@pulumi/databricks 1.77.0 → 1.78.0-alpha.1762486781

package/metastoreDataAccess.js

@@ -37,6 +37,34 @@ const utilities = require("./utilities");
  *
  * For Azure using managed identity as credential (recommended)
  *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as databricks from "@pulumi/databricks";
+ * import * as std from "@pulumi/std";
+ *
+ * const _this = new databricks.Metastore("this", {
+ *     name: "primary",
+ *     storageRoot: std.format({
+ *         input: "abfss://%s@%s.dfs.core.windows.net/",
+ *         args: [
+ *             unityCatalog.name,
+ *             unityCatalogAzurermStorageAccount.name,
+ *         ],
+ *     }).then(invoke => invoke.result),
+ *     owner: "uc admins",
+ *     region: "eastus",
+ *     forceDestroy: true,
+ * });
+ * const thisMetastoreDataAccess = new databricks.MetastoreDataAccess("this", {
+ *     metastoreId: _this.id,
+ *     name: "mi_dac",
+ *     azureManagedIdentity: {
+ *         accessConnectorId: accessConnectorId,
+ *     },
+ *     isDefault: true,
+ * });
+ * ```
+ *
  * ## Import
  *
  * This resource can be imported by combination of metastore id and the data access name.

package/metastoreDataAccess.js.map

@@ -1 +1 @@
-{"version":3,"file":"metastoreDataAccess.js","sourceRoot":"","sources":["../metastoreDataAccess.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqDG;AACH,MAAa,mBAAoB,SAAQ,MAAM,CAAC,cAAc;IAC1D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAgC,EAAE,IAAmC;QAC9H,OAAO,IAAI,mBAAmB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC;IACpE,CAAC;IA8BD,YAAY,IAAY,EAAE,WAAgE,EAAE,IAAmC;QAC3H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAmD,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,EAAE,qBAAqB,CAAC;YACvE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;YACjE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;SAC5D;aAAM;YACH,MAAM,IAAI,GAAG,WAAkD,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,EAAE,qBAAqB,CAAC;YACtE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,mBAAmB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACxE,CAAC;;AAlGL,kDAmGC;AArFG,gBAAgB;AACO,gCAAY,GAAG,0DAA0D,CAAC"}
+{"version":3,"file":"metastoreDataAccess.js","sourceRoot":"","sources":["../metastoreDataAccess.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiFG;AACH,MAAa,mBAAoB,SAAQ,MAAM,CAAC,cAAc;IAC1D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAgC,EAAE,IAAmC;QAC9H,OAAO,IAAI,mBAAmB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC1E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,mBAAmB,CAAC,YAAY,CAAC;IACpE,CAAC;IA8BD,YAAY,IAAY,EAAE,WAAgE,EAAE,IAAmC;QAC3H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAmD,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,EAAE,qBAAqB,CAAC;YACvE,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,EAAE,kBAAkB,CAAC;YACjE,cAAc,CAAC,SAAS,CAAC,GAAG,KAAK,EAAE,OAAO,CAAC;YAC3C,cAAc,CAAC,6BAA6B,CAAC,GAAG,KAAK,EAAE,2BAA2B,CAAC;YACnF,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,EAAE,aAAa,CAAC;YACvD,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,EAAE,WAAW,CAAC;YACnD,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,EAAE,IAAI,CAAC;YACrC,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,EAAE,KAAK,CAAC;YACvC,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;YAC7C,cAAc,CAAC,gBAAgB,CAAC,GAAG,KAAK,EAAE,cAAc,CAAC;SAC5D;aAAM;YACH,MAAM,IAAI,GAAG,WAAkD,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,EAAE,qBAAqB,CAAC;YACtE,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,EAAE,kBAAkB,CAAC;YAChE,cAAc,CAAC,SAAS,CAAC,GAAG,IAAI,EAAE,OAAO,CAAC;YAC1C,cAAc,CAAC,6BAA6B,CAAC,GAAG,IAAI,EAAE,2BAA2B,CAAC;YAClF,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,EAAE,aAAa,CAAC;YACtD,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,EAAE,WAAW,CAAC;YAClD,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,EAAE,IAAI,CAAC;YACpC,cAAc,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,KAAK,CAAC;YACtC,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;YAC5C,cAAc,CAAC,gBAAgB,CAAC,GAAG,IAAI,EAAE,cAAc,CAAC;SAC3D;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,mBAAmB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IACxE,CAAC;;AAlGL,kDAmGC;AArFG,gBAAgB;AACO,gCAAY,GAAG,0DAA0D,CAAC"}

