UNPKG

@pulumi/databricks

Version:

A Pulumi package for creating and managing databricks cloud resources.

www.pulumi.com

pulumi/pulumi-databricks

112 lines 5.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
"use strict"; // *** WARNING: this file was generated by the Pulumi Terraform Bridge (tfgen) Tool. *** // *** Do not edit by hand unless you're certain you know what you are doing! *** Object.defineProperty(exports, "__esModule", { value: true }); exports.IpAccessList = void 0; const pulumi = require("@pulumi/pulumi"); const utilities = require("./utilities"); /** * Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see [IP Access List](https://docs.databricks.com/security/network/ip-access-list.html) for full feature documentation. * * > The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics. * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as databricks from "@pulumi/databricks"; * * const _this = new databricks.WorkspaceConf("this", {customConfig: { * enableIpAccessLists: "true", * }}); * const allowed_list = new databricks.IpAccessList("allowed-list", { * label: "allow_in", * listType: "ALLOW", * ipAddresses: [ * "1.1.1.1", * "1.2.3.0/24", * "1.2.5.0/24", * ], * }, { * dependsOn: [_this], * }); * ``` * * ## Related Resources * * The following resources are often used in the same context: * * * End to end workspace management guide. * * Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide. * * databricks.MwsNetworks to [configure VPC](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html) & subnets for new workspaces within AWS. * * databricks.MwsPrivateAccessSettings to create a [Private Access Setting](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html#step-5-create-a-private-access-settings-configuration-using-the-databricks-account-api) that can be used as part of a databricks.MwsWorkspaces resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html). * * databricks.Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace. * * databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and [more](https://docs.databricks.com/security/access-control/table-acls/object-privileges.html). * * ## Import * * The databricks_ip_access_list can be imported using id: * * bash * * ```sh * $ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id> * ``` */ class IpAccessList extends pulumi.CustomResource { /** * Get an existing IpAccessList resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name, id, state, opts) { return new IpAccessList(name, state, Object.assign(Object.assign({}, opts), { id: id })); } /** * Returns true if the given object is an instance of IpAccessList. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj) { if (obj === undefined || obj === null) { return false; } return obj['__pulumiType'] === IpAccessList.__pulumiType; } constructor(name, argsOrState, opts) { let resourceInputs = {}; opts = opts || {}; if (opts.id) { const state = argsOrState; resourceInputs["enabled"] = state ? state.enabled : undefined; resourceInputs["ipAddresses"] = state ? state.ipAddresses : undefined; resourceInputs["label"] = state ? state.label : undefined; resourceInputs["listType"] = state ? state.listType : undefined; } else { const args = argsOrState; if ((!args || args.ipAddresses === undefined) && !opts.urn) { throw new Error("Missing required property 'ipAddresses'"); } if ((!args || args.label === undefined) && !opts.urn) { throw new Error("Missing required property 'label'"); } if ((!args || args.listType === undefined) && !opts.urn) { throw new Error("Missing required property 'listType'"); } resourceInputs["enabled"] = args ? args.enabled : undefined; resourceInputs["ipAddresses"] = args ? args.ipAddresses : undefined; resourceInputs["label"] = args ? args.label : undefined; resourceInputs["listType"] = args ? args.listType : undefined; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); super(IpAccessList.__pulumiType, name, resourceInputs, opts); } } exports.IpAccessList = IpAccessList; /** @internal */ IpAccessList.__pulumiType = 'databricks:index/ipAccessList:IpAccessList'; //# sourceMappingURL=ipAccessList.js.map