@pulumi/databricks 1.50.0-alpha.1725600668 → 1.50.0-alpha.1725644892
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cluster.d.ts +0 -54
- package/cluster.js +0 -54
- package/cluster.js.map +1 -1
- package/getAwsAssumeRolePolicy.d.ts +2 -2
- package/getAwsAssumeRolePolicy.js +2 -2
- package/getCatalog.d.ts +2 -2
- package/getCatalog.js +2 -2
- package/getCatalogs.d.ts +2 -2
- package/getCatalogs.js +2 -2
- package/getCluster.d.ts +2 -2
- package/getCluster.js +2 -2
- package/getClusterPolicy.d.ts +2 -2
- package/getClusterPolicy.js +2 -2
- package/getClusters.d.ts +2 -2
- package/getClusters.js +2 -2
- package/getCurrentMetastore.d.ts +2 -2
- package/getCurrentMetastore.js +2 -2
- package/getCurrentUser.d.ts +2 -2
- package/getCurrentUser.js +2 -2
- package/getDbfsFile.d.ts +2 -2
- package/getDbfsFile.js +2 -2
- package/getDbfsFilePaths.d.ts +2 -2
- package/getDbfsFilePaths.js +2 -2
- package/getDirectory.d.ts +2 -2
- package/getDirectory.js +2 -2
- package/getGroup.d.ts +2 -2
- package/getGroup.js +2 -2
- package/getInstancePool.d.ts +2 -2
- package/getInstancePool.js +2 -2
- package/getJob.d.ts +2 -2
- package/getJob.js +2 -2
- package/getJobs.d.ts +2 -2
- package/getJobs.js +2 -2
- package/getMetastore.d.ts +2 -2
- package/getMetastore.js +2 -2
- package/getMlflowExperiment.d.ts +2 -2
- package/getMlflowExperiment.js +2 -2
- package/getMlflowModel.d.ts +2 -2
- package/getMlflowModel.js +2 -2
- package/getMwsCredentials.d.ts +2 -2
- package/getMwsCredentials.js +2 -2
- package/getMwsWorkspaces.d.ts +4 -4
- package/getMwsWorkspaces.js +4 -4
- package/getNodeType.d.ts +2 -2
- package/getNodeType.js +2 -2
- package/getNotebook.d.ts +2 -2
- package/getNotebook.js +2 -2
- package/getNotebookPaths.d.ts +2 -2
- package/getNotebookPaths.js +2 -2
- package/getPipelines.d.ts +2 -2
- package/getPipelines.js +2 -2
- package/getSchemas.d.ts +2 -2
- package/getSchemas.js +2 -2
- package/getServicePrincipal.d.ts +2 -2
- package/getServicePrincipal.js +2 -2
- package/getServicePrincipals.d.ts +2 -2
- package/getServicePrincipals.js +2 -2
- package/getSparkVersion.d.ts +2 -2
- package/getSparkVersion.js +2 -2
- package/getSqlWarehouse.d.ts +2 -2
- package/getSqlWarehouse.js +2 -2
- package/getSqlWarehouses.d.ts +2 -2
- package/getSqlWarehouses.js +2 -2
- package/getTable.d.ts +2 -2
- package/getTable.js +2 -2
- package/getTables.d.ts +2 -2
- package/getTables.js +2 -2
- package/getUser.d.ts +2 -2
- package/getUser.js +2 -2
- package/getViews.d.ts +2 -2
- package/getViews.js +2 -2
- package/getZones.d.ts +2 -2
- package/getZones.js +2 -2
- package/gitCredential.d.ts +3 -3
- package/mount.d.ts +0 -315
- package/mount.js +0 -315
- package/mount.js.map +1 -1
- package/mwsCredentials.d.ts +52 -5
- package/mwsCredentials.js +28 -5
- package/mwsCredentials.js.map +1 -1
- package/mwsCustomerManagedKeys.d.ts +0 -9
- package/mwsCustomerManagedKeys.js +0 -9
- package/mwsCustomerManagedKeys.js.map +1 -1
- package/mwsNetworks.d.ts +78 -43
- package/mwsNetworks.js +80 -45
- package/mwsNetworks.js.map +1 -1
- package/mwsPrivateAccessSettings.d.ts +1 -1
- package/mwsPrivateAccessSettings.js +1 -1
- package/mwsStorageConfigurations.d.ts +51 -6
- package/mwsStorageConfigurations.js +24 -6
- package/mwsStorageConfigurations.js.map +1 -1
- package/mwsVpcEndpoint.d.ts +1 -1
- package/mwsVpcEndpoint.js +1 -1
- package/package.json +2 -2
- package/sqlPermissions.d.ts +0 -9
- package/sqlPermissions.js.map +1 -1
- package/types/input.d.ts +2 -2
- package/types/output.d.ts +2 -2
package/mwsCredentials.d.ts
CHANGED
|
@@ -1,12 +1,35 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* ## Example Usage
|
|
4
4
|
*
|
|
5
|
-
*
|
|
5
|
+
* ```typescript
|
|
6
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
7
|
+
* import * as aws from "@pulumi/aws";
|
|
8
|
+
* import * as databricks from "@pulumi/databricks";
|
|
6
9
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
+
* const config = new pulumi.Config();
|
|
11
|
+
* // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
|
|
12
|
+
* const databricksAccountId = config.requireObject("databricksAccountId");
|
|
13
|
+
* const this = databricks.getAwsAssumeRolePolicy({
|
|
14
|
+
* externalId: databricksAccountId,
|
|
15
|
+
* });
|
|
16
|
+
* const crossAccountRole = new aws.iam.Role("cross_account_role", {
|
|
17
|
+
* name: `${prefix}-crossaccount`,
|
|
18
|
+
* assumeRolePolicy: _this.then(_this => _this.json),
|
|
19
|
+
* tags: tags,
|
|
20
|
+
* });
|
|
21
|
+
* const thisGetAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
|
|
22
|
+
* const thisRolePolicy = new aws.iam.RolePolicy("this", {
|
|
23
|
+
* name: `${prefix}-policy`,
|
|
24
|
+
* role: crossAccountRole.id,
|
|
25
|
+
* policy: thisGetAwsCrossAccountPolicy.then(thisGetAwsCrossAccountPolicy => thisGetAwsCrossAccountPolicy.json),
|
|
26
|
+
* });
|
|
27
|
+
* const thisMwsCredentials = new databricks.MwsCredentials("this", {
|
|
28
|
+
* accountId: databricksAccountId,
|
|
29
|
+
* credentialsName: `${prefix}-creds`,
|
|
30
|
+
* roleArn: crossAccountRole.arn,
|
|
31
|
+
* });
|
|
32
|
+
* ```
|
|
10
33
|
*
|
|
11
34
|
* ## Related Resources
|
|
12
35
|
*
|
|
@@ -46,6 +69,8 @@ export declare class MwsCredentials extends pulumi.CustomResource {
|
|
|
46
69
|
*/
|
|
47
70
|
static isInstance(obj: any): obj is MwsCredentials;
|
|
48
71
|
/**
|
|
72
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
73
|
+
*
|
|
49
74
|
* @deprecated `accountId` should be set as part of the Databricks Config, not in the resource.
