diff --git a/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/databricks.json b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/databricks.json index 26055abe6cff..3c76405d3f4f 100644 --- a/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/databricks.json +++ b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/databricks.json @@ -134,6 +134,15 @@ }, "Create or update workspace with custom parameters": { "$ref": "./examples/WorkspaceCreateWithParameters.json" + }, + "Create a workspace which is ready for Customer-Managed Key (CMK) encryption": { + "$ref": "./examples/PrepareEncryption.json" + }, + "Enable Customer-Managed Key (CMK) encryption on a workspace which is prepared for encryption": { + "$ref": "./examples/EnableEncryption.json" + }, + "Revert Customer-Managed Key (CMK) encryption to Microsoft Managed Keys encryption on a workspace": { + "$ref": "./examples/DisableEncryption.json" } }, "parameters": [ @@ -466,7 +475,8 @@ "$ref": "#/definitions/ErrorResponse" } } - } + }, + "x-ms-long-running-operation": true } }, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Databricks/workspaces/{workspaceName}/virtualNetworkPeerings": { @@ -621,6 +631,10 @@ "readOnly": true, "description": "The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'", "type": "string" + }, + "storageAccountIdentity": { + "description": "The details of Managed Identity of Storage Account", + "$ref": "#/definitions/ManagedIdentityConfiguration" } }, "required": [ @@ -735,6 +749,28 @@ "modelAsString": true } }, + "ManagedIdentityConfiguration": { + "description": "The Managed Identity details for storage account.", + "properties": { + "principalId": { + "type": "string", + "format": "uuid", + "description": "The objectId of the Managed Identity that is linked to the Managed Storage account.", + "readOnly": true + }, + "tenantId": { + "type": "string", + "format": "uuid", + "description": "The tenant Id where the Managed Identity is created.", + "readOnly": true + }, + "type": { + "type": "string", + "description": "The type of Identity created. It can be either SystemAssigned or UserAssigned.", + "readOnly": true + } + } + }, "WorkspaceCustomParameterType": { "description": "Provisioning status of the workspace.", "readOnly": true, @@ -814,6 +850,14 @@ "enableNoPublicIp": { "$ref": "#/definitions/WorkspaceCustomBooleanParameter", "description": "Should the Public IP be Disabled?" + }, + "prepareEncryption": { + "$ref": "#/definitions/WorkspaceCustomBooleanParameter", + "description": "Prepare the workspace for encryption. Enables the Managed Identity for managed storage account." + }, + "encryption": { + "$ref": "#/definitions/WorkspaceEncryptionParameter", + "description": "Contains the encryption details for Customer-Managed Key (CMK) enabled workspace." } }, "description": "Custom Parameters used for Cluster Creation." @@ -846,6 +890,51 @@ }, "description": "Provides details of the entity that created/updated the workspace." }, + "WorkspaceEncryptionParameter": { + "properties": { + "type": { + "$ref": "#/definitions/WorkspaceCustomParameterType", + "description": "The type of variable that this is" + }, + "value": { + "$ref": "#/definitions/Encryption", + "description": "The value which should be used for this field." + } + }, + "description": "The object that contains details of encryption used on the workspace." + }, + "Encryption": { + "properties": { + "keySource": { + "type": "string", + "description": "The encryption keySource (provider). Possible values (case-insensitive): Default, Microsoft.Keyvault", + "enum": [ + "Default", + "Microsoft.Keyvault" + ], + "x-ms-enum": { + "name": "KeySource", + "modelAsString": true + }, + "default": "Default" + }, + "KeyName": { + "type": "string", + "description": "The name of KeyVault key." + }, + "keyversion": { + "type": "string", + "description": "The version of KeyVault key.", + "x-ms-client-name": "KeyVersion" + }, + "keyvaulturi": { + "type": "string", + "description": "The Uri of KeyVault.", + "x-ms-client-name": "KeyVaultUri" + } + }, + "description": "The object that contains details of encryption used on the workspace." + }, "WorkspaceProviderAuthorization": { "properties": { "principalId": { diff --git a/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/DisableEncryption.json b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/DisableEncryption.json new file mode 100644 index 000000000000..18b5d4db6e79 --- /dev/null +++ b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/DisableEncryption.json @@ -0,0 +1,130 @@ +{ + "parameters": { + "subscriptionId": "subid", + "resourceGroupName": "rg", + "workspaceName": "myWorkspace", + "api-version": "2018-04-01", + "parameters": { + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": { + "encryption": { + "value": { + "keySource": "Default" + } + } + } + }, + "location": "westus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "sku": { + "name": "premium" + }, + "location": "East US 2", + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": { + "customPrivateSubnetName": { + "type": "String", + "value": "PrivateBob" + }, + "customPublicSubnetName": { + "type": "String", + "value": "PublicSarah" + }, + "customVirtualNetworkId": { + "type": "String", + "value": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/myNetwork" + }, + "prepareEncryption": { + "type": "Bool", + "value": true + }, + "encryption": { + "type": "Object", + "value": { + "keySource": "Default" + } + } + }, + "provisioningState": "Succeeded", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "storageAccountIdentity": { + "principalId": "55555555-5555-5555-5555-555555555555", + "tenantId": "66666666-6666-6666-6666-666666666666", + "type": "SystemAssigned" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z", + "workspaceId": "5555555555555555", + "workspaceUrl": "adb-5555555555555555.19.azuredatabricks.net" + } + } + }, + "201": { + "headers": {}, + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "location": "East US 2", + "tags": { + "environment": "dev" + }, + "sku": { + "name": "premium" + }, + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "provisioningState": "Accepted", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z", + "storageAccountIdentity": { + "principalId": "55555555-5555-5555-5555-555555555555", + "tenantId": "66666666-6666-6666-6666-666666666666", + "type": "SystemAssigned" + } + } + } + } + } +} diff --git a/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/EnableEncryption.json b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/EnableEncryption.json new file mode 100644 index 000000000000..efad023312fe --- /dev/null +++ b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/EnableEncryption.json @@ -0,0 +1,139 @@ +{ + "parameters": { + "subscriptionId": "subid", + "resourceGroupName": "rg", + "workspaceName": "myWorkspace", + "api-version": "2018-04-01", + "parameters": { + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": { + "prepareEncryption": { + "value": true + }, + "encryption": { + "value": { + "keySource": "Microsoft.Keyvault", + "keyvaulturi": "https://myKeyVault.vault.azure.net/", + "KeyName": "myKeyName", + "keyversion": "00000000000000000000000000000000" + } + } + } + }, + "location": "westus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "sku": { + "name": "premium" + }, + "location": "East US 2", + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": { + "customPrivateSubnetName": { + "type": "String", + "value": "PrivateBob" + }, + "customPublicSubnetName": { + "type": "String", + "value": "PublicSarah" + }, + "customVirtualNetworkId": { + "type": "String", + "value": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Network/virtualNetworks/myNetwork" + }, + "prepareEncryption": { + "type": "Bool", + "value": true + }, + "encryption": { + "type": "Object", + "value": { + "keySource": "Microsoft.Keyvault", + "keyvaulturi": "https://myKeyVault.vault.azure.net/", + "KeyName": "myKeyName", + "keyversion": "00000000000000000000000000000000" + } + } + }, + "provisioningState": "Succeeded", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "storageAccountIdentity": { + "principalId": "55555555-5555-5555-5555-555555555555", + "tenantId": "66666666-6666-6666-6666-666666666666", + "type": "SystemAssigned" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z", + "workspaceId": "5555555555555555", + "workspaceUrl": "adb-5555555555555555.19.azuredatabricks.net" + } + } + }, + "201": { + "headers": {}, + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "location": "East US 2", + "tags": { + "environment": "dev" + }, + "sku": { + "name": "premium" + }, + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "provisioningState": "Accepted", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z", + "storageAccountIdentity": { + "principalId": "55555555-5555-5555-5555-555555555555", + "tenantId": "66666666-6666-6666-6666-666666666666", + "type": "SystemAssigned" + } + } + } + } + } +} diff --git a/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/PrepareEncryption.json b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/PrepareEncryption.json new file mode 100644 index 000000000000..f9b891f1d616 --- /dev/null +++ b/specification/databricks/resource-manager/Microsoft.Databricks/stable/2018-04-01/examples/PrepareEncryption.json @@ -0,0 +1,100 @@ +{ + "parameters": { + "subscriptionId": "subid", + "resourceGroupName": "rg", + "workspaceName": "myWorkspace", + "api-version": "2018-04-01", + "parameters": { + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": { + "prepareEncryption": { + "value": true + } + } + }, + "location": "westus" + } + }, + "responses": { + "200": { + "headers": {}, + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "sku": { + "name": "premium" + }, + "location": "East US 2", + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": null, + "provisioningState": "Succeeded", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "storageAccountIdentity": { + "principalId": "55555555-5555-5555-5555-555555555555", + "tenantId": "66666666-6666-6666-6666-666666666666", + "type": "SystemAssigned" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z", + "workspaceId": "5555555555555555", + "workspaceUrl": "adb-5555555555555555.19.azuredatabricks.net" + } + } + }, + "201": { + "body": { + "name": "myWorkspace", + "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Databricks/workspaces/myWorkspace", + "type": "Microsoft.Databricks/workspaces", + "location": "East US 2", + "tags": { + "environment": "dev" + }, + "sku": { + "name": "premium" + }, + "properties": { + "managedResourceGroupId": "/subscriptions/subid/resourceGroups/myManagedRG", + "parameters": null, + "provisioningState": "Accepted", + "uiDefinitionUri": "https://path/to/workspaceCreateUiDefinition.json", + "authorizations": [ + { + "principalId": "00000000-0000-0000-0000-000000000000", + "roleDefinitionId": "11111111-1111-1111-1111-111111111111" + } + ], + "createdBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "updatedBy": { + "oid": "22222222-2222-2222-2222-222222222222", + "puid": "33333333", + "applicationId": "44444444-4444-4444-4444-444444444444" + }, + "createdDateTime": "2020-02-20T00:10:29.2858439Z" + } + } + } + } +}