Skip to content

Commit

Permalink
feat: Updated Databricks Workspace CMK Implementation (Azure#3736)
Browse files Browse the repository at this point in the history
## Description

- Updated Databricks Workspace CMK Implementation
- Implemented AVM-Common-Types

Linked to 
- Update CMK implementations as per
Azure#2842 (comment)
- Docs Update: Azure/Azure-Verified-Modules#1683
- UDT update: Azure#3724

## Pipeline Reference

<!-- Insert your Pipeline Status Badge below -->

| Pipeline |
| -------- |
|
[![avm.res.databricks.workspace](https://github.com/AlexanderSehr/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml/badge.svg?branch=users%2Falsehr%2FcmkUpdateDatabricks&event=workflow_dispatch)](https://github.com/AlexanderSehr/bicep-registry-modules/actions/workflows/avm.res.databricks.workspace.yml)
|

## Type of Change

<!-- Use the checkboxes [x] on the options that are relevant. -->

- [ ] Update to CI Environment or utilities (Non-module affecting
changes)
- [ ] Azure Verified Module updates:
- [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT
bumped the MAJOR or MINOR version in `version.json`:
- [ ] Someone has opened a bug report issue, and I have included "Closes
#{bug_report_issue_number}" in the PR description.
- [ ] The bug was found by the module author, and no one has opened an
issue to report it yet.
- [ ] Feature update backwards compatible feature updates, and I have
bumped the MINOR version in `version.json`.
- [ ] Breaking changes and I have bumped the MAJOR version in
`version.json`.
  - [ ] Update to documentation

## Checklist

- [ ] I'm sure there are no other open Pull Requests for the same
update/change
- [ ] I have run `Set-AVMModule` locally to generate the supporting
module files.
- [ ] My corresponding pipelines / checks run clean and green without
any errors or warnings

<!-- Please keep up to date with the contribution guide at
https://aka.ms/avm/contribute/bicep -->
  • Loading branch information
AlexanderSehr authored Nov 28, 2024
1 parent a357023 commit 82e0820
Show file tree
Hide file tree
Showing 6 changed files with 516 additions and 627 deletions.
64 changes: 31 additions & 33 deletions avm/res/databricks/workspace/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -127,9 +127,9 @@ module workspace 'br/public:avm/res/databricks/workspace:<version>' = {
keyVaultResourceId: '<keyVaultResourceId>'
}
customerManagedKeyManagedDisk: {
autoRotationDisabled: true
keyName: '<keyName>'
keyVaultResourceId: '<keyVaultResourceId>'
rotationToLatestKeyVersionEnabled: true
}
customPrivateSubnetName: '<customPrivateSubnetName>'
customPublicSubnetName: '<customPublicSubnetName>'
Expand Down Expand Up @@ -270,9 +270,9 @@ module workspace 'br/public:avm/res/databricks/workspace:<version>' = {
},
"customerManagedKeyManagedDisk": {
"value": {
"autoRotationDisabled": true,
"keyName": "<keyName>",
"keyVaultResourceId": "<keyVaultResourceId>",
"rotationToLatestKeyVersionEnabled": true
"keyVaultResourceId": "<keyVaultResourceId>"
}
},
"customPrivateSubnetName": {
Expand Down Expand Up @@ -449,9 +449,9 @@ param customerManagedKey = {
keyVaultResourceId: '<keyVaultResourceId>'
}
param customerManagedKeyManagedDisk = {
autoRotationDisabled: true
keyName: '<keyName>'
keyVaultResourceId: '<keyVaultResourceId>'
rotationToLatestKeyVersionEnabled: true
}
param customPrivateSubnetName = '<customPrivateSubnetName>'
param customPublicSubnetName = '<customPublicSubnetName>'
Expand Down Expand Up @@ -580,7 +580,6 @@ module workspace 'br/public:avm/res/databricks/workspace:<version>' = {
customerManagedKeyManagedDisk: {
keyName: '<keyName>'
keyVaultResourceId: '<keyVaultResourceId>'
rotationToLatestKeyVersionEnabled: true
}
customPrivateSubnetName: '<customPrivateSubnetName>'
customPublicSubnetName: '<customPublicSubnetName>'
Expand Down Expand Up @@ -704,8 +703,7 @@ module workspace 'br/public:avm/res/databricks/workspace:<version>' = {
"customerManagedKeyManagedDisk": {
"value": {
"keyName": "<keyName>",
"keyVaultResourceId": "<keyVaultResourceId>",
"rotationToLatestKeyVersionEnabled": true
"keyVaultResourceId": "<keyVaultResourceId>"
}
},
"customPrivateSubnetName": {
Expand Down Expand Up @@ -866,7 +864,6 @@ param customerManagedKey = {
param customerManagedKeyManagedDisk = {
keyName: '<keyName>'
keyVaultResourceId: '<keyVaultResourceId>'
rotationToLatestKeyVersionEnabled: true
}
param customPrivateSubnetName = '<customPrivateSubnetName>'
param customPublicSubnetName = '<customPublicSubnetName>'
Expand Down Expand Up @@ -1087,7 +1084,7 @@ The customer managed key definition to use for the managed service.

