From 9f73005f3107e2d75fc451d350dbe26e6891c148 Mon Sep 17 00:00:00 2001 From: tomarv2 Date: Wed, 13 Apr 2022 15:00:37 +0000 Subject: [PATCH 1/6] Sync from management repo --- .github/workflows/pre-commit.yml | 70 ++++++++++++++++++++++++----- .github/workflows/stale-actions.yml | 32 +++++++++++++ .pre-commit-config.yaml | 8 ++-- kms_services.tf | 44 ++++++++++++++++++ kms_storage.tf | 44 ++++++++++++++++++ versions.tf => providers.tf | 0 6 files changed, 182 insertions(+), 16 deletions(-) create mode 100644 .github/workflows/stale-actions.yml create mode 100644 kms_services.tf create mode 100644 kms_storage.tf rename versions.tf => providers.tf (100%) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index dab48e9..b8da0f2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -4,11 +4,10 @@ on: pull_request: push: branches: - - main - develop + - main jobs: -# Min Terraform version(s) getDirectories: name: Get root directories runs-on: ubuntu-latest @@ -25,13 +24,13 @@ jobs: - name: Build matrix id: matrix run: | - DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/versions.tf', '') for x in glob.glob('./**/versions.tf', recursive=True)]))") + DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/providers.tf', '') for x in glob.glob('./**/providers.tf', recursive=True)]))") echo "::set-output name=directories::$DIRS" outputs: directories: ${{ steps.matrix.outputs.directories }} preCommitMinVersions: - name: Min TF validate + name: Min validate needs: getDirectories runs-on: ubuntu-latest strategy: @@ -58,11 +57,9 @@ jobs: with: terraform_version: ${{ steps.minMax.outputs.minVersion }} - - name: Install pre-commit dependencies + - name: Install pre-commit run: pip install pre-commit - -# Max Terraform version getBaseVersion: name: Module max TF version runs-on: ubuntu-latest @@ -78,7 +75,7 @@ jobs: maxVersion: ${{ steps.minMax.outputs.maxVersion }} preCommitMaxVersion: - name: Max TF pre-commit + name: Max pre-commit runs-on: ubuntu-latest needs: getBaseVersion strategy: @@ -105,10 +102,59 @@ jobs: run: | pip install pre-commit pip install checkov - curl -L "$(curl -s https://api.github.com/repos/terraform-docs/terraform-docs/releases/latest | grep -o -E "https://.+?-v1.0.1-linux-amd64" | head -n1)" > terraform-docs && chmod +x terraform-docs && sudo mv terraform-docs /usr/bin/ curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/ - name: Execute pre-commit - # Run all pre-commit checks on max version supported - if: ${{ matrix.version == needs.getBaseVersion.outputs.maxVersion }} - run: pre-commit run --color=always --show-diff-on-failure --all-files + continue-on-error: true # To avoid pre-commit failure + run: | + pre-commit run --color=always --show-diff-on-failure --all-files + + - name: Get current branch name + id: vars + run: | + echo ::set-output name=branch_name::${GITHUB_REF##*/} + + - name: "Get branch name and save to env" + env: + IS_PR: ${{ github.EVENT_NAME == 'pull_request' }} + run: | + if ${IS_PR}; then + BRANCH_NAME="${GITHUB_HEAD_REF}" + else + BRANCH_NAME="${GITHUB_REF##*/}" + fi + echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV + + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.ref }} + + - name: Render terraform docs and commit changes + if: ${{ env.BRANCH_NAME }} == 'develop' + uses: terraform-docs/gh-actions@main + with: + working-dir: . + output-file: README.md + output-method: inject + git-push: "true" + + - name: Commit pre-commit modified files + if: ${{ env.BRANCH_NAME }} == 'develop' + run: | + git config --local user.email "terraform+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + git diff-index --quiet HEAD || (git add -A && git commit -m'[bot] update files' --allow-empty && git push -f) + + - uses: actions/checkout@v2 + - name: Create PR + continue-on-error: true + uses: repo-sync/pull-request@v2 + if: ${{ env.BRANCH_NAME }} == 'develop' + with: + source_branch: "develop" + destination_branch: "main" + pr_title: "Pulling ${{ github.ref }} into main" + pr_body: ":crown: *Automated PR*" + pr_label: "auto-pr" + pr_allow_empty: false + github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/stale-actions.yml b/.github/workflows/stale-actions.yml new file mode 100644 index 0000000..e54077c --- /dev/null +++ b/.github/workflows/stale-actions.yml @@ -0,0 +1,32 @@ +name: "Mark or close stale issues and PRs" +on: + schedule: + - cron: "0 0 10 * *" + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v4 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Staling issues and PR's + days-before-stale: 30 + stale-issue-label: stale + stale-pr-label: stale + stale-issue-message: | + This issue has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this issue will be closed in 10 days + stale-pr-message: | + This PR has been automatically marked as stale because it has been open 30 days + with no activity. Remove stale label or comment or this PR will be closed in 10 days + # Not stale if have this labels or part of milestone + exempt-issue-labels: bug,wip,on-hold + exempt-pr-labels: bug,wip,on-hold + exempt-all-milestones: true + # Close issue operations + # Label will be automatically removed if the issues are no longer closed nor locked. + days-before-close: 10 + delete-branch: false + close-issue-message: This issue was automatically closed because of stale in 10 days + close-pr-message: This PR was automatically closed because of stale in 10 days diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7032bd4..60da21a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.60.0 + - repo: https://github.com/antonbabenko/pre-commit-terraform + rev: v1.64.0 hooks: - id: terraform_fmt - id: terraform_tflint @@ -12,7 +12,7 @@ repos: - '--args=--only=terraform_documented_outputs' - '--args=--only=terraform_documented_variables' - '--args=--only=terraform_typed_variables' - - '--args=--only=terraform_module_pinned_source' + #- '--args=--only=terraform_module_pinned_source' - '--args=--only=terraform_naming_convention' - '--args=--only=terraform_required_providers' - '--args=--only=terraform_standard_module_structure' @@ -35,4 +35,4 @@ repos: hooks: - id: checkov verbose: true - args: [-d, '.', --framework, 'terraform', --download-external-modules, 'True', '--skip-check', "CKV2_AWS_6,CKV2_AWS_11,CKV2_AWS_12,CKV_AWS_18,CKV2_AWS_19,CKV_AWS_130,CKV_AWS_144,CKV_AWS_145"] + args: [-d, '.', --framework,'terraform'] diff --git a/kms_services.tf b/kms_services.tf new file mode 100644 index 0000000..1b584c8 --- /dev/null +++ b/kms_services.tf @@ -0,0 +1,44 @@ +data "aws_iam_policy_document" "databricks_managed_services_cmk" { + version = "2012-10-17" + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } + statement { + sid = "Allow Databricks to use KMS key for control plane managed services" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["arn:aws:iam::414351767826:root"] + } + actions = [ + "kms:Encrypt", + "kms:Decrypt" + ] + resources = ["*"] + } +} + +resource "aws_kms_key" "managed_services_customer_managed_key" { + policy = data.aws_iam_policy_document.databricks_managed_services_cmk.json +} + +resource "aws_kms_alias" "managed_services_customer_managed_key_alias" { + name = "alias/managed-services-customer-managed-key-alias" + target_key_id = aws_kms_key.managed_services_customer_managed_key.key_id +} + +resource "databricks_mws_customer_managed_keys" "managed_services" { + account_id = var.databricks_account_id + aws_key_info { + key_arn = aws_kms_key.managed_services_customer_managed_key.arn + key_alias = aws_kms_alias.managed_services_customer_managed_key_alias.name + } + use_cases = ["MANAGED_SERVICES"] +} diff --git a/kms_storage.tf b/kms_storage.tf new file mode 100644 index 0000000..1b584c8 --- /dev/null +++ b/kms_storage.tf @@ -0,0 +1,44 @@ +data "aws_iam_policy_document" "databricks_managed_services_cmk" { + version = "2012-10-17" + statement { + sid = "Enable IAM User Permissions" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["*"] + } + actions = ["kms:*"] + resources = ["*"] + } + statement { + sid = "Allow Databricks to use KMS key for control plane managed services" + effect = "Allow" + principals { + type = "AWS" + identifiers = ["arn:aws:iam::414351767826:root"] + } + actions = [ + "kms:Encrypt", + "kms:Decrypt" + ] + resources = ["*"] + } +} + +resource "aws_kms_key" "managed_services_customer_managed_key" { + policy = data.aws_iam_policy_document.databricks_managed_services_cmk.json +} + +resource "aws_kms_alias" "managed_services_customer_managed_key_alias" { + name = "alias/managed-services-customer-managed-key-alias" + target_key_id = aws_kms_key.managed_services_customer_managed_key.key_id +} + +resource "databricks_mws_customer_managed_keys" "managed_services" { + account_id = var.databricks_account_id + aws_key_info { + key_arn = aws_kms_key.managed_services_customer_managed_key.arn + key_alias = aws_kms_alias.managed_services_customer_managed_key_alias.name + } + use_cases = ["MANAGED_SERVICES"] +} diff --git a/versions.tf b/providers.tf similarity index 100% rename from versions.tf rename to providers.tf From 7d7dc22543ccbe80b1d68fec3aa087aaca49c89d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 13 Apr 2022 15:02:52 +0000 Subject: [PATCH 2/6] terraform-docs: automated action --- README.md | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/README.md b/README.md index 758a6df..ebeefb6 100644 --- a/README.md +++ b/README.md @@ -260,3 +260,99 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio | [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | | [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | | [workspace\_url](#output\_workspace\_url) | databricks workspace url | + + +## Requirements + +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.1 | +| [aws](#requirement\_aws) | ~> 3.63 | +| [databricks](#requirement\_databricks) | 0.5.1 | +| [random](#requirement\_random) | ~> 3.1 | +| [time](#requirement\_time) | ~> 0.7 | + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 3.63 | +| [databricks](#provider\_databricks) | 0.5.1 | +| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | +| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | +| [random](#provider\_random) | ~> 3.1 | +| [time](#provider\_time) | ~> 0.7 | + +## Modules + +| Name | Source | Version | +|------|--------|---------| +| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | +| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | +| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | +| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | + +## Resources + +| Name | Type | +|------|------| +| [aws_kms_alias.managed_services_customer_managed_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_key.managed_services_customer_managed_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | +| [databricks_mws_customer_managed_keys.managed_services](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_customer_managed_keys) | resource | +| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | +| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | +| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | +| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [aws_iam_policy_document.databricks_managed_services_cmk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | +| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | +| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | +| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | +| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | +| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | +| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | +| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | +| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | +| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | +| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | +| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | +| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | +| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | +| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | +| [databricks\_host](#output\_databricks\_host) | databricks hostname | +| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | +| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | +| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | +| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | +| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | +| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | +| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | +| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | +| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | +| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | +| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | +| [vpc\_id](#output\_vpc\_id) | vpc id | +| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | +| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | +| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | +| [workspace\_url](#output\_workspace\_url) | databricks workspace url | + \ No newline at end of file From a0678f848e19495c86679a22b6c531bc9569e58a Mon Sep 17 00:00:00 2001 From: tomarv2 Date: Wed, 13 Apr 2022 15:10:11 +0000 Subject: [PATCH 3/6] Sync from management repo --- README.md | 173 +++--------------------------------------------------- 1 file changed, 7 insertions(+), 166 deletions(-) diff --git a/README.md b/README.md index ebeefb6..0ce7839 100644 --- a/README.md +++ b/README.md @@ -171,188 +171,29 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio ![iam_role_trust_error](https://github.com/tomarv2/terraform-databricks-aws-workspace/raw/main/docs/images/iam_role_trust_error.png) -## Requirements - -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 3.63 | -| [databricks](#requirement\_databricks) | 0.5.1 | -| [random](#requirement\_random) | ~> 3.1 | -| [time](#requirement\_time) | ~> 0.7 | - -## Providers - -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | 3.74.3 | -| [databricks](#provider\_databricks) | 0.5.1 | -| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | -| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | -| [random](#provider\_random) | 3.1.0 | -| [time](#provider\_time) | 0.7.2 | - -## Modules - -| Name | Source | Version | -|------|--------|---------| -| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | -| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | -| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | -| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | - -## Resources - -| Name | Type | -|------|------| -| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | -| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | -| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | -| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | -| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | -| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | -| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | -| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | -| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | -| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | -| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | -| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | -| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | -| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | -| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | -| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | -| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | -| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | -| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | -| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | - -## Outputs - -| Name | Description | -|------|-------------| -| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | -| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | -| [databricks\_host](#output\_databricks\_host) | databricks hostname | -| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | -| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | -| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | -| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | -| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | -| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | -| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | -| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | -| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | -| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | -| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | -| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | -| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | -| [vpc\_id](#output\_vpc\_id) | vpc id | -| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | -| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | -| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | -| [workspace\_url](#output\_workspace\_url) | databricks workspace url | ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 3.63 | -| [databricks](#requirement\_databricks) | 0.5.1 | -| [random](#requirement\_random) | ~> 3.1 | -| [time](#requirement\_time) | ~> 0.7 | +No requirements. ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 3.63 | -| [databricks](#provider\_databricks) | 0.5.1 | -| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | -| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | -| [random](#provider\_random) | ~> 3.1 | -| [time](#provider\_time) | ~> 0.7 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | -| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | -| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | -| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_kms_alias.managed_services_customer_managed_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | -| [aws_kms_key.managed_services_customer_managed_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | -| [databricks_mws_customer_managed_keys.managed_services](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_customer_managed_keys) | resource | -| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | -| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | -| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | -| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | -| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | -| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | -| [aws_iam_policy_document.databricks_managed_services_cmk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | -| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | -| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | +No resources. ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | -| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | -| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | -| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | -| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | -| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | -| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | -| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | -| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | -| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | -| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | -| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | +No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | -| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | -| [databricks\_host](#output\_databricks\_host) | databricks hostname | -| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | -| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | -| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | -| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | -| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | -| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | -| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | -| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | -| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | -| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | -| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | -| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | -| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | -| [vpc\_id](#output\_vpc\_id) | vpc id | -| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | -| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | -| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | -| [workspace\_url](#output\_workspace\_url) | databricks workspace url | - \ No newline at end of file +No outputs. + From 492268b937bab76427b7f0d905a482c4a7789410 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 13 Apr 2022 15:12:07 +0000 Subject: [PATCH 4/6] terraform-docs: automated action --- README.md | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 76 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0ce7839..b72e970 100644 --- a/README.md +++ b/README.md @@ -175,25 +175,95 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.1 | +| [aws](#requirement\_aws) | ~> 3.63 | +| [databricks](#requirement\_databricks) | 0.5.1 | +| [random](#requirement\_random) | ~> 3.1 | +| [time](#requirement\_time) | ~> 0.7 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 3.63 | +| [databricks](#provider\_databricks) | 0.5.1 | +| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | +| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | +| [random](#provider\_random) | ~> 3.1 | +| [time](#provider\_time) | ~> 0.7 | ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | +| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | +| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | +| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_kms_alias.managed_services_customer_managed_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_key.managed_services_customer_managed_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | +| [databricks_mws_customer_managed_keys.managed_services](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_customer_managed_keys) | resource | +| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | +| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | +| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | +| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [aws_iam_policy_document.databricks_managed_services_cmk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | +| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | +| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | ## Inputs -No inputs. +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | +| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | +| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | +| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | +| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | +| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | +| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | +| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | +| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | +| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | +| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | +| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | +| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | +| [databricks\_host](#output\_databricks\_host) | databricks hostname | +| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | +| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | +| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | +| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | +| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | +| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | +| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | +| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | +| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | +| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | +| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | +| [vpc\_id](#output\_vpc\_id) | vpc id | +| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | +| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | +| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | +| [workspace\_url](#output\_workspace\_url) | databricks workspace url | From 36ee3566a1e248fe7aeb45fb17b3918c99264cda Mon Sep 17 00:00:00 2001 From: tomarv2 Date: Wed, 13 Apr 2022 15:25:32 +0000 Subject: [PATCH 5/6] Sync from management repo --- README.md | 82 ++++--------------------------------------------- kms_services.tf | 44 -------------------------- kms_storage.tf | 44 -------------------------- 3 files changed, 6 insertions(+), 164 deletions(-) delete mode 100644 kms_services.tf delete mode 100644 kms_storage.tf diff --git a/README.md b/README.md index b72e970..0ce7839 100644 --- a/README.md +++ b/README.md @@ -175,95 +175,25 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 1.0.1 | -| [aws](#requirement\_aws) | ~> 3.63 | -| [databricks](#requirement\_databricks) | 0.5.1 | -| [random](#requirement\_random) | ~> 3.1 | -| [time](#requirement\_time) | ~> 0.7 | +No requirements. ## Providers -| Name | Version | -|------|---------| -| [aws](#provider\_aws) | ~> 3.63 | -| [databricks](#provider\_databricks) | 0.5.1 | -| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | -| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | -| [random](#provider\_random) | ~> 3.1 | -| [time](#provider\_time) | ~> 0.7 | +No providers. ## Modules -| Name | Source | Version | -|------|--------|---------| -| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | -| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | -| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | -| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | +No modules. ## Resources -| Name | Type | -|------|------| -| [aws_kms_alias.managed_services_customer_managed_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | -| [aws_kms_key.managed_services_customer_managed_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | -| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | -| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | -| [databricks_mws_customer_managed_keys.managed_services](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_customer_managed_keys) | resource | -| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | -| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | -| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | -| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | -| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | -| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | -| [aws_iam_policy_document.databricks_managed_services_cmk](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | -| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | -| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | -| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | -| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | +No resources. ## Inputs -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | -| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | -| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | -| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | -| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | -| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | -| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | -| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | -| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | -| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | -| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | -| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | +No inputs. ## Outputs -| Name | Description | -|------|-------------| -| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | -| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | -| [databricks\_host](#output\_databricks\_host) | databricks hostname | -| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | -| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | -| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | -| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | -| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | -| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | -| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | -| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | -| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | -| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | -| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | -| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | -| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | -| [vpc\_id](#output\_vpc\_id) | vpc id | -| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | -| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | -| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | -| [workspace\_url](#output\_workspace\_url) | databricks workspace url | +No outputs. diff --git a/kms_services.tf b/kms_services.tf deleted file mode 100644 index 1b584c8..0000000 --- a/kms_services.tf +++ /dev/null @@ -1,44 +0,0 @@ -data "aws_iam_policy_document" "databricks_managed_services_cmk" { - version = "2012-10-17" - statement { - sid = "Enable IAM User Permissions" - effect = "Allow" - principals { - type = "AWS" - identifiers = ["*"] - } - actions = ["kms:*"] - resources = ["*"] - } - statement { - sid = "Allow Databricks to use KMS key for control plane managed services" - effect = "Allow" - principals { - type = "AWS" - identifiers = ["arn:aws:iam::414351767826:root"] - } - actions = [ - "kms:Encrypt", - "kms:Decrypt" - ] - resources = ["*"] - } -} - -resource "aws_kms_key" "managed_services_customer_managed_key" { - policy = data.aws_iam_policy_document.databricks_managed_services_cmk.json -} - -resource "aws_kms_alias" "managed_services_customer_managed_key_alias" { - name = "alias/managed-services-customer-managed-key-alias" - target_key_id = aws_kms_key.managed_services_customer_managed_key.key_id -} - -resource "databricks_mws_customer_managed_keys" "managed_services" { - account_id = var.databricks_account_id - aws_key_info { - key_arn = aws_kms_key.managed_services_customer_managed_key.arn - key_alias = aws_kms_alias.managed_services_customer_managed_key_alias.name - } - use_cases = ["MANAGED_SERVICES"] -} diff --git a/kms_storage.tf b/kms_storage.tf deleted file mode 100644 index 1b584c8..0000000 --- a/kms_storage.tf +++ /dev/null @@ -1,44 +0,0 @@ -data "aws_iam_policy_document" "databricks_managed_services_cmk" { - version = "2012-10-17" - statement { - sid = "Enable IAM User Permissions" - effect = "Allow" - principals { - type = "AWS" - identifiers = ["*"] - } - actions = ["kms:*"] - resources = ["*"] - } - statement { - sid = "Allow Databricks to use KMS key for control plane managed services" - effect = "Allow" - principals { - type = "AWS" - identifiers = ["arn:aws:iam::414351767826:root"] - } - actions = [ - "kms:Encrypt", - "kms:Decrypt" - ] - resources = ["*"] - } -} - -resource "aws_kms_key" "managed_services_customer_managed_key" { - policy = data.aws_iam_policy_document.databricks_managed_services_cmk.json -} - -resource "aws_kms_alias" "managed_services_customer_managed_key_alias" { - name = "alias/managed-services-customer-managed-key-alias" - target_key_id = aws_kms_key.managed_services_customer_managed_key.key_id -} - -resource "databricks_mws_customer_managed_keys" "managed_services" { - account_id = var.databricks_account_id - aws_key_info { - key_arn = aws_kms_key.managed_services_customer_managed_key.arn - key_alias = aws_kms_alias.managed_services_customer_managed_key_alias.name - } - use_cases = ["MANAGED_SERVICES"] -} From 025cb05dabc4e950e3daef501640b4db4a878461 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 13 Apr 2022 15:27:36 +0000 Subject: [PATCH 6/6] terraform-docs: automated action --- README.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 72 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 0ce7839..fbc011d 100644 --- a/README.md +++ b/README.md @@ -175,25 +175,91 @@ Error: MALFORMED_REQUEST: Failed credentials validation checks: Spot Cancellatio ## Requirements -No requirements. +| Name | Version | +|------|---------| +| [terraform](#requirement\_terraform) | >= 1.0.1 | +| [aws](#requirement\_aws) | ~> 3.63 | +| [databricks](#requirement\_databricks) | 0.5.1 | +| [random](#requirement\_random) | ~> 3.1 | +| [time](#requirement\_time) | ~> 0.7 | ## Providers -No providers. +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | ~> 3.63 | +| [databricks](#provider\_databricks) | 0.5.1 | +| [databricks.created\_workspace](#provider\_databricks.created\_workspace) | 0.5.1 | +| [databricks.mws](#provider\_databricks.mws) | 0.5.1 | +| [random](#provider\_random) | ~> 3.1 | +| [time](#provider\_time) | ~> 0.7 | ## Modules -No modules. +| Name | Source | Version | +|------|--------|---------| +| [iam\_policies](#module\_iam\_policies) | git::git@github.com:tomarv2/terraform-aws-iam-policies.git | v0.0.4 | +| [iam\_role](#module\_iam\_role) | git::git@github.com:tomarv2/terraform-aws-iam-role.git//modules/iam_role_external | v0.0.7 | +| [s3](#module\_s3) | git::git@github.com:tomarv2/terraform-aws-s3.git | v0.0.8 | +| [vpc](#module\_vpc) | git::git@github.com:tomarv2/terraform-aws-vpc.git | v0.0.6 | ## Resources -No resources. +| Name | Type | +|------|------| +| [aws_s3_bucket_policy.root_bucket_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_policy) | resource | +| [databricks_mws_credentials.