From 320c000ac4b7aa90ae32a2e050cfccc36eb8ae35 Mon Sep 17 00:00:00 2001 From: tomarv2 Date: Thu, 3 Mar 2022 12:22:38 -0800 Subject: [PATCH] cleanup --- README.md | 46 ++++++++++++++----------- examples/sample/main.tf | 17 ++------- examples/sample/variables.tf | 2 +- iam.tf | 35 +++++++++++++++++++ locals.tf | 3 ++ main.tf | 67 +++++++----------------------------- s3.tf | 2 +- variables.tf | 36 +++++++++---------- versions.tf | 5 +-- vpc.tf | 17 +++++++++ workspaces.tf | 17 --------- 11 files changed, 118 insertions(+), 129 deletions(-) mode change 100755 => 100644 main.tf create mode 100755 vpc.tf delete mode 100644 workspaces.tf diff --git a/README.md b/README.md index 11b4ee2..758a6df 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,7 @@ module "databricks_workspace" { # - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used) # - 'existing_role_name' profile_for_iam = "iam-admin" - aws_region = "us-east-2" + databricks_account_username = "example@example.com" databricks_account_password = "sample123!" databricks_account_id = "1234567-1234-1234-1234-1234567" @@ -136,7 +136,7 @@ module "databricks_workspace" { # - 'profile_for_iam' - for IAM creation (if none is provided 'default' is used) # - 'existing_role_name' existing_role_arn = "arn:aws:iam::123456789012:role/demo-role" - aws_region = "us-east-2" + databricks_account_username = "example@example.com" databricks_account_password = "sample123!" databricks_account_id = "1234567-1234-1234-1234-1234567" @@ -176,8 +176,8 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | Name | Version | |------|---------| | [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 3.47 | -| [databricks](#requirement\_databricks) | 0.4.7 | +| [aws](#requirement\_aws) | ~> 3.63 | +| [databricks](#requirement\_databricks) | 0.5.1 | | [random](#requirement\_random) | ~> 3.1 | | [time](#requirement\_time) | ~> 0.7 | @@ -185,11 +185,12 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | Name | Version | |------|---------| -| [aws](#provider\_aws) | ~> 3.47 | -| [databricks](#provider\_databricks) | 0.4.7 | -| [databricks.mws](#provider\_databricks.mws) | 0.4.7 | -| [random](#provider\_random) | ~> 3.1 | -| [time](#provider\_time) | ~> 0.7 | +| [aws](#provider\_aws) | 3.74.3 | +| [databricks](#provider\_databricks) | 0.5.1 | +| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | +| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | +| [random](#provider\_random) | 3.1.0 | +| [time](#provider\_time) | 0.7.2 | ## Modules @@ -197,29 +198,30 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio |------|--------|---------| | [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | | [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | -| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.7 | -| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.4 | +| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | +| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | ## Resources | Name | Type | |------|------| | [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_credentials) | resource | -| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_networks) | resource | -| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_storage_configurations) | resource | -| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/resources/mws_workspaces) | resource | +| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | +| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | +| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | +| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | +| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | | [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | | [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | -| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_assume_role_policy) | data source | -| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_bucket_policy) | data source | -| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.4.7/docs/data-sources/aws_crossaccount_policy) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | +| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | +| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| -| [aws\_region](#input\_aws\_region) | default aws region | `string` | `"us-west-2"` | no | | [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | | [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | | [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | @@ -228,8 +230,9 