|
|
50
75
|
*/
|
|
51
76
|
readonly accountId: pulumi.Output<string | undefined>;
|
|
@@ -57,8 +82,14 @@ export declare class MwsCredentials extends pulumi.CustomResource {
|
|
|
57
82
|
* (String) identifier of credentials
|
|
58
83
|
*/
|
|
59
84
|
readonly credentialsId: pulumi.Output<string>;
|
|
85
|
+
/**
|
|
86
|
+
* name of credentials to register
|
|
87
|
+
*/
|
|
60
88
|
readonly credentialsName: pulumi.Output<string>;
|
|
61
89
|
readonly externalId: pulumi.Output<string>;
|
|
90
|
+
/**
|
|
91
|
+
* ARN of cross-account role
|
|
92
|
+
*/
|
|
62
93
|
readonly roleArn: pulumi.Output<string>;
|
|
63
94
|
/**
|
|
64
95
|
* Create a MwsCredentials resource with the given unique name, arguments, and options.
|
|
@@ -74,6 +105,8 @@ export declare class MwsCredentials extends pulumi.CustomResource {
|
|
|
74
105
|
*/
|
|
75
106
|
export interface MwsCredentialsState {
|
|
76
107
|
/**
|
|
108
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
109
|
+
*
|
|
77
110
|
* @deprecated `accountId` should be set as part of the Databricks Config, not in the resource.
|
|
78
111
|
*/
|
|
79
112
|
accountId?: pulumi.Input<string>;
|
|
@@ -85,8 +118,14 @@ export interface MwsCredentialsState {
|
|
|
85
118
|
* (String) identifier of credentials
|
|
86
119
|
*/
|
|
87
120
|
credentialsId?: pulumi.Input<string>;
|
|
121
|
+
/**
|
|
122
|
+
* name of credentials to register
|
|
123
|
+
*/
|
|
88
124
|
credentialsName?: pulumi.Input<string>;
|
|
89
125
|
externalId?: pulumi.Input<string>;
|
|
126
|
+
/**
|
|
127
|
+
* ARN of cross-account role
|
|
128
|
+
*/
|
|
90
129
|
roleArn?: pulumi.Input<string>;
|
|
91
130
|
}
|
|
92
131
|
/**
|
|
@@ -94,6 +133,8 @@ export interface MwsCredentialsState {
|
|
|
94
133
|
*/
|
|
95
134
|
export interface MwsCredentialsArgs {
|
|
96
135
|
/**
|
|
136
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
137
|
+
*
|
|
97
138
|
* @deprecated `accountId` should be set as part of the Databricks Config, not in the resource.
