@pulumi/databricks 0.0.1-alpha.1648473134

package/sqlGlobalConfig.js

@@ -0,0 +1,115 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqlGlobalConfig = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * This resource configures the security policy, databricks_instance_profile, and [data access properties](https://docs.databricks.com/sql/admin/data-access-configuration.html) for all databricks.SqlEndpoint of workspace. *Please note that changing parameters of this resources will restart all running databricks_sql_endpoint.*  To use this resource you need to be an administrator.
+ *
+ * ## Example Usage
+ * ### AWS example
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const _this = new databricks.SqlGlobalConfig("this", {
+ *     securityPolicy: "DATA_ACCESS_CONTROL",
+ *     instanceProfileArn: "arn:....",
+ *     dataAccessConfig: {
+ *         "spark.sql.session.timeZone": "UTC",
+ *     },
+ * });
+ * ```
+ * ### Azure example
+ *
+ * For Azure you should use the `dataAccessConfig` to provide the service principal configuration. You can use the Databricks SQL Admin Console UI to help you generate the right configuration values.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const _this = new databricks.SqlGlobalConfig("this", {
+ *     securityPolicy: "DATA_ACCESS_CONTROL",
+ *     dataAccessConfig: {
+ *         "spark.hadoop.fs.azure.account.auth.type": "OAuth",
+ *         "spark.hadoop.fs.azure.account.oauth.provider.type": "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
+ *         "spark.hadoop.fs.azure.account.oauth2.client.id": _var.tenant_id,
+ *         "spark.hadoop.fs.azure.account.oauth2.client.secret": `{{secrets/${local.secret_scope}/${local.secret_key}}}`,
+ *         "spark.hadoop.fs.azure.account.oauth2.client.endpoint": `https://login.microsoftonline.com/${_var.tenant_id}/oauth2/token`,
+ *     },
+ *     sqlConfigParams: {
+ *         ANSI_MODE: "true",
+ *     },
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.InstanceProfile to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount.
+ * * databricks.SqlDashboard to manage Databricks SQL [Dashboards](https://docs.databricks.com/sql/user/dashboards/index.html).
+ * * databricks.SqlEndpoint to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
+ * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html).
+ *
+ * ## Import
+ *
+ * You can import a `databricks_sql_global_config` resource with command like the following (you need to use `global` as ID)bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/sqlGlobalConfig:SqlGlobalConfig this global
+ * ```
+ */
+class SqlGlobalConfig extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["dataAccessConfig"] = state ? state.dataAccessConfig : undefined;
+            resourceInputs["enableServerlessCompute"] = state ? state.enableServerlessCompute : undefined;
+            resourceInputs["instanceProfileArn"] = state ? state.instanceProfileArn : undefined;
+            resourceInputs["securityPolicy"] = state ? state.securityPolicy : undefined;
+            resourceInputs["sqlConfigParams"] = state ? state.sqlConfigParams : undefined;
+        }
+        else {
+            const args = argsOrState;
+            resourceInputs["dataAccessConfig"] = args ? args.dataAccessConfig : undefined;
+            resourceInputs["enableServerlessCompute"] = args ? args.enableServerlessCompute : undefined;
+            resourceInputs["instanceProfileArn"] = args ? args.instanceProfileArn : undefined;
+            resourceInputs["securityPolicy"] = args ? args.securityPolicy : undefined;
+            resourceInputs["sqlConfigParams"] = args ? args.sqlConfigParams : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SqlGlobalConfig.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing SqlGlobalConfig resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new SqlGlobalConfig(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of SqlGlobalConfig.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SqlGlobalConfig.__pulumiType;
+    }
+}
+exports.SqlGlobalConfig = SqlGlobalConfig;
+/** @internal */
+SqlGlobalConfig.__pulumiType = 'databricks:index/sqlGlobalConfig:SqlGlobalConfig';
