Skip to content

Databricks on GCP data exfiltration protection workspace deployment #172

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alexott merged 12 commits into from
Jun 23, 2025
Merged

Databricks on GCP data exfiltration protection workspace deployment #172

alexott merged 12 commits into from
Jun 23, 2025

Conversation

@micheledaddetta-databricks
Copy link
Collaborator

@micheledaddetta-databricks micheledaddetta-databricks commented Feb 6, 2025

The module still uses the CMv2 architecture. When the CMv1 architecture will be released and supported by Terraform provider, the implementation will be reviewed

@micheledaddetta-databricks
Optional Resource Group creation in adb-lakehouse module
2e99eff 
The commit contains the implementation for the workspace resource group. However this change requires to no more use the local.rg_location variable, since the value is known after the apply, and rhis force the replacement of all of the resources
@micheledaddetta-databricks
Merge branch 'main' into main
5b8be50
@micheledaddetta-databricks
Fix resource group name value in the azure data factory resource
f86408e
@micheledaddetta-databricks
Merge branch 'databricks:main' into main
c83947b
@micheledaddetta-databricks
Document examples
b4aafcf 
Most of README files were already defined. TFDocs updated in each of them
@micheledaddetta-databricks
Remove modules reference and change how to use guide
e3329fa
@micheledaddetta-databricks
Databricks on GCP data exfiltration protection workspace deployment
074a016
@micheledaddetta-databricks
Merge branch 'databricks:main' into main
3dec5d4
@alexott
Copy link
Collaborator

alexott commented Feb 18, 2025

@bhavink - wdyt?

@bhavink
Copy link

bhavink commented Feb 19, 2025

@alexott I do not think on GCP we need traditional hub/spoke based arch. Shared vpc based deployment is a common and popular arch where one could use vpc f/w rules along with vpc sc to prevent data exfiltration. TF support for CMv1 will be available by early March 2025 so may I suggest that we wait for it to be released and then update the GCP specific module?

@alexott
Copy link
Collaborator

alexott commented Feb 19, 2025

I agree about waiting for CMv1 migration

@alexott alexott requested a review from Copilot March 18, 2025 06:55
Copilot AI reviewed Mar 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds documentation to support the deployment of Databricks on GCP with data exfiltration protection using a Hub & Spoke network architecture while still using the CMv2 architecture.

  • Added an example README for provisioning the workspace in the examples directory.
  • Introduced a module README that details resource outcomes and the network architecture for the deployment.

Reviewed Changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 2 comments.

File Description
examples/gcp-with-psc-exfiltration-protection/README.md New documentation for workspace provisioning using hub & spoke architecture
modules/gcp-with-psc-exfiltration-protection/README.md Detailed module documentation including architecture and resource listings

@alexott
Copy link
Collaborator

alexott commented Apr 2, 2025

@micheledaddetta-databricks can you update the code to use provider >= 1.71 - it includes changes for CMv1 support

@micheledaddetta-databricks
Copy link
Collaborator Author

micheledaddetta-databricks commented Apr 16, 2025

@alexott I'll update it during next week

@micheledaddetta-databricks
Align implementation with GCE (CMv1) version
edc6842 
Starting from provider version 1.71 CMv1 is supported for Databricks on GCP
@micheledaddetta-databricks
Copy link
Collaborator Author

micheledaddetta-databricks commented May 12, 2025

@alexott here you can find updated code

@micheledaddetta-databricks
Remove references to GKE related variables
4626350
@micheledaddetta-databricks
Add utility for Unity Catalog setup in GCP
ec6fc72 
This is an initial implementation. I will enhance it in the future commits in order to include metastore admin assignment, workspace-metastore binding, catalog owner, catalog-workspace binding.
In case the module can be built in order to be cloud agnostic.
alexott
alexott reviewed May 27, 2025
View reviewed changes
Copy link
Collaborator

@alexott alexott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes required, like, update image

alexott
alexott approved these changes Jun 23, 2025
View reviewed changes
Copy link
Collaborator

@alexott alexott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@alexott alexott merged commit 7d3ee0d into databricks:main Jun 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alexott alexott alexott approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@micheledaddetta-databricks @alexott @bhavink