|
|
98
139
|
*/
|
|
99
140
|
accountId?: pulumi.Input<string>;
|
|
@@ -105,7 +146,13 @@ export interface MwsCredentialsArgs {
|
|
|
105
146
|
* (String) identifier of credentials
|
|
106
147
|
*/
|
|
107
148
|
credentialsId?: pulumi.Input<string>;
|
|
149
|
+
/**
|
|
150
|
+
* name of credentials to register
|
|
151
|
+
*/
|
|
108
152
|
credentialsName: pulumi.Input<string>;
|
|
109
153
|
externalId?: pulumi.Input<string>;
|
|
154
|
+
/**
|
|
155
|
+
* ARN of cross-account role
|
|
156
|
+
*/
|
|
110
157
|
roleArn: pulumi.Input<string>;
|
|
111
158
|
}
|
package/mwsCredentials.js
CHANGED
|
@@ -6,13 +6,36 @@ exports.MwsCredentials = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
9
|
+
* ## Example Usage
|
|
10
10
|
*
|
|
11
|
-
*
|
|
11
|
+
* ```typescript
|
|
12
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
13
|
+
* import * as aws from "@pulumi/aws";
|
|
14
|
+
* import * as databricks from "@pulumi/databricks";
|
|
12
15
|
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
15
|
-
*
|
|
16
|
+
* const config = new pulumi.Config();
|
|
17
|
+
* // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
|
|
18
|
+
* const databricksAccountId = config.requireObject("databricksAccountId");
|
|
19
|
+
* const this = databricks.getAwsAssumeRolePolicy({
|
|
20
|
+
* externalId: databricksAccountId,
|
|
21
|
+
* });
|
|
22
|
+
* const crossAccountRole = new aws.iam.Role("cross_account_role", {
|
|
23
|
+
* name: `${prefix}-crossaccount`,
|
|
24
|
+
* assumeRolePolicy: _this.then(_this => _this.json),
|
|
25
|
+
* tags: tags,
|
|
26
|
+
* });
|
|
27
|
+
* const thisGetAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
|
|
28
|
+
* const thisRolePolicy = new aws.iam.RolePolicy("this", {
|
|
29
|
+
* name: `${prefix}-policy`,
|
|
30
|
+
* role: crossAccountRole.id,
|
|
31
|
+
* policy: thisGetAwsCrossAccountPolicy.then(thisGetAwsCrossAccountPolicy => thisGetAwsCrossAccountPolicy.json),
|
|
32
|
+
* });
|
|
33
|
+
* const thisMwsCredentials = new databricks.MwsCredentials("this", {
|
|
34
|
+
* accountId: databricksAccountId,
|
|
35
|
+
* credentialsName: `${prefix}-creds`,
|
|
36
|
+
* roleArn: crossAccountRole.arn,
|
|
37
|
+
* });
|
|
38
|
+
* ```
|
|
16
39
|
*
|
|
17
40
|
* ## Related Resources
|
|
18
41
|
*
|
package/mwsCredentials.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mwsCredentials.js","sourceRoot":"","sources":["../mwsCredentials.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"mwsCredentials.js","sourceRoot":"","sources":["../mwsCredentials.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAa,cAAe,SAAQ,MAAM,CAAC,cAAc;IACrD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAA2B,EAAE,IAAmC;QACzH,OAAO,IAAI,cAAc,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IACrE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,cAAc,CAAC,YAAY,CAAC;IAC/D,CAAC;IAkCD,YAAY,IAAY,EAAE,WAAsD,EAAE,IAAmC;QACjH,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA8C,CAAC;YAC7D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,iBAAiB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;aAAM;YACH,MAAM,IAAI,GAAG,WAA6C,CAAC;YAC3D,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,eAAe,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;aAClE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACpD,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;aAC1D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,iBAAiB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC;SAC/D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,cAAc,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACnE,CAAC;;AAxFL,wCAyFC;AA3EG,gBAAgB;AACO,2BAAY,GAAG,gDAAgD,CAAC"}
|
|
@@ -2,15 +2,6 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
2
2
|
import * as inputs from "./types/input";
|
|
3
3
|
import * as outputs from "./types/output";
|
|
4
4
|
/**
|
|
5
|
-
* > **Note** Initialize provider with `alias = "mws"`, `host = "https://accounts.cloud.databricks.com"` and use `provider = databricks.mws`
|
|
6
|
-
*
|
|
7
|
-
* This resource to configure KMS keys for new workspaces within AWS or GCP. This is to support the following features:
|
|
8
|
-
*
|
|
9
|
-
* * [Customer-managed keys for managed services](https://docs.databricks.com/security/keys/customer-managed-keys-managed-services-aws.html): Encrypt the workspace’s managed services data in the control plane, including notebooks, secrets, Databricks SQL queries, and Databricks SQL query history with a CMK.
|
|
10
|
-
* * [Customer-managed keys for workspace storage](https://docs.databricks.com/security/keys/customer-managed-keys-storage-aws.html): Encrypt the workspace's root S3 bucket and clusters' EBS volumes with a CMK.
|
|
11
|
-
*
|
|
12
|
-
* Please follow this complete runnable example, you should use the provider aliasing feature of Pulumi. We strongly recommend having one Pulumi module for creation of workspace + PAT token and the rest in different modules.
|
|
13
|
-
*
|
|
14
5
|
* ## Example Usage
|
|
15
6
|
*
|
|
16
7
|
* > **Note** If you've used the resource before, please add `useCases = ["MANAGED_SERVICES"]` to keep the previous behaviour.
|
|
@@ -6,15 +6,6 @@ exports.MwsCustomerManagedKeys = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
8
|
/**
|
|
9
|
-
* > **Note** Initialize provider with `alias = "mws"`, `host = "https://accounts.cloud.databricks.com"` and use `provider = databricks.mws`
|
|
10
|
-
*
|
|
11
|
-
* This resource to configure KMS keys for new workspaces within AWS or GCP. This is to support the following features:
|
|
12
|
-
*
|
|
13
|
-
* * [Customer-managed keys for managed services](https://docs.databricks.com/security/keys/customer-managed-keys-managed-services-aws.html): Encrypt the workspace’s managed services data in the control plane, including notebooks, secrets, Databricks SQL queries, and Databricks SQL query history with a CMK.
|
|
14
|
-
* * [Customer-managed keys for workspace storage](https://docs.databricks.com/security/keys/customer-managed-keys-storage-aws.html): Encrypt the workspace's root S3 bucket and clusters' EBS volumes with a CMK.
|
|
15
|
-
*
|
|
16
|
-
* Please follow this complete runnable example, you should use the provider aliasing feature of Pulumi. We strongly recommend having one Pulumi module for creation of workspace + PAT token and the rest in different modules.
