "naming" {
-  special = false
-  upper   = false
-  length  = 3
+variable "load_balancer_backend_address_pool_id" {
+  description = "Resource ID of the Outbound Load balancer Backend Address Pool for Secure Cluster Connectivity (No Public IP) workspace. Changing this forces a new resource to be created"
+  default     = null
+  type        = string
 }
 
-locals {
-  prefix = random_string.naming.result
-}
+variable "managed_services_cmk_key_vault_key_id" {
+  description = "Customer managed encryption properties for the Databricks Workspace managed resources(e.g. Notebooks and Artifacts). Changing this forces a new resource to be created."
+  default     = null
+  type        = string
+}
+
+variable "network_security_group_rules_required" {
+  description = "Does the data plane (clusters) to control plane communication happen over private link endpoint only or publicly? Possible values AllRules, NoAzureDatabricksRules or NoAzureServiceRules. Required when public_network_access_enabled is set to false. Changing this forces a new resource to be created"
+  default     = null
+  type        = string
+}

variables.tf

@@ -11,25 +11,12 @@ terraform {
     random = {
       version = "~> 3.1"
     }
-    time = {
-      version = "~> 0.7"
-    }
     external = {
       version = "~> 2.2"
     }
   }
 }
 
-provider "databricks" {
-  host     = "https://accounts.cloud.databricks.com"
-  username = var.databricks_account_username
-  password = var.databricks_account_password
-}
-
 provider "azurerm" {
   features {}
-  subscription_id = var.subscription_id
-  client_id       = var.client_id
-  client_secret   = var.client_secret
-  tenant_id       = var.tenant_id
 }

versions.tf

@@ -1,8 +1,32 @@
 resource "azurerm_databricks_workspace" "this" {
-  name                        = var.workspace_name != null ? var.workspace_name : "${var.teamid}-${var.prjid}"
-  resource_group_name         = azurerm_resource_group.this.name
-  location                    = azurerm_resource_group.this.location
-  sku                         = var.sku
-  managed_resource_group_name = "${local.prefix}-workspace-rg"
-  tags                        = local.shared_tags
+  name                                  = var.workspace_name != null ? var.workspace_name : "${var.teamid}-${var.prjid}"
+  resource_group_name                   = var.deploy_resource_group != false ? join("", module.resource_group.*.resource_group_name) : var.resource_group_name
+  location                              = var.region
+  sku                                   = var.sku
+  managed_resource_group_name           = "${local.prefix}-workspace-rg"
+  infrastructure_encryption_enabled     = var.infrastructure_encryption_enabled
+  customer_managed_key_enabled          = var.customer_managed_key_enabled
+  load_balancer_backend_address_pool_id = var.load_balancer_backend_address_pool_id
+  managed_services_cmk_key_vault_key_id = var.managed_services_cmk_key_vault_key_id
+  public_network_access_enabled         = var.public_network_access_enabled
+  network_security_group_rules_required = var.network_security_group_rules_required
+  dynamic "custom_parameters" {
+    for_each = var.custom_parameters != null ? [var.custom_parameters] : []
+    content {
+      machine_learning_workspace_id                        = lookup(custom_parameters.value, "machine_learning_workspace_id", null)
+      nat_gateway_name                                     = lookup(custom_parameters.value, "nat_gateway_name", null)
+      public_ip_name                                       = lookup(custom_parameters.value, "public_ip_name", null)
+      no_public_ip                                         = lookup(custom_parameters.value, "no_public_ip", null)
+      public_subnet_name                                   = lookup(custom_parameters.value, "public_subnet_name", null)
+      public_subnet_network_security_group_association_id  = lookup(custom_parameters.value, "public_subnet_network_security_group_association_id", null)
+      private_subnet_name                                  = lookup(custom_parameters.value, "private_subnet_name", null)
+      private_subnet_network_security_group_association_id = lookup(custom_parameters.value, "private_subnet_network_security_group_association_id", null)
+      storage_account_name                                 = lookup(custom_parameters.value, "storage_account_name", null)
+      storage_account_sku_name                             = lookup(custom_parameters.value, "storage_account_sku_name", null)
+      virtual_network_id                                   = lookup(custom_parameters.value, "virtual_network_id", null)
+      vnet_address_prefix                                  = lookup(custom_parameters.value, "vnet_address_prefix", null)
+
+    }
+  }
+  tags = var.custom_tags != null ? merge(var.custom_tags, local.shared_tags) : local.shared_tags
 }