feat: delete resource databricks_secret

Author: dmytro_velychko3

iam.tf

@@ -1,9 +1,3 @@
-/* Premium
-locals {
-  ip_rules = var.ip_rules == null ? null : values(var.ip_rules)
-}
-*/
-
 data "azurerm_key_vault_secret" "sp_client_id" {
   name         = var.sp_client_id_secret_name
   key_vault_id = var.key_vault_id
@@ -19,19 +13,18 @@ data "azurerm_key_vault_secret" "tenant_id" {
   key_vault_id = var.key_vault_id
 }
 
-resource "databricks_token" "pat" { #
+resource "databricks_token" "pat" {
   comment          = "Terraform Provisioning"
   lifetime_seconds = var.pat_token_lifetime_seconds
 }
 
-#resource "databricks_user" "this" { # Only for 'Standard' SKU type
-#  #for_each  = var.sku == "premium" ? [] : toset(var.users)
-#  for_each  = toset(var.users)
-#  user_name = each.value
-#  lifecycle { ignore_changes = [external_id] }
-#}
+resource "databricks_user" "this" {
+  for_each  = toset(var.users)
+  user_name = each.value
+  lifecycle { ignore_changes = [external_id] }
+}
 
-resource "azurerm_role_assignment" "this" { ### 
+resource "azurerm_role_assignment" "this" {
   for_each = {
     for permission in var.permissions : "${permission.object_id}-${permission.role}" => permission
     if permission.role != null
@@ -41,17 +34,6 @@ resource "azurerm_role_assignment" "this" { ###
   principal_id         = each.value.object_id
 }
 
-resource "databricks_cluster_policy" "this" {
-  #for_each = var.sku == "premium" ? {
-  for_each =  {
-    for param in var.custom_cluster_policies : (param.name) => param.definition
-    if param.definition != null
-  } # : {}
-
-  name       = each.key
-  definition = jsonencode(each.value)
-}
-
 resource "databricks_cluster" "this" {
   cluster_name   = var.custom_default_cluster_name == null ? "shared autoscaling" : var.custom_default_cluster_name
   spark_version  = var.spark_version
@@ -92,22 +74,3 @@ resource "databricks_cluster" "this" {
     }
   }
 }
-/* Premium
-resource "databricks_workspace_conf" "this" {
-  count = local.ip_rules == null ? 0 : 1
-
-  custom_config = {
-    "enableIpAccessLists" : true
-  }
-}
-
-resource "databricks_ip_access_list" "this" {
-  count = local.ip_rules == null ? 0 : 1
-
-  label        = "allow_in"
-  list_type    = "ALLOW"
-  ip_addresses = local.ip_rules
-
-  depends_on = [databricks_workspace_conf.this]
-}
-*/

main.tf

@@ -7,21 +7,3 @@ output "cluster_id" {
   value       = databricks_cluster.this.id
   description = "Databricks Cluster Id"
 }
-
-output "cluster_policies_object" {
-  value = [for policy in var.custom_cluster_policies : {
-    id      = databricks_cluster_policy.this[policy.name].id
-    name    = databricks_cluster_policy.this[policy.name].name
-    can_use = policy.can_use
-  } if policy.definition != null && var.sku == "premium"]
-  description = "Databricks Cluster Policies object map"
-}
-/*
-output "secret_scope_object" {
-  value = [for param in var.secret_scope : {
-    scope_name = databricks_secret_scope.this[param.scope_name].name
-    acl        = param.acl
-  } if param.acl != null]
-  description = "Databricks-managed Secret Scope object map to create ACLs"
-}
-*/

outputs.tf

@@ -1,21 +1,14 @@
-
 locals {
   sp_secrets = {
     (var.sp_client_id_secret_name) = { value = data.azurerm_key_vault_secret.sp_client_id.value }
     (var.sp_key_secret_name)       = { value = data.azurerm_key_vault_secret.sp_key.value }
   }
-
-  secrets_objects_list = flatten([for param in var.secret_scope : [
-    for secret in param.secrets : {
-      scope_name = param.scope_name, key = secret.key, string_value = secret.string_value
-    }] if param.secrets != null
-  ])
 }
 
 # Secret Scope with SP secrets for mounting Azure Data Lake Storage
 resource "databricks_secret_scope" "main" {
   name                     = "main"
-  initial_manage_principal = "users" #var.sku == "premium" ? null : "users"
+  initial_manage_principal = "users"
 }
 
 resource "databricks_secret" "main" {
@@ -25,51 +18,3 @@ resource "databricks_secret" "main" {
   string_value = each.value["value"]
   scope        = databricks_secret_scope.main.id
 }
-
-# Custom additional Databricks Secret Scope
-resource "databricks_secret_scope" "this" {
-  for_each = {
-    for param in var.secret_scope : (param.scope_name) => param
-    if param.scope_name != null
-  }
-
-  name                     = each.key
-  initial_manage_principal = "users"
-}
-
-resource "databricks_secret" "this" {
-  for_each = { for entry in local.secrets_objects_list : "${entry.scope_name}.${entry.key}" => entry }
-
-  key          = each.value.key
-  string_value = each.value.string_value
-  scope        = databricks_secret_scope.this[each.value.scope_name].id
-}
-
-# At the nearest future, Azure will allow acquiring AAD tokens by service principals,
-# thus providing an ability to create Azure backed Key Vault with Terraform
-# https://github.com/databricks/terraform-provider-databricks/pull/1965
-
-## Azure Key Vault-backed Scope
-#resource "azurerm_key_vault_access_policy" "databricks" {
-#  count = var.key_vault_secret_scope.key_vault_id != null ? 1 : 0
-
-#  key_vault_id = var.key_vault_secret_scope.key_vault_id
-#  object_id    = "9b38785a-6e08-4087-a0c4-20634343f21f" # Global 'AzureDatabricks' SP object id
-#  tenant_id    = data.azurerm_key_vault_secret.tenant_id.value
-#
-#  secret_permissions = [
-#    "Get",
-#    "List",
-#  ]
-#}
-#
-#resource "databricks_secret_scope" "external" {
-#  count = var.key_vault_secret_scope.key_vault_id != null ? 1 : 0
-#
-#  name = "external"
-#  keyvault_metadata {
-#    resource_id = var.key_vault_secret_scope.key_vault_id
-#    dns_name    = var.key_vault_secret_scope.dns_name
-#  }
-#  depends_on = [azurerm_key_vault_access_policy.databricks]
-#}