|
|
17
|
-
*
|
|
18
9
|
* ## Example Usage
|
|
19
10
|
*
|
|
20
11
|
* > **Note** If you've used the resource before, please add `useCases = ["MANAGED_SERVICES"]` to keep the previous behaviour.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mwsCustomerManagedKeys.js","sourceRoot":"","sources":["../mwsCustomerManagedKeys.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"mwsCustomerManagedKeys.js","sourceRoot":"","sources":["../mwsCustomerManagedKeys.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwNG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IAqCD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACnE;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrD,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,SAAS,CAAC;YACtF,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC;SACjE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AA3FL,wDA4FC;AA9EG,gBAAgB;AACO,mCAAY,GAAG,gEAAgE,CAAC"}
|
package/mwsNetworks.d.ts
CHANGED
|
@@ -2,54 +2,89 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
2
2
|
import * as inputs from "./types/input";
|
|
3
3
|
import * as outputs from "./types/output";
|
|
4
4
|
/**
|
|
5
|
-
* ##
|
|
5
|
+
* ## Example Usage
|
|
6
6
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
* Use this resource to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS. It is essential to understand that this will require you to configure your provider separately for the multiple workspaces resources.
|
|
10
|
-
*
|
|
11
|
-
* * Databricks must have access to at least two subnets for each workspace, with each subnet in a different Availability Zone. You cannot specify more than one Databricks workspace subnet per Availability Zone in the Create network configuration API call. You can have more than one subnet per Availability Zone as part of your network setup, but you can choose only one subnet per Availability Zone for the Databricks workspace.
|
|
12
|
-
* * Databricks assigns two IP addresses per node, one for management traffic and one for Spark applications. The total number of instances for each subnet is equal to half of the available IP addresses.
|
|
13
|
-
* * Each subnet must have a netmask between /17 and /25.
|
|
14
|
-
* * Subnets must be private.
|
|
15
|
-
* * Subnets must have outbound access to the public network using a aws_nat_gateway, or other similar customer-managed appliance infrastructure.
|
|
16
|
-
* * The NAT gateway must be set up in its subnet (public_subnets in the example below) that routes quad-zero (0.0.0.0/0) traffic to an internet gateway or other customer-managed appliance infrastructure.
|
|
17
|
-
*
|
|
18
|
-
* > **Note** The NAT gateway needs only one IP address per AZ. Hence, the public subnet only needs two IP addresses. In order to limit the number of IP addresses in the public subnet, you can specify a secondary CIDR block (cidr_block_public) using the argument secondaryCidrBlocks then pass it to the publicSubnets argument. Please review the [IPv4 CIDR block association restrictions](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) when choosing the secondary cidr block.
|
|
19
|
-
*
|
|
20
|
-
* Please follow this complete runnable example & subnet for new workspaces within GCP. It is essential to understand that this will require you to configure your provider separately for the multiple workspaces resources.
|
|
21
|
-
*
|
|
22
|
-
* * Databricks must have access to a subnet in the same region as the workspace, of which IP range will be used to allocate your workspace’s GKE cluster nodes.
|
|
23
|
-
* * The subnet must have a netmask between /29 and /9.
|
|
24
|
-
* * Databricks must have access to 2 secondary IP ranges, one between /21 to /9 for workspace’s GKE cluster pods, and one between /27 to /16 for workspace’s GKE cluster services.
|
|
25
|
-
* * Subnet must have outbound access to the public network using a gcpComputeRouterNat or other similar customer-managed appliance infrastructure.
|
|
7
|
+
* ### Creating a Databricks on GCP workspace
|
|
26
8
|
*
|
|
27
|
-
*
|
|
28
|
-
*
|
|
29
|
-
*
|
|
9
|
+
* ```typescript
|
|
10
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
11
|
+
* import * as databricks from "@pulumi/databricks";
|
|
12
|
+
* import * as google from "@pulumi/google";
|
|
30
13
|
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
*
|
|
14
|
+
* const config = new pulumi.Config();
|
|
15
|
+
* // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
|
|
16
|
+
* const databricksAccountId = config.requireObject("databricksAccountId");
|
|
17
|
+
* const dbxPrivateVpc = new google.index.ComputeNetwork("dbx_private_vpc", {
|
|
18
|
+
* project: googleProject,
|
|
19
|
+
* name: `tf-network-${suffix.result}`,
|
|
20
|
+
* autoCreateSubnetworks: false,
|
|
21
|
+
* });
|
|
22
|
+
* const network_with_private_secondary_ip_ranges = new google.index.ComputeSubnetwork("network-with-private-secondary-ip-ranges", {
|
|
23
|
+
* name: `test-dbx-${suffix.result}`,
|
|
24
|
+
* ipCidrRange: "10.0.0.0/16",
|
|
25
|
+
* region: "us-central1",
|
|
26
|
+
* network: dbxPrivateVpc.id,
|
|
27
|
+
* secondaryIpRange: [
|
|
28
|
+
* {
|
|
29