+//# sourceMappingURL=sqlGlobalConfig.js.map

package/sqlGlobalConfig.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlGlobalConfig.js","sourceRoot":"","sources":["../sqlGlobalConfig.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyDG;AACH,MAAa,eAAgB,SAAQ,MAAM,CAAC,cAAc;IAsDtD,YAAY,IAAY,EAAE,WAAwD,EAAE,IAAmC;QACnH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA+C,CAAC;YAC9D,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;SACjF;aAAM;YACH,MAAM,IAAI,GAAG,WAA8C,CAAC;YAC5D,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/E;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,eAAe,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACpE,CAAC;IAzED;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA4B,EAAE,IAAmC;QAC1H,OAAO,IAAI,eAAe,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACtE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,eAAe,CAAC,YAAY,CAAC;IAChE,CAAC;;AA1BL,0CA2EC;AA7DG,gBAAgB;AACO,4BAAY,GAAG,kDAAkD,CAAC"}

package/sqlPermissions.d.ts

@@ -0,0 +1,191 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "./types";
+/**
+ * > **Note** Please switch to databricks.Grants with Unity Catalog to manage data access, which provides better and faster way for managing data security. `databricks.Grants` resource *doesn't require a technical cluster to perform operations*. `databricks.SqlPermissions` will be removed, once Unity Catalog is Generally Available.
+ *
+ * This resource manages data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html). In order to enable Table Access control, you have to login to the workspace as administrator, go to `Admin Console`, pick `Access Control` tab, click on `Enable` button in `Table Access Control` section, and click `Confirm`. The security guarantees of table access control **will only be effective if cluster access control is also turned on**. Please make sure that no users can create clusters in your workspace and all databricks.Cluster have approximately the following configuration:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * // ...
+ * const clusterWithTableAccessControl = new databricks.Cluster("clusterWithTableAccessControl", {sparkConf: {
+ *     "spark.databricks.acl.dfAclsEnabled": "true",
+ *     "spark.databricks.repl.allowedLanguages": "python,sql",
+ * }});
+ * ```
+ *
+ * It could be combined with creation of High-Concurrency and Single-Node clusters - in this case it should have corresponding `customTags` and `spark.databricks.cluster.profile` in Spark configuration as described in documentation for `databricks.Cluster` resource.
+ *
+ * The created cluster could be referred to by providing its ID as `clusterId` property.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const fooTable = new databricks.SqlPermissions("fooTable", {clusterId: databricks_cluster.cluster_name.id});
+ * //...
+ * ```
+ *
+ * ## Example Usage
+ *
+ * The following resource definition will enforce access control on a table by executing the following SQL queries on a special auto-terminating cluster it would create for this operation:
+ *
+ * * ``` SHOW GRANT ON TABLE `default`.`foo`  ```
+ * * ```REVOKE ALL PRIVILEGES ON TABLE `default`.`foo` FROM ... every group and user that has access to it ...```
+ * * ``` GRANT MODIFY, SELECT ON TABLE `default`.`foo` TO `serge@example.com`  ```
+ * * ``` GRANT SELECT ON TABLE `default`.`foo` TO `special group`  ```
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const fooTable = new databricks.SqlPermissions("foo_table", {
+ *     privilegeAssignments: [
+ *         {
+ *             principal: "serge@example.com",
+ *             privileges: [
+ *                 "SELECT",
+ *                 "MODIFY",
+ *             ],
+ *         },
+ *         {
+ *             principal: "special group",
+ *             privileges: ["SELECT"],
+ *         },
+ *     ],
+ *     table: "foo",
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+ * * databricks.Grants to manage data access in Unity Catalog.
+ * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+ * * databricks.User to [manage users](https://docs.databricks.com/administration-guide/users-groups/users.html), that could be added to databricks.Group within the workspace.
