From 6a19710a39a961d961c5b174332848345350faa5 Mon Sep 17 00:00:00 2001 From: Niko Date: Sun, 24 Nov 2024 11:48:36 +0000 Subject: [PATCH] Update adb-with-private-links-standard to use azurerm v4 Signed-off-by: Niko --- .../adb-with-private-link-standard/README.md | 4 ++++ .../adb-with-private-link-standard/main.tf | 2 +- .../adb-with-private-link-standard/outputs.tf | 15 +++++++++++++++ .../{versions.tf => providers.tf} | 3 ++- .../terraform.tfvars | 1 + .../variables.tf | 5 +++++ .../databricks_workspace.tf | 1 - .../adb-with-private-link-standard/main.tf | 1 - .../adb-with-private-link-standard/outputs.tf | 19 +++++++++++++++++-- .../{versions.tf => providers.tf} | 2 +- .../testvm_transit.tf | 7 ++----- 11 files changed, 48 insertions(+), 12 deletions(-) rename examples/adb-with-private-link-standard/{versions.tf => providers.tf} (67%) rename modules/adb-with-private-link-standard/{versions.tf => providers.tf} (77%) diff --git a/examples/adb-with-private-link-standard/README.md b/examples/adb-with-private-link-standard/README.md index fa461c48..7676e9be 100644 --- a/examples/adb-with-private-link-standard/README.md +++ b/examples/adb-with-private-link-standard/README.md @@ -24,3 +24,7 @@ This example can be used to deploy the following: 2. (Optional) Configure your [remote backend](https://developer.hashicorp.com/terraform/language/settings/backends/azurerm) 3. Run `terraform init` to initialize terraform and get provider ready. 4. Run `terraform apply` to create the resources. + +## How to test + +Public access to the workspace deployed here is not allowed by default. If you can establish a direct network connection to the VNet into which the workspace is deployed then you should be able to browse the workspace directly. Alternatively, a virtual machine is created as part of this deployment allowing you to connect to the workspace in case you don't have direct network path to the VNet in which the workspace is deployed. You can use the `test_vm_public_ip` and `test_vm_password` to log into this VM (password value is marked as `sensitive` but can be found in the `teraform.tfstate` file). By default, access to this machine is only allowed from the deployer's public IP address. To allow access from other sources, extra rules can be added to the Network Security Group created for the VM as part of this deployment. \ No newline at end of file diff --git a/examples/adb-with-private-link-standard/main.tf b/examples/adb-with-private-link-standard/main.tf index b46c3efe..dc39cf88 100644 --- a/examples/adb-with-private-link-standard/main.tf +++ b/examples/adb-with-private-link-standard/main.tf @@ -1,5 +1,5 @@ module "adb-with-private-link-standard" { - source = "github.com/databricks/terraform-databricks-examples/modules/adb-with-private-link-standard" + source = "../../modules/adb-with-private-link-standard" cidr_transit = var.cidr_transit cidr_dp = var.cidr_dp location = var.location diff --git a/examples/adb-with-private-link-standard/outputs.tf b/examples/adb-with-private-link-standard/outputs.tf index c032df50..9b079f25 100644 --- a/examples/adb-with-private-link-standard/outputs.tf +++ b/examples/adb-with-private-link-standard/outputs.tf @@ -2,4 +2,19 @@ output "test_vm_password" { description = "Password to access the Test VM, use `terraform output -json test_vm_password` to get the password value" value = module.adb-with-private-link-standard.test_vm_password sensitive = true +} + +output "test_vm_public_ip" { + description = "Public IP of the Azure VM created for testing" + value = module.adb-with-private-link-standard.test_vm_public_ip +} + +output "workspace_id" { + description = "The Databricks workspace ID" + value = module.adb-with-private-link-standard.workspace_id +} + +output "workspace_url" { + description = "The Databricks workspace URL" + value = module.adb-with-private-link-standard.workspace_url } \ No newline at end of file diff --git a/examples/adb-with-private-link-standard/versions.tf b/examples/adb-with-private-link-standard/providers.tf similarity index 67% rename from examples/adb-with-private-link-standard/versions.tf rename to examples/adb-with-private-link-standard/providers.tf index c5894586..beaf9e22 100644 --- a/examples/adb-with-private-link-standard/versions.tf +++ b/examples/adb-with-private-link-standard/providers.tf @@ -2,11 +2,12 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "~>3.104.0" + version = ">=4.0.0" } } } provider "azurerm" { + subscription_id = var.subscription_id features {} } diff --git a/examples/adb-with-private-link-standard/terraform.tfvars b/examples/adb-with-private-link-standard/terraform.tfvars index 3f565d3d..45837fe8 100644 --- a/examples/adb-with-private-link-standard/terraform.tfvars +++ b/examples/adb-with-private-link-standard/terraform.tfvars @@ -1,3 +1,4 @@ +subscription_id = "" cidr_transit = "10.178.0.0/20" cidr_dp = "10.179.0.0/20" location = "westeurope" \ No newline at end of file diff --git a/examples/adb-with-private-link-standard/variables.tf b/examples/adb-with-private-link-standard/variables.tf index e26523af..24c7107b 100644 --- a/examples/adb-with-private-link-standard/variables.tf +++ b/examples/adb-with-private-link-standard/variables.tf @@ -1,3 +1,8 @@ +variable "subscription_id" { + type = string + description = "Azure Subscription ID to deploy the workspace into" +} + variable "cidr_transit" { type = string description = "(Required) The CIDR for the Azure transit VNet" diff --git a/modules/adb-with-private-link-standard/databricks_workspace.tf b/modules/adb-with-private-link-standard/databricks_workspace.tf index 17aff6e1..53997077 100755 --- a/modules/adb-with-private-link-standard/databricks_workspace.tf +++ b/modules/adb-with-private-link-standard/databricks_workspace.tf @@ -9,7 +9,6 @@ resource "azurerm_databricks_workspace" "dp_workspace" { network_security_group_rules_required = "NoAzureDatabricksRules" customer_managed_key_enabled = true custom_parameters { - no_public_ip = true virtual_network_id = azurerm_virtual_network.dp_vnet.id private_subnet_name = azurerm_subnet.dp_private.name public_subnet_name = azurerm_subnet.dp_public.name diff --git a/modules/adb-with-private-link-standard/main.tf b/modules/adb-with-private-link-standard/main.tf index 0f9798d3..d78a26ca 100644 --- a/modules/adb-with-private-link-standard/main.tf +++ b/modules/adb-with-private-link-standard/main.tf @@ -12,7 +12,6 @@ data "external" "me" { } locals { - // dltp - databricks labs terraform provider prefix = join("-", ["tfdemo", "${random_string.naming.result}"]) dbfsname = join("", ["dbfs", "${random_string.naming.result}"]) // dbfs name must not have special chars diff --git a/modules/adb-with-private-link-standard/outputs.tf b/modules/adb-with-private-link-standard/outputs.tf index 95ad90c9..5098cbf4 100644 --- a/modules/adb-with-private-link-standard/outputs.tf +++ b/modules/adb-with-private-link-standard/outputs.tf @@ -1,11 +1,16 @@ output "dp_databricks_azure_workspace_resource_id" { - description = "The ID of the Databricks Workspace in the Azure management plane." + description = "**Depricated** The ID of the Databricks Workspace in the Azure management plane." value = azurerm_databricks_workspace.dp_workspace.id } output "dp_workspace_url" { value = "https://${azurerm_databricks_workspace.dp_workspace.workspace_url}/" - description = "The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'" + description = "**Depricated** Renamed to `workspace_url` to align with naming used in other modules" +} + +output "test_vm_public_ip" { + value = azurerm_public_ip.testvmpublicip.ip_address + description = "Public IP of the created virtual machine" } output "test_vm_password" { @@ -13,3 +18,13 @@ output "test_vm_password" { value = azurerm_windows_virtual_machine.testvm.admin_password sensitive = true } + +output "workspace_url" { + value = "https://${azurerm_databricks_workspace.dp_workspace.workspace_url}/" + description = "The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'" +} + +output "workspace_id" { + description = "The Databricks workspace ID" + value = azurerm_databricks_workspace.dp_workspace.workspace_id +} \ No newline at end of file diff --git a/modules/adb-with-private-link-standard/versions.tf b/modules/adb-with-private-link-standard/providers.tf similarity index 77% rename from modules/adb-with-private-link-standard/versions.tf rename to modules/adb-with-private-link-standard/providers.tf index 539fde2a..bf8112bf 100644 --- a/modules/adb-with-private-link-standard/versions.tf +++ b/modules/adb-with-private-link-standard/providers.tf @@ -2,7 +2,7 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = ">= 3.104.0" + version = ">=4.0.0" } } } diff --git a/modules/adb-with-private-link-standard/testvm_transit.tf b/modules/adb-with-private-link-standard/testvm_transit.tf index a5de77ce..e309bf32 100644 --- a/modules/adb-with-private-link-standard/testvm_transit.tf +++ b/modules/adb-with-private-link-standard/testvm_transit.tf @@ -30,10 +30,7 @@ resource "azurerm_network_interface_security_group_association" "testvmnsgassoc" } data "http" "my_public_ip" { // add your host machine ip into nsg - url = "https://ifconfig.co/json" - request_headers = { - Accept = "application/json" - } + url = "https://ipinfo.io" } locals { @@ -53,7 +50,7 @@ resource "azurerm_network_security_rule" "test0" { source_port_range = "*" destination_port_range = "3389" source_address_prefixes = [local.ifconfig_co_json.ip] - destination_address_prefix = "VirtualNetwork" + destination_address_prefix = azurerm_public_ip.testvmpublicip.ip_address network_security_group_name = azurerm_network_security_group.testvm-nsg.name resource_group_name = azurerm_resource_group.transit_rg.name }