|
+
* rangeName: "pods",
|
|
30
|
+
* ipCidrRange: "10.1.0.0/16",
|
|
31
|
+
* },
|
|
32
|
+
* {
|
|
33
|
+
* rangeName: "svc",
|
|
34
|
+
* ipCidrRange: "10.2.0.0/20",
|
|
35
|
+
* },
|
|
36
|
+
* ],
|
|
37
|
+
* privateIpGoogleAccess: true,
|
|
38
|
+
* });
|
|
39
|
+
* const router = new google.index.ComputeRouter("router", {
|
|
40
|
+
* name: `my-router-${suffix.result}`,
|
|
41
|
+
* region: network_with_private_secondary_ip_ranges.region,
|
|
42
|
+
* network: dbxPrivateVpc.id,
|
|
43
|
+
* });
|
|
44
|
+
* const nat = new google.index.ComputeRouterNat("nat", {
|
|
45
|
+
* name: `my-router-nat-${suffix.result}`,
|
|
46
|
+
* router: router.name,
|
|
47
|
+
* region: router.region,
|
|
48
|
+
* natIpAllocateOption: "AUTO_ONLY",
|
|
49
|
+
* sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
|
|
50
|
+
* });
|
|
51
|
+
* const _this = new databricks.MwsNetworks("this", {
|
|
52
|
+
* accountId: databricksAccountId,
|
|
53
|
+
* networkName: `test-demo-${suffix.result}`,
|
|
54
|
+
* gcpNetworkInfo: {
|
|
55
|
+
* networkProjectId: googleProject,
|
|
56
|
+
* vpcId: dbxPrivateVpc.name,
|
|
57
|
+
* subnetId: networkWithPrivateSecondaryIpRanges.name,
|
|
58
|
+
* subnetRegion: networkWithPrivateSecondaryIpRanges.region,
|
|
59
|
+
* podIpRangeName: "pods",
|
|
60
|
+
* serviceIpRangeName: "svc",
|
|
61
|
+
* },
|
|
62
|
+
* });
|
|
63
|
+
* ```
|
|
34
64
|
*
|
|
35
|
-
*
|
|
36
|
-
* description = "Allow all internal TCP and UDP"
|
|
37
|
-
* self = true
|
|
38
|
-
* }]
|
|
39
|
-
* }
|
|
65
|
+
* In order to create a VPC [that leverages GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html) you would need to add the `vpcEndpointId` Attributes from mwsVpcEndpoint resources into the databricks.MwsNetworks resource. For example:
|
|
40
66
|
*
|
|
41
|
-
*
|
|
42
|
-
*
|
|
43
|
-
*
|
|
44
|
-
* networkName = "${local.prefix}-network"
|
|
45
|
-
* securityGroupIds = [module.vpc.default_security_group_id]
|
|
46
|
-
* subnetIds = module.vpc.private_subnets
|
|
47
|
-
* vpcId = module.vpc.vpc_id
|
|
48
|
-
* }
|
|
67
|
+
* ```typescript
|
|
68
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
69
|
+
* import * as databricks from "@pulumi/databricks";
|
|
49
70
|
*
|
|
50
|
-
*
|
|
51
|
-
*
|
|
52
|
-
*
|
|
71
|
+
* const _this = new databricks.MwsNetworks("this", {
|
|
72
|
+
* accountId: databricksAccountId,
|
|
73
|
+
* networkName: `test-demo-${suffix.result}`,
|
|
74
|
+
* gcpNetworkInfo: {
|
|
75
|
+
* networkProjectId: googleProject,
|
|
76
|
+
* vpcId: dbxPrivateVpc.name,
|
|
77
|
+
* subnetId: networkWithPrivateSecondaryIpRanges.name,
|
|
78
|
+
* subnetRegion: networkWithPrivateSecondaryIpRanges.region,
|
|
79
|
+
* podIpRangeName: "pods",
|
|
80
|
+
* serviceIpRangeName: "svc",
|
|
81
|
+
* },
|
|
82
|
+
* vpcEndpoints: {
|
|
83
|
+
* dataplaneRelays: [relay.vpcEndpointId],
|
|
84
|
+
* restApis: [workspace.vpcEndpointId],
|
|
85
|
+
* },
|
|
86
|
+
* });
|
|
87
|
+
* ```
|
|
53
88
|
*
|
|
54
89
|
* ## Modifying networks on running workspaces (AWS only)
|
|
55
90
|
*
|
|
@@ -68,7 +103,7 @@ import * as outputs from "./types/output";
|
|
|
68
103
|
* * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
|
|
69
104
|
* * Provisioning Databricks on GCP guide.
|
|
70
105
|
* * Provisioning Databricks workspaces on GCP with Private Service Connect guide.
|
|
71
|
-
* * databricks.MwsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
106
|
+
* * databricks.MwsVpcEndpoint to register awsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
72
107
|
* * databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) or [GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html).
|
|
73
108
|
* * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1).
|
|
74
109
|
*
|
package/mwsNetworks.js
CHANGED
|
@@ -6,55 +6,90 @@ exports.MwsNetworks = void 0;
|
|
|
6
6
|
const pulumi = require("@pulumi/pulumi");
|
|
7
7
|
const utilities = require("./utilities");
|
|
8
8
|
/**
|
|
9
|
-
* ##
|
|
10
|
-
*
|
|
11
|
-
* > **Note** Initialize provider with `alias = "mws"`, `host = "https://accounts.cloud.databricks.com"` and use `provider = databricks.mws`
|
|
12
|
-
*
|
|
13
|
-
* Use this resource to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS. It is essential to understand that this will require you to configure your provider separately for the multiple workspaces resources.
|
|
14
|
-
*
|
|
15
|
-
* * Databricks must have access to at least two subnets for each workspace, with each subnet in a different Availability Zone. You cannot specify more than one Databricks workspace subnet per Availability Zone in the Create network configuration API call. You can have more than one subnet per Availability Zone as part of your network setup, but you can choose only one subnet per Availability Zone for the Databricks workspace.
|
|
16
|
-
* * Databricks assigns two IP addresses per node, one for management traffic and one for Spark applications. The total number of instances for each subnet is equal to half of the available IP addresses.
|
|
17
|
-
* * Each subnet must have a netmask between /17 and /25.
|
|
18
|
-
* * Subnets must be private.
