Skip to content

Commit f94e936

Browse files
nfxnfx
committed
Refresh make test-mws to reflect docs more
1 parent 5d14f2b commit f94e936

File tree

2 files changed

+123
-23
lines changed

2 files changed

+123
-23
lines changed

mws/acceptance/workspace_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,8 @@ func TestMwsAccWorkspaces(t *testing.T) {
3838
network_name = "network-ws-{var.RANDOM}"
3939
vpc_id = "{env.TEST_VPC_ID}"
4040
subnet_ids = [
41-
"{env.TEST_SUBNET_PUBLIC}",
4241
"{env.TEST_SUBNET_PRIVATE}",
42+
"{env.TEST_SUBNET_PRIVATE2}",
4343
]
4444
security_group_ids = [
4545
"{env.TEST_SECURITY_GROUP}",

scripts/mws-integration/main.tf

Lines changed: 122 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ locals {
1515
// dltp - databricks labs terraform provider
1616
prefix = "dltp${random_string.naming.result}"
1717
region = data.external.env.result.TEST_REGION
18+
cidr = data.external.env.result.TEST_CIDR
1819
tags = {
1920
Environment = "Testing"
2021
Owner = data.external.env.result.OWNER
@@ -58,21 +59,94 @@ resource "aws_iam_role_policy" "test_policy" {
5859
policy = data.databricks_aws_crossaccount_policy.this.json
5960
}
6061

61-
module "aws_common" {
62-
source = "../modules/aws-mws-common"
63-
cidr_block = data.external.env.result.TEST_CIDR
64-
region = local.region
65-
prefix = local.prefix
66-
tags = local.tags
62+
data "aws_availability_zones" "available" {}
63+
64+
module "vpc" {
65+
source = "terraform-aws-modules/vpc/aws"
66+
version = "3.2.0"
67+
68+
name = local.prefix
69+
cidr = data.external.env.result.TEST_CIDR
70+
azs = data.aws_availability_zones.available.names
71+
tags = local.tags
72+
73+
enable_dns_hostnames = true
74+
enable_nat_gateway = true
75+
single_nat_gateway = true
76+
create_igw = true
77+
78+
public_subnets = [cidrsubnet(local.cidr, 3, 0)]
79+
private_subnets = [cidrsubnet(local.cidr, 3, 1),
80+
cidrsubnet(local.cidr, 3, 2)]
81+
82+
manage_default_security_group = true
83+
default_security_group_name = "${local.prefix}-sg"
84+
85+
default_security_group_egress = [{
86+
cidr_blocks = "0.0.0.0/0"
87+
}]
88+
89+
default_security_group_ingress = [{
90+
description = "Allow all internal TCP and UDP"
91+
self = true
92+
}]
93+
}
94+
95+
module "vpc_endpoints" {
96+
source = "terraform-aws-modules/vpc/aws//modules/vpc-endpoints"
97+
version = "3.2.0"
98+
99+
vpc_id = module.vpc.vpc_id
100+
security_group_ids = [module.vpc.default_security_group_id]
101+
102+
endpoints = {
103+
s3 = {
104+
service = "s3"
105+
service_type = "Gateway"
106+
route_table_ids = flatten([
107+
module.vpc.private_route_table_ids,
108+
module.vpc.public_route_table_ids])
109+
tags = {
110+
Name = "${local.prefix}-s3-vpc-endpoint"
111+
}
112+
},
113+
sts = {
114+
service = "sts"
115+
private_dns_enabled = true
116+
subnet_ids = module.vpc.private_subnets
117+
tags = {
118+
Name = "${local.prefix}-sts-vpc-endpoint"
119+
}
120+
},
121+
}
122+
tags = local.tags
123+
}
124+
125+
resource "aws_s3_bucket" "root_storage_bucket" {
126+
bucket = "${local.prefix}-root-bucket"
127+
acl = "private"
128+
versioning {
129+
enabled = false
130+
}
131+
force_destroy = true
132+
tags = merge(local.tags, {
133+
Name = "${local.prefix}-root-bucket"
134+
})
135+
}
136+
137+
resource "aws_s3_bucket_public_access_block" "root_storage_bucket" {
138+
bucket = aws_s3_bucket.root_storage_bucket.id
139+
ignore_public_acls = true
140+
depends_on = [aws_s3_bucket.root_storage_bucket]
67141
}
68142

