UNPKG

@pulumi/databricks

Version:

A Pulumi package for creating and managing databricks cloud resources.

www.pulumi.com

pulumi/pulumi-databricks

210 lines (209 loc) 9.28 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
import * as pulumi from "@pulumi/pulumi"; /** * This resource allows you to set entitlements to existing databricks_users, databricks.Group or databricks_service_principal. * * > You must define entitlements of a principal using either `databricks.Entitlements` or directly within one of databricks_users, databricks.Group or databricks_service_principal. Having entitlements defined in both resources will result in non-deterministic behaviour. * * ## Example Usage * * Setting entitlements for a regular user: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const me = databricks.getUser({ * userName: "me@example.com", * }); * const meEntitlements = new databricks.Entitlements("me", { * userId: me.then(me => me.id), * allowClusterCreate: true, * allowInstancePoolCreate: true, * }); * ``` * * Setting entitlements for a service principal: * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const _this = databricks.getServicePrincipal({ * applicationId: "11111111-2222-3333-4444-555666777888", * }); * const thisEntitlements = new databricks.Entitlements("this", { * servicePrincipalId: _this.then(_this => _this.spId), * allowClusterCreate: true, * allowInstancePoolCreate: true, * }); * ``` * * Setting entitlements to all users in a workspace - referencing special `users` databricks.Group * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const users = databricks.getGroup({ * displayName: "users", * }); * const workspace_users = new databricks.Entitlements("workspace-users", { * groupId: users.then(users => users.id), * allowClusterCreate: true, * allowInstancePoolCreate: true, * }); * ``` * * ## Related Resources * * The following resources are often used in the same context: * * * End to end workspace management guide. * * databricks.Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments). * * databricks.Group data to retrieve information about databricks.Group members, entitlements and instance profiles. * * databricks.GroupInstanceProfile to attach databricks.InstanceProfile (AWS) to databricks_group. * * databricks.GroupMember to attach users and groups as group members. * * databricks.InstanceProfile to manage AWS EC2 instance profiles that users can launch databricks.Cluster and access data, like databricks_mount. * * databricks.User data to retrieve information about databricks_user. * * ## Import * * The resource can be imported using a synthetic identifier. Examples of valid synthetic identifiers are: * * * `user/user_id` - user `user_id`. * * * `group/group_id` - group `group_id`. * * * `spn/spn_id` - service principal `spn_id`. * * bash * * ```sh * $ pulumi import databricks:index/entitlements:Entitlements me user/<user-id> * ``` */ export declare class Entitlements extends pulumi.CustomResource { /** * Get an existing Entitlements resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: EntitlementsState, opts?: pulumi.CustomResourceOptions): Entitlements; /** * Returns true if the given object is an instance of Entitlements. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Entitlements; /** * Allow the principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within boundaries of that specific policy. */ readonly allowClusterCreate: pulumi.Output<boolean | undefined>; /** * Allow the principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument. */ readonly allowInstancePoolCreate: pulumi.Output<boolean | undefined>; /** * This is a field to allow the principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature in User Interface and through databricks_sql_endpoint. */ readonly databricksSqlAccess: pulumi.Output<boolean | undefined>; /** * Canonical unique identifier for the group. */ readonly groupId: pulumi.Output<string | undefined>; /** * Canonical unique identifier for the service principal. * * The following entitlements are available. */ readonly servicePrincipalId: pulumi.Output<string | undefined>; /** * Canonical unique identifier for the user. */ readonly userId: pulumi.Output<string | undefined>; /** * This is a field to allow the principal to have access to Databricks Workspace. */ readonly workspaceAccess: pulumi.Output<boolean | undefined>; /** * Create a Entitlements resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: EntitlementsArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering Entitlements resources. */ export interface EntitlementsState { /** * Allow the principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within boundaries of that specific policy. */ allowClusterCreate?: pulumi.Input<boolean>; /** * Allow the principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument. */ allowInstancePoolCreate?: pulumi.Input<boolean>; /** * This is a field to allow the principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature in User Interface and through databricks_sql_endpoint. */ databricksSqlAccess?: pulumi.Input<boolean>; /** * Canonical unique identifier for the group. */ groupId?: pulumi.Input<string>; /** * Canonical unique identifier for the service principal. * * The following entitlements are available. */ servicePrincipalId?: pulumi.Input<string>; /** * Canonical unique identifier for the user. */ userId?: pulumi.Input<string>; /** * This is a field to allow the principal to have access to Databricks Workspace. */ workspaceAccess?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a Entitlements resource. */ export interface EntitlementsArgs { /** * Allow the principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and `clusterId` argument. Everyone without `allowClusterCreate` argument set, but with permission to use Cluster Policy would be able to create clusters, but within boundaries of that specific policy. */ allowClusterCreate?: pulumi.Input<boolean>; /** * Allow the principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks.Permissions and instancePoolId argument. */ allowInstancePoolCreate?: pulumi.Input<boolean>; /** * This is a field to allow the principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature in User Interface and through databricks_sql_endpoint. */ databricksSqlAccess?: pulumi.Input<boolean>; /** * Canonical unique identifier for the group. */ groupId?: pulumi.Input<string>; /** * Canonical unique identifier for the service principal. * * The following entitlements are available. */ servicePrincipalId?: pulumi.Input<string>; /** * Canonical unique identifier for the user. */ userId?: pulumi.Input<string>; /** * This is a field to allow the principal to have access to Databricks Workspace. */ workspaceAccess?: pulumi.Input<boolean>; }