@pulumi/databricks 0.0.1-alpha.1648473134

package/secretAcl.js

@@ -0,0 +1,105 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretAcl = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * Create or overwrite the ACL associated with the given principal (user or group) on the specified databricks_secret_scope. Please consult [Secrets User Guide](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) for more details.
+ *
+ * ## Example Usage
+ *
+ * This way, data scientists can read the Publishing API key that is synchronized from example, Azure Key Vault.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const ds = new databricks.Group("ds", {displayName: "data-scientists"});
+ * const app = new databricks.SecretScope("app", {});
+ * const mySecretAcl = new databricks.SecretAcl("mySecretAcl", {
+ *     principal: ds.displayName,
+ *     permission: "READ",
+ *     scope: app.name,
+ * });
+ * const publishingApi = new databricks.Secret("publishingApi", {
+ *     key: "publishing_api",
+ *     stringValue: data.azurerm_key_vault_secret.example.value,
+ *     scope: app.name,
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.Notebook to manage [Databricks Notebooks](https://docs.databricks.com/notebooks/index.html).
+ * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+ * * databricks.Repo to manage [Databricks Repos](https://docs.databricks.com/repos.html).
+ * * databricks.Secret to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
+ * * databricks.SecretScope to create [secret scopes](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
+ *
+ * ## Import
+ *
+ * The resource secret acl can be imported using `scopeName|||principalName` combination. bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/secretAcl:SecretAcl object `scopeName|||principalName`
+ * ```
+ */
+class SecretAcl extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["permission"] = state ? state.permission : undefined;
+            resourceInputs["principal"] = state ? state.principal : undefined;
+            resourceInputs["scope"] = state ? state.scope : undefined;
+        }
+        else {
+            const args = argsOrState;
+            if ((!args || args.permission === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'permission'");
+            }
+            if ((!args || args.principal === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'principal'");
+            }
+            if ((!args || args.scope === undefined) && !opts.urn) {
+                throw new Error("Missing required property 'scope'");
+            }
+            resourceInputs["permission"] = args ? args.permission : undefined;
+            resourceInputs["principal"] = args ? args.principal : undefined;
+            resourceInputs["scope"] = args ? args.scope : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SecretAcl.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing SecretAcl resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new SecretAcl(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of SecretAcl.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SecretAcl.__pulumiType;
+    }
+}
+exports.SecretAcl = SecretAcl;
+/** @internal */
+SecretAcl.__pulumiType = 'databricks:index/secretAcl:SecretAcl';
+//# sourceMappingURL=secretAcl.js.map

package/secretAcl.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretAcl.js","sourceRoot":"","sources":["../secretAcl.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,MAAa,SAAU,SAAQ,MAAM,CAAC,cAAc;IAiDhD,YAAY,IAAY,EAAE,WAA4C,EAAE,IAAmC;QACvG,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAyC,CAAC;YACxD,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;SAC7D;aAAM;YACH,MAAM,IAAI,GAAG,WAAwC,CAAC;YACtD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAClD,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;aACxD;YACD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC9D,CAAC;IAzED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAsB,EAAE,IAAmC;QACpH,OAAO,IAAI,SAAS,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAChE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,SAAS,CAAC,YAAY,CAAC;IAC1D,CAAC;;AA1BL,8BA2EC;AA7DG,gBAAgB;AACO,sBAAY,GAAG,sCAAsC,CAAC"}