|
|
19
|
-
* * Subnets must have outbound access to the public network using a aws_nat_gateway, or other similar customer-managed appliance infrastructure.
|
|
20
|
-
* * The NAT gateway must be set up in its subnet (public_subnets in the example below) that routes quad-zero (0.0.0.0/0) traffic to an internet gateway or other customer-managed appliance infrastructure.
|
|
21
|
-
*
|
|
22
|
-
* > **Note** The NAT gateway needs only one IP address per AZ. Hence, the public subnet only needs two IP addresses. In order to limit the number of IP addresses in the public subnet, you can specify a secondary CIDR block (cidr_block_public) using the argument secondaryCidrBlocks then pass it to the publicSubnets argument. Please review the [IPv4 CIDR block association restrictions](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Subnets.html) when choosing the secondary cidr block.
|
|
23
|
-
*
|
|
24
|
-
* Please follow this complete runnable example & subnet for new workspaces within GCP. It is essential to understand that this will require you to configure your provider separately for the multiple workspaces resources.
|
|
25
|
-
*
|
|
26
|
-
* * Databricks must have access to a subnet in the same region as the workspace, of which IP range will be used to allocate your workspace’s GKE cluster nodes.
|
|
27
|
-
* * The subnet must have a netmask between /29 and /9.
|
|
28
|
-
* * Databricks must have access to 2 secondary IP ranges, one between /21 to /9 for workspace’s GKE cluster pods, and one between /27 to /16 for workspace’s GKE cluster services.
|
|
29
|
-
* * Subnet must have outbound access to the public network using a gcpComputeRouterNat or other similar customer-managed appliance infrastructure.
|
|
30
|
-
*
|
|
31
|
-
* Please follow this complete runnable example]
|
|
32
|
-
* privateSubnets = [cidrsubnet(var.cidr_block, 3, 1),
|
|
33
|
-
* cidrsubnet(var.cidr_block, 3, 2)]
|
|
34
|
-
*
|
|
35
|
-
* defaultSecurityGroupEgress = [{
|
|
36
|
-
* cidrBlocks = "0.0.0.0/0"
|
|
37
|
-
* }]
|
|
38
|
-
*
|
|
39
|
-
* defaultSecurityGroupIngress = [{
|
|
40
|
-
* description = "Allow all internal TCP and UDP"
|
|
41
|
-
* self = true
|
|
42
|
-
* }]
|
|
43
|
-
* }
|
|
44
|
-
*
|
|
45
|
-
* resource "databricks.MwsNetworks" "this" {
|
|
46
|
-
* provider = databricks.mws
|
|
47
|
-
* accountId = var.databricks_account_id
|
|
48
|
-
* networkName = "${local.prefix}-network"
|
|
49
|
-
* securityGroupIds = [module.vpc.default_security_group_id]
|
|
50
|
-
* subnetIds = module.vpc.private_subnets
|
|
51
|
-
* vpcId = module.vpc.vpc_id
|
|
52
|
-
* }
|
|
9
|
+
* ## Example Usage
|
|
53
10
|
*
|
|
54
11
|
* ### Creating a Databricks on GCP workspace
|
|
55
12
|
*
|
|
13
|
+
* ```typescript
|
|
14
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
15
|
+
* import * as databricks from "@pulumi/databricks";
|
|
16
|
+
* import * as google from "@pulumi/google";
|
|
17
|
+
*
|
|
18
|
+
* const config = new pulumi.Config();
|
|
19
|
+
* // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
|
|
20
|
+
* const databricksAccountId = config.requireObject("databricksAccountId");
|
|
21
|
+
* const dbxPrivateVpc = new google.index.ComputeNetwork("dbx_private_vpc", {
|
|
22
|
+
* project: googleProject,
|
|
23
|
+
* name: `tf-network-${suffix.result}`,
|
|
24
|
+
* autoCreateSubnetworks: false,
|
|
25
|
+
* });
|
|
26
|
+
* const network_with_private_secondary_ip_ranges = new google.index.ComputeSubnetwork("network-with-private-secondary-ip-ranges", {
|
|
27
|
+
* name: `test-dbx-${suffix.result}`,
|
|
28
|
+
* ipCidrRange: "10.0.0.0/16",
|
|
29
|
+
* region: "us-central1",
|
|
30
|
+
* network: dbxPrivateVpc.id,
|
|
31
|
+
* secondaryIpRange: [
|
|
32
|
+
* {
|
|
33
|
+
* rangeName: "pods",
|
|
34
|
+
* ipCidrRange: "10.1.0.0/16",
|
|
35
|
+
* },
|
|
36
|
+
* {
|
|
37
|
+
* rangeName: "svc",
|
|
38
|
+
* ipCidrRange: "10.2.0.0/20",
|
|
39
|
+
* },
|
|
40
|
+
* ],
|
|
41
|
+
* privateIpGoogleAccess: true,
|
|
42
|
+
* });
|
|
43
|
+
* const router = new google.index.ComputeRouter("router", {
|
|
44
|
+
* name: `my-router-${suffix.result}`,
|
|
45
|
+
* region: network_with_private_secondary_ip_ranges.region,
|
|
46
|
+
* network: dbxPrivateVpc.id,
|
|
47
|
+
* });
|
|
48
|
+
* const nat = new google.index.ComputeRouterNat("nat", {
|
|
49
|
+
* name: `my-router-nat-${suffix.result}`,
|
|
50
|
+
* router: router.name,
|
|
51
|
+
* region: router.region,
|
|
52
|
+
* natIpAllocateOption: "AUTO_ONLY",
|
|
53
|
+
* sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
|
|
54
|
+
* });
|
|
55
|
+
* const _this = new databricks.MwsNetworks("this", {
|
|
56
|
+
* accountId: databricksAccountId,
|
|
57
|
+
* networkName: `test-demo-${suffix.result}`,
|
|
58
|
+
* gcpNetworkInfo: {
|
|
59
|
+
* networkProjectId: googleProject,
|
|
60
|
+
* vpcId: dbxPrivateVpc.name,
|
|
61
|
+
* subnetId: networkWithPrivateSecondaryIpRanges.name,
|
|
62
|
+
* subnetRegion: networkWithPrivateSecondaryIpRanges.region,
|
|
63
|
+
* podIpRangeName: "pods",
|
|
64
|
+
* serviceIpRangeName: "svc",
|
|
65
|
+
* },
|
|
66
|
+
* });
|
|
67
|
+
* ```
|
|
68
|
+
*
|
|
