From 37d90a68462de4cf86975bf4c1914d2e7afa2791 Mon Sep 17 00:00:00 2001 From: Tony Bo Date: Mon, 17 Jun 2024 13:00:18 -0400 Subject: [PATCH] "refactored Nathan's Private DBFS & added conditionals" --- .../modules/azure_spoke/dbfs_privatelink.tf | 184 ++++++++++-------- azure/tf/modules/azure_spoke/variables.tf | 7 + 2 files changed, 108 insertions(+), 83 deletions(-) diff --git a/azure/tf/modules/azure_spoke/dbfs_privatelink.tf b/azure/tf/modules/azure_spoke/dbfs_privatelink.tf index 2ca25de..3a4c0c2 100644 --- a/azure/tf/modules/azure_spoke/dbfs_privatelink.tf +++ b/azure/tf/modules/azure_spoke/dbfs_privatelink.tf @@ -1,83 +1,101 @@ -# # Define a private DNS zone for the dbfs_dfs resource -# resource "azurerm_private_dns_zone" "dbfs_dfs" { -# name = "privatelink.dfs.core.windows.net" -# resource_group_name = azurerm_resource_group.this.name - -# tags = var.tags -# } - -# # Define a private endpoint for the dbfs_dfs resource -# resource "azurerm_private_endpoint" "dbfs_dfs" { -# name = "dbfspe-dfs" -# location = azurerm_resource_group.this.location -# resource_group_name = azurerm_resource_group.this.name -# subnet_id = azurerm_subnet.privatelink.id - -# # Define the private service connection for the dbfs_dfs resource -# private_service_connection { -# name = "ple-${var.prefix}-dbfs-dfs" -# private_connection_resource_id = join("", [azurerm_databricks_workspace.this.managed_resource_group_id, "/providers/Microsoft.Storage/storageAccounts/", local.dbfs_name]) -# is_manual_connection = false -# subresource_names = ["dfs"] -# } - -# # Associate the private DNS zone with the private endpoint -# private_dns_zone_group { -# name = "private-dns-zone-dbfs" -# private_dns_zone_ids = [azurerm_private_dns_zone.dbfs_dfs.id] -# } - -# tags = var.tags -# } - -# # Define a virtual network link for the dbfs_dfs private DNS zone -# resource "azurerm_private_dns_zone_virtual_network_link" "dbfs_dfs" { -# name = "dbfs-dfs" -# resource_group_name = azurerm_resource_group.this.name -# private_dns_zone_name = azurerm_private_dns_zone.dbfs_dfs.name -# virtual_network_id = azurerm_virtual_network.this.id - -# tags = var.tags -# } - -# # Define a private endpoint for the dbfs_blob resource -# resource "azurerm_private_endpoint" "dbfspe_blob" { -# name = "dbfs-blob" -# location = azurerm_resource_group.this.location -# resource_group_name = azurerm_resource_group.this.name -# subnet_id = azurerm_subnet.privatelink.id - -# # Define the private service connection for the dbfs_blob resource -# private_service_connection { -# name = "ple-${var.prefix}-dbfs-blob" -# private_connection_resource_id = join("", [azurerm_databricks_workspace.this.managed_resource_group_id, "/providers/Microsoft.Storage/storageAccounts/", local.dbfs_name]) -# is_manual_connection = false -# subresource_names = ["blob"] -# } - -# # Associate the private DNS zone with the private endpoint -# private_dns_zone_group { -# name = "private-dns-zone-dbfs" -# private_dns_zone_ids = [azurerm_private_dns_zone.dbfs_blob.id] -# } - -# tags = var.tags -# } - -# # Define a private DNS zone for the dbfs_blob resource -# resource "azurerm_private_dns_zone" "dbfs_blob" { -# name = "privatelink.blob.core.windows.net" -# resource_group_name = azurerm_resource_group.this.name - -# tags = var.tags -# } - -# # Define a virtual network link for the dbfs_blob private DNS zone -# resource "azurerm_private_dns_zone_virtual_network_link" "dbfs_blob" { -# name = "dbfs-blob" -# resource_group_name = azurerm_resource_group.this.name -# private_dns_zone_name = azurerm_private_dns_zone.dbfs_blob.name -# virtual_network_id = azurerm_virtual_network.this.id - -# tags = var.tags -# } +# Define a private DNS zone for the dbfs_dfs resource +resource "azurerm_private_dns_zone" "dbfs_dfs" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "privatelink.dfs.core.windows.net" + resource_group_name = azurerm_resource_group.this.name + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} + +# Define a private endpoint for the dbfs_dfs resource +resource "azurerm_private_endpoint" "dbfs_dfs" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "dbfspe-dfs" + location = azurerm_resource_group.this.location + resource_group_name = azurerm_resource_group.this.name + subnet_id = azurerm_subnet.privatelink.id + + # Define the private service connection for the dbfs_dfs resource + private_service_connection { + name = "ple-${var.prefix}-dbfs-dfs" + private_connection_resource_id = join("", [azurerm_databricks_workspace.this.managed_resource_group_id, "/providers/Microsoft.Storage/storageAccounts/", local.dbfs_name]) + is_manual_connection = false + subresource_names = ["dfs"] + } + + # Associate the private DNS zone with the private endpoint + private_dns_zone_group { + name = "private-dns-zone-dbfs" + private_dns_zone_ids = [azurerm_private_dns_zone.dbfs_dfs.id] + } + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} + +# Define a virtual network link for the dbfs_dfs private DNS zone +resource "azurerm_private_dns_zone_virtual_network_link" "dbfs_dfs" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "dbfs-dfs" + resource_group_name = azurerm_resource_group.this.name + private_dns_zone_name = azurerm_private_dns_zone.dbfs_dfs.name + virtual_network_id = azurerm_virtual_network.this.id + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} + +# Define a private endpoint for the dbfs_blob resource +resource "azurerm_private_endpoint" "dbfspe_blob" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "dbfs-blob" + location = azurerm_resource_group.this.location + resource_group_name = azurerm_resource_group.this.name + subnet_id = azurerm_subnet.privatelink.id + + # Define the private service connection for the dbfs_blob resource + private_service_connection { + name = "ple-${var.prefix}-dbfs-blob" + private_connection_resource_id = join("", [azurerm_databricks_workspace.this.managed_resource_group_id, "/providers/Microsoft.Storage/storageAccounts/", local.dbfs_name]) + is_manual_connection = false + subresource_names = ["blob"] + } + + # Associate the private DNS zone with the private endpoint + private_dns_zone_group { + name = "private-dns-zone-dbfs" + private_dns_zone_ids = [azurerm_private_dns_zone.dbfs_blob.id] + } + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} + +# Define a private DNS zone for the dbfs_blob resource +resource "azurerm_private_dns_zone" "dbfs_blob" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "privatelink.blob.core.windows.net" + resource_group_name = azurerm_resource_group.this.name + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} + +# Define a virtual network link for the dbfs_blob private DNS zone +resource "azurerm_private_dns_zone_virtual_network_link" "dbfs_blob" { + count = var.boolean_create_private_dbfs ? 1 : 0 + + name = "dbfs-blob" + resource_group_name = azurerm_resource_group.this.name + private_dns_zone_name = azurerm_private_dns_zone.dbfs_blob.name + virtual_network_id = azurerm_virtual_network.this.id + + tags = var.tags + depends_on = [ azurerm_databricks_workspace.this ] +} diff --git a/azure/tf/modules/azure_spoke/variables.tf b/azure/tf/modules/azure_spoke/variables.tf index 2f4c9e2..a93af31 100644 --- a/azure/tf/modules/azure_spoke/variables.tf +++ b/azure/tf/modules/azure_spoke/variables.tf @@ -106,3 +106,10 @@ variable "tenant_id" { type = string description = "(Required) The tenant ID for the Azure subscription" } + +# Resource placeholder that checks to see if private_dbfs should be created +variable "boolean_create_private_dbfs" { + description = "Whether to enable Private DBFS, all Private DBFS resources will depend on Workspace" + type = bool + default = true +} \ No newline at end of file