Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] Add databricks_app resource #4099

Merged
merged 116 commits into from
Dec 12, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
116 commits
Select commit Hold shift + click to select a range
c8859e2
added `databricks_app` resource
nkvuong Oct 12, 2024
962d9f2
wip
nkvuong Oct 16, 2024
2e9137a
add doc
nkvuong Oct 29, 2024
91b5166
alias
nkvuong Oct 29, 2024
bcf2a97
Merge branch 'main' into feature/app
nkvuong Oct 29, 2024
35b85eb
fix
nkvuong Oct 29, 2024
9c7ad60
fix test
nkvuong Oct 30, 2024
863fa37
fix test
nkvuong Oct 30, 2024
2d7b38c
fix
nkvuong Oct 30, 2024
b733ee9
Merge branch 'main' into feature/app
nkvuong Nov 14, 2024
ff8bee8
feedback
nkvuong Nov 14, 2024
0daeea1
fix test
nkvuong Nov 15, 2024
7449b45
Merge branch 'main' into feature/app
nkvuong Nov 15, 2024
eda8a91
feedback
nkvuong Nov 15, 2024
f254176
feedback
nkvuong Nov 16, 2024
18b3520
Merge branch 'main' into feature/app
nkvuong Nov 19, 2024
be96f91
feedback
nkvuong Nov 21, 2024
8338d09
add app permission
nkvuong Nov 22, 2024
c6ee7ea
Merge branch 'main' into feature/app
nkvuong Nov 22, 2024
07ea8b7
fix test
nkvuong Nov 22, 2024
3b1f6e2
Merge branch 'feature/app' of https://github.com/databricks/terraform…
nkvuong Nov 22, 2024
9e41c69
more computed fields
nkvuong Nov 22, 2024
0ad4294
feedback
nkvuong Nov 26, 2024
8bdcda9
fix test
nkvuong Nov 26, 2024
2bac7aa
feedback
nkvuong Nov 27, 2024
17e1923
work
mgyucht Nov 28, 2024
731469e
Remove unused configuration from blocks
mgyucht Nov 29, 2024
7dd91f4
add test
mgyucht Nov 29, 2024
14fea49
fix
mgyucht Nov 29, 2024
6bd77aa
Add ConvertToAttribute() support
mgyucht Dec 2, 2024
25ae4ba
small typos
mgyucht Dec 2, 2024
7ba55dd
Merge branch 'main' into add-convert-to-attribute
mgyucht Dec 3, 2024
a62a65f
Merge branch 'main' into feature/app
mgyucht Dec 3, 2024
08d4111
Merge branch 'add-convert-to-attribute' into feature/app
mgyucht Dec 3, 2024
1628cb8
work
mgyucht Dec 3, 2024
e30e677
wip first commit
mgyucht Dec 4, 2024
b9f8e65
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 4, 2024
6e44632
maybe
mgyucht Dec 4, 2024
29d73dd
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 4, 2024
ff11182
fixes
mgyucht Dec 5, 2024
8af1c31
works
mgyucht Dec 5, 2024
dac1bab
Merge branch 'main' into use-tftypes-everywhere
mgyucht Dec 5, 2024
c4c9375
work
mgyucht Dec 5, 2024
3e26f55
some work
mgyucht Dec 5, 2024
7336447
working
mgyucht Dec 5, 2024
cfdec91
more work
mgyucht Dec 5, 2024
4b36d53
fix
mgyucht Dec 5, 2024
93763a8
more work
mgyucht Dec 5, 2024
37d3f1b
work
mgyucht Dec 5, 2024
3b5015b
go mod tidy
mgyucht Dec 5, 2024
123432c
comment
mgyucht Dec 5, 2024
b84854a
cleanup
mgyucht Dec 5, 2024
6222b90
add coverage for object types
mgyucht Dec 5, 2024
295c972
more comments
mgyucht Dec 5, 2024
6a39e1b
more comments
mgyucht Dec 5, 2024
e4aff40
clean up resource_sahre
mgyucht Dec 5, 2024
c5a1181
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 5, 2024
2c3ed47
fix
mgyucht Dec 5, 2024
5b52d77
fix
mgyucht Dec 5, 2024
edc1d4c
work
mgyucht Dec 5, 2024
30398da