package/secretScope.d.ts

@@ -0,0 +1,85 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "./types";
+/**
+ * ## Import
+ *
+ * The secret resource scope can be imported using the scope name. `initial_manage_principal` state won't be imported, because the underlying API doesn't include it in the response. bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/secretScope:SecretScope object <scopeName>
+ * ```
+ */
+export declare class SecretScope extends pulumi.CustomResource {
+    /**
+     * Get an existing SecretScope resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SecretScopeState, opts?: pulumi.CustomResourceOptions): SecretScope;
+    /**
+     * Returns true if the given object is an instance of SecretScope.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is SecretScope;
+    /**
+     * Either `DATABRICKS` or `AZURE_KEYVAULT`
+     */
+    readonly backendType: pulumi.Output<string>;
+    /**
+     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
+     */
+    readonly initialManagePrincipal: pulumi.Output<string | undefined>;
+    readonly keyvaultMetadata: pulumi.Output<outputs.SecretScopeKeyvaultMetadata | undefined>;
+    /**
+     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
+     */
+    readonly name: pulumi.Output<string>;
+    /**
+     * Create a SecretScope resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: SecretScopeArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering SecretScope resources.
+ */
+export interface SecretScopeState {
+    /**
+     * Either `DATABRICKS` or `AZURE_KEYVAULT`
+     */
+    backendType?: pulumi.Input<string>;
+    /**
+     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
+     */
+    initialManagePrincipal?: pulumi.Input<string>;
+    keyvaultMetadata?: pulumi.Input<inputs.SecretScopeKeyvaultMetadata>;
+    /**
+     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
+     */
+    name?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a SecretScope resource.
+ */
+export interface SecretScopeArgs {
+    /**
+     * Either `DATABRICKS` or `AZURE_KEYVAULT`
+     */
+    backendType?: pulumi.Input<string>;
+    /**
+     * The principal with the only possible value `users` that is initially granted `MANAGE` permission to the created scope.  If it's omitted, then the databricks.SecretAcl with `MANAGE` permission applied to the scope is assigned to the API request issuer's user identity (see [documentation](https://docs.databricks.com/dev-tools/api/latest/secrets.html#create-secret-scope)). This part of the state cannot be imported.
+     */
+    initialManagePrincipal?: pulumi.Input<string>;
+    keyvaultMetadata?: pulumi.Input<inputs.SecretScopeKeyvaultMetadata>;
+    /**
+     * Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters.
+     */
+    name?: pulumi.Input<string>;
+}

package/secretScope.js

@@ -0,0 +1,64 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecretScope = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * ## Import
+ *
+ * The secret resource scope can be imported using the scope name. `initial_manage_principal` state won't be imported, because the underlying API doesn't include it in the response. bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/secretScope:SecretScope object <scopeName>
+ * ```
+ */
+class SecretScope extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["backendType"] = state ? state.backendType : undefined;
+            resourceInputs["initialManagePrincipal"] = state ? state.initialManagePrincipal : undefined;
+            resourceInputs["keyvaultMetadata"] = state ? state.keyvaultMetadata : undefined;
+            resourceInputs["name"] = state ? state.name : undefined;
+        }
+        else {
+            const args = argsOrState;
+            resourceInputs["backendType"] = args ? args.backendType : undefined;
+            resourceInputs["initialManagePrincipal"] = args ? args.initialManagePrincipal : undefined;
+            resourceInputs["keyvaultMetadata"] = args ? args.keyvaultMetadata : undefined;
+            resourceInputs["name"] = args ? args.name : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SecretScope.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing SecretScope resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new SecretScope(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of SecretScope.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SecretScope.__pulumiType;
+    }
+}
+exports.SecretScope = SecretScope;
+/** @internal */
+SecretScope.__pulumiType = 'databricks:index/secretScope:SecretScope';
+//# sourceMappingURL=secretScope.js.map

package/secretScope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretScope.js","sourceRoot":"","sources":["../secretScope.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;GAQG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAkDlD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,wBAAwB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,wBAAwB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;IAnED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;;AA1BL,kCAqEC;AAvDG,gBAAgB;AACO,wBAAY,GAAG,0CAA0C,CAAC"}

