diff --git a/README.md b/README.md
index c8b5b84..e1f80f2 100644
--- a/README.md
+++ b/README.md
@@ -117,8 +117,7 @@ No modules.
| [databricks_token.pat](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/token) | resource |
| [databricks_user.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user) | resource |
| [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
-| [databricks_cluster_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster_policy) | resource |
-| [databricks_cluster.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource |
+| [databricks_cluster.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster) | resource |
| [databricks_mount.adls](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mount) | resource |
| [databricks_secret_scope.main](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope) | resource |
| [databricks_secret.main](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret) | resource |
@@ -134,11 +133,9 @@ No modules.
| [sp\_key\_secret\_name](#input\_sp\_key\_secret\_name) | The name of Azure Key Vault secret that contains client secret of Service Principal to access in Azure Key Vault | `string` | n/a | yes |
| [tenant\_id\_secret\_name](#input\_tenant\_id\_secret\_name) | The name of Azure Key Vault secret that contains tenant ID secret of Service Principal to access in Azure Key Vault | `string` | n/a | yes |
| [key\_vault\_id](#input\_key\_vault\_id) | ID of the Key Vault instance where the Secret resides | `string` | n/a | yes |
-| [sku](#input\_sku) | The sku to use for the Databricks Workspace: [standard \ premium \ trial] | `string` | "standard" | no |
| [pat\_token\_lifetime\_seconds](#input\_pat\_token\_lifetime\_seconds) | The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely | `number` | 315569520 | no |
| [users](#input\_users) | List of users to access Databricks | `list(string)` | [] | no |
| [permissions](#input\_permissions) | Databricks Workspace permission maps | `list(map(string))` | [{
object_id = null
role = null
}] | no |
-| [custom\_cluster\_policies](#input\_custom\_cluster\_policies) | Provides an ability to create custom cluster policy, assign it to cluster and grant CAN_USE permissions on it to certain custom groups | list(object({
name = string
can_use = list(string)
definition = any
assigned = bool
})) | [{
name = null
can_use = null
definition = null
assigned = false
}] | no |
| [cluster\_nodes\_availability](#input\_cluster\_nodes\_availability) | Availability type used for all subsequent nodes past the first_on_demand ones: [SPOT_AZURE \ SPOT_WITH_FALLBACK_AZURE \ ON_DEMAND_AZURE] | `string` | null | no |
| [first\_on\_demand](#input\_first\_on\_demand) | The first first_on_demand nodes of the cluster will be placed on on-demand instances: [[ \:number ]] | `number` | 0 | no |
| [spot\_bid\_max\_price](#input\_spot\_bid\_max\_price) | The max price for Azure spot instances. Use -1 to specify lowest price | `number` | -1 | no |
@@ -163,8 +160,6 @@ No modules.