it passes a test
mgyucht Dec 5, 2024
560ce27
work
mgyucht Dec 6, 2024
687996c
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 6, 2024
5779ece
works again
mgyucht Dec 6, 2024
b3634bd
work
mgyucht Dec 6, 2024
32cba97
fix
mgyucht Dec 6, 2024
4fdd72b
work
mgyucht Dec 6, 2024
0619e2e
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 6, 2024
a9f12b6
bugfix
mgyucht Dec 9, 2024
2feedf4
improve error message
mgyucht Dec 9, 2024
4feb053
fix go to tf conversion
mgyucht Dec 9, 2024
d10447f
fixes
mgyucht Dec 9, 2024
ed7246e
fmt
mgyucht Dec 9, 2024
0d49760
fix types.Object handling
mgyucht Dec 9, 2024
a0297e6
Merge branch 'use-tftypes-everywhere' into feature/app
mgyucht Dec 9, 2024
adb9746
Merge branch 'main' into feature/app
mgyucht Dec 11, 2024
5adec2e
revert sharing change
mgyucht Dec 11, 2024
6496607
remove extra file
mgyucht Dec 11, 2024
285c29f
work
mgyucht Dec 11, 2024
ed7b0ec
Panic if the provided path is invalid
mgyucht Dec 11, 2024
853622c
Merge branch 'panic-on-invalid-path' into feature/app
mgyucht Dec 11, 2024
9588149
fix
mgyucht Dec 11, 2024
07a77bc
Expose several integration test helpers for use in plugin framework i…
mgyucht Dec 11, 2024
c3ef933
more
mgyucht Dec 11, 2024
5da3a69
Merge branch 'expose-integration-test-helpers' into feature/app
mgyucht Dec 11, 2024
ecd7d29
tests
mgyucht Dec 11, 2024
f138239
Merge branch 'main' into feature/app
mgyucht Dec 11, 2024
b929583
first attempt
mgyucht Dec 11, 2024
5c4a1c7
Merge branch 'use-attributes-by-default' into feature/app
mgyucht Dec 11, 2024
ec950fb
fix
mgyucht Dec 11, 2024
eaf71eb
work
mgyucht Dec 11, 2024
7f8a845
work
mgyucht Dec 11, 2024
d16ec81
fixes
mgyucht Dec 11, 2024
29aa7e9
Merge branch 'readonly-and-list-validators' into use-attributes-by-de…
mgyucht Dec 11, 2024
7c539b8
some work
mgyucht Dec 11, 2024
e282b55
work
mgyucht Dec 11, 2024
223acf8
fix formatting
mgyucht Dec 11, 2024
92dbbe9
fix formatting
mgyucht Dec 11, 2024
3ba9694
Merge branch 'main' into use-attributes-by-default
mgyucht Dec 12, 2024
8d42b08
less unnecessary diff
mgyucht Dec 12, 2024
f0117c8
work
mgyucht Dec 12, 2024
28c6acc
fix
mgyucht Dec 12, 2024
361cec4
update contributing
mgyucht Dec 12, 2024
402f40a
docs
mgyucht Dec 12, 2024
c425508
docs
mgyucht Dec 12, 2024
fc9e4c8
tests and better error
mgyucht Dec 12, 2024
10c456e
rename
mgyucht Dec 12, 2024
86b8cce
fix test
mgyucht Dec 12, 2024
5f107cf
Merge branch 'use-attributes-by-default' into feature/app
mgyucht Dec 12, 2024
c414f8a
improve integration test
mgyucht Dec 12, 2024
a9e438c
Merge branch 'main' into feature/app
mgyucht Dec 12, 2024
66fe1b9
import
mgyucht Dec 12, 2024
59e16d5
add import test
mgyucht Dec 12, 2024
e0dd84d
sort
mgyucht Dec 12, 2024
9114ea1
data sources
mgyucht Dec 12, 2024
52e975c
fast app
mgyucht Dec 12, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
80 changes: 80 additions & 0 deletions docs/data-sources/app.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
---
subcategory: "Apps"
---
# databricks_app Data Source

-> This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html).