+ *
+ * ## Import
+ *
+ * The resource can be imported using a synthetic identifier. Examples of valid synthetic identifiers are* `table/default.foo` - table `foo` in a `default` database. Database is always mandatory. * `view/bar.foo` - view `foo` in `bar` database. * `database/bar` - `bar` database. * `catalog/` - entire catalog. `/` suffix is mandatory. * `any file/` - direct access to any file. `/` suffix is mandatory. * `anonymous function/` - anonymous function. `/` suffix is mandatory. bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/sqlPermissions:SqlPermissions foo /<object-type>/<object-name>
+ * ```
+ */
+export declare class SqlPermissions extends pulumi.CustomResource {
+    /**
+     * Get an existing SqlPermissions resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SqlPermissionsState, opts?: pulumi.CustomResourceOptions): SqlPermissions;
+    /**
+     * Returns true if the given object is an instance of SqlPermissions.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is SqlPermissions;
+    /**
+     * If this access control for using anonymous function. Defaults to `false`.
+     */
+    readonly anonymousFunction: pulumi.Output<boolean | undefined>;
+    /**
+     * If this access control for reading any file. Defaults to `false`.
+     */
+    readonly anyFile: pulumi.Output<boolean | undefined>;
+    /**
+     * If this access control for the entire catalog. Defaults to `false`.
+     */
+    readonly catalog: pulumi.Output<boolean | undefined>;
+    readonly clusterId: pulumi.Output<string>;
+    /**
+     * Name of the database. Has default value of `default`.
+     */
+    readonly database: pulumi.Output<string | undefined>;
+    readonly privilegeAssignments: pulumi.Output<outputs.SqlPermissionsPrivilegeAssignment[] | undefined>;
+    /**
+     * Name of the table. Can be combined with `database`.
+     */
+    readonly table: pulumi.Output<string | undefined>;
+    /**
+     * Name of the view. Can be combined with `database`.
+     */
+    readonly view: pulumi.Output<string | undefined>;
+    /**
+     * Create a SqlPermissions resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args?: SqlPermissionsArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering SqlPermissions resources.
+ */
+export interface SqlPermissionsState {
+    /**
+     * If this access control for using anonymous function. Defaults to `false`.
+     */
+    anonymousFunction?: pulumi.Input<boolean>;
+    /**
+     * If this access control for reading any file. Defaults to `false`.
+     */
+    anyFile?: pulumi.Input<boolean>;
+    /**
+     * If this access control for the entire catalog. Defaults to `false`.
+     */
+    catalog?: pulumi.Input<boolean>;
+    clusterId?: pulumi.Input<string>;
+    /**
+     * Name of the database. Has default value of `default`.
+     */
+    database?: pulumi.Input<string>;
+    privilegeAssignments?: pulumi.Input<pulumi.Input<inputs.SqlPermissionsPrivilegeAssignment>[]>;
+    /**
+     * Name of the table. Can be combined with `database`.
+     */
+    table?: pulumi.Input<string>;
+    /**
+     * Name of the view. Can be combined with `database`.
+     */
+    view?: pulumi.Input<string>;
+}
+/**
+ * The set of arguments for constructing a SqlPermissions resource.
+ */
+export interface SqlPermissionsArgs {
+    /**
+     * If this access control for using anonymous function. Defaults to `false`.
+     */
+    anonymousFunction?: pulumi.Input<boolean>;
+    /**
+     * If this access control for reading any file. Defaults to `false`.
+     */
+    anyFile?: pulumi.Input<boolean>;
+    /**
+     * If this access control for the entire catalog. Defaults to `false`.
+     */
+    catalog?: pulumi.Input<boolean>;
+    clusterId?: pulumi.Input<string>;
+    /**
+     * Name of the database. Has default value of `default`.
+     */
+    database?: pulumi.Input<string>;
+    privilegeAssignments?: pulumi.Input<pulumi.Input<inputs.SqlPermissionsPrivilegeAssignment>[]>;
+    /**
+     * Name of the table. Can be combined with `database`.
+     */
+    table?: pulumi.Input<string>;
+    /**
+     * Name of the view. Can be combined with `database`.
