Update adb-private-links to use azurerm v4 (#162)

Signed-off-by: Niko <[email protected]>

Author: r3stl355

examples/adb-private-links/README.md

@@ -26,6 +26,7 @@ With this deployment, traffic from user client to webapp (notebook UI), backend
 
 | Name             | Description | Type        | Default         | Required |
 | ---------------- | ----------- | ----------- | --------------- | :------: |
+| subscription_id  | n/a         | `string`    |                 |   yes    |
 | hubcidr          | n/a         | `string`    | "10.178.0.0/20" |   yes    |
 | spokecidr        | n/a         | `string`    | "10.179.0.0/20" |   yes    |
 | no\_public\_ip   | n/a         | `bool`      | `true`          |   yes    |
@@ -44,6 +45,8 @@ With this deployment, traffic from user client to webapp (notebook UI), backend
 | arm\_subscription\_id                      | n/a         |
 | arm\_tenant\_id                            | n/a         |
 | azure\_region                              | n/a         |
+| azure\_resource_group                      | n/a         |
 | databricks\_azure\_workspace\_resource\_id | n/a         |
 | resource\_group                            | n/a         |
+| workspace\_id                              | n/a         |
 | workspace\_url                             | n/a         |

examples/adb-private-links/main.tf

@@ -1,19 +1,3 @@
-/**
- * Azure Databricks workspace in custom VNet
- *
- * Module creates:
- * * Resource group with random prefix
- * * Tags, including `Owner`, which is taken from `az account show --query user`
- * * VNet with public and private subnet
- * * Databricks workspace
- */
-provider "azurerm" {
-  features {}
-}
-
-provider "random" {
-}
-
 resource "random_string" "naming" {
   special = false
   upper   = false
@@ -28,7 +12,6 @@ data "external" "me" {
 }
 
 locals {
-  // dltp - databricks labs terraform provider
   prefix   = join("-", [var.workspace_prefix, "${random_string.naming.result}"])
   location = var.rglocation
   cidr     = var.spokecidr
@@ -46,24 +29,4 @@ resource "azurerm_resource_group" "this" {
   name     = "adb-dev-${local.prefix}-rg"
   location = local.location
   tags     = local.tags
-}
-
-output "arm_client_id" {
-  value = data.azurerm_client_config.current.client_id
-}
-
-output "arm_subscription_id" {
-  value = data.azurerm_client_config.current.subscription_id
-}
-
-output "arm_tenant_id" {
-  value = data.azurerm_client_config.current.tenant_id
-}
-
-output "azure_region" {
-  value = local.location
-}
-
-output "resource_group" {
-  value = azurerm_resource_group.this.name
-}
+}

examples/adb-private-links/outputs.tf

@@ -0,0 +1,39 @@
+output "azure_resource_group_id" {
+  description = "ID of the created Azure resource group"
+  value       = azurerm_resource_group.this.id
+}
+
+output "workspace_id" {
+  description = "The Databricks workspace ID"
+  value       = azurerm_databricks_workspace.this.workspace_id
+}
+
+output "workspace_url" {
+  description = "The Databricks workspace URL"
+  value       = azurerm_databricks_workspace.this.workspace_url
+}
+
+output "arm_client_id" {
+  description = "**Depricated**"
+  value       = data.azurerm_client_config.current.client_id
+}
+
+output "arm_subscription_id" {
+  description = "**Depricated**"
+  value       = data.azurerm_client_config.current.subscription_id
+}
+
+output "arm_tenant_id" {
+  description = "**Depricated**"
+  value       = data.azurerm_client_config.current.tenant_id
+}
+
+output "azure_region" {
+  description = "**Depricated**"
+  value       = local.location
+}
+
+output "resource_group" {
+  description = "**Depricated**"
+  value       = azurerm_resource_group.this.name
+}

examples/adb-private-links/providers.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    databricks = {
+      source  = "databricks/databricks"
+      version = ">=1.52.0"
+    }
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">=4.0.0"
+    }
+    random = {
+      source = "hashicorp/random"
+    }
+  }
+}
+
+provider "azurerm" {
+  subscription_id = var.subscription_id
+  features {}
+}

examples/adb-private-links/terraform.tfvars

@@ -1,6 +1,6 @@
+subscription_id   = "<your Azure Subscription ID here>"
 hubcidr          = "10.178.0.0/20"
 spokecidr        = "10.179.0.0/20"
-no_public_ip     = true
 rglocation       = "southeastasia"
 metastoreip      = "40.78.233.2"
 dbfs_prefix      = "dbfs"

examples/adb-private-links/variables.tf

@@ -1,3 +1,8 @@
+variable "subscription_id" {
+  type        = string
+  description = "Azure Subscription ID to deploy the workspace into"
+}
+
 variable "hubcidr" {
   type    = string
   default = "10.178.0.0/20"
@@ -8,11 +13,6 @@ variable "spokecidr" {
   default = "10.179.0.0/20"
 }
 