[Databricks Apps](https://docs.databricks.com/en/dev-tools/databricks-apps/index.html) run directly on a customer’s Databricks instance, integrate with their data, use and extend Databricks services, and enable users to interact through single sign-on. This resource creates the application but does not handle app deployment, which should be handled separately as part of your CI/CD pipeline.

This data source allows you to fetch information about a Databricks App.

## Example Usage

```hcl
data "databricks_app" "this" {
name = "my-custom-app"
}
```

## Argument Reference

The following arguments are required:

* `name` - The name of the app.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `app` attribute
* `name` - The name of the app.
* `description` - The description of the app.
* `resources` - A list of resources that the app have access to.
* `compute_status` attribute
* `state` - State of the app compute.
* `message` - Compute status message
* `app_status` attribute
* `state` - State of the application.
* `message` - Application status message
* `url` - The URL of the app once it is deployed.
* `create_time` - The creation time of the app.
* `creator` - The email of the user that created the app.
* `update_time` - The update time of the app.
* `updater` - The email of the user that last updated the app.
* `service_principal_id` - id of the app service principal
* `service_principal_name` - name of the app service principal
* `default_source_code_path` - The default workspace file system path of the source code from which app deployment are created. This field tracks the workspace source code path of the last active deployment.

### resources Attribute

This attribute describes a resource used by the app.

* `name` - The name of the resource.
* `description` - The description of the resource.

Exactly one of the following attributes will be provided:

* `secret` attribute
* `scope` - Scope of the secret to grant permission on.
* `key` - Key of the secret to grant permission on.
* `permission` - Permission to grant on the secret scope. For secrets, only one permission is allowed. Permission must be one of: `READ`, `WRITE`, `MANAGE`.
* `sql_warehouse` attribute
* `id` - Id of the SQL warehouse to grant permission on.
* `permission` - Permission to grant on the SQL warehouse. Supported permissions are: `CAN_MANAGE`, `CAN_USE`, `IS_OWNER`.
* `serving_endpoint` attribute
* `name` - Name of the serving endpoint to grant permission on.
* `permission` - Permission to grant on the serving endpoint. Supported permissions are: `CAN_MANAGE`, `CAN_QUERY`, `CAN_VIEW`.
* `job` attribute
* `id` - Id of the job to grant permission on.
* `permission` - Permissions to grant on the Job. Supported permissions are: `CAN_MANAGE`, `IS_OWNER`, `CAN_MANAGE_RUN`, `CAN_VIEW`.

## Related Resources

The following resources are used in the same context:

* [databricks_app](../resources/app.md) to manage [Databricks Apps](https://docs.databricks.com/en/dev-tools/databricks-apps/index.html).
* [databricks_sql_endpoint](sql_endpoint.md) to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
* [databricks_model_serving](model_serving.md) to serve this model on a Databricks serving endpoint.
* [databricks_secret](secret.md) to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
* [databricks_job](job.md) to manage [Databricks Jobs](https://docs.databricks.com/jobs.html) to run non-interactive code.
72 changes: 72 additions & 0 deletions docs/data-sources/apps.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
---
subcategory: "Apps"
---
# databricks_apps Data Source

-> This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html).

[Databricks Apps](https://docs.databricks.com/en/dev-tools/databricks-apps/index.html) run directly on a customer’s Databricks instance, integrate with their data, use and extend Databricks services, and enable users to interact through single sign-on. This resource creates the application but does not handle app deployment, which should be handled separately as part of your CI/CD pipeline.

