feat: unity cluster; mount with secrets output; mount with default cluster

owlleg6 · owlleg6 · commit 04699c521ad7 · 2023-01-12T18:06:49.000+02:00
diff --git a/README.md b/README.md
diff --git a/main.tf b/main.tf
@@ -45,6 +45,7 @@ resource "databricks_cluster" "this" {
   cluster_name  = "shared autoscaling"
   spark_version = var.spark_version
 
+  data_security_mode      = var.data_security_mode
   node_type_id            = var.node_type
   autotermination_minutes = var.autotermination_minutes
 
@@ -63,5 +64,9 @@ resource "databricks_cluster" "this" {
     ignore_changes = [
       state
     ]
+    precondition {
+      condition     = var.data_security_mode == "USER_ISOLATION" ? contains(["11.3.x-scala2.12", "12.0.x-scala2.12"], var.spark_version) : true
+      error_message = "When USER_ISOLATION is selected, please set spark version to be either one of these values: '11.3.x-scala2.12', '12.0.x-scala2.12'"
+    }
   }
 }
diff --git a/mount.tf b/mount.tf
@@ -1,19 +1,21 @@
+locals {
+  secret_scope_name = var.use_local_secret_scope ? databricks_secret_scope.this[0].name : "main"
+  mount_secret_name = var.use_local_secret_scope ? databricks_secret.this[var.sp_key_secret_name].config_reference : "{{secrets/${local.secret_scope_name}/${data.azurerm_key_vault_secret.sp_key.name}}}"
+}
+
 resource "databricks_mount" "adls" {
   for_each = var.mountpoints
 
-  cluster_id = databricks_cluster.this.id
-  name       = each.key
-  uri        = "abfss://${each.value["container_name"]}@${each.value["storage_account_name"]}.dfs.core.windows.net/${each.value["root_path"]}"
+  name = each.key
+  uri  = "abfss://${each.value["container_name"]}@${each.value["storage_account_name"]}.dfs.core.windows.net/${each.value["root_path"]}"
   extra_configs = {
     "fs.azure.account.auth.type" : "OAuth",
     "fs.azure.account.oauth.provider.type" : "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
     "fs.azure.account.oauth2.client.id" : data.azurerm_key_vault_secret.sp_client_id.value,
-    "fs.azure.account.oauth2.client.secret" : "{{secrets/${local.secret_scope_name}/${data.azurerm_key_vault_secret.sp_key.name}}}",
-    "fs.azure.account.oauth2.client.secret" : "{{secrets/${local.secret_scope_name}/${local.mount_secret_name}}}",
+    "fs.azure.account.oauth2.client.secret" : local.mount_secret_name,
     "fs.azure.account.oauth2.client.endpoint" : "https://login.microsoftonline.com/${data.azurerm_key_vault_secret.tenant_id.value}/oauth2/token",
     "fs.azure.createRemoteFileSystemDuringInitialization" : "false",
     "spark.databricks.sqldw.jdbc.service.principal.client.id" : data.azurerm_key_vault_secret.sp_client_id.value,
-    "spark.databricks.sqldw.jdbc.service.principal.client.secret" : "{{secrets/${local.secret_scope_name}/${data.azurerm_key_vault_secret.sp_key.name}}}",
-    "spark.databricks.sqldw.jdbc.service.principal.client.secret" : "{{secrets/${local.secret_scope_name}/${local.mount_secret_name}}}",
+    "spark.databricks.sqldw.jdbc.service.principal.client.secret" : local.mount_secret_name,
   }
 }
diff --git a/secrets.tf b/secrets.tf
@@ -1,7 +1,3 @@
-locals {
-  secret_scope_name = var.use_local_secret_scope ? databricks_secret_scope.this[0].name : "main"
-  mount_secret_name = var.use_local_secret_scope ? databricks_secret.this[var.sp_key_secret_name].key : data.azurerm_key_vault_secret.sp_key.name
-}
 resource "databricks_secret_scope" "this" {
   count = var.use_local_secret_scope ? 1 : 0
 
diff --git a/variables.tf b/variables.tf
@@ -101,10 +101,20 @@ variable "permissions" {
   ]
 }
 
+variable "data_security_mode" {
+  type        = string
+  description = "Security features of the cluster"
+  default     = "USER_ISOLATION"
+  validation {
+    condition     = contains(["SINGLE_USER", "USER_ISOLATION", "NONE"], var.data_security_mode)
+    error_message = "Catalog Access mode must be either 'SINGLE_USER', 'USER_ISOLATION' or 'NONE' value"
+  }
+}
+
 variable "spark_version" {
   type        = string
   description = "Runtime version"
-  default     = "9.1.x-scala2.12"
+  default     = "11.3.x-scala2.12"
 }
 
 variable "node_type" {
diff --git a/versions.tf b/versions.tf
@@ -8,7 +8,7 @@ terraform {
     }
     databricks = {
       source  = "databricks/databricks"
-      version = ">=1.4.0"
+      version = ">=1.8.0"
     }
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ resource "databricks_cluster" "this" {`
`45`	`45`	`cluster_name = "shared autoscaling"`
`46`	`46`	`spark_version = var.spark_version`
`47`	`47`
	`48`	`+ data_security_mode = var.data_security_mode`
`48`	`49`	`node_type_id = var.node_type`
`49`	`50`	`autotermination_minutes = var.autotermination_minutes`
`50`	`51`
`@@ -63,5 +64,9 @@ resource "databricks_cluster" "this" {`
`63`	`64`	`ignore_changes = [`
`64`	`65`	`state`
`65`	`66`	`]`
	`67`	`+ precondition {`
	`68`	`+ condition = var.data_security_mode == "USER_ISOLATION" ? contains(["11.3.x-scala2.12", "12.0.x-scala2.12"], var.spark_version) : true`
	`69`	`+ error_message = "When USER_ISOLATION is selected, please set spark version to be either one of these values: '11.3.x-scala2.12', '12.0.x-scala2.12'"`
	`70`	`+ }`
`66`	`71`	`}`
`67`	`72`	`}`
Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@ terraform {`
`8`	`8`	`}`
`9`	`9`	`databricks = {`
`10`	`10`	`source = "databricks/databricks"`
`11`		`- version = ">=1.4.0"`
	`11`	`+ version = ">=1.8.0"`
`12`	`12`	`}`
`13`	`13`	`}`
`14`	`14`	`}`