package/mlflowWebhook.d.ts

@@ -26,9 +26,9 @@ import * as outputs from "./types/output";
  *     contentBase64: std.base64encode({
  *         input: `import json
  *
- * event_message = dbutils.widgets.get("event_message")
+ * event_message = dbutils.widgets.get(\\"event_message\\")
  * event_message_dict = json.loads(event_message)
- * print(f"event data={event_message_dict}")
+ * print(f\\"event data={event_message_dict}\\")
  * `,
  *     }).then(invoke => invoke.result),
  * });

package/mlflowWebhook.js

@@ -30,9 +30,9 @@ const utilities = require("./utilities");
  *     contentBase64: std.base64encode({
  *         input: `import json
  *
- * event_message = dbutils.widgets.get("event_message")
+ * event_message = dbutils.widgets.get(\\"event_message\\")
  * event_message_dict = json.loads(event_message)
- * print(f"event data={event_message_dict}")
+ * print(f\\"event data={event_message_dict}\\")
  * `,
  *     }).then(invoke => invoke.result),
  * });

package/mwsCredentials.d.ts

@@ -15,16 +15,16 @@ import * as pulumi from "@pulumi/pulumi";
  * const _this = databricks.getAwsAssumeRolePolicy({
  *     externalId: databricksAccountId,
  * });
- * const crossAccountRole = new aws.iam.Role("cross_account_role", {
+ * const crossAccountRole = new aws.index.IamRole("cross_account_role", {
  *     name: `${prefix}-crossaccount`,
- *     assumeRolePolicy: _this.then(_this => _this.json),
+ *     assumeRolePolicy: _this.json,
  *     tags: tags,
  * });
  * const thisGetAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
- * const thisRolePolicy = new aws.iam.RolePolicy("this", {
+ * const thisIamRolePolicy = new aws.index.IamRolePolicy("this", {
  *     name: `${prefix}-policy`,
  *     role: crossAccountRole.id,
- *     policy: thisGetAwsCrossAccountPolicy.then(thisGetAwsCrossAccountPolicy => thisGetAwsCrossAccountPolicy.json),
+ *     policy: thisGetAwsCrossAccountPolicy.json,
  * });
  * const thisMwsCredentials = new databricks.MwsCredentials("this", {
  *     credentialsName: `${prefix}-creds`,

package/mwsCredentials.js

@@ -21,16 +21,16 @@ const utilities = require("./utilities");
  * const _this = databricks.getAwsAssumeRolePolicy({
  *     externalId: databricksAccountId,
  * });
- * const crossAccountRole = new aws.iam.Role("cross_account_role", {
+ * const crossAccountRole = new aws.index.IamRole("cross_account_role", {
  *     name: `${prefix}-crossaccount`,
- *     assumeRolePolicy: _this.then(_this => _this.json),
+ *     assumeRolePolicy: _this.json,
  *     tags: tags,
  * });
  * const thisGetAwsCrossAccountPolicy = databricks.getAwsCrossAccountPolicy({});
- * const thisRolePolicy = new aws.iam.RolePolicy("this", {
+ * const thisIamRolePolicy = new aws.index.IamRolePolicy("this", {
  *     name: `${prefix}-policy`,
  *     role: crossAccountRole.id,
- *     policy: thisGetAwsCrossAccountPolicy.then(thisGetAwsCrossAccountPolicy => thisGetAwsCrossAccountPolicy.json),
+ *     policy: thisGetAwsCrossAccountPolicy.json,
  * });
  * const thisMwsCredentials = new databricks.MwsCredentials("this", {
  *     credentialsName: `${prefix}-creds`,