This data source allows you to fetch information about all Databricks Apps within a workspace.

## Example Usage

```hcl
data "databricks_apps" "all_apps" {}
```

## Attribute Reference

The following attributes are exported:

* `apps` - A list of [databricks_app](../resources/app.md) resources.
* `name` - The name of the app.
* `description` - The description of the app.
* `resources` - A list of resources that the app have access to.
* `compute_status` attribute
* `state` - State of the app compute.
* `message` - Compute status message
* `app_status` attribute
* `state` - State of the application.
* `message` - Application status message
* `url` - The URL of the app once it is deployed.
* `create_time` - The creation time of the app.
* `creator` - The email of the user that created the app.
* `update_time` - The update time of the app.
* `updater` - The email of the user that last updated the app.
* `service_principal_id` - id of the app service principal
* `service_principal_name` - name of the app service principal
* `default_source_code_path` - The default workspace file system path of the source code from which app deployment are created. This field tracks the workspace source code path of the last active deployment.

### resources Attribute

This attribute describes a resource used by the app.

* `name` - The name of the resource.
* `description` - The description of the resource.

Exactly one of the following attributes will be provided:

* `secret` attribute
* `scope` - Scope of the secret to grant permission on.
* `key` - Key of the secret to grant permission on.
* `permission` - Permission to grant on the secret scope. For secrets, only one permission is allowed. Permission must be one of: `READ`, `WRITE`, `MANAGE`.
* `sql_warehouse` attribute
* `id` - Id of the SQL warehouse to grant permission on.
* `permission` - Permission to grant on the SQL warehouse. Supported permissions are: `CAN_MANAGE`, `CAN_USE`, `IS_OWNER`.
* `serving_endpoint` attribute
* `name` - Name of the serving endpoint to grant permission on.
* `permission` - Permission to grant on the serving endpoint. Supported permissions are: `CAN_MANAGE`, `CAN_QUERY`, `CAN_VIEW`.
* `job` attribute
* `id` - Id of the job to grant permission on.
* `permission` - Permissions to grant on the Job. Supported permissions are: `CAN_MANAGE`, `IS_OWNER`, `CAN_MANAGE_RUN`, `CAN_VIEW`.

## Related Resources

The following resources are used in the same context:

* [databricks_app](../resources/app.md) to manage [Databricks Apps](https://docs.databricks.com/en/dev-tools/databricks-apps/index.html).
* [databricks_sql_endpoint](sql_endpoint.md) to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
* [databricks_model_serving](model_serving.md) to serve this model on a Databricks serving endpoint.
* [databricks_secret](secret.md) to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
* [databricks_job](job.md) to manage [Databricks Jobs](https://docs.databricks.com/jobs.html) to run non-interactive code.
114 changes: 114 additions & 0 deletions docs/resources/app.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
---
subcategory: "Apps"
---
# databricks_app Resource

-> This feature is in [Public Preview](https://docs.databricks.com/release-notes/release-types.html).

[Databricks Apps](https://docs.databricks.com/en/dev-tools/databricks-apps/index.html) run directly on a customer’s Databricks instance, integrate with their data, use and extend Databricks services, and enable users to interact through single sign-on. This resource creates the application but does not handle app deployment, which should be handled separately as part of your CI/CD pipeline.

## Example Usage

```hcl
resource "databricks_app" "this" {
name = "my-custom-app"
description = "My app"
resources = [{
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having resources as array isn't really nice IMHO - individual resource blocks are easier to use

name = "sql-warehouse"
sql_warehouse = {
id = "e9ca293f79a74b5c"
permission = "CAN_MANAGE"
}
},
{
name = "serving-endpoint"
serving_endpoint = {
name = "databricks-meta-llama-3-1-70b-instruct"
permission = "CAN_MANAGE"
}
},
{
name = "job"
job = {
id = "1234"
permission = "CAN_MANAGE"
}
}]
}
nkvuong marked this conversation as resolved.
Show resolved Hide resolved
```

## Argument Reference

The following arguments are required:

* `name` - (Required) The name of the app. The name must contain only lowercase alphanumeric characters and hyphens. It must be unique within the workspace.
* `description` - (Optional) The description of the app.
* `resources` - (Optional) A list of resources that the app have access to.

