-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.tf
55 lines (45 loc) · 2.98 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
data "azurerm_client_config" "current" {}
data "azurerm_user_assigned_identity" "this" {
name = "dbmanagedidentity"
resource_group_name = azurerm_databricks_workspace.this.managed_resource_group_name
}
data "azurerm_storage_account" "this" {
name = azurerm_databricks_workspace.this.custom_parameters[0].storage_account_name
resource_group_name = azurerm_databricks_workspace.this.managed_resource_group_name
}
resource "azurerm_databricks_workspace" "this" {
name = var.workspace_name
resource_group_name = var.resource_group
location = var.location
managed_resource_group_name = coalesce(var.managed_resource_group_name, "${var.resource_group}-databricks")
sku = var.sku
public_network_access_enabled = var.public_network_access_enabled
network_security_group_rules_required = var.nsg_rules_required
tags = var.tags
managed_services_cmk_key_vault_key_id = alltrue([var.sku == "premium", var.managed_services_cmk_enabled]) ? var.managed_services_cmk_key_vault_key_id : null
managed_disk_cmk_key_vault_key_id = alltrue([var.sku == "premium", var.managed_disk_cmk_enabled]) ? var.managed_disk_cmk_key_vault_key_id : null
managed_disk_cmk_rotation_to_latest_version_enabled = alltrue([var.sku == "premium", var.managed_disk_cmk_enabled]) ? true : null
# Creates Storage Account identity used for DBFS encryption
customer_managed_key_enabled = alltrue([var.sku == "premium", var.managed_storage_account_identity_enabled]) ? true : false
default_storage_firewall_enabled = alltrue([var.storage_firewall_enabled, var.access_connector_enabled])
access_connector_id = try(azurerm_databricks_access_connector.this[0].id, null)
custom_parameters {
no_public_ip = var.no_public_ip
virtual_network_id = var.network_id
public_subnet_name = var.public_subnet_name
private_subnet_name = var.private_subnet_name
public_subnet_network_security_group_association_id = var.public_subnet_nsg_association_id
private_subnet_network_security_group_association_id = var.private_subnet_nsg_association_id
}
depends_on = [azurerm_key_vault_access_policy.databricks_ws_service, azurerm_databricks_access_connector.this]
}
resource "azurerm_databricks_access_connector" "this" {
count = var.access_connector_enabled ? 1 : 0
name = coalesce(var.access_connector_name, "ac-${var.workspace_name}") #local.access_connector_name
resource_group_name = var.resource_group
location = var.location
tags = var.tags
identity {
type = "SystemAssigned"
}
}