-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
81 lines (68 loc) · 2.51 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
locals {
# Maps 'external_locations' object, conditionally validates if 'name' parameter is provided
external_locations_mapped = {
for object in var.external_locations : object.index => object
if length(object.index) != 0
}
# Filters 'external_locations' mapped local variable for existing valid permissions
external_locations_permissions_mapped = {
for k, v in local.external_locations_mapped : k => v.permissions
if length(v.permissions) != 0
}
}
resource "databricks_storage_credential" "this" {
count = var.storage_credential.cloud != "" ? 1 : 0
name = var.storage_credential.name
owner = var.storage_credential.owner
# Dynamic block for Azure
dynamic "azure_managed_identity" {
for_each = var.storage_credential.cloud == "azure" ? [1] : []
content {
access_connector_id = var.storage_credential.azure_access_connector_id
}
}
# Dynamic block for GCP
dynamic "databricks_gcp_service_account" {
for_each = var.storage_credential.cloud == "gcp" ? [1] : []
content {}
}
force_destroy = var.storage_credential.force_destroy
comment = var.storage_credential.comment
isolation_mode = var.storage_credential.cloud == "azure" ? var.storage_credential.isolation_mode : null
}
resource "databricks_grants" "credential" {
count = var.storage_credential.cloud != "" ? 1 : 0
storage_credential = try(databricks_storage_credential.this[0].id, null)
dynamic "grant" {
for_each = var.storage_credential.permissions
content {
principal = grant.value.principal
privileges = grant.value.privileges
}
}
}
resource "databricks_external_location" "this" {
for_each = local.external_locations_mapped
name = each.value.name
owner = each.value.owner
url = each.value.url
credential_name = coalesce(try(databricks_storage_credential.this[0].id, null), each.value.credentials_name)
comment = each.value.comment
skip_validation = each.value.skip_validation
read_only = each.value.read_only
force_destroy = each.value.force_destroy
force_update = each.value.force_update
isolation_mode = each.value.isolation_mode
}
resource "databricks_grants" "locations" {
for_each = local.external_locations_permissions_mapped
external_location = databricks_external_location.this[each.key].id
dynamic "grant" {
for_each = each.value
content {
principal = grant.value.principal
privileges = grant.value.privileges
}
}
depends_on = [databricks_grants.credential]
}