Skip to content

Commit

Permalink
Add preconditions to check configuration compatibility (#209)
Browse files Browse the repository at this point in the history
* add network precond
  • Loading branch information
jdocampo authored Mar 17, 2023
1 parent d1dd604 commit a273ac5
Showing 1 changed file with 23 additions and 10 deletions.
33 changes: 23 additions & 10 deletions terraform/databricks/main.tf
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,16 @@
# https://registry.terraform.io/providers/databricks/databricks/latest/docs

resource "azurerm_databricks_workspace" "adl_databricks" {
name = "adb-${var.basename}"
resource_group_name = var.resource_group_name
location = var.location
sku = var.sku
name = "adb-${var.basename}"
resource_group_name = var.resource_group_name
location = var.location
sku = var.sku

managed_resource_group_name = "${var.resource_group_name}-adb-managed"
public_network_access_enabled = var.is_sec_module && !(var.public_network_enabled) ? false : true
public_network_access_enabled = var.public_network_enabled
network_security_group_rules_required = var.is_sec_module ? "NoAzureDatabricksRules" : "AllRules"
custom_parameters {
no_public_ip = var.is_sec_module ? true : false
no_public_ip = var.is_sec_module
public_subnet_name = var.public_subnet_name
private_subnet_name = var.private_subnet_name
virtual_network_id = var.virtual_network_id
Expand All @@ -20,6 +21,18 @@ resource "azurerm_databricks_workspace" "adl_databricks" {
tags = var.tags

count = var.module_enabled ? 1 : 0

lifecycle {
precondition {
condition = (var.is_sec_module || var.public_network_enabled)
error_message = "Deny public access requires a private link endpoint (is_sec_module set to 'true')"
}

precondition {
condition = (!var.enable_ip_access_list || var.public_network_enabled)
error_message = "IP access list only applies to requests made over the Internet (public_network_enabled set to 'true')"
}
}
}

provider "databricks" {
Expand All @@ -35,7 +48,7 @@ resource "databricks_workspace_conf" "adb_ws_conf" {
}
depends_on = [azurerm_databricks_workspace.adl_databricks[0]]

count = var.module_enabled && var.public_network_enabled ? 1 : 0
count = var.module_enabled && var.enable_ip_access_list ? 1 : 0
}

resource "databricks_ip_access_list" "adb_ws_allow-list" {
Expand All @@ -45,7 +58,7 @@ resource "databricks_ip_access_list" "adb_ws_allow-list" {
ip_addresses = var.allow_ip_list
depends_on = [databricks_workspace_conf.adb_ws_conf]

count = var.module_enabled && var.public_network_enabled && var.enable_ip_access_list && length(var.allow_ip_list) > 0 ? 1 : 0
count = var.module_enabled && var.enable_ip_access_list && length(var.allow_ip_list) > 0 ? 1 : 0
}

resource "databricks_ip_access_list" "adb_ws_block-list" {
Expand All @@ -55,7 +68,7 @@ resource "databricks_ip_access_list" "adb_ws_block-list" {
ip_addresses = var.block_ip_list
depends_on = [databricks_workspace_conf.adb_ws_conf]

count = var.module_enabled && var.public_network_enabled && var.enable_ip_access_list && length(var.block_ip_list) > 0 ? 1 : 0
count = var.module_enabled && var.enable_ip_access_list && length(var.block_ip_list) > 0 ? 1 : 0
}

# Private Endpoint configuration
Expand Down Expand Up @@ -100,4 +113,4 @@ module "adb_be_pe" {
private_dns_zone_ids = var.backend_private_dns_zone_ids
tags = var.tags
module_enabled = var.module_enabled && var.is_sec_module && var.maximum_network_security
}
}

0 comments on commit a273ac5

Please sign in to comment.