56
69
|
* In order to create a VPC [that leverages GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html) you would need to add the `vpcEndpointId` Attributes from mwsVpcEndpoint resources into the databricks.MwsNetworks resource. For example:
|
|
57
70
|
*
|
|
71
|
+
* ```typescript
|
|
72
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
73
|
+
* import * as databricks from "@pulumi/databricks";
|
|
74
|
+
*
|
|
75
|
+
* const _this = new databricks.MwsNetworks("this", {
|
|
76
|
+
* accountId: databricksAccountId,
|
|
77
|
+
* networkName: `test-demo-${suffix.result}`,
|
|
78
|
+
* gcpNetworkInfo: {
|
|
79
|
+
* networkProjectId: googleProject,
|
|
80
|
+
* vpcId: dbxPrivateVpc.name,
|
|
81
|
+
* subnetId: networkWithPrivateSecondaryIpRanges.name,
|
|
82
|
+
* subnetRegion: networkWithPrivateSecondaryIpRanges.region,
|
|
83
|
+
* podIpRangeName: "pods",
|
|
84
|
+
* serviceIpRangeName: "svc",
|
|
85
|
+
* },
|
|
86
|
+
* vpcEndpoints: {
|
|
87
|
+
* dataplaneRelays: [relay.vpcEndpointId],
|
|
88
|
+
* restApis: [workspace.vpcEndpointId],
|
|
89
|
+
* },
|
|
90
|
+
* });
|
|
91
|
+
* ```
|
|
92
|
+
*
|
|
58
93
|
* ## Modifying networks on running workspaces (AWS only)
|
|
59
94
|
*
|
|
60
95
|
* Due to specifics of platform APIs, changing any attribute of network configuration would cause `databricks.MwsNetworks` to be re-created - deleted & added again with special case for running workspaces. Once network configuration is attached to a running databricks_mws_workspaces, you cannot delete it and `pulumi up` would result in `INVALID_STATE: Unable to delete, Network is being used by active workspace X` error. In order to modify any attributes of a network, you have to perform three different `pulumi up` steps:
|
|
@@ -72,7 +107,7 @@ const utilities = require("./utilities");
|
|
|
72
107
|
* * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
|
|
73
108
|
* * Provisioning Databricks on GCP guide.
|
|
74
109
|
* * Provisioning Databricks workspaces on GCP with Private Service Connect guide.
|
|
75
|
-
* * databricks.MwsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
110
|
+
* * databricks.MwsVpcEndpoint to register awsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
76
111
|
* * databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) or [GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html).
|
|
77
112
|
* * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1).
|
|
78
113
|
*
|
package/mwsNetworks.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"mwsNetworks.js","sourceRoot":"","sources":["../mwsNetworks.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC
|
|
1
|
+
{"version":3,"file":"mwsNetworks.js","sourceRoot":"","sources":["../mwsNetworks.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6GG;AACH,MAAa,WAAY,SAAQ,MAAM,CAAC,cAAc;IAClD;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAwB,EAAE,IAAmC;QACtH,OAAO,IAAI,WAAW,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAClE,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,WAAW,CAAC,YAAY,CAAC;IAC5D,CAAC;IAqDD,YAAY,IAAY,EAAE,WAAgD,EAAE,IAAmC;QAC3G,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAA2C,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5E,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,kBAAkB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChF,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1D,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;SACzE;aAAM;YACH,MAAM,IAAI,GAAG,WAA0C,CAAC;YACxD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,WAAW,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACxD,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;aAC9D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,SAAS,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,kBAAkB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9E,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;YACxD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;SACvE;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;QAC9D,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAChE,CAAC;;AAzHL,kCA0HC;AA5GG,gBAAgB;AACO,wBAAY,GAAG,0CAA0C,CAAC"}
|
|
@@ -75,7 +75,7 @@ import * as pulumi from "@pulumi/pulumi";
|
|
|
75
75
|
* * Provisioning Databricks on AWS with Private Link guide.
|
|
76
76
|
* * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
|
|
77
77
|
* * Provisioning Databricks workspaces on GCP with Private Service Connect guide.
|
|
78
|
-
* * databricks.MwsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
78
|
+
* * databricks.MwsVpcEndpoint to register awsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
79
79
|
* * databricks.MwsNetworks to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS.
|
|
80
80
|
* * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1).
|
|
81
81
|
*
|
|
@@ -81,7 +81,7 @@ const utilities = require("./utilities");
|
|
|
81
81
|
* * Provisioning Databricks on AWS with Private Link guide.
|
|
82
82
|
* * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
|
|
83
83
|
* * Provisioning Databricks workspaces on GCP with Private Service Connect guide.
