Skip to content

Commit

Permalink
move storage credential creation logic gate
Browse files Browse the repository at this point in the history
  • Loading branch information
@jayengee
jayengee committed Feb 5, 2025
1 parent 7516640 commit c7b4411
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 10 deletions.
14 changes: 5 additions & 9 deletions databricks-s3-volume/iam.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ data "aws_caller_identity" "current" {
}

data "aws_iam_policy_document" "dbx_unity_aws_role_assume_role" {
count = var.create_catalog ? 1 : 0
count = local.create_storage_credential ? 1 : 0

statement {
principals {
Expand Down Expand Up @@ -37,7 +37,7 @@ data "aws_iam_policy_document" "dbx_unity_aws_role_assume_role" {
}

resource "aws_iam_role" "dbx_unity_aws_role" {
count = var.create_catalog ? 1 : 0
count = local.create_storage_credential ? 1 : 0

name = local.unity_aws_role_name
path = local.path
Expand All @@ -46,11 +46,7 @@ resource "aws_iam_role" "dbx_unity_aws_role" {

### Policy document to access default volume bucket and assume role
data "aws_iam_policy_document" "volume_bucket_dbx_unity_access" {
count = var.create_catalog ? 1 : 0

depends_on = [
module.databricks_bucket
]
count = local.create_storage_credential ? 1 : 0

statement {
sid = "dbxSCBucketAccess"
Expand Down Expand Up @@ -90,13 +86,13 @@ data "aws_iam_policy_document" "volume_bucket_dbx_unity_access" {
}

resource "aws_iam_policy" "dbx_unity_access_policy" {
count = var.create_catalog ? 1 : 0
count = local.create_storage_credential ? 1 : 0

policy = data.aws_iam_policy_document.volume_bucket_dbx_unity_access[0].json
}

resource "aws_iam_role_policy_attachment" "dbx_unity_aws_access" {
count = var.create_catalog ? 1 : 0
count = local.create_storage_credential ? 1 : 0

policy_arn = aws_iam_policy.dbx_unity_access_policy[0].arn
role = aws_iam_role.dbx_unity_aws_role[0].name
Expand Down
3 changes: 3 additions & 0 deletions databricks-s3-volume/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,11 @@ locals {
var.override_bucket_name != null ? var.override_bucket_name : replace(var.catalog_name, "_", "-") # buckets don't work with underscores
)

create_storage_credential = var.create_catalog ? true : (var.create_storage_credential ? true : false)

# Allow overriding the storage location in case of an existing bucket
storage_location = var.override_storage_location != null ? var.override_storage_location : "s3://${local.bucket_name}/${local.schema_name}/${local.volume_name}"

}

### Databricks storage credential - allows workspace to access an external location.
Expand Down
2 changes: 1 addition & 1 deletion databricks-s3-volume/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ variable "override_bucket_name" {
}

variable "override_storage_location" {
description = "(Optional) Prefix to use for the storage location in case of an existing bucket (e.g. '' or '/prefix')"
description = "(Optional) Prefix to use for the storage location in case of an existing bucket (e.g. 's3://bucket' or 's3://bucket/prefix')"
type = string
default = null
}
Expand Down

0 comments on commit c7b4411

Please sign in to comment.