+     */
+    view?: pulumi.Input<string>;
+}

package/sqlPermissions.js

@@ -0,0 +1,139 @@
+"use strict";
+// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
+// *** Do not edit by hand unless you're certain you know what you are doing! ***
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqlPermissions = void 0;
+const pulumi = require("@pulumi/pulumi");
+const utilities = require("./utilities");
+/**
+ * > **Note** Please switch to databricks.Grants with Unity Catalog to manage data access, which provides better and faster way for managing data security. `databricks.Grants` resource *doesn't require a technical cluster to perform operations*. `databricks.SqlPermissions` will be removed, once Unity Catalog is Generally Available.
+ *
+ * This resource manages data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html). In order to enable Table Access control, you have to login to the workspace as administrator, go to `Admin Console`, pick `Access Control` tab, click on `Enable` button in `Table Access Control` section, and click `Confirm`. The security guarantees of table access control **will only be effective if cluster access control is also turned on**. Please make sure that no users can create clusters in your workspace and all databricks.Cluster have approximately the following configuration:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * // ...
+ * const clusterWithTableAccessControl = new databricks.Cluster("clusterWithTableAccessControl", {sparkConf: {
+ *     "spark.databricks.acl.dfAclsEnabled": "true",
+ *     "spark.databricks.repl.allowedLanguages": "python,sql",
+ * }});
+ * ```
+ *
+ * It could be combined with creation of High-Concurrency and Single-Node clusters - in this case it should have corresponding `customTags` and `spark.databricks.cluster.profile` in Spark configuration as described in documentation for `databricks.Cluster` resource.
+ *
+ * The created cluster could be referred to by providing its ID as `clusterId` property.
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const fooTable = new databricks.SqlPermissions("fooTable", {clusterId: databricks_cluster.cluster_name.id});
+ * //...
+ * ```
+ *
+ * ## Example Usage
+ *
+ * The following resource definition will enforce access control on a table by executing the following SQL queries on a special auto-terminating cluster it would create for this operation:
+ *
+ * * ``` SHOW GRANT ON TABLE `default`.`foo`  ```
+ * * ```REVOKE ALL PRIVILEGES ON TABLE `default`.`foo` FROM ... every group and user that has access to it ...```
+ * * ``` GRANT MODIFY, SELECT ON TABLE `default`.`foo` TO `serge@example.com`  ```
+ * * ``` GRANT SELECT ON TABLE `default`.`foo` TO `special group`  ```
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const fooTable = new databricks.SqlPermissions("foo_table", {
+ *     privilegeAssignments: [
+ *         {
+ *             principal: "serge@example.com",
+ *             privileges: [
+ *                 "SELECT",
+ *                 "MODIFY",
+ *             ],
+ *         },
+ *         {
+ *             principal: "special group",
+ *             privileges: ["SELECT"],
+ *         },
+ *     ],
+ *     table: "foo",
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+ * * databricks.Grants to manage data access in Unity Catalog.
+ * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
+ * * databricks.User to [manage users](https://docs.databricks.com/administration-guide/users-groups/users.html), that could be added to databricks.Group within the workspace.
