pulumi-databricks 1.78.0a1762407761__py3-none-any.whl → 1.79.0__py3-none-any.whl

pulumi_databricks/mws_log_delivery.py

@@ -404,6 +404,79 @@ class MwsLogDelivery(pulumi.CustomResource):
 
         You cannot delete a log delivery configuration, but you can disable it when you no longer need it. This fact is important because there is a limit to the number of enabled log delivery configurations that you can create for an account. You can create a maximum of two enabled configurations that use the account level (no workspace filter) and two enabled configurations for every specific workspace (a workspaceId can occur in the workspace filter for two configurations). You can re-enable a disabled configuration, but the request fails if it violates the limits previously described.
 
+        ## Example Usage
+
+        End-to-end example of usage and audit log delivery:
+
+        ```python
+        import pulumi
+        import pulumi_aws as aws
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+        import pulumiverse_time as time
+
+        config = pulumi.Config()
+        # Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
+        databricks_account_id = config.require_object("databricksAccountId")
+        logdelivery_s3_bucket = aws.index.S3Bucket("logdelivery",
+            bucket=f{prefix}-logdelivery,
+            acl=private,
+            force_destroy=True,
+            tags=std.merge(input=[
+                tags,
+                {
+                    name: f{prefix}-logdelivery,
+                },
+            ]).result)
+        logdelivery_s3_bucket_public_access_block = aws.index.S3BucketPublicAccessBlock("logdelivery",
+            bucket=logdelivery_s3_bucket.id,
+            ignore_public_acls=True)
+        logdelivery = databricks.get_aws_assume_role_policy(external_id=databricks_account_id,
+            for_log_delivery=True)
+        logdelivery_versioning = aws.index.S3BucketVersioning("logdelivery_versioning",
+            bucket=logdelivery_s3_bucket.id,
+            versioning_configuration=[{
+                status: Disabled,
+            }])
+        logdelivery_iam_role = aws.index.IamRole("logdelivery",
+            name=f{prefix}-logdelivery,
+            description=f({prefix}) UsageDelivery role,
+            assume_role_policy=logdelivery.json,
+            tags=tags)
+        logdelivery_get_aws_bucket_policy = databricks.get_aws_bucket_policy(full_access_role=logdelivery_iam_role["arn"],
+            bucket=logdelivery_s3_bucket["bucket"])
+        logdelivery_s3_bucket_policy = aws.index.S3BucketPolicy("logdelivery",
+            bucket=logdelivery_s3_bucket.id,
+            policy=logdelivery_get_aws_bucket_policy.json)
+        wait = time.Sleep("wait", create_duration="10s",
+        opts = pulumi.ResourceOptions(depends_on=[logdelivery_iam_role]))
+        log_writer = databricks.MwsCredentials("log_writer",
+            account_id=databricks_account_id,
+            credentials_name="Usage Delivery",
+            role_arn=logdelivery_iam_role["arn"],
+            opts = pulumi.ResourceOptions(depends_on=[wait]))
+        log_bucket = databricks.MwsStorageConfigurations("log_bucket",
+            account_id=databricks_account_id,
+            storage_configuration_name="Usage Logs",
+            bucket_name=logdelivery_s3_bucket["bucket"])
+        usage_logs = databricks.MwsLogDelivery("usage_logs",
+            account_id=databricks_account_id,
+            credentials_id=log_writer.credentials_id,
+            storage_configuration_id=log_bucket.storage_configuration_id,
+            delivery_path_prefix="billable-usage",
+            config_name="Usage Logs",
+            log_type="BILLABLE_USAGE",
+            output_format="CSV")
+        audit_logs = databricks.MwsLogDelivery("audit_logs",
+            account_id=databricks_account_id,
+            credentials_id=log_writer.credentials_id,
+            storage_configuration_id=log_bucket.storage_configuration_id,
+            delivery_path_prefix="audit-logs",
+            config_name="Audit Logs",
+            log_type="AUDIT_LOGS",
+            output_format="JSON")
+        ```
+
         ## Billable Usage
 
         CSV files are delivered to `<delivery_path_prefix>/billable-usage/csv/` and are named `workspaceId=<workspace-id>-usageMonth=<month>.csv`, which are delivered daily by overwriting the month's CSV file for each workspace. Format of CSV file, as well as some usage examples, can be found [here](https://docs.databricks.com/administration-guide/account-settings/usage.html#download-usage-as-a-csv-file).
@@ -484,6 +557,79 @@ class MwsLogDelivery(pulumi.CustomResource):
 
         You cannot delete a log delivery configuration, but you can disable it when you no longer need it. This fact is important because there is a limit to the number of enabled log delivery configurations that you can create for an account. You can create a maximum of two enabled configurations that use the account level (no workspace filter) and two enabled configurations for every specific workspace (a workspaceId can occur in the workspace filter for two configurations). You can re-enable a disabled configuration, but the request fails if it violates the limits previously described.
 