|
|
84
|
-
* * databricks.MwsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
84
|
+
* * databricks.MwsVpcEndpoint to register awsVpcEndpoint resources with Databricks such that they can be used as part of a databricks.MwsNetworks configuration.
|
|
85
85
|
* * databricks.MwsNetworks to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS.
|
|
86
86
|
* * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1).
|
|
87
87
|
*
|
|
@@ -1,13 +1,31 @@
|
|
|
1
1
|
import * as pulumi from "@pulumi/pulumi";
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
3
|
+
* ## Example Usage
|
|
4
4
|
*
|
|
5
|
-
*
|
|
5
|
+
* ```typescript
|
|
6
|
+
* import * as pulumi from "@pulumi/pulumi";
|
|
7
|
+
* import * as aws from "@pulumi/aws";
|
|
8
|
+
* import * as databricks from "@pulumi/databricks";
|
|
6
9
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
10
|
+
* const config = new pulumi.Config();
|
|
11
|
+
* // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
|
|
12
|
+
* const databricksAccountId = config.requireObject("databricksAccountId");
|
|
13
|
+
* const rootStorageBucket = new aws.s3.BucketV2("root_storage_bucket", {
|
|
14
|
+
* bucket: `${prefix}-rootbucket`,
|
|
15
|
+
* acl: "private",
|
|
16
|
+
* });
|
|
17
|
+
* const rootVersioning = new aws.s3.BucketVersioningV2("root_versioning", {
|
|
18
|
+
* bucket: rootStorageBucket.id,
|
|
19
|
+
* versioningConfiguration: {
|
|
20
|
+
* status: "Disabled",
|
|
21
|
+
* },
|
|
22
|
+
* });
|
|
23
|
+
* const _this = new databricks.MwsStorageConfigurations("this", {
|
|
24
|
+
* accountId: databricksAccountId,
|
|
25
|
+
* storageConfigurationName: `${prefix}-storage`,
|
|
26
|
+
* bucketName: rootStorageBucket.bucket,
|
|
27
|
+
* });
|
|
28
|
+
* ```
|
|
11
29
|
*
|
|
12
30
|
* ## Related Resources
|
|
13
31
|
*
|
|
@@ -41,13 +59,22 @@ export declare class MwsStorageConfigurations extends pulumi.CustomResource {
|
|
|
41
59
|
* when multiple copies of the Pulumi SDK have been loaded into the same process.
|
|
42
60
|
*/
|
|
43
61
|
static isInstance(obj: any): obj is MwsStorageConfigurations;
|
|
62
|
+
/**
|
|
63
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
64
|
+
*/
|
|
44
65
|
readonly accountId: pulumi.Output<string>;
|
|
66
|
+
/**
|
|
67
|
+
* name of AWS S3 bucket
|
|
68
|
+
*/
|
|
45
69
|
readonly bucketName: pulumi.Output<string>;
|
|
46
70
|
readonly creationTime: pulumi.Output<number>;
|
|
47
71
|
/**
|
|
48
72
|
* (String) id of storage config to be used for `databricksMwsWorkspace` resource.
|
|
49
73
|
*/
|
|
50
74
|
readonly storageConfigurationId: pulumi.Output<string>;
|
|
75
|
+
/**
|
|
76
|
+
* name under which this storage configuration is stored
|
|
77
|
+
*/
|
|
51
78
|
readonly storageConfigurationName: pulumi.Output<string>;
|
|
52
79
|
/**
|
|
53
80
|
* Create a MwsStorageConfigurations resource with the given unique name, arguments, and options.
|
|
@@ -62,20 +89,38 @@ export declare class MwsStorageConfigurations extends pulumi.CustomResource {
|
|
|
62
89
|
* Input properties used for looking up and filtering MwsStorageConfigurations resources.
|
|
63
90
|
*/
|
|
64
91
|
export interface MwsStorageConfigurationsState {
|
|
92
|
+
/**
|
|
93
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
94
|
+
*/
|
|
65
95
|
accountId?: pulumi.Input<string>;
|
|
96
|
+
/**
|
|
97
|
+
* name of AWS S3 bucket
|
|
98
|
+
*/
|
|
66
99
|
bucketName?: pulumi.Input<string>;
|
|
67
100
|
creationTime?: pulumi.Input<number>;
|
|
68
101
|
/**
|
|
69
102
|
* (String) id of storage config to be used for `databricksMwsWorkspace` resource.
|
|
70
103
|
*/
|
|
71
104
|
storageConfigurationId?: pulumi.Input<string>;
|
|
105
|
+
/**
|
|
106
|
+
* name under which this storage configuration is stored
|
|
107
|
+
*/
|
|
72
108
|
storageConfigurationName?: pulumi.Input<string>;
|
|
73
109
|
}
|
|
74
110
|
/**
|
|
75
111
|
* The set of arguments for constructing a MwsStorageConfigurations resource.
|
|
76
112
|
*/
|
|
77
113
|
export interface MwsStorageConfigurationsArgs {
|
|
114
|
+
/**
|
|
115
|
+
* Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
|
|
116
|
+
*/
|
|
78
117
|
accountId: pulumi.Input<string>;
|
|
118
|
+
/**
|
|
119
|
+
* name of AWS S3 bucket
|
|
120
|
+
*/
|
|
79
121
|
bucketName: pulumi.Input<string>;
|
|
122
|
+
/**
|
|
123
|
+
* name under which this storage configuration is stored
|
|
124
|
+
*/
|
|
80
125
|
storageConfigurationName: pulumi.Input<string>;
|
|
81
126
|
}
|