UNPKG

@pulumi/databricks

Version:

A Pulumi package for creating and managing databricks cloud resources.

www.pulumi.com

pulumi/pulumi-databricks

231 lines (230 loc) 14.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
import * as pulumi from "@pulumi/pulumi"; /** * > Initialize provider with `alias = "mws"`, `host = "https://accounts.cloud.databricks.com"` and use `provider = databricks.mws` * * This resource configures the delivery of the two supported log types from Databricks workspaces: [billable usage logs](https://docs.databricks.com/administration-guide/account-settings/billable-usage-delivery.html) and [audit logs](https://docs.databricks.com/administration-guide/account-settings/audit-logs.html). * * You cannot delete a log delivery configuration, but you can disable it when you no longer need it. This fact is important because there is a limit to the number of enabled log delivery configurations that you can create for an account. You can create a maximum of two enabled configurations that use the account level (no workspace filter) and two enabled configurations for every specific workspace (a workspaceId can occur in the workspace filter for two configurations). You can re-enable a disabled configuration, but the request fails if it violates the limits previously described. * * ## Billable Usage * * CSV files are delivered to `<delivery_path_prefix>/billable-usage/csv/` and are named `workspaceId=<workspace-id>-usageMonth=<month>.csv`, which are delivered daily by overwriting the month's CSV file for each workspace. Format of CSV file, as well as some usage examples, can be found [here](https://docs.databricks.com/administration-guide/account-settings/usage.html#download-usage-as-a-csv-file). * * Common processing scenario is to apply [cost allocation tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html), that could be enforced by setting customTags on a cluster or through cluster policy. Report contains `clusterId` field, that could be joined with data from AWS [cost and usage reports](https://docs.aws.amazon.com/cur/latest/userguide/cur-create.html), that can be joined with `user:ClusterId` tag from AWS usage report. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const usageLogs = new databricks.MwsLogDelivery("usage_logs", { * accountId: databricksAccountId, * credentialsId: logWriter.credentialsId, * storageConfigurationId: logBucket.storageConfigurationId, * deliveryPathPrefix: "billable-usage", * configName: "Usage Logs", * logType: "BILLABLE_USAGE", * outputFormat: "CSV", * }); * ``` * * ## Audit Logs * * JSON files with [static schema](https://docs.databricks.com/administration-guide/account-settings/audit-logs.html#audit-log-schema) are delivered to `<delivery_path_prefix>/workspaceId=<workspaceId>/date=<yyyy-mm-dd>/auditlogs_<internal-id>.json`. Logs are available within 15 minutes of activation for audit logs. New JSON files are delivered every few minutes, potentially overwriting existing files for each workspace. Sometimes data may arrive later than 15 minutes. Databricks can overwrite the delivered log files in your bucket at any time. If a file is overwritten, the existing content remains, but there may be additional lines for more auditable events. Overwriting ensures exactly-once semantics without requiring read or delete access to your account. * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const auditLogs = new databricks.MwsLogDelivery("audit_logs", { * accountId: databricksAccountId, * credentialsId: logWriter.credentialsId, * storageConfigurationId: logBucket.storageConfigurationId, * deliveryPathPrefix: "audit-logs", * configName: "Audit Logs", * logType: "AUDIT_LOGS", * outputFormat: "JSON", * }); * ``` * * ## Related Resources * * The following resources are used in the same context: * * * Provisioning Databricks on AWS guide. * * databricks.MwsCredentials to configure the cross-account role for creation of new workspaces within AWS. * * databricks.MwsCustomerManagedKeys to configure KMS keys for new workspaces within AWS. * * databricks.MwsNetworks to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS. * * databricks.MwsStorageConfigurations to configure root bucket new workspaces within AWS. * * databricks.MwsWorkspaces to set up [AWS and GCP workspaces](https://docs.databricks.com/getting-started/overview.html#e2-architecture-1). * * ## Import * * !> Importing this resource is not currently supported. */ export declare class MwsLogDelivery extends pulumi.CustomResource { /** * Get an existing MwsLogDelivery resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MwsLogDeliveryState, opts?: pulumi.CustomResourceOptions): MwsLogDelivery; /** * Returns true if the given object is an instance of MwsLogDelivery. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is MwsLogDelivery; /** * Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/). */ readonly accountId: pulumi.Output<string>; /** * Databricks log delivery configuration ID. */ readonly configId: pulumi.Output<string>; /** * The optional human-readable name of the log delivery configuration. Defaults to empty. */ readonly configName: pulumi.Output<string | undefined>; /** * The ID for a Databricks credential configuration that represents the AWS IAM role with policy and trust relationship as described in the main billable usage documentation page. */ readonly credentialsId: pulumi.Output<string>; /** * Defaults to empty, which means that logs are delivered to the root of the bucket. The value must be a valid S3 object key. It must not start or end with a slash character. */ readonly deliveryPathPrefix: pulumi.Output<string | undefined>; /** * The optional start month and year for delivery, specified in YYYY-MM format. Defaults to current year and month. Usage is not available before 2019-03. */ readonly deliveryStartTime: pulumi.Output<string>; /** * The type of log delivery. `BILLABLE_USAGE` and `AUDIT_LOGS` are supported. */ readonly logType: pulumi.Output<string>; /** * The file type of log delivery. Currently `CSV` (for `BILLABLE_USAGE`) and `JSON` (for `AUDIT_LOGS`) are supported. */ readonly outputFormat: pulumi.Output<string>; /** * Status of log delivery configuration. Set to ENABLED or DISABLED. Defaults to ENABLED. This is the only field you can update. */ readonly status: pulumi.Output<string>; /** * The ID for a Databricks storage configuration that represents the S3 bucket with bucket policy as described in the main billable usage documentation page. */ readonly storageConfigurationId: pulumi.Output<string>; /** * By default, this log configuration applies to all workspaces associated with your account ID. If your account is on the multitenant version of the platform or on a select custom plan that allows multiple workspaces per account, you may have multiple workspaces associated with your account ID. You can optionally set the field as mentioned earlier to an array of workspace IDs. If you plan to use different log delivery configurations for several workspaces, set this explicitly rather than leaving it blank. If you leave this blank and your account ID gets additional workspaces in the future, this configuration will also apply to the new workspaces. */ readonly workspaceIdsFilters: pulumi.Output<number[] | undefined>; /** * Create a MwsLogDelivery resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: MwsLogDeliveryArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering MwsLogDelivery resources. */ export interface MwsLogDeliveryState { /** * Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/). */ accountId?: pulumi.Input<string>; /** * Databricks log delivery configuration ID. */ configId?: pulumi.Input<string>; /** * The optional human-readable name of the log delivery configuration. Defaults to empty. */ configName?: pulumi.Input<string>; /** * The ID for a Databricks credential configuration that represents the AWS IAM role with policy and trust relationship as described in the main billable usage documentation page. */ credentialsId?: pulumi.Input<string>; /** * Defaults to empty, which means that logs are delivered to the root of the bucket. The value must be a valid S3 object key. It must not start or end with a slash character. */ deliveryPathPrefix?: pulumi.Input<string>; /** * The optional start month and year for delivery, specified in YYYY-MM format. Defaults to current year and month. Usage is not available before 2019-03. */ deliveryStartTime?: pulumi.Input<string>; /** * The type of log delivery. `BILLABLE_USAGE` and `AUDIT_LOGS` are supported. */ logType?: pulumi.Input<string>; /** * The file type of log delivery. Currently `CSV` (for `BILLABLE_USAGE`) and `JSON` (for `AUDIT_LOGS`) are supported. */ outputFormat?: pulumi.Input<string>; /** * Status of log delivery configuration. Set to ENABLED or DISABLED. Defaults to ENABLED. This is the only field you can update. */ status?: pulumi.Input<string>; /** * The ID for a Databricks storage configuration that represents the S3 bucket with bucket policy as described in the main billable usage documentation page. */ storageConfigurationId?: pulumi.Input<string>; /** * By default, this log configuration applies to all workspaces associated with your account ID. If your account is on the multitenant version of the platform or on a select custom plan that allows multiple workspaces per account, you may have multiple workspaces associated with your account ID. You can optionally set the field as mentioned earlier to an array of workspace IDs. If you plan to use different log delivery configurations for several workspaces, set this explicitly rather than leaving it blank. If you leave this blank and your account ID gets additional workspaces in the future, this configuration will also apply to the new workspaces. */ workspaceIdsFilters?: pulumi.Input<pulumi.Input<number>[]>; } /** * The set of arguments for constructing a MwsLogDelivery resource. */ export interface MwsLogDeliveryArgs { /** * Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/). */ accountId: pulumi.Input<string>; /** * Databricks log delivery configuration ID. */ configId?: pulumi.Input<string>; /** * The optional human-readable name of the log delivery configuration. Defaults to empty. */ configName?: pulumi.Input<string>; /** * The ID for a Databricks credential configuration that represents the AWS IAM role with policy and trust relationship as described in the main billable usage documentation page. */ credentialsId: pulumi.Input<string>; /** * Defaults to empty, which means that logs are delivered to the root of the bucket. The value must be a valid S3 object key. It must not start or end with a slash character. */ deliveryPathPrefix?: pulumi.Input<string>; /** * The optional start month and year for delivery, specified in YYYY-MM format. Defaults to current year and month. Usage is not available before 2019-03. */ deliveryStartTime?: pulumi.Input<string>; /** * The type of log delivery. `BILLABLE_USAGE` and `AUDIT_LOGS` are supported. */ logType: pulumi.Input<string>; /** * The file type of log delivery. Currently `CSV` (for `BILLABLE_USAGE`) and `JSON` (for `AUDIT_LOGS`) are supported. */ outputFormat: pulumi.Input<string>; /** * Status of log delivery configuration. Set to ENABLED or DISABLED. Defaults to ENABLED. This is the only field you can update. */ status?: pulumi.Input<string>; /** * The ID for a Databricks storage configuration that represents the S3 bucket with bucket policy as described in the main billable usage documentation page. */ storageConfigurationId: pulumi.Input<string>; /** * By default, this log configuration applies to all workspaces associated with your account ID. If your account is on the multitenant version of the platform or on a select custom plan that allows multiple workspaces per account, you may have multiple workspaces associated with your account ID. You can optionally set the field as mentioned earlier to an array of workspace IDs. If you plan to use different log delivery configurations for several workspaces, set this explicitly rather than leaving it blank. If you leave this blank and your account ID gets additional workspaces in the future, this configuration will also apply to the new workspaces. */ workspaceIdsFilters?: pulumi.Input<pulumi.Input<number>[]>; }