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | | [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | | [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | +| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | | [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | -| [profile\_to\_use](#input\_profile\_to\_use) | Getting values from ~/.aws/credentials | `string` | `"default"` | no | +| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | | [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | ## Outputs @@ -243,8 +246,11 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | | [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | | [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | +| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | +| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | | [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | | [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | +| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | | [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | | [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | | [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | diff --git a/examples/sample/main.tf b/examples/sample/main.tf index c1277a7..26d04ad 100644 --- a/examples/sample/main.tf +++ b/examples/sample/main.tf @@ -1,16 +1,3 @@ -terraform { - required_version = ">= 1.0.1" - required_providers { - aws = { - version = "~> 3.63" - } - } -} - -provider "aws" { - region = var.aws_region -} - module "databricks_workspace" { source = "../../" @@ -19,11 +6,11 @@ module "databricks_workspace" { # - 'existing_role_name' profile_for_iam = "iam-admin" #existing_role_name = "arn:aws:iam::123456789012:role/demo-role" - aws_region = var.aws_region + databricks_account_username = "example@example.com" databricks_account_password = "sample123!" databricks_account_id = "1234567-1234-1234-1234-1234567" - + region = var.region custom_tags = tomap( { "Dept" = "data", diff --git a/examples/sample/variables.tf b/examples/sample/variables.tf index 3d86b32..b0f02a4 100755 --- a/examples/sample/variables.tf +++ b/examples/sample/variables.tf @@ -8,7 +8,7 @@ variable "prjid" { type = string } -variable "aws_region" { +variable "region" { description = "AWS region to deploy resources" type = string default = "us-west-2" diff --git a/iam.tf b/iam.tf index 55a9703..abc45b6 100755 --- a/iam.tf +++ b/iam.tf @@ -3,3 +3,38 @@ data "databricks_aws_assume_role_policy" "this" { } data "databricks_aws_crossaccount_policy" "cross_account_iam_policy" {} + + +module "iam_role" { + source = "git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7" + + count = var.existing_role_name == null ? 1 : 0 + + assume_role_policy = data.databricks_aws_assume_role_policy.this.json + # ----------------------------------------- + # Do not change the teamid, prjid once set. + teamid = var.teamid + prjid = "${var.prjid}-${local.suffix}" + + providers = { + aws = aws.iam-management + } +} + +module "iam_policies" { + source = "git::git@github.com:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4" + + count = var.existing_role_name == null ? 1 : 0 + + role_name = join("", module.iam_role.*.iam_role_name) + policy = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json + inline_policy = true + # ----------------------------------------- + # Do not change the teamid, prjid once set. + teamid = var.teamid + prjid = "${var.prjid}-${local.suffix}" + + providers = { + aws = aws.iam-management + } +} diff --git a/locals.tf b/locals.tf index 6089236..7d69abe 100644 --- a/locals.tf +++ b/locals.tf @@ -1,3 +1,6 @@ locals { + region = data.aws_region.current.name profile = var.profile_for_iam != null ? var.profile_for_iam : var.profile } + +data "aws_region" "current" {} diff --git a/main.tf b/main.tf old mode 100755 new mode 100644 index 228dd18..68b66d4 --- a/main.tf +++ b/main.tf @@ -1,60 +1,17 @@ -module "vpc" { - source = "git::git@github.com:tomarv2/terraform-aws-vpc.git?ref=v0.0.4" +resource "databricks_mws_workspaces" "this" { + provider = databricks.mws - aws_region = var.aws_region - enable_dns_hostnames = true - enable_nat_gateway = true - single_nat_gateway = true - one_nat_gateway_per_az = false - create_igw = true - default_security_group_egress = [{ - cidr_blocks = "0.0.0.0/0" - }] + account_id = var.databricks_account_id + aws_region = local.region + workspace_name = "${var.teamid}-${var.prjid}" + deployment_name = "${var.teamid}-${var.prjid}" - default_security_group_ingress = [{ - description = "Allow all internal TCP and UDP" - self = true - }] - - public_subnets = [cidrsubnet(var.cidr_block, 3, 0)] - private_subnets = [cidrsubnet(var.cidr_block, 3, 1), - cidrsubnet(var.cidr_block, 3, 2)] - #------------------------------------------ - # Do not change the teamid, prjid once set. - teamid = var.teamid - prjid = var.prjid + credentials_id = databricks_mws_credentials.this.credentials_id + storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id + network_id = databricks_mws_networks.this.network_id } -module "iam_role" { - source = "git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external?ref=v0.0.7" - - count = var.existing_role_name == null ? 