### resources Configuration Attribute

This attribute describes a resource used by the app.

* `name` - (Required) The name of the resource.
* `description` - (Optional) The description of the resource.

Exactly one of the following attributes must be provided:

* `secret` attribute
* `scope` - Scope of the secret to grant permission on.
* `key` - Key of the secret to grant permission on.
* `permission` - Permission to grant on the secret scope. For secrets, only one permission is allowed. Permission must be one of: `READ`, `WRITE`, `MANAGE`.
* `sql_warehouse` attribute
* `id` - Id of the SQL warehouse to grant permission on.
* `permission` - Permission to grant on the SQL warehouse. Supported permissions are: `CAN_MANAGE`, `CAN_USE`, `IS_OWNER`.
* `serving_endpoint` attribute
* `name` - Name of the serving endpoint to grant permission on.
* `permission` - Permission to grant on the serving endpoint. Supported permissions are: `CAN_MANAGE`, `CAN_QUERY`, `CAN_VIEW`.
* `job` attribute
* `id` - Id of the job to grant permission on.
* `permission` - Permissions to grant on the Job. Supported permissions are: `CAN_MANAGE`, `IS_OWNER`, `CAN_MANAGE_RUN`, `CAN_VIEW`.

## Attribute Reference

In addition to all arguments above, the following attributes are exported:

* `compute_status` attribute
* `state` - State of the app compute.
* `message` - Compute status message
* `app_status` attribute
* `state` - State of the application.
* `message` - Application status message
* `url` - The URL of the app once it is deployed.
* `create_time` - The creation time of the app.
* `creator` - The email of the user that created the app.
* `update_time` - The update time of the app.
* `updater` - The email of the user that last updated the app.
* `service_principal_id` - id of the app service principal
* `service_principal_name` - name of the app service principal
* `default_source_code_path` - The default workspace file system path of the source code from which app deployment are created. This field tracks the workspace source code path of the last active deployment.

## Import

This resource can be imported by name:

```hcl
import {
to = databricks_app.this
id = "<app_name>"
}
```

or using the `terraform` CLI:

```bash
terraform import databricks_app.this <app_name>
```

## Related Resources

The following resources are used in the same context:

* [databricks_sql_endpoint](sql_endpoint.md) to manage Databricks SQL [Endpoints](https://docs.databricks.com/sql/admin/sql-endpoints.html).
* [databricks_model_serving](model_serving.md) to serve this model on a Databricks serving endpoint.
* [databricks_secret](secret.md) to manage [secrets](https://docs.databricks.com/security/secrets/index.html#secrets-user-guide) in Databricks workspace.
* [databricks_job](job.md) to manage [Databricks Jobs](https://docs.databricks.com/jobs.html) to run non-interactive code.
2 changes: 1 addition & 1 deletion docs/resources/permissions.md
Original file line number Diff line number Diff line change
Expand Up @@ -423,7 +423,6 @@ Valid [permission levels](https://docs.databricks.com/security/access-control/wo