package/mwsCustomerManagedKeys.d.ts

@@ -10,60 +10,6 @@ import * as outputs from "./types/output";
  *
  * You must configure this during workspace creation
  *
- * ### For AWS
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as aws from "@pulumi/aws";
- * import * as databricks from "@pulumi/databricks";
- *
- * const config = new pulumi.Config();
- * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
- * const databricksAccountId = config.requireObject<any>("databricksAccountId");
- * const current = aws.getCallerIdentity({});
- * const databricksManagedServicesCmk = current.then(current => aws.iam.getPolicyDocument({
- *     version: "2012-10-17",
- *     statements: [
- *         {
- *             sid: "Enable IAM User Permissions",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [current.accountId],
- *             }],
- *             actions: ["kms:*"],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for control plane managed services",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:Encrypt",
- *                 "kms:Decrypt",
- *             ],
- *             resources: ["*"],
- *         },
- *     ],
- * }));
- * const managedServicesCustomerManagedKey = new aws.kms.Key("managed_services_customer_managed_key", {policy: databricksManagedServicesCmk.then(databricksManagedServicesCmk => databricksManagedServicesCmk.json)});
- * const managedServicesCustomerManagedKeyAlias = new aws.kms.Alias("managed_services_customer_managed_key_alias", {
- *     name: "alias/managed-services-customer-managed-key-alias",
- *     targetKeyId: managedServicesCustomerManagedKey.keyId,
- * });
- * const managedServices = new databricks.MwsCustomerManagedKeys("managed_services", {
- *     accountId: databricksAccountId,
- *     awsKeyInfo: {
- *         keyArn: managedServicesCustomerManagedKey.arn,
- *         keyAlias: managedServicesCustomerManagedKeyAlias.name,
- *     },
- *     useCases: ["MANAGED_SERVICES"],
- * });
- * ```
- *
  * ### For GCP
  *
  * ```typescript
@@ -86,104 +32,6 @@ import * as outputs from "./types/output";
  *
  * ### Customer-managed key for workspace storage
  *
- * ### For AWS
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as aws from "@pulumi/aws";
- * import * as databricks from "@pulumi/databricks";
- *
- * const config = new pulumi.Config();
- * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
- * const databricksAccountId = config.requireObject<any>("databricksAccountId");
- * // AWS ARN for the Databricks cross account role
- * const databricksCrossAccountRole = config.requireObject<any>("databricksCrossAccountRole");
- * const current = aws.getCallerIdentity({});
- * const databricksStorageCmk = current.then(current => aws.iam.getPolicyDocument({
- *     version: "2012-10-17",
- *     statements: [
- *         {
- *             sid: "Enable IAM User Permissions",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [current.accountId],
- *             }],
- *             actions: ["kms:*"],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for DBFS",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:Encrypt",
- *                 "kms:Decrypt",
- *                 "kms:ReEncrypt*",
- *                 "kms:GenerateDataKey*",
- *                 "kms:DescribeKey",
- *             ],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for DBFS (Grants)",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:CreateGrant",
- *                 "kms:ListGrants",
- *                 "kms:RevokeGrant",
- *             ],
- *             resources: ["*"],
- *             conditions: [{
- *                 test: "Bool",
- *                 variable: "kms:GrantIsForAWSResource",
- *                 values: ["true"],
- *             }],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for EBS",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [databricksCrossAccountRole],
- *             }],
- *             actions: [
- *                 "kms:Decrypt",
- *                 "kms:GenerateDataKey*",
- *                 "kms:CreateGrant",
- *                 "kms:DescribeKey",
- *             ],
- *             resources: ["*"],
- *             conditions: [{
- *                 test: "ForAnyValue:StringLike",
- *                 variable: "kms:ViaService",
- *                 values: ["ec2.*.amazonaws.com"],
- *             }],
- *         },
- *     ],
- * }));
- * const storageCustomerManagedKey = new aws.kms.Key("storage_customer_managed_key", {policy: databricksStorageCmk.then(databricksStorageCmk => databricksStorageCmk.json)});
- * const storageCustomerManagedKeyAlias = new aws.kms.Alias("storage_customer_managed_key_alias", {
- *     name: "alias/storage-customer-managed-key-alias",
- *     targetKeyId: storageCustomerManagedKey.keyId,
- * });
- * const storage = new databricks.MwsCustomerManagedKeys("storage", {
- *     accountId: databricksAccountId,
- *     awsKeyInfo: {
- *         keyArn: storageCustomerManagedKey.arn,
- *         keyAlias: storageCustomerManagedKeyAlias.name,
- *     },
- *     useCases: ["STORAGE"],
- * });
- * ```
- *
  * ### For GCP
  *
  * ```typescript