package/servicePrincipal.d.ts

@@ -0,0 +1,142 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * Directly manage [Service Principals](https://docs.databricks.com/administration-guide/users-groups/service-principals.html) that could be added to databricks.Group within workspace.
+ *
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+ * * databricks.Group data to retrieve information about databricks.Group members, entitlements and instance profiles.
+ * * databricksGroupMember to attach users and groups as group members.
+ * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+ * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.
+ *
+ * ## Import
+ *
+ * The resource scim service principal can be imported using idbash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/servicePrincipal:ServicePrincipal me <service-principal-id>
+ * ```
+ */
+export declare class ServicePrincipal extends pulumi.CustomResource {
+    /**
+     * Get an existing ServicePrincipal resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServicePrincipalState, opts?: pulumi.CustomResourceOptions): ServicePrincipal;
+    /**
+     * Returns true if the given object is an instance of ServicePrincipal.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is ServicePrincipal;
+    /**
+     * Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+     */
+    readonly active: pulumi.Output<boolean | undefined>;
+    /**
+     * Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+     */
+    readonly allowClusterCreate: pulumi.Output<boolean | undefined>;
+    /**
+     * Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument.
+     */
+    readonly allowInstancePoolCreate: pulumi.Output<boolean | undefined>;
+    /**
+     * This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
+     */
+    readonly applicationId: pulumi.Output<string>;
+    /**
+     * This is a field to allow the group to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+     */
+    readonly databricksSqlAccess: pulumi.Output<boolean | undefined>;
+    /**
+     * This is an alias for the service principal and can be the full name of the service principal.
+     */
+    readonly displayName: pulumi.Output<string>;
+    /**
+     * This is a field to allow the group to have access to Databricks Workspace.
+     */
+    readonly workspaceAccess: pulumi.Output<boolean | undefined>;
+    /**
+     * Create a ServicePrincipal resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: ServicePrincipalArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering ServicePrincipal resources.
+ */
+export interface ServicePrincipalState {
+    /**
+     * Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+     */
+    active?: pulumi.Input<boolean>;
+    /**
+     * Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+     */
+    allowClusterCreate?: pulumi.Input<boolean>;
+    /**
+     * Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument.
+     */
+    allowInstancePoolCreate?: pulumi.Input<boolean>;
+    /**
+     * This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
+     */
+    applicationId?: pulumi.Input<string>;
+    /**
+     * This is a field to allow the group to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+     */
+    databricksSqlAccess?: pulumi.Input<boolean>;
+    /**
+     * This is an alias for the service principal and can be the full name of the service principal.
+     */
+    displayName?: pulumi.Input<string>;
+    /**
+     * This is a field to allow the group to have access to Databricks Workspace.
+     */
+    workspaceAccess?: pulumi.Input<boolean>;
+}
+/**
+ * The set of arguments for constructing a ServicePrincipal resource.
+ */
+export interface ServicePrincipalArgs {
+    /**
+     * Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+     */
+    active?: pulumi.Input<boolean>;
+    /**
+     * Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+     */
+    allowClusterCreate?: pulumi.Input<boolean>;
+    /**
+     * Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument.
+     */
+    allowInstancePoolCreate?: pulumi.Input<boolean>;
+    /**
+     * This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
+     */
+    applicationId?: pulumi.Input<string>;
+    /**
+     * This is a field to allow the group to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+     */
+    databricksSqlAccess?: pulumi.Input<boolean>;
+    /**
+     * This is an alias for the service principal and can be the full name of the service principal.
+     */
+    displayName?: pulumi.Input<string>;
+    /**
+     * This is a field to allow the group to have access to Databricks Workspace.
+     */
+    workspaceAccess?: pulumi.Input<boolean>;
+}

package/servicePrincipal.js

@@ -0,0 +1,83 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ServicePrincipal = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * Directly manage [Service Principals](https://docs.databricks.com/administration-guide/users-groups/service-principals.html) that could be added to databricks.Group within workspace.
+ *
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+ * * databricks.Group data to retrieve information about databricks.Group members, entitlements and instance profiles.
+ * * databricksGroupMember to attach users and groups as group members.
+ * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+ * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.
+ *
+ * ## Import
+ *
+ * The resource scim service principal can be imported using idbash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/servicePrincipal:ServicePrincipal me <service-principal-id>
+ * ```
+ */
+class ServicePrincipal extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["active"] = state ? state.active : undefined;
+            resourceInputs["allowClusterCreate"] = state ? state.allowClusterCreate : undefined;
+            resourceInputs["allowInstancePoolCreate"] = state ? state.allowInstancePoolCreate : undefined;
+            resourceInputs["applicationId"] = state ? state.applicationId : undefined;
+            resourceInputs["databricksSqlAccess"] = state ? state.databricksSqlAccess : undefined;
+            resourceInputs["displayName"] = state ? state.displayName : undefined;
+            resourceInputs["workspaceAccess"] = state ? state.workspaceAccess : undefined;
+        }
+        else {
+            const args = argsOrState;
+            resourceInputs["active"] = args ? args.active : undefined;
+            resourceInputs["allowClusterCreate"] = args ? args.allowClusterCreate : undefined;
+            resourceInputs["allowInstancePoolCreate"] = args ? args.allowInstancePoolCreate : undefined;
+            resourceInputs["applicationId"] = args ? args.applicationId : undefined;
+            resourceInputs["databricksSqlAccess"] = args ? args.databricksSqlAccess : undefined;
+            resourceInputs["displayName"] = args ? args.displayName : undefined;
+            resourceInputs["workspaceAccess"] = args ? args.workspaceAccess : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(ServicePrincipal.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing ServicePrincipal resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new ServicePrincipal(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of ServicePrincipal.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === ServicePrincipal.__pulumiType;
+    }
+}
+exports.ServicePrincipal = ServicePrincipal;
+/** @internal */
+ServicePrincipal.__pulumiType = 'databricks:index/servicePrincipal:ServicePrincipal';
+//# sourceMappingURL=servicePrincipal.js.map

