databricks-cdk
Version:
With this package databricks resources can be deployed with cdk
301 lines (300 loc) • 11.6 kB
JavaScript
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.DatabricksDeployLambda = exports.DatabricksDeployLambdaImport = exports.IDatabricksDeployLambda = void 0;
const aws_cdk_lib_1 = require("aws-cdk-lib");
const aws_cdk_lib_2 = require("aws-cdk-lib");
const accountCredentials_1 = require("./account/accountCredentials");
const account_storage_config_1 = require("./account/account-storage-config");
const accountNetwork_1 = require("./account/accountNetwork");
const workspace_1 = require("./account/workspace");
const instance_profile_1 = require("./instance-profiles/instance-profile");
const cluster_1 = require("./clusters/cluster");
const cluster_permissions_1 = require("./permissions/cluster-permissions");
const volumePermissions_1 = require("./permissions/volumePermissions");
const dbfs_file_1 = require("./dbfs/dbfs-file");
const secret_scope_1 = require("./secrets/secret-scope");
const job_1 = require("./jobs/job");
const group_1 = require("./groups/group");
const scimUser_1 = require("./scim/scimUser");
const instance_pools_1 = require("./instance-pools/instance-pools");
const sql_warehouses_1 = require("./sql-warehouses/sql-warehouses");
const sql_warehouse_permissions_1 = require("./permissions/sql-warehouse-permissions");
const constructs_1 = require("constructs");
const docker_image_1 = require("../docker-image");
const unity_catalog_1 = require("./unity-catalog");
const permissions_1 = require("./permissions");
const cluster_policies_1 = require("./cluster-policies");
const cluster_policy_permissions_1 = require("./permissions/cluster-policy-permissions");
const tokens_1 = require("./tokens");
const mlflow_1 = require("./mlflow");
const registeredModel_1 = require("./mlflow/registeredModel");
const service_principals_1 = require("./service-principals");
class IDatabricksDeployLambda extends constructs_1.Construct {
constructor() {
super(...arguments);
this.serviceToken = "";
}
createCredential(scope, id, props) {
return new accountCredentials_1.AccountCredentials(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createStorageConfig(scope, id, props) {
return new account_storage_config_1.AccountStorageConfig(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createNetwork(scope, id, props) {
return new accountNetwork_1.AccountNetwork(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createWorkspace(scope, id, props) {
return new workspace_1.Workspace(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createInstanceProfile(scope, id, props) {
return new instance_profile_1.InstanceProfile(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createCluster(scope, id, props) {
return new cluster_1.Cluster(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUser(scope, id, props) {
return new scimUser_1.ScimUser(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createClusterPermissions(scope, id, props) {
return new cluster_permissions_1.ClusterPermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createClusterPolicy(scope, id, props) {
return new cluster_policies_1.ClusterPolicy(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createRegisteredModelPermissions(scope, id, props) {
return new permissions_1.RegisteredModelPermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createClusterPolicyPermissions(scope, id, props) {
return new cluster_policy_permissions_1.ClusterPolicyPermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createExperimentPermissions(scope, id, props) {
return new permissions_1.ExperimentPermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createGroup(scope, id, props) {
return new group_1.Group(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createDbfsFile(scope, id, props) {
return new dbfs_file_1.DbfsFile(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createToken(scope, id, props) {
return new tokens_1.Token(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createSecretScope(scope, id, props) {
return new secret_scope_1.SecretScope(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createJob(scope, id, props) {
return new job_1.Job(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createJobPermissions(scope, id, props) {
return new permissions_1.JobPermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createVolumePermissions(scope, id, props) {
return new volumePermissions_1.VolumePermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createInstancePool(scope, id, props) {
