-
Notifications
You must be signed in to change notification settings - Fork 138
/
Copy pathmain.tf
79 lines (67 loc) · 2.35 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
locals { // hard coded values, using this repo's directory structure
json_files = fileset("${path.root}/../aws_databricks_modular_privatelink/artifacts", "*.json")
json_data_map = tomap({
for k, f in local.json_files : k => jsondecode(file("${path.root}/../aws_databricks_modular_privatelink/artifacts/${f}"))
})
allow_lists_map = tomap({
for k, ws in local.json_data_map : trimsuffix(k, ".json") => ws.allow_list
})
block_lists_map = tomap({
for k, ws in local.json_data_map : trimsuffix(k, ".json") => ws.block_list
})
}
module "ip_access_list_workspace_1" {
providers = {
databricks = databricks.ws1 // manually adding each workspace's module and match with provider
}
source = "./modules/ip_access_list"
allow_list = local.allow_lists_map.workspace_1
block_list = local.block_lists_map.workspace_1
allow_list_label = "Allow List for workspace_1 "
deny_list_label = "Deny List for workspace_1 "
}
module "ip_access_list_workspace_2" {
providers = {
databricks = databricks.ws2 // manually adding each workspace's module and match with provider
}
source = "./modules/ip_access_list"
allow_list = local.allow_lists_map.workspace_2
block_list = local.block_lists_map.workspace_2
allow_list_label = "Allow List for workspace_2 "
deny_list_label = "Deny List for workspace_2 "
}
resource "databricks_group" "this" {
provider = databricks.ws1
display_name = "engineering"
allow_cluster_create = true
allow_instance_pool_create = true
}
data "databricks_user" "this" { // using data to add the existing user into group
provider = databricks.ws1
user_name = "[email protected]"
}
resource "databricks_user" "user2" { // ordinary user, non-admin
provider = databricks.ws1
user_name = "[email protected]"
}
resource "databricks_group_member" "vip_member" {
provider = databricks.ws1
group_id = databricks_group.this.id
member_id = data.databricks_user.this.id
}
module "engineering_compute_policy" {
providers = {
databricks = databricks.ws1
}
source = "./modules/base_policy"
team = "engineering"
policy_overrides = {
"dbus_per_hour" : {
"type" : "range",
"maxValue" : 50 // only engineering guys can spin up big clusters
},
}
depends_on = [
databricks_group.this,
]
}