1 : 0 - - assume_role_policy = data.databricks_aws_assume_role_policy.this.json - # ----------------------------------------- - # Do not change the teamid, prjid once set. - teamid = var.teamid - prjid = "${var.prjid}-${local.suffix}" - - providers = { - aws = aws.iam-management - } -} - -module "iam_policies" { - source = "git::git@github.com:tomarv2/terraform-aws-iam-policies.git?ref=v0.0.4" - - count = var.existing_role_name == null ? 1 : 0 - - role_name = join("", module.iam_role.*.iam_role_name) - policy = data.databricks_aws_crossaccount_policy.cross_account_iam_policy.json - inline_policy = true - # ----------------------------------------- - # Do not change the teamid, prjid once set. - teamid = var.teamid - prjid = "${var.prjid}-${local.suffix}" - - providers = { - aws = aws.iam-management - } +resource "time_sleep" "wait" { + depends_on = [module.iam_role] + create_duration = "10s" } diff --git a/s3.tf b/s3.tf index c62a765..0bbeea4 100755 --- a/s3.tf +++ b/s3.tf @@ -1,5 +1,5 @@ module "s3" { - source = "git::git@github.com:tomarv2/terraform-aws-s3.git?ref=v0.0.7" + source = "git::git@github.com:tomarv2/terraform-aws-s3.git?ref=v0.0.8" custom_tags = var.custom_tags # ----------------------------------------- diff --git a/variables.tf b/variables.tf index 9b3edea..d7ac223 100755 --- a/variables.tf +++ b/variables.tf @@ -8,18 +8,6 @@ variable "prjid" { type = string } -variable "profile" { - description = "Getting values from ~/.aws/credentials" - type = string - default = "default" -} - -variable "aws_region" { - description = "default aws region" - type = string - default = "us-west-2" -} - variable "databricks_hostname" { description = "databricks hostname" type = string @@ -51,12 +39,6 @@ locals { suffix = random_string.naming.result } -variable "profile_for_iam" { - description = "profile to use for IAM" - default = null - type = string -} - variable "existing_role_name" { description = "If you want to use existing role name, else a new role will be created" default = null @@ -74,3 +56,21 @@ variable "custom_tags" { description = "Extra custom tags" default = null } + +variable "profile" { + description = "profile to use for resource creation" + default = "default" + type = string +} + +variable "profile_for_iam" { + description = "profile to use for IAM" + default = null + type = string +} + +variable "region" { + description = "AWS region to deploy resources" + type = string + default = "us-east-1" +} diff --git a/versions.tf b/versions.tf index 62d6b6b..04ccbb0 100644 --- a/versions.tf +++ b/versions.tf @@ -18,17 +18,18 @@ terraform { } provider "aws" { - region = var.aws_region + region = var.region profile = var.profile } provider "aws" { alias = "iam-management" - region = var.aws_region + region = var.region profile = local.profile } + # initialize provider in "MWS" mode to provision new workspace provider "databricks" { alias = "mws" diff --git a/vpc.tf b/vpc.tf new file mode 100755 index 0000000..83d3e3f --- /dev/null +++ b/vpc.tf @@ -0,0 +1,17 @@ +module "vpc" { + source = "git::git@github.com:tomarv2/terraform-aws-vpc.git?ref=v0.0.6" + + enable_dns_hostnames = true + enable_nat_gateway = true + single_nat_gateway = true + one_nat_gateway_per_az = false + create_igw = true + + public_subnets = [cidrsubnet(var.cidr_block, 3, 0)] + private_subnets = [cidrsubnet(var.cidr_block, 3, 1), + cidrsubnet(var.cidr_block, 3, 2)] + #------------------------------------------ + # Do not change the teamid, prjid once set. + teamid = var.teamid + prjid = var.prjid +} diff --git a/workspaces.tf b/workspaces.tf deleted file mode 100644 index a2f4250..0000000 --- a/workspaces.tf +++ /dev/null @@ -1,17 +0,0 @@ -resource "databricks_mws_workspaces" "this" { - provider = databricks.mws - - account_id = var.databricks_account_id - aws_region = var.aws_region - workspace_name = "${var.teamid}-${var.prjid}" - deployment_name = "${var.teamid}-${var.prjid}" - - credentials_id = databricks_mws_credentials.this.credentials_id - storage_configuration_id = databricks_mws_storage_configurations.this.storage_configuration_id - network_id = databricks_mws_networks.this.network_id -} - -resource "time_sleep" "wait" { - depends_on = [module.iam_role] - create_duration = "10s" -}