forked from databricks/terraform-provider-databricks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
142 lines (119 loc) · 4.11 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
data "external" "env" {
program = ["python", "-c", "import sys,os,json;json.dump(dict(os.environ), sys.stdout)"]
}
provider "aws" {
region = data.external.env.result.TEST_REGION
}
resource "random_string" "naming" {
special = false
upper = false
length = 6
}
locals {
// dltp - databricks labs terraform provider
prefix = "dltp${random_string.naming.result}"
tags = {
Environment = "Testing"
Owner = data.external.env.result.OWNER
Epoch = random_string.naming.result
}
}
// initialize provider in "MWS" mode to provision new workspace
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
}
data "databricks_aws_assume_role_policy" "this" {
external_id = data.external.env.result.DATABRICKS_ACCOUNT_ID
}
resource "aws_iam_role" "cross_account_role" {
name = "${local.prefix}-crossaccount"
assume_role_policy = data.databricks_aws_assume_role_policy.this.json
tags = local.tags
}
data "databricks_aws_crossaccount_policy" "this" {
pass_roles = [aws_iam_role.data_role.arn]
}
resource "aws_iam_role_policy" "this" {
name = "${local.prefix}-policy"
role = aws_iam_role.cross_account_role.id
policy = data.databricks_aws_crossaccount_policy.this.json
}
// register cross-account ARN
resource "databricks_mws_credentials" "this" {
provider = databricks.mws
account_id = data.external.env.result.DATABRICKS_ACCOUNT_ID
role_arn = aws_iam_role.cross_account_role.arn
credentials_name = "${local.prefix}-creds"
// not explicitly needed by this, but to make sure a smooth deployment
depends_on = [aws_iam_role_policy.this]
}
module "this" {
source = "../modules/aws-mws-common"
cidr_block = data.external.env.result.TEST_CIDR
region = data.external.env.result.TEST_REGION
prefix = local.prefix
tags = local.tags
}
// register root bucket
resource "databricks_mws_storage_configurations" "this" {
provider = databricks.mws
account_id = data.external.env.result.DATABRICKS_ACCOUNT_ID
bucket_name = module.this.root_bucket
storage_configuration_name = "${local.prefix}-storage"
}
// register VPC
resource "databricks_mws_networks" "this" {
provider = databricks.mws
account_id = data.external.env.result.DATABRICKS_ACCOUNT_ID
network_name = "${local.prefix}-network"
subnet_ids = [module.this.subnet_public, module.this.subnet_private]
vpc_id = module.this.vpc_id
security_group_ids = [module.this.security_group]
}
// create workspace in given VPC with DBFS on root bucket
resource "databricks_mws_workspaces" "this" {
provider = databricks.mws
account_id = data.external.env.result.DATABRICKS_ACCOUNT_ID
aws_region = data.external.env.result.TEST_REGION
workspace_name = local.prefix
deployment_name = local.prefix
credentials_id = databricks_mws_credentials.this.credentials_id
storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id
network_id = databricks_mws_networks.this.network_id
verify_workspace_runnning = true
}
// initialize provider in normal mode
provider "databricks" {
// in normal scenario you won't have to give providers aliases
alias = "created_workspace"
host = databricks_mws_workspaces.this.workspace_url
}
// create PAT token to provision entities within workspace
resource "databricks_token" "pat" {
provider = databricks.created_workspace
comment = "Terraform Provisioning"
// 1 day token
lifetime_seconds = 86400
}
output "cloud_env" {
// needed to distinguish between azure, aws & mws tests
value = "AWS"
}
// export host for integration tests to run on
output "databricks_host" {
value = databricks_mws_workspaces.this.workspace_url
}
// export token for integraiton tests to run on
output "databricks_token" {
value = databricks_token.pat.token_value
sensitive = true
}
// remove username from environment
output "databricks_username" {
value = ""
}
// remove password from environment
output "databricks_password" {
value = ""
}