69143
data "databricks_aws_bucket_policy" "this" {
70-
bucket = module.aws_common.root_bucket
144+
bucket = aws_s3_bucket.root_storage_bucket.bucket
71145
}
72146

73147
resource "aws_s3_bucket_policy" "root_bucket_policy" {
74-
bucket = module.aws_common.root_bucket
75-
policy = data.databricks_aws_bucket_policy.this.json
148+
bucket = aws_s3_bucket.root_storage_bucket.id
149+
policy = data.databricks_aws_bucket_policy.this.json
76150
}
77151

78152
resource "aws_s3_bucket" "logdelivery" {
@@ -122,10 +196,10 @@ resource "aws_s3_bucket_policy" "logdelivery" {
122196

123197
resource "aws_vpc_endpoint" "relay" {
124198
service_name = local.pl_dataplane_to_controlplane[local.region]
125-
vpc_id = module.aws_common.vpc_id
199+
vpc_id = module.vpc.vpc_id
126200
vpc_endpoint_type = "Interface"
127-
security_group_ids = [module.aws_common.security_group]
128-
subnet_ids = [module.aws_common.subnet_private]
201+
security_group_ids = [module.vpc.default_security_group_id]
202+
subnet_ids = module.vpc.private_subnets
129203
}
130204

131205
output "test_relay_vpc_endpoint" {
@@ -134,10 +208,32 @@ output "test_relay_vpc_endpoint" {
134208

135209
resource "aws_vpc_endpoint" "rest_api" {
136210
service_name = local.pl_dataplane_to_controlplane[local.region]
137-
vpc_id = module.aws_common.vpc_id
211+
vpc_id = module.vpc.vpc_id
138212
vpc_endpoint_type = "Interface"
139-
security_group_ids = [module.aws_common.security_group]
140-
subnet_ids = [module.aws_common.subnet_private]
213+
security_group_ids = [module.vpc.default_security_group_id]
214+
subnet_ids = module.vpc.private_subnets
215+
}
216+
217+
variable "databricks_aws_account_id" {
218+
default = "414351767826"
219+
}
220+
221+
resource "aws_kms_key" "customer_managed_key" {
222+
}
223+
224+
resource "aws_kms_grant" "databricks-grant" {
225+
name = "databricks-grant"
226+
key_id = aws_kms_key.customer_managed_key.key_id
227+
grantee_principal = "arn:aws:iam::${var.databricks_aws_account_id}:root"
228+
229+
operations = ["Encrypt", "Decrypt", "DescribeKey",
230+
"GenerateDataKey", "ReEncryptFrom", "ReEncryptTo",
231+
"GenerateDataKeyWithoutPlaintext"]
232+
}
233+
234+
resource "aws_kms_alias" "customer_managed_key_alias" {
235+
name = "alias/${local.prefix}-customer-key-alias"
236+
target_key_id = aws_kms_key.customer_managed_key.key_id
141237
}
142238

143239
data "aws_caller_identity" "current" {}
@@ -156,35 +252,39 @@ output "cloud_env" {
156252
}
157253

158254
output "test_root_bucket" {
159-
value = module.aws_common.root_bucket
255+
value = aws_s3_bucket.root_storage_bucket.bucket
160256
}
161257

162258
output "test_crossaccount_arn" {
163259
value = aws_iam_role.cross_account_role.arn
164260
}
165261

166262
output "test_vpc_id" {
167-
value = module.aws_common.vpc_id
263+
value = module.vpc.vpc_id
168264
}
169265

170266
output "test_subnet_public" {
171-
value = module.aws_common.subnet_public
267+
value = module.vpc.public_subnets[0]
172268
}
173269

174270
output "test_subnet_private" {
175-
value = module.aws_common.subnet_private
271+
value = module.vpc.private_subnets[0]
272+
}
273+
274+
output "test_subnet_private2" {
275+
value = module.vpc.private_subnets[1]
176276
}
177277

178278
output "test_security_group" {
179-
value = module.aws_common.security_group
279+
value = module.vpc.default_security_group_id
180280
}
181281

182282
output "test_kms_key_arn" {
183-
value = module.aws_common.kms_key_arn
283+
value = aws_kms_key.customer_managed_key.arn
184284
}
185285

186286
output "test_kms_key_alias" {
187-
value = module.aws_common.kms_key_alias
287+
value = aws_kms_alias.customer_managed_key_alias.name
188288
}
189289

190290
output "test_prefix" {

0 commit comments

Comments
 (0)