@pulumi/databricks
Version:
A Pulumi package for creating and managing databricks cloud resources.
181 lines • 8.68 kB
JavaScript
;
// *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
Object.defineProperty(exports, "__esModule", { value: true });
exports.Credential = void 0;
const pulumi = require("@pulumi/pulumi");
const utilities = require("./utilities");
/**
* > This resource can only be used with a workspace-level provider.
*
* A credential represents an authentication and authorization mechanism for accessing services on your cloud tenant. Each credential is subject to Unity Catalog access-control policies that control which users and groups can access the credential.
*
* The type of credential to be created is determined by the `purpose` field, which should be either `SERVICE` or `STORAGE`.
* The caller must be a metastore admin or have the metastore privilege `CREATE_STORAGE_CREDENTIAL` for storage credentials, or `CREATE_SERVICE_CREDENTIAL` for service credentials. The user who creates the credential can delegate ownership to another user or group to manage permissions on it
*
* On AWS, the IAM role for a credential requires a trust policy. See [documentation](https://docs.databricks.com/en/connect/unity-catalog/cloud-services/service-credentials.html#step-1-create-an-iam-role) for more details. The data source databricks.getAwsUnityCatalogAssumeRolePolicy can be used to create the necessary AWS Unity Catalog assume role policy.
*
* ## Example Usage
*
* For AWS
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as databricks from "@pulumi/databricks";
*
* const external = new databricks.Credential("external", {
* name: externalDataAccess.name,
* awsIamRole: {
* roleArn: externalDataAccess.arn,
* },
* purpose: "SERVICE",
* comment: "Managed by TF",
* });
* const externalCreds = new databricks.Grants("external_creds", {
* credential: external.id,
* grants: [{
* principal: "Data Engineers",
* privileges: ["ACCESS"],
* }],
* });
* ```
*
* For Azure
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as databricks from "@pulumi/databricks";
*
* const externalMi = new databricks.Credential("external_mi", {
* name: "mi_credential",
* azureManagedIdentity: {
* accessConnectorId: example.id,
* },
* purpose: "SERVICE",
* comment: "Managed identity credential managed by TF",
* });
* const externalCreds = new databricks.Grants("external_creds", {
* credential: externalMi.id,
* grants: [{
* principal: "Data Engineers",
* privileges: ["ACCESS"],
* }],
* });
* ```
*
* For GCP
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as databricks from "@pulumi/databricks";
*
* const externalGcpSa = new databricks.Credential("external_gcp_sa", {
* name: "gcp_sa_credential",
* databricksGcpServiceAccount: {},
* purpose: "SERVICE",
* comment: "GCP SA credential managed by TF",
* });
* const externalCreds = new databricks.Grants("external_creds", {
* credential: externalGcpSa.id,
* grants: [{
* principal: "Data Engineers",
* privileges: ["ACCESS"],
* }],
* });
* ```
*
* ## Import
*
* This resource can be imported by name:
*
* bash
*
* ```sh
* $ pulumi import databricks:index/credential:Credential this <name>
* ```
*/
class Credential extends pulumi.CustomResource {
/**
* Get an existing Credential resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name, id, state, opts) {
return new Credential(name, state, Object.assign(Object.assign({}, opts), { id: id }));
}
/**
* Returns true if the given object is an instance of Credential. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj) {
if (obj === undefined || obj === null) {
return false;
}
return obj['__pulumiType'] === Credential.__pulumiType;
}
constructor(name, argsOrState, opts) {
let resourceInputs = {};
opts = opts || {};
if (opts.id) {
const state = argsOrState;
resourceInputs["awsIamRole"] = state ? state.awsIamRole : undefined;
resourceInputs["azureManagedIdentity"] = state ? state.azureManagedIdentity : undefined;
resourceInputs["azureServicePrincipal"] = state ? state.azureServicePrincipal : undefined;
resourceInputs["comment"] = state ? state.comment : undefined;
resourceInputs["createdAt"] = state ? state.createdAt : undefined;
resourceInputs["createdBy"] = state ? state.createdBy : undefined;
resourceInputs["credentialId"] = state ? state.credentialId : undefined;
resourceInputs["databricksGcpServiceAccount"] = state ? state.databricksGcpServiceAccount : undefined;
resourceInputs["forceDestroy"] = state ? state.forceDestroy : undefined;
resourceInputs["forceUpdate"] = state ? state.forceUpdate : undefined;
resourceInputs["fullName"] = state ? state.fullName : undefined;
resourceInputs["isolationMode"] = state ? state.isolationMode : undefined;
resourceInputs["metastoreId"] = state ? state.metastoreId : undefined;
resourceInputs["name"] = state ? state.name : undefined;
resourceInputs["owner"] = state ? state.owner : undefined;
resourceInputs["purpose"] = state ? state.purpose : undefined;
resourceInputs["readOnly"] = state ? state.readOnly : undefined;
resourceInputs["skipValidation"] = state ? state.skipValidation : undefined;
resourceInputs["updatedAt"] = state ? state.updatedAt : undefined;
resourceInputs["updatedBy"] = state ? state.updatedBy : undefined;
resourceInputs["usedForManagedStorage"] = state ? state.usedForManagedStorage : undefined;
}
else {
const args = argsOrState;
if ((!args || args.purpose === undefined) && !opts.urn) {
throw new Error("Missing required property 'purpose'");
}
resourceInputs["awsIamRole"] = args ? args.awsIamRole : undefined;
resourceInputs["azureManagedIdentity"] = args ? args.azureManagedIdentity : undefined;
resourceInputs["azureServicePrincipal"] = args ? args.azureServicePrincipal : undefined;
resourceInputs["comment"] = args ? args.comment : undefined;
resourceInputs["createdAt"] = args ? args.createdAt : undefined;
resourceInputs["createdBy"] = args ? args.createdBy : undefined;
resourceInputs["databricksGcpServiceAccount"] = args ? args.databricksGcpServiceAccount : undefined;
resourceInputs["forceDestroy"] = args ? args.forceDestroy : undefined;
resourceInputs["forceUpdate"] = args ? args.forceUpdate : undefined;
resourceInputs["fullName"] = args ? args.fullName : undefined;
resourceInputs["isolationMode"] = args ? args.isolationMode : undefined;
resourceInputs["metastoreId"] = args ? args.metastoreId : undefined;
resourceInputs["name"] = args ? args.name : undefined;
resourceInputs["owner"] = args ? args.owner : undefined;
resourceInputs["purpose"] = args ? args.purpose : undefined;
resourceInputs["readOnly"] = args ? args.readOnly : undefined;
resourceInputs["skipValidation"] = args ? args.skipValidation : undefined;
resourceInputs["updatedAt"] = args ? args.updatedAt : undefined;
resourceInputs["updatedBy"] = args ? args.updatedBy : undefined;
resourceInputs["usedForManagedStorage"] = args ? args.usedForManagedStorage : undefined;
resourceInputs["credentialId"] = undefined /*out*/;
}
opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);
super(Credential.__pulumiType, name, resourceInputs, opts);
}
}
exports.Credential = Credential;
/** @internal */
Credential.__pulumiType = 'databricks:index/credential:Credential';
//# sourceMappingURL=credential.js.map