package/mwsCustomerManagedKeys.js

@@ -14,60 +14,6 @@ const utilities = require("./utilities");
  *
  * You must configure this during workspace creation
  *
- * ### For AWS
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as aws from "@pulumi/aws";
- * import * as databricks from "@pulumi/databricks";
- *
- * const config = new pulumi.Config();
- * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
- * const databricksAccountId = config.requireObject<any>("databricksAccountId");
- * const current = aws.getCallerIdentity({});
- * const databricksManagedServicesCmk = current.then(current => aws.iam.getPolicyDocument({
- *     version: "2012-10-17",
- *     statements: [
- *         {
- *             sid: "Enable IAM User Permissions",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [current.accountId],
- *             }],
- *             actions: ["kms:*"],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for control plane managed services",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:Encrypt",
- *                 "kms:Decrypt",
- *             ],
- *             resources: ["*"],
- *         },
- *     ],
- * }));
- * const managedServicesCustomerManagedKey = new aws.kms.Key("managed_services_customer_managed_key", {policy: databricksManagedServicesCmk.then(databricksManagedServicesCmk => databricksManagedServicesCmk.json)});
- * const managedServicesCustomerManagedKeyAlias = new aws.kms.Alias("managed_services_customer_managed_key_alias", {
- *     name: "alias/managed-services-customer-managed-key-alias",
- *     targetKeyId: managedServicesCustomerManagedKey.keyId,
- * });
- * const managedServices = new databricks.MwsCustomerManagedKeys("managed_services", {
- *     accountId: databricksAccountId,
- *     awsKeyInfo: {
- *         keyArn: managedServicesCustomerManagedKey.arn,
- *         keyAlias: managedServicesCustomerManagedKeyAlias.name,
- *     },
- *     useCases: ["MANAGED_SERVICES"],
- * });
- * ```
- *
  * ### For GCP
  *
  * ```typescript
@@ -90,104 +36,6 @@ const utilities = require("./utilities");
  *
  * ### Customer-managed key for workspace storage
  *
- * ### For AWS
- *
- * ```typescript
- * import * as pulumi from "@pulumi/pulumi";
- * import * as aws from "@pulumi/aws";
- * import * as databricks from "@pulumi/databricks";
- *
- * const config = new pulumi.Config();
- * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
- * const databricksAccountId = config.requireObject<any>("databricksAccountId");
- * // AWS ARN for the Databricks cross account role
- * const databricksCrossAccountRole = config.requireObject<any>("databricksCrossAccountRole");
- * const current = aws.getCallerIdentity({});
- * const databricksStorageCmk = current.then(current => aws.iam.getPolicyDocument({
- *     version: "2012-10-17",
- *     statements: [
- *         {
- *             sid: "Enable IAM User Permissions",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [current.accountId],
- *             }],
- *             actions: ["kms:*"],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for DBFS",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:Encrypt",
- *                 "kms:Decrypt",
- *                 "kms:ReEncrypt*",
- *                 "kms:GenerateDataKey*",
- *                 "kms:DescribeKey",
- *             ],
- *             resources: ["*"],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for DBFS (Grants)",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: ["arn:aws:iam::414351767826:root"],
- *             }],
- *             actions: [
- *                 "kms:CreateGrant",
- *                 "kms:ListGrants",
- *                 "kms:RevokeGrant",
- *             ],
- *             resources: ["*"],
- *             conditions: [{
- *                 test: "Bool",
- *                 variable: "kms:GrantIsForAWSResource",
- *                 values: ["true"],
- *             }],
- *         },
- *         {
- *             sid: "Allow Databricks to use KMS key for EBS",
- *             effect: "Allow",
- *             principals: [{
- *                 type: "AWS",
- *                 identifiers: [databricksCrossAccountRole],
- *             }],
- *             actions: [
- *                 "kms:Decrypt",
- *                 "kms:GenerateDataKey*",
- *                 "kms:CreateGrant",
- *                 "kms:DescribeKey",
- *             ],
- *             resources: ["*"],
- *             conditions: [{
- *                 test: "ForAnyValue:StringLike",
- *                 variable: "kms:ViaService",
- *                 values: ["ec2.*.amazonaws.com"],
- *             }],
- *         },
- *     ],
- * }));
- * const storageCustomerManagedKey = new aws.kms.Key("storage_customer_managed_key", {policy: databricksStorageCmk.then(databricksStorageCmk => databricksStorageCmk.json)});
- * const storageCustomerManagedKeyAlias = new aws.kms.Alias("storage_customer_managed_key_alias", {
- *     name: "alias/storage-customer-managed-key-alias",
- *     targetKeyId: storageCustomerManagedKey.keyId,
- * });
- * const storage = new databricks.MwsCustomerManagedKeys("storage", {
- *     accountId: databricksAccountId,
- *     awsKeyInfo: {
- *         keyArn: storageCustomerManagedKey.arn,
- *         keyAlias: storageCustomerManagedKeyAlias.name,
- *     },
- *     useCases: ["STORAGE"],
- * });
- * ```
- *
  * ### For GCP
  *
  * ```typescript

