Skip to content

Commit cfaf97d

Browse files
owlleg6owlleg6
committed
feat: custom cluster policy
1 parent e179a9e commit cfaf97d

File tree

3 files changed

+46
-0
lines changed

3 files changed

+46
-0
lines changed

main.tf

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,12 +41,24 @@ resource "azurerm_role_assignment" "this" {
4141
principal_id = each.value.object_id
4242
}
4343

44+
resource "databricks_cluster_policy" "this" {
45+
for_each = {
46+
for param in var.custom_cluster_policies : (param.name) => param.definition
47+
if param.definition != null
48+
}
49+
50+
name = each.key
51+
definition = jsonencode(each.value)
52+
}
53+
4454
resource "databricks_cluster" "this" {
4555
cluster_name = "shared autoscaling"
4656
spark_version = var.spark_version
4757
spark_conf = var.spark_conf
4858
spark_env_vars = var.spark_env_vars
4959

60+
policy_id = one([for policy in var.custom_cluster_policies : databricks_cluster_policy.this[policy.name].id if policy.assigned])
61+
5062
data_security_mode = var.data_security_mode
5163
node_type_id = var.node_type
5264
autotermination_minutes = var.autotermination_minutes

outputs.tf

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,3 +7,11 @@ output "cluster_id" {
77
value = databricks_cluster.this.id
88
description = "Databricks Cluster Id"
99
}
10+
11+
output "cluster_policies_object" {
12+
value = [for policy in var.custom_cluster_policies : {
13+
id = databricks_cluster_policy.this[policy.name].id
14+
name = databricks_cluster_policy.this[policy.name].name
15+
can_use = policy.can_use
16+
}]
17+
}

variables.tf

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101,6 +101,32 @@ variable "permissions" {
101101
]
102102
}
103103

104+
variable "custom_cluster_policies" {
105+
type = list(object({
106+
name = string
107+
can_use = list(string)
108+
definition = any
109+
assigned = bool
110+
}))
111+
description = <<-EOT
112+
Provides an ability to create custom cluster policy, assign it to cluster and grant CAN_USE permissions on it to certain custom groups
113+
name - name of custom policy;
114+
can_use - list of string, where values are custom group names, there groups have to be created with Terraform
115+
definition - JSON document expressed in Databricks Policy Definition Language. No need to call 'jsonencode()' function on it when providing a value
116+
assigned - boolean flag which assigns policy to default 'shared autoscaling' cluster, only single custom policy could be assigned
117+
EOT
118+
default = [{
119+
name = null
120+
can_use = null
121+
definition = null
122+
assigned = null
123+
}]
124+
validation {
125+
condition = length([for policy in var.custom_cluster_policies : policy.assigned if policy.assigned]) <= 1
126+
error_message = "Only single cluster policy assignment allowed. Please set 'assigned' parameter to 'true' for exact one or none policy"
127+
}
128+
}
129+
104130
variable "data_security_mode" {
105131
type = string
106132
description = "Security features of the cluster"

0 commit comments

Comments
 (0)