+ *
+ * ## Import
+ *
+ * The resource can be imported using a synthetic identifier. Examples of valid synthetic identifiers are* `table/default.foo` - table `foo` in a `default` database. Database is always mandatory. * `view/bar.foo` - view `foo` in `bar` database. * `database/bar` - `bar` database. * `catalog/` - entire catalog. `/` suffix is mandatory. * `any file/` - direct access to any file. `/` suffix is mandatory. * `anonymous function/` - anonymous function. `/` suffix is mandatory. bash
+ *
+ * ```sh
+ *  $ pulumi import databricks:index/sqlPermissions:SqlPermissions foo /<object-type>/<object-name>
+ * ```
+ */
+class SqlPermissions extends pulumi.CustomResource {
+    constructor(name, argsOrState, opts) {
+        let resourceInputs = {};
+        opts = opts || {};
+        if (opts.id) {
+            const state = argsOrState;
+            resourceInputs["anonymousFunction"] = state ? state.anonymousFunction : undefined;
+            resourceInputs["anyFile"] = state ? state.anyFile : undefined;
+            resourceInputs["catalog"] = state ? state.catalog : undefined;
+            resourceInputs["clusterId"] = state ? state.clusterId : undefined;
+            resourceInputs["database"] = state ? state.database : undefined;
+            resourceInputs["privilegeAssignments"] = state ? state.privilegeAssignments : undefined;
+            resourceInputs["table"] = state ? state.table : undefined;
+            resourceInputs["view"] = state ? state.view : undefined;
+        }
+        else {
+            const args = argsOrState;
+            resourceInputs["anonymousFunction"] = args ? args.anonymousFunction : undefined;
+            resourceInputs["anyFile"] = args ? args.anyFile : undefined;
+            resourceInputs["catalog"] = args ? args.catalog : undefined;
+            resourceInputs["clusterId"] = args ? args.clusterId : undefined;
+            resourceInputs["database"] = args ? args.database : undefined;
+            resourceInputs["privilegeAssignments"] = args ? args.privilegeAssignments : undefined;
+            resourceInputs["table"] = args ? args.table : undefined;
+            resourceInputs["view"] = args ? args.view : undefined;
+        }
+        opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
+        super(SqlPermissions.__pulumiType, name, resourceInputs, opts);
+    }
+    /**
+     * Get an existing SqlPermissions resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name, id, state, opts) {
+        return new SqlPermissions(name, state, Object.assign(Object.assign({}, opts), { id: id }));
+    }
+    /**
+     * Returns true if the given object is an instance of SqlPermissions.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj) {
+        if (obj === undefined || obj === null) {
+            return false;
+        }
+        return obj['__pulumiType'] === SqlPermissions.__pulumiType;
+    }
+}
+exports.SqlPermissions = SqlPermissions;
+/** @internal */
+SqlPermissions.__pulumiType = 'databricks:index/sqlPermissions:SqlPermissions';
+//# sourceMappingURL=sqlPermissions.js.map

package/sqlPermissions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlPermissions.js","sourceRoot":"","sources":["../sqlPermissions.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAEzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2EG;AACH,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IA+DrD,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,mBAAmB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,cAAc,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5D,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9D,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;IAxFD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;;AA1BL,wCA0FC;AA5EG,gBAAgB;AACO,2BAAY,GAAG,gDAAgD,CAAC"}

package/sqlQuery.d.ts

@@ -0,0 +1,131 @@
+import * as pulumi from "@pulumi/pulumi";
+import { input as inputs, output as outputs } from "./types";
+/**
+ * To manage [SQLA resources](https://docs.databricks.com/sql/get-started/concepts.html) you must have `databricksSqlAccess` on your databricks.Group or databricks_user.
+ *
+ * **Note:** documentation for this resource is a work in progress.
+ *
+ * A query may have one or more visualizations.
+ *
+ * ## Example Usage
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const q1 = new databricks.SqlQuery("q1", {
+ *     dataSourceId: databricks_sql_endpoint.example.data_source_id,
+ *     query: "SELECT {{ p1 }} AS p1, 2 as p2",
+ *     runAsRole: "viewer",
+ *     schedule: {
+ *         continuous: {
+ *             intervalSeconds: 5 * 60,
+ *         },
+ *     },
+ *     parameters: [{
+ *         name: "p1",
+ *         title: "Title for p1",
+ *         text: {
+ *             value: "default",
+ *         },
+ *     }],
+ *     tags: [
+ *         "t1",
+ *         "t2",
+ *     ],
+ * });
+ * ```
+ *
+ * Example permission to share query with all users:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ *
+ * const q1 = new databricks.Permissions("q1", {
+ *     sqlQueryId: databricks_sql_query.q1.id,
+ *     accessControls: [
+ *         {
+ *             groupName: data.databricks_group.users.display_name,
+ *             permissionLevel: "CAN_RUN",
+ *         },
+ *         {
+ *             groupName: data.databricks_group.team.display_name,
+ *             permissionLevel: "CAN_EDIT",
+ *         },
+ *     ],
+ * });
+ * ```
+ * ## Related Resources
+ *
+ * The following resources are often used in the same context:
+ *
+ * * End to end workspace management guide.