package/servicePrincipal.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"servicePrincipal.js","sourceRoot":"","sources":["../servicePrincipal.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAa,gBAAiB,SAAQ,MAAM,CAAC,cAAc;IAiEvD,YAAY,IAAY,EAAE,WAA0D,EAAE,IAAmC;QACrH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAgD,CAAC;YAC/D,cAAc,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;SACjF;aAAM;YACH,MAAM,IAAI,GAAG,WAA+C,CAAC;YAC7D,cAAc,CAAC,QAAQ,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/E;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,gBAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACrE,CAAC;IAxFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA6B,EAAE,IAAmC;QAC3H,OAAO,IAAI,gBAAgB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACvE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,gBAAgB,CAAC,YAAY,CAAC;IACjE,CAAC;;AA1BL,4CA0FC;AA5EG,gBAAgB;AACO,6BAAY,GAAG,oDAAoD,CAAC"}

package/sqlDashboard.d.ts

@@ -0,0 +1,90 @@
+import * as pulumi from "@pulumi/pulumi";
+/**
+ * This resource is used to manage [Databricks SQL Dashboards](https://docs.databricks.com/sql/user/dashboards/index.html). To manage [SQLA resources](https://docs.databricks.com/sql/get-started/concepts.html) you must have `databricksSqlAccess` on your databricks.Group or databricks_user.
+ *
+ * **Note:** documentation for this resource is a work in progress.
+ *
+ * A dashboard may have one or more widgets.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const d1 = new databricks.SqlDashboard("d1", {
+ *     tags: [
+ *         "some-tag",
+ *         "another-tag",
+ *     ],
+ * });
+ * ```
+ *
+ * Example permission to share dashboard with all users:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const d1 = new databricks.Permissions("d1", {
+ *     sqlDashboardId: databricks_sql_dashboard.d1.id,
+ *     accessControls: [{
+ *         groupName: data.databricks_group.users.display_name,
+ *         permissionLevel: "CAN_RUN",
+ *     }],
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.SqlEndpoint to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
+ * * databricks.SqlGlobalConfig to configure the security policy, databricks_instance_profile, and [data access properties](https://docs.databricks.com/sql/admin/data-access-configuration.html) for all databricks.SqlEndpoint of workspace.
+ * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html).
+ *
+ * ## Import
+ *
+ * -> **Note** Importing this resource is not currently supported.
+ */
+export declare class SqlDashboard extends pulumi.CustomResource {
+    /**
+     * Get an existing SqlDashboard resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SqlDashboardState, opts?: pulumi.CustomResourceOptions): SqlDashboard;
+    /**
+     * Returns true if the given object is an instance of SqlDashboard.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is SqlDashboard;
+    readonly name: pulumi.Output<string>;
+    readonly tags: pulumi.Output<string[] | undefined>;
+    /**
+     * Create a SqlDashboard resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: SqlDashboardArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering SqlDashboard resources.
+ */
+export interface SqlDashboardState {
+    name?: pulumi.Input<string>;
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+}
+/**
+ * The set of arguments for constructing a SqlDashboard resource.
+ */
+export interface SqlDashboardArgs {
+    name?: pulumi.Input<string>;
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+}