In Dev environment, I deploy Azure DataBricks using Terrafrom and can get the URL using workspace_url https://www.terraform.io/docs/providers/azurerm/r/databricks_workspace.html. But in production, I have to deploy the entire infrastructure through terraform and only Azure Databricks through ARM (this is the company's policy). ut when I use data.azurerm_databricks_workspace.example, for example, I get an error that there is no way to use azurerm_databricks_workspace in data. Tell me how can I get workspace_url and use it in Terrafrom. Thanks.
When going through sources of Databricks Labs Terraform provider, you can find reference to workspace properties endpoint, which would have workspaceUrl in properties field. So if you call https://management.azure.com/subscriptions/<uui>/resourceGroups/<resource-group-name>/providers/Microsoft.Databricks/workspaces/<workspace-name> with management AAD JWT token, you should be able to retrieve workspace URL.
I'm not sure if it's exposed to ARM Templates, though Azure CLI does expose it.
Related
I'm looking into publishing bicep templates to a Bicep registry (ACR), and then deploying them via the ARM REST api. However the REST create deployment api only allows me to specify a templateSpec - I don't see any way to reference an ACR url. Is this possible, or do I need to use template specs for this?
For context, I need to create an automated service that can deploy resources when a particular event happens, e.g. add new customer -> spin up Azure resources xyz. Having my service use the REST api seems reasonable, and I'd prefer to use the bicep registry over template specs.
Currently Content in the Bicep module registry can only be deployed from another Bicep file. Template specs can be deployed directly from the API, Azure PowerShell, Azure CLI, and the Azure portal. You can even use UiFormDefinition to customize the portal deployment experience.
You can refer to this documentation for more information.
My requirement is to create a Logic App that will receive some inputs from other resources like Azure Data Factory and send out an email. I created this setup using the Azure portal and Logic app designer. When I added a Send an Email (V2) I was asked for an Office 365 account login and everything works as expected.
Now I'm trying to achieve all of this through Terraform. I can import the existing Logic app workflow to an AzureRM resource azurerm_logic_app_workflow but that doesn't import the API connection. I'm unsure on how to import the existing API connection into Terraform (or even to create a new API connection in Terraform).
Please advise.
As azender01 mentioned, the azurerm_api_connection terraform resource does not support all features Azure offers.
Workaround
In the past, i've connected a Logic App with a CosmosDb account using ARM scripts.
With Terraform, you can deploy ARM scripts with azurerm_resource_group_template_deployment. This feels like a big workaround, but i did not found a better solution.
You can export ARM scripts from existing resources in the Azure Portal and use them in your terraform azurerm_resource_group_template_deployment.
I am using Linked Template to deploy ARM template in Target env, While deploying I am storing the templates in blob contaier using “Azure File Copy” and generating URL and SAS token for the container.
But As my Storage account is configured via VNet/Subnet private endpoint, My ARM template deployment task is failing to download the Templates from the storage account.
I am checking for a workaround here, Please help me as soon as possible.
If you use Microsoft-hosted agents, please refer to this doc: Allowed address lists and network connections to configure your VNet/Subnet.
If you use private agents in pipeline, it will access to your Storage account via local network, please make sure that the local network can access to your Storage account.
In addition, you need to set up valid Azure Resource Manager service connection when using this Azure Resource Manager (ARM) Template Deployment Task.
I have this problem, when I am creating a scope!
How is it possible to create an AAD Token and integrate it into the script?
It's possible to create secret scope baked by Azure KeyVault, but you need to have AD token not the Databricks token. This is possible to do via Databricks CLI and Databricks Terraform provider, and both of them are using REST API to do it, but as mentioned at beginning - you need to use AAD token that you can get via Azure CLI.
My personal preference is to use Databricks Terraform provider that is very flexible, and easier to use than REST API and Databricks CLI.
Create Scope in Databrick API 2.0 - INVALID_PARAMETER_VALUE
This is a known issue with the databricks api and that powershell module:
Scope with Azure KeyVault must have userAADToken defined
Databricks are changing the API and will not commit to the final state
until Key Vault backed scopes comes out of Preview. I've no timescales
yet. In the meantime if you need these I would deploy them manually -
the CLI or REST API do not support them yet.
So, AFAIK, we have no way to create an Azure Key Vault-backed scopes with REST API at this moment. We just can create it in the Azure Databricks UI. In other words, If we provide key vault resource id when we call the REST API or CLI, the api cannot be processed by the backend server.
I am writing an auto deployment service and I am already able to create my App Service resource via ARM Template using the ARM API but now I need to deploy the content there, Im planning use the Kudu Zip deployment API (https://github.com/projectkudu/kudu/wiki/Deploying-from-a-zip-file) but Im missing how to set or get the deploy username and password automatically through some api based process (not using the UI).
I know the site credentials are actually account-tied users, if you know a different kind of credential can be used to deploy, please point me the direction that would allow me release without a specifc person-oriented credential (an app credential instead)
If you want to get the publish credentials, you could use the
Web Apps - List Publishing Credentials Rest API to do that.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/publishingcredentials/list?api-version=2016-08-01
About how to call the Azure Resource Manager REST API, please refer to this tutorial.
We also could use Azure SDK to get the publish credentials. For more information about how to use Kudu API or Azure SDK to get the publish credential, please refer to another SO thread.