return new instance_pools_1.InstancePool(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createWarehouse(scope, id, props) {
return new sql_warehouses_1.Warehouse(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createWarehousePermissions(scope, id, props) {
return new sql_warehouse_permissions_1.WarehousePermissions(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogVolume(scope, id, props) {
return new unity_catalog_1.UnityCatalogVolume(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogMetastore(scope, id, props) {
return new unity_catalog_1.UnityCatalogMetastore(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogMetastoreAssignment(scope, id, props) {
return new unity_catalog_1.UnityCatalogMetastoreAssignment(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogCatalog(scope, id, props) {
return new unity_catalog_1.UnityCatalogCatalog(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogSchema(scope, id, props) {
return new unity_catalog_1.UnityCatalogSchema(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogPermission(scope, id, props) {
return new unity_catalog_1.UnityCatalogPermission(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogStorageCredential(scope, id, props) {
return new unity_catalog_1.UnityCatalogStorageCredential(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createUnityCatalogExternalLocation(scope, id, props) {
return new unity_catalog_1.UnityCatalogExternalLocation(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createMlflowExperiment(scope, id, props) {
return new mlflow_1.Experiment(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createMlflowRegisteredModel(scope, id, props) {
return new registeredModel_1.RegisteredModel(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createServicePrincipal(scope, id, props) {
return new service_principals_1.ServicePrincipal(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
createServicePrincipalSecrets(scope, id, props) {
return new service_principals_1.ServicePrincipalSecrets(scope, id, {
...props,
serviceToken: this.serviceToken
});
}
}
exports.IDatabricksDeployLambda = IDatabricksDeployLambda;
class DatabricksDeployLambdaImport extends IDatabricksDeployLambda {
constructor(scope, id, serviceToken) {
super(scope, id);
this.serviceToken = serviceToken;
}
}
exports.DatabricksDeployLambdaImport = DatabricksDeployLambdaImport;
class DatabricksDeployLambda extends IDatabricksDeployLambda {
constructor(scope, id, props) {
super(scope, id);
this.props = props;
const dockerImageCode = this.props.lambdaCode || docker_image_1.DockerImage.generate(this.props.lambdaVersion);
this.lambdaRole = new aws_cdk_lib_2.aws_iam.Role(this, "Role", {
assumedBy: new aws_cdk_lib_2.aws_iam.ServicePrincipal("lambda.amazonaws.com"),
managedPolicies: [
aws_cdk_lib_2.aws_iam.ManagedPolicy.fromAwsManagedPolicyName("service-role/AWSLambdaBasicExecutionRole"),
]
});
this.lambdaRole.addToPrincipalPolicy(new aws_cdk_lib_2.aws_iam.PolicyStatement({
effect: aws_cdk_lib_2.aws_iam.Effect.ALLOW,
actions: ["ssm:GetParameter"],
resources: [
`arn:aws:ssm:${this.props.region}:${this.props.accountId}:parameter/databricks/*`,
]
}));
this.lambdaRole.addToPrincipalPolicy(new aws_cdk_lib_2.aws_iam.PolicyStatement({
effect: aws_cdk_lib_2.aws_iam.Effect.ALLOW,
actions: ["secretsmanager:ListSecrets"],
resources: ["*"] // AWS doesn't support providing specific resources for the ListSecrets action
}));
this.lambdaRole.addToPrincipalPolicy(new aws_cdk_lib_2.aws_iam.PolicyStatement({
effect: aws_cdk_lib_2.aws_iam.Effect.ALLOW,
actions: ["secretsmanager:CreateSecret", "secretsmanager:DeleteSecret", "secretsmanager:UpdateSecret"],
resources: [
`arn:aws:secretsmanager:${this.props.region}:${this.props.accountId}:secret:/databricks/*`,
]
}));
const lambdaId = this.props.lambdaId || `${id}Lambda`;
this.lambda = new aws_cdk_lib_2.aws_lambda.DockerImageFunction(this, lambdaId, {
functionName: this.props.lambdaName,
code: dockerImageCode,
timeout: aws_cdk_lib_1.Duration.seconds(300),
role: this.lambdaRole,
memorySize: 512,
environment: {
LAMBDA_METHOD: "cfn-deploy",
ACCOUNT_PARAM: props.databricksAccountParam || "/databricks/account-id",
CLIENT_SECRET_PARAM: props.clientSecretParam || "/databricks/deploy/client-secret"
},
logRetention: aws_cdk_lib_2.aws_logs.RetentionDays.THREE_MONTHS,
});
this.serviceToken = this.lambda.functionArn;
}
static fromServiceToken(scope, id, serviceToken) {
return new DatabricksDeployLambdaImport(scope, id, serviceToken);
}
}
exports.DatabricksDeployLambda = DatabricksDeployLambda;