-variable "no_public_ip" {
-  type    = bool
-  default = true
-}
-
 variable "rglocation" {
   type    = string
   default = "southeastasia"

examples/adb-private-links/versions.tf

@@ -40,6 +40,7 @@ resource "azurerm_network_security_rule" "azfrontdoor" {
   resource_group_name         = azurerm_resource_group.this.name
   network_security_group_name = azurerm_network_security_group.this.name
 }
+
 resource "azurerm_subnet" "public" {
   name                 = "${local.prefix}-public"
   resource_group_name  = azurerm_resource_group.this.name
@@ -73,8 +74,7 @@ resource "azurerm_subnet" "private" {
   virtual_network_name = azurerm_virtual_network.this.name
   address_prefixes     = [cidrsubnet(local.cidr, 3, 1)]
 
-  enforce_private_link_endpoint_network_policies = true
-  enforce_private_link_service_network_policies  = true
+  private_endpoint_network_policies = "Enabled"
 
   delegation {
     name = "databricks"
@@ -95,16 +95,14 @@ resource "azurerm_subnet_network_security_group_association" "private" {
   network_security_group_id = azurerm_network_security_group.this.id
 }
 
-
 resource "azurerm_subnet" "plsubnet" {
-  name                                           = "${local.prefix}-privatelink"
-  resource_group_name                            = azurerm_resource_group.this.name
-  virtual_network_name                           = azurerm_virtual_network.this.name
-  address_prefixes                               = [cidrsubnet(local.cidr, 3, 2)]
-  enforce_private_link_endpoint_network_policies = true // set to true to disable subnet policy
+  name                              = "${local.prefix}-privatelink"
+  resource_group_name               = azurerm_resource_group.this.name
+  virtual_network_name              = azurerm_virtual_network.this.name
+  address_prefixes                  = [cidrsubnet(local.cidr, 3, 2)]
+  private_endpoint_network_policies = "Enabled"
 }
 
-
 resource "azurerm_virtual_network" "hubvnet" {
   name                = "${local.prefix}-hub-vnet"
   location            = azurerm_resource_group.this.location
@@ -121,7 +119,6 @@ resource "azurerm_subnet" "hubfw" {
   address_prefixes     = [cidrsubnet(var.hubcidr, 3, 0)]
 }
 
-
 resource "azurerm_virtual_network_peering" "hubvnet" {
   name                      = "peerhubtospoke"
   resource_group_name       = azurerm_resource_group.this.name
@@ -134,4 +131,4 @@ resource "azurerm_virtual_network_peering" "spokevnet" {
   resource_group_name       = azurerm_resource_group.this.name
   virtual_network_name      = azurerm_virtual_network.this.name
   remote_virtual_network_id = azurerm_virtual_network.hubvnet.id
-}
+}

examples/adb-private-links/vnet.tf

@@ -7,9 +7,7 @@ resource "azurerm_databricks_workspace" "this" {
   public_network_access_enabled         = false                    //use private endpoint
   network_security_group_rules_required = "NoAzureDatabricksRules" //use private endpoint
   customer_managed_key_enabled          = true
-  //infrastructure_encryption_enabled = true
   custom_parameters {
-    no_public_ip                                         = var.no_public_ip
     virtual_network_id                                   = azurerm_virtual_network.this.id
     private_subnet_name                                  = azurerm_subnet.private.name
     public_subnet_name                                   = azurerm_subnet.public.name
@@ -22,15 +20,4 @@ resource "azurerm_databricks_workspace" "this" {
     azurerm_subnet_network_security_group_association.public,
     azurerm_subnet_network_security_group_association.private
   ]
-}
-
-output "databricks_azure_workspace_resource_id" {
-  // The ID of the Databricks Workspace in the Azure management plane.
-  value = azurerm_databricks_workspace.this.id
-}
-
-output "workspace_url" {
-  // The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'
-  // this is not named as DATABRICKS_HOST, because it affect authentication
-  value = "https://${azurerm_databricks_workspace.this.workspace_url}/"
-}
+}