| ------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- |
| [token](#output\_token) | Databricks Personal Authorization Token |
| [cluster\_id](#output\_cluster\_id) | Databricks Cluster Id |
-| [cluster\_policies\_object](#output\_cluster\_policies\_object) | Databricks Cluster Policies object map |
-| [secret_scope\_object](#output\_secret_scope\_object) | Databricks-managed Secret Scope object map to create ACLs |
## License
diff --git a/main.tf b/main.tf
index db6bc80..9087fb4 100644
--- a/main.tf
+++ b/main.tf
@@ -19,7 +19,7 @@ resource "databricks_token" "pat" {
}
resource "databricks_user" "this" {
- for_each = var.sku == "premium" ? [] : toset(var.users)
+ for_each = toset(var.users)
user_name = each.value
lifecycle { ignore_changes = [external_id] }
}
@@ -34,24 +34,12 @@ resource "azurerm_role_assignment" "this" {
principal_id = each.value.object_id
}
-resource "databricks_cluster_policy" "this" {
- for_each = var.sku == "premium" ? {
- for param in var.custom_cluster_policies : (param.name) => param.definition
- if param.definition != null
- } : {}
-
- name = each.key
- definition = jsonencode(each.value)
-}
-
resource "databricks_cluster" "this" {
cluster_name = var.custom_default_cluster_name == null ? "shared autoscaling" : var.custom_default_cluster_name
spark_version = var.spark_version
spark_conf = var.spark_conf
spark_env_vars = var.spark_env_vars
- policy_id = var.sku == "premium" ? one([for policy in var.custom_cluster_policies : databricks_cluster_policy.this[policy.name].id if policy.assigned]) : null
-
data_security_mode = var.data_security_mode
node_type_id = var.node_type
autotermination_minutes = var.autotermination_minutes
diff --git a/outputs.tf b/outputs.tf
index d391ff0..ce5b1c5 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -7,20 +7,3 @@ output "cluster_id" {
value = databricks_cluster.this.id
description = "Databricks Cluster Id"
}
-
-output "cluster_policies_object" {
- value = [for policy in var.custom_cluster_policies : {
- id = databricks_cluster_policy.this[policy.name].id
- name = databricks_cluster_policy.this[policy.name].name
- can_use = policy.can_use
- } if policy.definition != null && var.sku == "premium"]
- description = "Databricks Cluster Policies object map"
-}
-
-output "secret_scope_object" {
- value = [for param in var.secret_scope : {
- scope_name = databricks_secret_scope.this[param.scope_name].name
- acl = param.acl
- } if param.acl != null]
- description = "Databricks-managed Secret Scope object map to create ACLs"
-}
diff --git a/secrets.tf b/secrets.tf
index e27a218..dbccafa 100644
--- a/secrets.tf
+++ b/secrets.tf
@@ -14,7 +14,7 @@ locals {
# Secret Scope with SP secrets for mounting Azure Data Lake Storage
resource "databricks_secret_scope" "main" {
name = "main"
- initial_manage_principal = var.sku == "premium" ? null : "users"
+ initial_manage_principal = "users"
}
resource "databricks_secret" "main" {
@@ -33,7 +33,7 @@ resource "databricks_secret_scope" "this" {
}
name = each.key
- initial_manage_principal = var.sku == "premium" ? null : "users"
+ initial_manage_principal = "users"
}
resource "databricks_secret" "this" {
diff --git a/variables.tf b/variables.tf
index b9b7dba..e894e16 100644
--- a/variables.tf
+++ b/variables.tf
@@ -23,12 +23,6 @@ variable "key_vault_id" {
description = "ID of the Key Vault instance where the Secret resides"
}
-variable "sku" {
- type = string
- description = "The sku to use for the Databricks Workspace: [standard|premium|trial]"
- default = "standard"
-}
-
variable "pat_token_lifetime_seconds" {
type = number
description = "The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely"
@@ -52,33 +46,6 @@ variable "permissions" {
]
}
-# Cluster policy variables
-variable "custom_cluster_policies" {
- type = list(object({
- name = string
- can_use = list(string)
- definition = any
- assigned = bool
- }))
- description = <<-EOT
-Provides an ability to create custom cluster policy, assign it to cluster and grant CAN_USE permissions on it to certain custom groups
-name - name of custom cluster policy to create
-can_use - list of string, where values are custom group names, there groups have to be created with Terraform;
-definition - JSON document expressed in Databricks Policy Definition Language. No need to call 'jsonencode()' function on it when providing a value;
-assigned - boolean flag which assigns policy to default 'shared autoscaling' cluster, only single custom policy could be assigned;
-EOT
- default = [{
- name = null
- can_use = null
- definition = null
- assigned = false
- }]
- validation {
- condition = length([for policy in var.custom_cluster_policies : policy.assigned if policy.assigned]) <= 1
- error_message = "Only single cluster policy assignment allowed. Please set 'assigned' parameter to 'true' for exact one or none policy"
- }
-}
-
# Shared autoscaling cluster config variables
variable "cluster_nodes_availability" {
type = string