A folder could be specified by using either `directory_path` or `directory_id` attribute. The value for the `directory_id` is the object ID of the resource in the Databricks Workspace that is exposed as `object_id` attribute of the `databricks_directory` resource as shown below.


```hcl
resource "databricks_group" "auto" {
display_name = "Automation"
Expand Down Expand Up @@ -910,6 +909,7 @@ One type argument and at least one access control block argument are required.

Exactly one of the following arguments is required:

- `app_name` - [app](app.md) name
- `cluster_id` - [cluster](cluster.md) id
- `cluster_policy_id` - [cluster policy](cluster_policy.md) id
- `instance_pool_id` - [instance pool](instance_pool.md) id
Expand Down
22 changes: 22 additions & 0 deletions internal/acceptance/permissions_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -947,3 +947,25 @@ func TestAccPermissions_Query(t *testing.T) {
ExpectError: regexp.MustCompile("cannot remove management permissions for the current user for query, allowed levels: CAN_MANAGE"),
})
}

func TestAccPermissions_App(t *testing.T) {
loadDebugEnvIfRunsFromIDE(t, "workspace")
if IsGcp(t) {
Skipf(t)("not available on GCP")
}
queryTemplate := `
resource "databricks_app" "this" {
name = "{var.RANDOM}"
description = "Test app"
}`
WorkspaceLevel(t, Step{
Template: queryTemplate + makePermissionsTestStage("app_name", "databricks_app.this.name", groupPermissions("CAN_USE")),
}, Step{
Template: queryTemplate + makePermissionsTestStage("app_name", "databricks_app.this.name",
currentPrincipalPermission(t, "CAN_MANAGE"), groupPermissions("CAN_USE", "CAN_MANAGE")),
}, Step{
Template: queryTemplate + makePermissionsTestStage("app_name", "databricks_app.this.name",
currentPrincipalPermission(t, "CAN_USE"), groupPermissions("CAN_USE", "CAN_MANAGE")),
ExpectError: regexp.MustCompile("cannot remove management permissions for the current user for apps, allowed levels: CAN_MANAGE"),
})
}
19 changes: 13 additions & 6 deletions internal/providers/pluginfw/pluginfw_rollout_utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"slices"
"strings"

"github.com/databricks/terraform-provider-databricks/internal/providers/pluginfw/products/app"
"github.com/databricks/terraform-provider-databricks/internal/providers/pluginfw/products/catalog"
"github.com/databricks/terraform-provider-databricks/internal/providers/pluginfw/products/cluster"
"github.com/databricks/terraform-provider-databricks/internal/providers/pluginfw/products/library"
Expand All @@ -26,29 +27,35 @@ import (
)

// List of resources that have been migrated from SDK V2 to plugin framework
// Keep this list sorted.
var migratedResources = []func() resource.Resource{
qualitymonitor.ResourceQualityMonitor,
library.ResourceLibrary,
qualitymonitor.ResourceQualityMonitor,
}

// List of data sources that have been migrated from SDK V2 to plugin framework
// Keep this list sorted.
var migratedDataSources = []func() datasource.DataSource{
volume.DataSourceVolumes,
}

// List of resources that have been onboarded to the plugin framework - not migrated from sdkv2.
// Keep this list sorted.
var pluginFwOnlyResources = []func() resource.Resource{
// TODO Add resources here
sharing.ResourceShare, // Using the staging name (with pluginframework suffix)
app.ResourceApp,
sharing.ResourceShare,
}

// List of data sources that have been onboarded to the plugin framework - not migrated from sdkv2.
// Keep this list sorted.
var pluginFwOnlyDataSources = []func() datasource.DataSource{
serving.DataSourceServingEndpoints,
app.DataSourceApp,
app.DataSourceApps,
catalog.DataSourceFunctions,
notificationdestinations.DataSourceNotificationDestinations,
registered_model.DataSourceRegisteredModel,
registered_model.DataSourceRegisteredModelVersions,
notificationdestinations.DataSourceNotificationDestinations,
catalog.DataSourceFunctions,
serving.DataSourceServingEndpoints,
// TODO: Add DataSourceCluster into migratedDataSources after fixing unit tests.
cluster.DataSourceCluster, // Using the staging name (with pluginframework suffix)
sharing.DataSourceShare, // Using the staging name (with pluginframework suffix)
Expand Down
Loading
Loading