package/mwsCustomerManagedKeys.js.map

@@ -1 +1 @@
-{"version":3,"file":"mwsCustomerManagedKeys.js","sourceRoot":"","sources":["../mwsCustomerManagedKeys.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+OG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IAqCD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;SAChD;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;SAC/C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AA3FL,wDA4FC;AA9EG,gBAAgB;AACO,mCAAY,GAAG,gEAAgE,CAAC"}
+{"version":3,"file":"mwsCustomerManagedKeys.js","sourceRoot":"","sources":["../mwsCustomerManagedKeys.ts"],"names":[],"mappings":";AAAA,sEAAsE;AACtE,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuFG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,EAAE,EAAE,GAAG,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IAqCD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,EAAE,SAAS,CAAC;YAC/C,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,cAAc,CAAC,GAAG,KAAK,EAAE,YAAY,CAAC;YACrD,cAAc,CAAC,sBAAsB,CAAC,GAAG,KAAK,EAAE,oBAAoB,CAAC;YACrE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,EAAE,UAAU,CAAC;YACjD,cAAc,CAAC,UAAU,CAAC,GAAG,KAAK,EAAE,QAAQ,CAAC;SAChD;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,IAAI,EAAE,SAAS,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC5C,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,IAAI,EAAE,QAAQ,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC3C,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;aAC3D;YACD,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,EAAE,SAAS,CAAC;YAC9C,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,cAAc,CAAC,GAAG,IAAI,EAAE,YAAY,CAAC;YACpD,cAAc,CAAC,sBAAsB,CAAC,GAAG,IAAI,EAAE,oBAAoB,CAAC;YACpE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,EAAE,UAAU,CAAC;YAChD,cAAc,CAAC,UAAU,CAAC,GAAG,IAAI,EAAE,QAAQ,CAAC;SAC/C;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AA3FL,wDA4FC;AA9EG,gBAAgB;AACO,mCAAY,GAAG,gEAAgE,CAAC"}

