diff --git a/databricks_access_connectors.tf b/databricks_access_connectors.tf new file mode 100644 index 0000000000..108aaf3e99 --- /dev/null +++ b/databricks_access_connectors.tf @@ -0,0 +1,18 @@ +module "databricks_access_connectors" { + source = "./modules/analytics/databricks_access_connector" + for_each = local.database.databricks_access_connectors + + client_config = local.client_config + global_settings = local.global_settings + name = each.value.name + settings = each.value + resource_groups = local.combined_objects_resource_groups + base_tags = local.global_settings.inherit_tags + remote_objects = { + managed_identities = local.combined_objects_managed_identities + } +} + +output "databricks_access_connectors" { + value = module.databricks_access_connectors +} diff --git a/examples/databricks_access_connectors/100-databricks_access_connectors/configuration.tfvars b/examples/databricks_access_connectors/100-databricks_access_connectors/configuration.tfvars new file mode 100644 index 0000000000..b3dd3e7fb8 --- /dev/null +++ b/examples/databricks_access_connectors/100-databricks_access_connectors/configuration.tfvars @@ -0,0 +1,34 @@ +global_settings = { + default_region = "region1" + regions = { + region1 = "australiaeast" + } +} + +resource_groups = { + dac_test = { + name = "rg-databricks-access-connectors" + } +} + +databricks_access_connectors = { + dac_1 = { + name = "example-name" + resource_group_key = "dac_test" + identity = { + type = "UserAssigned" #SystemAssigned + managed_identity_keys = ["dac_test"] + } + tags = { + test = "test" + test1 = "test1" + } + } +} + +managed_identities = { + dac_test = { + name = "mi-dac-test" + resource_group_key = "dac_test" + } +} diff --git a/examples/module.tf b/examples/module.tf index 255003eab1..f2fbbc1c6c 100644 --- a/examples/module.tf +++ b/examples/module.tf @@ -141,6 +141,7 @@ module "example" { databricks_workspaces = var.databricks_workspaces database_migration_services = var.database_migration_services databricks_workspaces = var.databricks_workspaces + databricks_access_connectors = var.databricks_access_connectors machine_learning_workspaces = var.machine_learning_workspaces mariadb_servers = var.mariadb_servers mariadb_databases = var.mariadb_databases diff --git a/examples/variables.tf b/examples/variables.tf index e1879395af..0e46b8498f 100644 --- a/examples/variables.tf +++ b/examples/variables.tf @@ -355,6 +355,9 @@ variable "batch_pools" { variable "databricks_workspaces" { default = {} } +variable "databricks_access_connectors" { + default = {} +} variable "machine_learning_workspaces" { default = {} } diff --git a/local.remote_objects.tf b/local.remote_objects.tf index f1c406efcc..76de44f2cd 100644 --- a/local.remote_objects.tf +++ b/local.remote_objects.tf @@ -41,6 +41,7 @@ locals { container_registry = try(local.combined_objects_container_registry, null) cosmos_dbs = try(local.combined_objects_cosmos_dbs, null) databricks_workspaces = try(local.combined_objects_databricks_workspaces, null) + databricks_access_connectors = try(local.combined_objects_databricks_access_connectors, null) data_factory = try(local.combined_objects_data_factory, null) data_factory_integration_runtime_azure_ssis = try(local.combined_objects_data_factory_integration_runtime_azure_ssis, null) data_factory_linked_service_azure_blob_storage = try(local.combined_objects_data_factory_linked_service_azure_blob_storage, null) diff --git a/locals.combined_objects.tf b/locals.combined_objects.tf index 91d8a107f5..8505d87082 100644 --- a/locals.combined_objects.tf +++ b/locals.combined_objects.tf @@ -64,6 +64,7 @@ locals { combined_objects_data_factory_pipeline = merge(tomap({ (local.client_config.landingzone_key) = module.data_factory_pipeline }), try(var.remote_objects.data_factory_pipeline, {})) combined_objects_database_migration_services = merge(tomap({ (local.client_config.landingzone_key) = module.database_migration_services }), try(var.remote_objects.database_migration_services, {})) combined_objects_databricks_workspaces = merge(tomap({ (local.client_config.landingzone_key) = module.databricks_workspaces }), try(var.remote_objects.databricks_workspaces, {}), try(var.data_sources.databricks_workspaces, {})) + combined_objects_databricks_access_connectors = merge(tomap({ (local.client_config.landingzone_key) = module.databricks_access_connectors }), try(var.remote_objects.databricks_access_connectors, {}), try(var.data_sources.databricks_access_connectors, {})) combined_objects_ddos_services = merge(tomap({ (local.client_config.landingzone_key) = azurerm_network_ddos_protection_plan.ddos_protection_plan }), try(var.remote_objects.ddos_services, {}), try(var.remote_objects.ddos_services, {})) combined_objects_dedicated_host_groups = merge(tomap({ (local.client_config.landingzone_key) = module.dedicated_host_groups }), try(var.remote_objects.dedicated_host_groups, {}), try(var.data_sources.dedicated_host_groups, {})) combined_objects_dedicated_hosts = merge(tomap({ (local.client_config.landingzone_key) = module.dedicated_hosts }), try(var.remote_objects.dedicated_hosts, {}), try(var.data_sources.dedicated_hosts, {})) diff --git a/locals.tf b/locals.tf index f1e20aa26d..f869fa3412 100644 --- a/locals.tf +++ b/locals.tf @@ -122,6 +122,7 @@ locals { database_migration_services = try(var.database.database_migration_services, {}) database_migration_projects = try(var.database.database_migration_projects, {}) databricks_workspaces = try(var.database.databricks_workspaces, {}) + databricks_access_connectors = try(var.database.databricks_access_connectors, {}) machine_learning_workspaces = try(var.database.machine_learning_workspaces, {}) mariadb_databases = try(var.database.mariadb_databases, {}) mariadb_servers = try(var.database.mariadb_servers, {}) diff --git a/modules/analytics/databricks_access_connector/main.tf b/modules/analytics/databricks_access_connector/main.tf new file mode 100644 index 0000000000..00369bb2be --- /dev/null +++ b/modules/analytics/databricks_access_connector/main.tf @@ -0,0 +1,18 @@ +locals { + tags = var.base_tags ? merge( + var.global_settings.tags, + try(var.resource_groups.tags, null), + try(var.settings.tags, null) + ) : try(var.settings.tags, null) + + + resource_group = var.resource_groups[try(var.settings.lz_key, var.settings.resource_group.lz_key, var.client_config.landingzone_key)][try(var.settings.resource_group.key, var.settings.resource_group_key)] +} + +terraform { + required_providers { + azurecaf = { + source = "aztfmod/azurecaf" + } + } +} diff --git a/modules/analytics/databricks_access_connector/managed_identities.tf b/modules/analytics/databricks_access_connector/managed_identities.tf new file mode 100644 index 0000000000..4257d2d09d --- /dev/null +++ b/modules/analytics/databricks_access_connector/managed_identities.tf @@ -0,0 +1,17 @@ +locals { + managed_local_identities = flatten([ + for managed_identity_key in try(var.settings.identity.managed_identity_keys, []) : [ + var.remote_objects.managed_identities[var.client_config.landingzone_key][managed_identity_key].id + ] + ]) + + managed_remote_identities = flatten([ + for lz_key, value in try(var.settings.identity.remote, []) : [ + for managed_identity_key in value.managed_identity_keys : [ + var.remote_objects.managed_identities[lz_key][managed_identity_key].id + ] + ] + ]) + + managed_identities = concat(local.managed_local_identities, local.managed_remote_identities) +} \ No newline at end of file diff --git a/modules/analytics/databricks_access_connector/module.tf b/modules/analytics/databricks_access_connector/module.tf new file mode 100644 index 0000000000..9da6636dfb --- /dev/null +++ b/modules/analytics/databricks_access_connector/module.tf @@ -0,0 +1,15 @@ +resource "azurerm_databricks_access_connector" "databricks_access_connector" { + name = var.name + resource_group_name = local.resource_group.name + location = lookup(var.settings, "region", null) == null ? local.resource_group.location : var.global_settings.regions[var.settings.region] + tags = local.tags + + dynamic "identity" { + for_each = can(var.settings.identity) ? [var.settings.identity] : [] + content { + type = identity.value.type + identity_ids = concat(local.managed_identities, try(identity.value.identity_ids, [])) + } + } + +} diff --git a/modules/analytics/databricks_access_connector/output.tf b/modules/analytics/databricks_access_connector/output.tf new file mode 100644 index 0000000000..1b1301a120 --- /dev/null +++ b/modules/analytics/databricks_access_connector/output.tf @@ -0,0 +1,4 @@ +output "id" { + description = "The ID of the Manages a Databricks Access Connector." + value = azurerm_databricks_access_connector.databricks_access_connector.id +} \ No newline at end of file diff --git a/modules/analytics/databricks_access_connector/variables.tf b/modules/analytics/databricks_access_connector/variables.tf new file mode 100644 index 0000000000..b58645c073 --- /dev/null +++ b/modules/analytics/databricks_access_connector/variables.tf @@ -0,0 +1,21 @@ +variable "name" { + default = null +} +variable "settings" {} + +variable "global_settings" { + description = "Global settings object (see module README.md)" +} + +variable "client_config" { + description = "Client configuration object (see module README.md)." +} + +variable "resource_groups" { + default = {} +} +variable "base_tags" { + description = "Base tags for the resource to be inherited from the resource group." + type = bool +} +variable "remote_objects" {}