+ * * databricks.SqlDashboard to manage Databricks SQL [Dashboards](https://docs.databricks.com/sql/user/dashboards/index.html).
+ * * databricks.SqlEndpoint to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
+ * * databricks.SqlGlobalConfig to configure the security policy, databricks_instance_profile, and [data access properties](https://docs.databricks.com/sql/admin/data-access-configuration.html) for all databricks.SqlEndpoint of workspace.
+ * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html).
+ *
+ * ## Import
+ *
+ * -> **Note** Importing this resource is not currently supported.
+ */
+export declare class SqlQuery extends pulumi.CustomResource {
+    /**
+     * Get an existing SqlQuery resource's state with the given name, ID, and optional extra
+     * properties used to qualify the lookup.
+     *
+     * @param name The _unique_ name of the resulting resource.
+     * @param id The _unique_ provider ID of the resource to lookup.
+     * @param state Any extra arguments used during the lookup.
+     * @param opts Optional settings to control the behavior of the CustomResource.
+     */
+    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: SqlQueryState, opts?: pulumi.CustomResourceOptions): SqlQuery;
+    /**
+     * Returns true if the given object is an instance of SqlQuery.  This is designed to work even
+     * when multiple copies of the Pulumi SDK have been loaded into the same process.
+     */
+    static isInstance(obj: any): obj is SqlQuery;
+    readonly dataSourceId: pulumi.Output<string>;
+    readonly description: pulumi.Output<string | undefined>;
+    readonly name: pulumi.Output<string>;
+    readonly parameters: pulumi.Output<outputs.SqlQueryParameter[] | undefined>;
+    readonly query: pulumi.Output<string>;
+    readonly runAsRole: pulumi.Output<string | undefined>;
+    readonly schedule: pulumi.Output<outputs.SqlQuerySchedule | undefined>;
+    readonly tags: pulumi.Output<string[] | undefined>;
+    /**
+     * Create a SqlQuery resource with the given unique name, arguments, and options.
+     *
+     * @param name The _unique_ name of the resource.
+     * @param args The arguments to use to populate this resource's properties.
+     * @param opts A bag of options that control this resource's behavior.
+     */
+    constructor(name: string, args: SqlQueryArgs, opts?: pulumi.CustomResourceOptions);
+}
+/**
+ * Input properties used for looking up and filtering SqlQuery resources.
+ */
+export interface SqlQueryState {
+    dataSourceId?: pulumi.Input<string>;
+    description?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+    parameters?: pulumi.Input<pulumi.Input<inputs.SqlQueryParameter>[]>;
+    query?: pulumi.Input<string>;
+    runAsRole?: pulumi.Input<string>;
+    schedule?: pulumi.Input<inputs.SqlQuerySchedule>;
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+}
+/**
+ * The set of arguments for constructing a SqlQuery resource.
+ */
+export interface SqlQueryArgs {
+    dataSourceId: pulumi.Input<string>;
+    description?: pulumi.Input<string>;
+    name?: pulumi.Input<string>;
+    parameters?: pulumi.Input<pulumi.Input<inputs.SqlQueryParameter>[]>;
+    query: pulumi.Input<string>;
+    runAsRole?: pulumi.Input<string>;
+    schedule?: pulumi.Input<inputs.SqlQuerySchedule>;
+    tags?: pulumi.Input<pulumi.Input<string>[]>;
+}