package/mwsLogDelivery.d.ts

@@ -6,6 +6,96 @@ import * as pulumi from "@pulumi/pulumi";
  *
  * You cannot delete a log delivery configuration, but you can disable it when you no longer need it. This fact is important because there is a limit to the number of enabled log delivery configurations that you can create for an account. You can create a maximum of two enabled configurations that use the account level (no workspace filter) and two enabled configurations for every specific workspace (a workspaceId can occur in the workspace filter for two configurations). You can re-enable a disabled configuration, but the request fails if it violates the limits previously described.
  *
+ * ## Example Usage
+ *
+ * End-to-end example of usage and audit log delivery:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as databricks from "@pulumi/databricks";
+ * import * as std from "@pulumi/std";
+ * import * as time from "@pulumiverse/time";
+ *
+ * const config = new pulumi.Config();
+ * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
+ * const databricksAccountId = config.requireObject<any>("databricksAccountId");
+ * const logdeliveryS3Bucket = new aws.index.S3Bucket("logdelivery", {
+ *     bucket: `${prefix}-logdelivery`,
+ *     acl: "private",
+ *     forceDestroy: true,
+ *     tags: std.merge({
+ *         input: [
+ *             tags,
+ *             {
+ *                 name: `${prefix}-logdelivery`,
+ *             },
+ *         ],
+ *     }).result,
+ * });
+ * const logdeliveryS3BucketPublicAccessBlock = new aws.index.S3BucketPublicAccessBlock("logdelivery", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     ignorePublicAcls: true,
+ * });
+ * const logdelivery = databricks.getAwsAssumeRolePolicy({
+ *     externalId: databricksAccountId,
+ *     forLogDelivery: true,
+ * });
+ * const logdeliveryVersioning = new aws.index.S3BucketVersioning("logdelivery_versioning", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     versioningConfiguration: [{
+ *         status: "Disabled",
+ *     }],
+ * });
+ * const logdeliveryIamRole = new aws.index.IamRole("logdelivery", {
+ *     name: `${prefix}-logdelivery`,
+ *     description: `(${prefix}) UsageDelivery role`,
+ *     assumeRolePolicy: logdelivery.json,
+ *     tags: tags,
+ * });
+ * const logdeliveryGetAwsBucketPolicy = databricks.getAwsBucketPolicy({
+ *     fullAccessRole: logdeliveryIamRole.arn,
+ *     bucket: logdeliveryS3Bucket.bucket,
+ * });
+ * const logdeliveryS3BucketPolicy = new aws.index.S3BucketPolicy("logdelivery", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     policy: logdeliveryGetAwsBucketPolicy.json,
+ * });
+ * const wait = new time.Sleep("wait", {createDuration: "10s"}, {
+ *     dependsOn: [logdeliveryIamRole],
+ * });
+ * const logWriter = new databricks.MwsCredentials("log_writer", {
+ *     accountId: databricksAccountId,
+ *     credentialsName: "Usage Delivery",
+ *     roleArn: logdeliveryIamRole.arn,
+ * }, {
+ *     dependsOn: [wait],
+ * });
+ * const logBucket = new databricks.MwsStorageConfigurations("log_bucket", {
+ *     accountId: databricksAccountId,
+ *     storageConfigurationName: "Usage Logs",
+ *     bucketName: logdeliveryS3Bucket.bucket,
+ * });
+ * const usageLogs = new databricks.MwsLogDelivery("usage_logs", {
+ *     accountId: databricksAccountId,
+ *     credentialsId: logWriter.credentialsId,
+ *     storageConfigurationId: logBucket.storageConfigurationId,
+ *     deliveryPathPrefix: "billable-usage",
+ *     configName: "Usage Logs",
+ *     logType: "BILLABLE_USAGE",
+ *     outputFormat: "CSV",
+ * });
+ * const auditLogs = new databricks.MwsLogDelivery("audit_logs", {
+ *     accountId: databricksAccountId,
+ *     credentialsId: logWriter.credentialsId,
+ *     storageConfigurationId: logBucket.storageConfigurationId,
+ *     deliveryPathPrefix: "audit-logs",
+ *     configName: "Audit Logs",
+ *     logType: "AUDIT_LOGS",
+ *     outputFormat: "JSON",
+ * });
+ * ```
+ *
  * ## Billable Usage
  *
  * CSV files are delivered to `<delivery_path_prefix>/billable-usage/csv/` and are named `workspaceId=<workspace-id>-usageMonth=<month>.csv`, which are delivered daily by overwriting the month's CSV file for each workspace. Format of CSV file, as well as some usage examples, can be found [here](https://docs.databricks.com/administration-guide/account-settings/usage.html#download-usage-as-a-csv-file).