+        ## Example Usage
+
+        End-to-end example of usage and audit log delivery:
+
+        ```python
+        import pulumi
+        import pulumi_aws as aws
+        import pulumi_databricks as databricks
+        import pulumi_std as std
+        import pulumiverse_time as time
+
+        config = pulumi.Config()
+        # Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
+        databricks_account_id = config.require_object("databricksAccountId")
+        logdelivery_s3_bucket = aws.index.S3Bucket("logdelivery",
+            bucket=f{prefix}-logdelivery,
+            acl=private,
+            force_destroy=True,
+            tags=std.merge(input=[
+                tags,
+                {
+                    name: f{prefix}-logdelivery,
+                },
+            ]).result)
+        logdelivery_s3_bucket_public_access_block = aws.index.S3BucketPublicAccessBlock("logdelivery",
+            bucket=logdelivery_s3_bucket.id,
+            ignore_public_acls=True)
+        logdelivery = databricks.get_aws_assume_role_policy(external_id=databricks_account_id,
+            for_log_delivery=True)
+        logdelivery_versioning = aws.index.S3BucketVersioning("logdelivery_versioning",
+            bucket=logdelivery_s3_bucket.id,
+            versioning_configuration=[{
+                status: Disabled,
+            }])
+        logdelivery_iam_role = aws.index.IamRole("logdelivery",
+            name=f{prefix}-logdelivery,
+            description=f({prefix}) UsageDelivery role,
+            assume_role_policy=logdelivery.json,
+            tags=tags)
+        logdelivery_get_aws_bucket_policy = databricks.get_aws_bucket_policy(full_access_role=logdelivery_iam_role["arn"],
+            bucket=logdelivery_s3_bucket["bucket"])
+        logdelivery_s3_bucket_policy = aws.index.S3BucketPolicy("logdelivery",
+            bucket=logdelivery_s3_bucket.id,
+            policy=logdelivery_get_aws_bucket_policy.json)
+        wait = time.Sleep("wait", create_duration="10s",
+        opts = pulumi.ResourceOptions(depends_on=[logdelivery_iam_role]))
+        log_writer = databricks.MwsCredentials("log_writer",
+            account_id=databricks_account_id,
+            credentials_name="Usage Delivery",
+            role_arn=logdelivery_iam_role["arn"],
+            opts = pulumi.ResourceOptions(depends_on=[wait]))
+        log_bucket = databricks.MwsStorageConfigurations("log_bucket",
+            account_id=databricks_account_id,
+            storage_configuration_name="Usage Logs",
+            bucket_name=logdelivery_s3_bucket["bucket"])
+        usage_logs = databricks.MwsLogDelivery("usage_logs",
+            account_id=databricks_account_id,
+            credentials_id=log_writer.credentials_id,
+            storage_configuration_id=log_bucket.storage_configuration_id,
+            delivery_path_prefix="billable-usage",
+            config_name="Usage Logs",
+            log_type="BILLABLE_USAGE",
+            output_format="CSV")
+        audit_logs = databricks.MwsLogDelivery("audit_logs",
+            account_id=databricks_account_id,
+            credentials_id=log_writer.credentials_id,
+            storage_configuration_id=log_bucket.storage_configuration_id,
+            delivery_path_prefix="audit-logs",
+            config_name="Audit Logs",
+            log_type="AUDIT_LOGS",
+            output_format="JSON")
+        ```
+
         ## Billable Usage
 
         CSV files are delivered to `<delivery_path_prefix>/billable-usage/csv/` and are named `workspaceId=<workspace-id>-usageMonth=<month>.csv`, which are delivered daily by overwriting the month's CSV file for each workspace. Format of CSV file, as well as some usage examples, can be found [here](https://docs.databricks.com/administration-guide/account-settings/usage.html#download-usage-as-a-csv-file).