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. |
| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the deployment will use the latest version available at deployment time. |
| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. |

### Parameter: `customerManagedKey.keyName`
Expand All @@ -1106,7 +1103,7 @@ The resource ID of a key vault to reference a customer managed key for encryptio

### Parameter: `customerManagedKey.keyVersion`

The version of the customer managed key to reference for encryption. If not provided, using 'latest'.
The version of the customer managed key to reference for encryption. If not provided, the deployment will use the latest version available at deployment time.

- Required: No
- Type: string
Expand Down Expand Up @@ -1136,8 +1133,8 @@ The customer managed key definition to use for the managed disk.

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`keyVersion`](#parameter-customermanagedkeymanageddiskkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. |
| [`rotationToLatestKeyVersionEnabled`](#parameter-customermanagedkeymanageddiskrotationtolatestkeyversionenabled) | bool | Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default. |
| [`autoRotationEnabled`](#parameter-customermanagedkeymanageddiskautorotationenabled) | bool | Enable or disable auto-rotating to the latest key version. Default is `true`. If set to `false`, the latest key version at the time of the deployment is used. |
| [`keyVersion`](#parameter-customermanagedkeymanageddiskkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using version as per 'autoRotationEnabled' setting. |
| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeymanageddiskuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. |

### Parameter: `customerManagedKeyManagedDisk.keyName`
Expand All @@ -1154,19 +1151,19 @@ The resource ID of a key vault to reference a customer managed key for encryptio
- Required: Yes
- Type: string

### Parameter: `customerManagedKeyManagedDisk.keyVersion`
### Parameter: `customerManagedKeyManagedDisk.autoRotationEnabled`

The version of the customer managed key to reference for encryption. If not provided, using 'latest'.
Enable or disable auto-rotating to the latest key version. Default is `true`. If set to `false`, the latest key version at the time of the deployment is used.

- Required: No
- Type: string
- Type: bool

### Parameter: `customerManagedKeyManagedDisk.rotationToLatestKeyVersionEnabled`
### Parameter: `customerManagedKeyManagedDisk.keyVersion`

Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default.
The version of the customer managed key to reference for encryption. If not provided, using version as per 'autoRotationEnabled' setting.

- Required: No
- Type: bool
- Type: string

### Parameter: `customerManagedKeyManagedDisk.userAssignedIdentityResourceId`

Expand Down Expand Up @@ -1465,7 +1462,7 @@ Configuration details for private endpoints. For security reasons, it is recomme

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". |
| [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file" for a Storage Account's Private Endpoints. |
| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. |

**Optional parameters**
Expand All @@ -1490,7 +1487,7 @@ Configuration details for private endpoints. For security reasons, it is recomme

### Parameter: `privateEndpoints.service`

The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".
The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file" for a Storage Account's Private Endpoints.

- Required: Yes
- Type: string
Expand Down Expand Up @@ -1688,7 +1685,7 @@ The private DNS zone group to configure for the private endpoint.

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`privateDnsZoneGroupConfigs`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. |
| [`privateDnsZoneGroupConfigs`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones. |

**Optional parameters**

Expand All @@ -1698,7 +1695,7 @@ The private DNS zone group to configure for the private endpoint.

### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs`

The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.
The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

- Required: Yes
- Type: array
Expand All @@ -1713,7 +1710,7 @@ The private DNS zone groups to associate the private endpoint. A DNS zone group

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS zone group config. |
| [`name`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS Zone Group config. |

### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId`

Expand All @@ -1724,7 +1721,7 @@ The resource id of the private DNS zone.

### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name`

The name of the private DNS zone group config.
The name of the private DNS Zone Group config.

- Required: No
- Type: string
Expand Down Expand Up @@ -2065,7 +2062,7 @@ Configuration details for private endpoints for the managed workspace storage ac

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`service`](#parameter-storageaccountprivateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file". |
| [`service`](#parameter-storageaccountprivateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file" for a Storage Account's Private Endpoints. |
| [`subnetResourceId`](#parameter-storageaccountprivateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. |

**Optional parameters**
Expand All @@ -2090,7 +2087,7 @@ Configuration details for private endpoints for the managed workspace storage ac

### Parameter: `storageAccountPrivateEndpoints.service`

The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file".
The subresource to deploy the private endpoint for. For example "blob", "table", "queue" or "file" for a Storage Account's Private Endpoints.

- Required: Yes
- Type: string
Expand Down Expand Up @@ -2288,7 +2285,7 @@ The private DNS zone group to configure for the private endpoint.

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`privateDnsZoneGroupConfigs`](#parameter-storageaccountprivateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. |
| [`privateDnsZoneGroupConfigs`](#parameter-storageaccountprivateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones. |

**Optional parameters**

Expand All @@ -2298,7 +2295,7 @@ The private DNS zone group to configure for the private endpoint.

### Parameter: `storageAccountPrivateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs`

The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.
The private DNS Zone Groups to associate the Private Endpoint. A DNS Zone Group can support up to 5 DNS zones.

- Required: Yes
- Type: array
Expand All @@ -2313,7 +2310,7 @@ The private DNS zone groups to associate the private endpoint. A DNS zone group

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-storageaccountprivateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS zone group config. |
| [`name`](#parameter-storageaccountprivateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS Zone Group config. |

### Parameter: `storageAccountPrivateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId`

Expand All @@ -2324,7 +2321,7 @@ The resource id of the private DNS zone.

### Parameter: `storageAccountPrivateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name`

The name of the private DNS zone group config.
The name of the private DNS Zone Group config.

- Required: No
- Type: string
Expand Down Expand Up @@ -2493,16 +2490,16 @@ Address prefix for Managed virtual network.
| Output | Type | Description |
| :-- | :-- | :-- |
| `location` | string | The location the resource was deployed into. |
| `managedResourceGroupId` | string | The resource ID of the managed resource group. |
| `managedResourceGroupName` | string | The name of the managed resource group. |
| `managedResourceGroupResourceId` | string | The resource ID of the managed resource group. |
| `name` | string | The name of the deployed databricks workspace. |
| `privateEndpoints` | array | The private endpoints of the Databricks Workspace. |
| `resourceGroupName` | string | The resource group of the deployed databricks workspace. |
| `resourceId` | string | The resource ID of the deployed databricks workspace. |
| `storageAccountId` | string | The resource ID of the DBFS storage account. |
| `storageAccountName` | string | The name of the DBFS storage account. |
| `storageAccountResourceId` | string | The resource ID of the DBFS storage account. |
| `storagePrivateEndpoints` | array | The private endpoints of the Databricks Workspace Storage. |
| `workspaceId` | string | The unique identifier of the databricks workspace in databricks control plane. |
| `workspaceResourceId` | string | The unique identifier of the databricks workspace in databricks control plane. |
| `workspaceUrl` | string | The workspace URL which is of the format 'adb-{workspaceId}.{random}.azuredatabricks.net'. |

## Cross-referenced modules
Expand All @@ -2512,6 +2509,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
| Reference | Type |
| :-- | :-- |
| `br/public:avm/res/network/private-endpoint:0.7.1` | Remote reference |
| `br/public:avm/utl/types/avm-common-types:0.4.0` | Remote reference |

## Notes

Expand Down
Loading

0 comments on commit 82e0820

Please sign in to comment.