package/mwsLogDelivery.js

@@ -12,6 +12,96 @@ const utilities = require("./utilities");
  *
  * You cannot delete a log delivery configuration, but you can disable it when you no longer need it. This fact is important because there is a limit to the number of enabled log delivery configurations that you can create for an account. You can create a maximum of two enabled configurations that use the account level (no workspace filter) and two enabled configurations for every specific workspace (a workspaceId can occur in the workspace filter for two configurations). You can re-enable a disabled configuration, but the request fails if it violates the limits previously described.
  *
+ * ## Example Usage
+ *
+ * End-to-end example of usage and audit log delivery:
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as aws from "@pulumi/aws";
+ * import * as databricks from "@pulumi/databricks";
+ * import * as std from "@pulumi/std";
+ * import * as time from "@pulumiverse/time";
+ *
+ * const config = new pulumi.Config();
+ * // Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
+ * const databricksAccountId = config.requireObject<any>("databricksAccountId");
+ * const logdeliveryS3Bucket = new aws.index.S3Bucket("logdelivery", {
+ *     bucket: `${prefix}-logdelivery`,
+ *     acl: "private",
+ *     forceDestroy: true,
+ *     tags: std.merge({
+ *         input: [
+ *             tags,
+ *             {
+ *                 name: `${prefix}-logdelivery`,
+ *             },
+ *         ],
+ *     }).result,
+ * });
+ * const logdeliveryS3BucketPublicAccessBlock = new aws.index.S3BucketPublicAccessBlock("logdelivery", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     ignorePublicAcls: true,
+ * });
+ * const logdelivery = databricks.getAwsAssumeRolePolicy({
+ *     externalId: databricksAccountId,
+ *     forLogDelivery: true,
+ * });
+ * const logdeliveryVersioning = new aws.index.S3BucketVersioning("logdelivery_versioning", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     versioningConfiguration: [{
+ *         status: "Disabled",
+ *     }],
+ * });
+ * const logdeliveryIamRole = new aws.index.IamRole("logdelivery", {
+ *     name: `${prefix}-logdelivery`,
+ *     description: `(${prefix}) UsageDelivery role`,
+ *     assumeRolePolicy: logdelivery.json,
+ *     tags: tags,
+ * });
+ * const logdeliveryGetAwsBucketPolicy = databricks.getAwsBucketPolicy({
+ *     fullAccessRole: logdeliveryIamRole.arn,
+ *     bucket: logdeliveryS3Bucket.bucket,
+ * });
+ * const logdeliveryS3BucketPolicy = new aws.index.S3BucketPolicy("logdelivery", {
+ *     bucket: logdeliveryS3Bucket.id,
+ *     policy: logdeliveryGetAwsBucketPolicy.json,
+ * });
+ * const wait = new time.Sleep("wait", {createDuration: "10s"}, {
+ *     dependsOn: [logdeliveryIamRole],
+ * });
+ * const logWriter = new databricks.MwsCredentials("log_writer", {
+ *     accountId: databricksAccountId,
+ *     credentialsName: "Usage Delivery",
+ *     roleArn: logdeliveryIamRole.arn,
+ * }, {
+ *     dependsOn: [wait],
+ * });
+ * const logBucket = new databricks.MwsStorageConfigurations("log_bucket", {
+ *     accountId: databricksAccountId,
+ *     storageConfigurationName: "Usage Logs",
+ *     bucketName: logdeliveryS3Bucket.bucket,
+ * });
+ * const usageLogs = new databricks.MwsLogDelivery("usage_logs", {
+ *     accountId: databricksAccountId,
+ *     credentialsId: logWriter.credentialsId,
+ *     storageConfigurationId: logBucket.storageConfigurationId,
+ *     deliveryPathPrefix: "billable-usage",
+ *     configName: "Usage Logs",
+ *     logType: "BILLABLE_USAGE",
+ *     outputFormat: "CSV",
+ * });
+ * const auditLogs = new databricks.MwsLogDelivery("audit_logs", {
+ *     accountId: databricksAccountId,
+ *     credentialsId: logWriter.credentialsId,
+ *     storageConfigurationId: logBucket.storageConfigurationId,
+ *     deliveryPathPrefix: "audit-logs",
+ *     configName: "Audit Logs",
+ *     logType: "AUDIT_LOGS",
+ *     outputFormat: "JSON",
+ * });
+ * ```
+ *
  * ## Billable Usage
  *
  * CSV files are delivered to `<delivery_path_prefix>/billable-usage/csv/` and are named `workspaceId=<workspace-id>-usageMonth=<month>.csv`, which are delivered daily by overwriting the month's CSV file for each workspace. Format of CSV file, as well as some usage examples, can be found [here](https://docs.databricks.com/administration-guide/account-settings/usage.html#download-usage-as-a-csv-file).