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_credentials) | resource | +| [databricks_mws_networks.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_networks) | resource | +| [databricks_mws_storage_configurations.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_storage_configurations) | resource | +| [databricks_mws_workspaces.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/mws_workspaces) | resource | +| [databricks_token.pat](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/resources/token) | resource | +| [random_string.naming](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) | resource | +| [time_sleep.wait](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource | +| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | +| [databricks_aws_assume_role_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_assume_role_policy) | data source | +| [databricks_aws_bucket_policy.this](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_bucket_policy) | data source | +| [databricks_aws_crossaccount_policy.cross_account_iam_policy](https://registry.terraform.io/providers/databrickslabs/databricks/0.5.1/docs/data-sources/aws_crossaccount_policy) | data source | ## Inputs -No inputs. +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [cidr\_block](#input\_cidr\_block) | The CIDR block for the VPC | `string` | `"10.4.0.0/16"` | no | +| [custom\_tags](#input\_custom\_tags) | Extra custom tags | `any` | `null` | no | +| [databricks\_account\_id](#input\_databricks\_account\_id) | External ID provided by third party. | `string` | n/a | yes | +| [databricks\_account\_password](#input\_databricks\_account\_password) | databricks account password | `string` | n/a | yes | +| [databricks\_account\_username](#input\_databricks\_account\_username) | databricks account username | `string` | n/a | yes | +| [databricks\_hostname](#input\_databricks\_hostname) | databricks hostname | `string` | `"https://accounts.cloud.databricks.com"` | no | +| [existing\_role\_name](#input\_existing\_role\_name) | If you want to use existing role name, else a new role will be created | `string` | `null` | no | +| [prjid](#input\_prjid) | Name of the project/stack e.g: mystack, nifieks, demoaci. Should not be changed after running 'tf apply' | `string` | n/a | yes | +| [profile](#input\_profile) | profile to use for resource creation | `string` | `"default"` | no | +| [profile\_for\_iam](#input\_profile\_for\_iam) | profile to use for IAM | `string` | `null` | no | +| [region](#input\_region) | AWS region to deploy resources | `string` | `"us-east-1"` | no | +| [teamid](#input\_teamid) | Name of the team/group e.g. devops, dataengineering. Should not be changed after running 'tf apply' | `string` | n/a | yes | ## Outputs -No outputs. +| Name | Description | +|------|-------------| +| [databricks\_credentials\_id](#output\_databricks\_credentials\_id) | databricks credentials id | +| [databricks\_deployment\_name](#output\_databricks\_deployment\_name) | databricks deployment name | +| [databricks\_host](#output\_databricks\_host) | databricks hostname | +| [databricks\_mws\_credentials\_id](#output\_databricks\_mws\_credentials\_id) | databricks mws credentials id | +| [databricks\_mws\_network\_id](#output\_databricks\_mws\_network\_id) | databricks mws network id | +| [databricks\_mws\_storage\_bucket\_name](#output\_databricks\_mws\_storage\_bucket\_name) | databricks mws storage bucket name | +| [databricks\_mws\_storage\_id](#output\_databricks\_mws\_storage\_id) | databricks mws storage id | +| [databricks\_token](#output\_databricks\_token) | Value of the newly created token | +| [databricks\_token\_lifetime\_hours](#output\_databricks\_token\_lifetime\_hours) | Token validity | +| [iam\_role\_arn](#output\_iam\_role\_arn) | iam role arn | +| [inline\_policy\_id](#output\_inline\_policy\_id) | inline policy id | +| [nonsensitive\_databricks\_token](#output\_nonsensitive\_databricks\_token) | Value of the newly created token (nonsensitive) | +| [s3\_bucket\_arn](#output\_s3\_bucket\_arn) | s3 bucket arn | +| [s3\_bucket\_id](#output\_s3\_bucket\_id) | s3 bucket id | +| [s3\_bucket\_name](#output\_s3\_bucket\_name) | s3 bucket name | +| [storage\_configuration\_id](#output\_storage\_configuration\_id) | databricks storage configuration id | +| [vpc\_id](#output\_vpc\_id) | vpc id | +| [vpc\_route\_table\_ids](#output\_vpc\_route\_table\_ids) | list of VPC route tables IDs | +| [vpc\_security\_group\_id](#output\_vpc\_security\_group\_id) | list of VPC security group ID | +| [vpc\_subnet\_ids](#output\_vpc\_subnet\_ids) | list of subnet ids within VPC | +| [workspace\_url](#output\_workspace\_url) | databricks workspace url |