pulumi_databricks/mws_storage_configurations.py

@@ -174,18 +174,18 @@ class MwsStorageConfigurations(pulumi.CustomResource):
         config = pulumi.Config()
         # Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
         databricks_account_id = config.require_object("databricksAccountId")
-        root_storage_bucket = aws.s3.Bucket("root_storage_bucket",
-            bucket=f"{prefix}-rootbucket",
-            acl=aws.s3.CannedAcl.PRIVATE)
-        root_versioning = aws.s3.BucketVersioning("root_versioning",
+        root_storage_bucket = aws.index.S3Bucket("root_storage_bucket",
+            bucket=f{prefix}-rootbucket,
+            acl=private)
+        root_versioning = aws.index.S3BucketVersioning("root_versioning",
             bucket=root_storage_bucket.id,
-            versioning_configuration={
-                "status": "Disabled",
-            })
+            versioning_configuration=[{
+                status: Disabled,
+            }])
         this = databricks.MwsStorageConfigurations("this",
             account_id=databricks_account_id,
             storage_configuration_name=f"{prefix}-storage",
-            bucket_name=root_storage_bucket.bucket)
+            bucket_name=root_storage_bucket["bucket"])
         ```
 
         ## Related Resources
@@ -251,18 +251,18 @@ class MwsStorageConfigurations(pulumi.CustomResource):
         config = pulumi.Config()
         # Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/
         databricks_account_id = config.require_object("databricksAccountId")
-        root_storage_bucket = aws.s3.Bucket("root_storage_bucket",
-            bucket=f"{prefix}-rootbucket",
-            acl=aws.s3.CannedAcl.PRIVATE)
-        root_versioning = aws.s3.BucketVersioning("root_versioning",
+        root_storage_bucket = aws.index.S3Bucket("root_storage_bucket",
+            bucket=f{prefix}-rootbucket,
+            acl=private)
+        root_versioning = aws.index.S3BucketVersioning("root_versioning",
             bucket=root_storage_bucket.id,
-            versioning_configuration={
-                "status": "Disabled",
-            })
+            versioning_configuration=[{
+                status: Disabled,
+            }])
         this = databricks.MwsStorageConfigurations("this",
             account_id=databricks_account_id,
             storage_configuration_name=f"{prefix}-storage",
-            bucket_name=root_storage_bucket.bucket)
+            bucket_name=root_storage_bucket["bucket"])
         ```
 
         ## Related Resources

pulumi_databricks/mws_vpc_endpoint.py

@@ -371,20 +371,20 @@ class MwsVpcEndpoint(pulumi.CustomResource):
         import pulumi
         import pulumi_aws as aws
 
-        workspace = aws.ec2.VpcEndpoint("workspace",
-            vpc_id=vpc["vpcId"],
-            service_name=private_link["workspaceService"],
-            vpc_endpoint_type="Interface",
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
-            subnet_ids=[pl_subnet["id"]],
+        workspace = aws.index.VpcEndpoint("workspace",
+            vpc_id=vpc.vpc_id,
+            service_name=private_link.workspace_service,
+            vpc_endpoint_type=Interface,
+            security_group_ids=[vpc.default_security_group_id],
+            subnet_ids=[pl_subnet.id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[pl_subnet]))
-        relay = aws.ec2.VpcEndpoint("relay",
-            vpc_id=vpc["vpcId"],
-            service_name=private_link["relayService"],
-            vpc_endpoint_type="Interface",
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
-            subnet_ids=[pl_subnet["id"]],
+        relay = aws.index.VpcEndpoint("relay",
+            vpc_id=vpc.vpc_id,
+            service_name=private_link.relay_service,
+            vpc_endpoint_type=Interface,
+            security_group_ids=[vpc.default_security_group_id],
+            subnet_ids=[pl_subnet.id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[pl_subnet]))
         ```
@@ -396,25 +396,25 @@ class MwsVpcEndpoint(pulumi.CustomResource):
         import pulumi
         import pulumi_aws as aws
 
-        s3 = aws.ec2.VpcEndpoint("s3",
-            vpc_id=vpc["vpcId"],
-            route_table_ids=vpc["privateRouteTableIds"],
-            service_name=f"com.amazonaws.{region}.s3",
+        s3 = aws.index.VpcEndpoint("s3",
+            vpc_id=vpc.vpc_id,
+            route_table_ids=vpc.private_route_table_ids,
+            service_name=fcom.amazonaws.{region}.s3,
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
-        sts = aws.ec2.VpcEndpoint("sts",
-            vpc_id=vpc["vpcId"],
-            service_name=f"com.amazonaws.{region}.sts",
-            vpc_endpoint_type="Interface",
-            subnet_ids=vpc["privateSubnets"],
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
+        sts = aws.index.VpcEndpoint("sts",
+            vpc_id=vpc.vpc_id,
+            service_name=fcom.amazonaws.{region}.sts,
+            vpc_endpoint_type=Interface,
+            subnet_ids=vpc.private_subnets,
+            security_group_ids=[vpc.default_security_group_id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
-        kinesis_streams = aws.ec2.VpcEndpoint("kinesis-streams",
-            vpc_id=vpc["vpcId"],
-            service_name=f"com.amazonaws.{region}.kinesis-streams",
-            vpc_endpoint_type="Interface",
-            subnet_ids=vpc["privateSubnets"],
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
+        kinesis_streams = aws.index.VpcEndpoint("kinesis-streams",
+            vpc_id=vpc.vpc_id,
+            service_name=fcom.amazonaws.{region}.kinesis-streams,
+            vpc_endpoint_type=Interface,
+            subnet_ids=vpc.private_subnets,
+            security_group_ids=[vpc.default_security_group_id],
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
         ```
 
@@ -565,20 +565,20 @@ class MwsVpcEndpoint(pulumi.CustomResource):
         import pulumi
         import pulumi_aws as aws
 
-        workspace = aws.ec2.VpcEndpoint("workspace",
-            vpc_id=vpc["vpcId"],
-            service_name=private_link["workspaceService"],
-            vpc_endpoint_type="Interface",
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
-            subnet_ids=[pl_subnet["id"]],
+        workspace = aws.index.VpcEndpoint("workspace",
+            vpc_id=vpc.vpc_id,
+            service_name=private_link.workspace_service,
+            vpc_endpoint_type=Interface,
+            security_group_ids=[vpc.default_security_group_id],
+            subnet_ids=[pl_subnet.id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[pl_subnet]))
-        relay = aws.ec2.VpcEndpoint("relay",
-            vpc_id=vpc["vpcId"],
-            service_name=private_link["relayService"],
-            vpc_endpoint_type="Interface",
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
-            subnet_ids=[pl_subnet["id"]],
+        relay = aws.index.VpcEndpoint("relay",
+            vpc_id=vpc.vpc_id,
+            service_name=private_link.relay_service,
+            vpc_endpoint_type=Interface,
+            security_group_ids=[vpc.default_security_group_id],
+            subnet_ids=[pl_subnet.id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[pl_subnet]))
         ```
@@ -590,25 +590,25 @@ class MwsVpcEndpoint(pulumi.CustomResource):
         import pulumi
         import pulumi_aws as aws
 
-        s3 = aws.ec2.VpcEndpoint("s3",
-            vpc_id=vpc["vpcId"],
-            route_table_ids=vpc["privateRouteTableIds"],
-            service_name=f"com.amazonaws.{region}.s3",
+        s3 = aws.index.VpcEndpoint("s3",
+            vpc_id=vpc.vpc_id,
+            route_table_ids=vpc.private_route_table_ids,
+            service_name=fcom.amazonaws.{region}.s3,
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
-        sts = aws.ec2.VpcEndpoint("sts",
-            vpc_id=vpc["vpcId"],
-            service_name=f"com.amazonaws.{region}.sts",
-            vpc_endpoint_type="Interface",
-            subnet_ids=vpc["privateSubnets"],
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
+        sts = aws.index.VpcEndpoint("sts",
+            vpc_id=vpc.vpc_id,
+            service_name=fcom.amazonaws.{region}.sts,
+            vpc_endpoint_type=Interface,
+            subnet_ids=vpc.private_subnets,
+            security_group_ids=[vpc.default_security_group_id],
             private_dns_enabled=True,
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
-        kinesis_streams = aws.ec2.VpcEndpoint("kinesis-streams",
-            vpc_id=vpc["vpcId"],
-            service_name=f"com.amazonaws.{region}.kinesis-streams",
-            vpc_endpoint_type="Interface",
-            subnet_ids=vpc["privateSubnets"],
-            security_group_ids=[vpc["defaultSecurityGroupId"]],
+        kinesis_streams = aws.index.VpcEndpoint("kinesis-streams",
+            vpc_id=vpc.vpc_id,
+            service_name=fcom.amazonaws.{region}.kinesis-streams,
+            vpc_endpoint_type=Interface,
+            subnet_ids=vpc.private_subnets,
+            security_group_ids=[vpc.default_security_group_id],
             opts = pulumi.ResourceOptions(depends_on=[vpc]))
         ```