databricks
diff --git a/‎README.md
Lines changed: 6 additions & 0 deletions b/‎README.md
Lines changed: 6 additions & 0 deletions
diff --git a/‎examples/adb-overwatch/README.md
Lines changed: 38 additions & 0 deletions b/‎examples/adb-overwatch/README.md
Lines changed: 38 additions & 0 deletions
diff --git a/‎examples/adb-overwatch/dynamic_providers_modules_generation.sh
Lines changed: 94 additions & 0 deletions b/‎examples/adb-overwatch/dynamic_providers_modules_generation.sh
Lines changed: 94 additions & 0 deletions
diff --git a/‎examples/adb-overwatch/main.tf
Lines changed: 62 additions & 0 deletions b/‎examples/adb-overwatch/main.tf
Lines changed: 62 additions & 0 deletions
diff --git a/‎examples/adb-overwatch/overwatch_deployment_config.csv
Lines changed: 1 addition & 0 deletions b/‎examples/adb-overwatch/overwatch_deployment_config.csv
Lines changed: 1 addition & 0 deletions
diff --git a/‎examples/adb-overwatch/providers.tf
Lines changed: 21 additions & 0 deletions b/‎examples/adb-overwatch/providers.tf
Lines changed: 21 additions & 0 deletions
diff --git a/‎examples/adb-overwatch/terraform.tfvars
Lines changed: 11 additions & 0 deletions b/‎examples/adb-overwatch/terraform.tfvars
Lines changed: 11 additions & 0 deletions
@@ -42,6 +42,7 @@ The folder `examples` contains the following Terraform implementation examples :
 | Azure | [adb-teradata](examples/adb-teradata/)                                             | ADB with single VM Teradata integration                                                                                                                                                              |
 | Azure | [adb-uc](examples/adb-uc/)                                                         | ADB Unity Catalog Process                                                                                                                                                                            |
 | Azure | [adb-unity-catalog-basic-demo](examples/adb-unity-catalog-basic-demo/)             | ADB Unity Catalog end to end demo including UC metastore setup, Users/groups sync from AAD to databricks account, UC Catalog, External locations, Schemas, & Access Grants                           |
+| Azure | [adb-overwatch](examples/adb-overwatch/)             | Overwatch multi-workspace deployment on Azure                          |
 | AWS   | [aws-workspace-basic](examples/aws-workspace-basic/)                               | Provisioning AWS Databricks E2                                                                                                                                                                       |
 | AWS   | [aws-workspace-with-firewall](examples/aws-workspace-with-firewall/)               | Provisioning AWS Databricks E2 with an AWS Firewall                                                                                                                                                  |
 | AWS   | [aws-exfiltration-protection](examples/aws-exfiltration-protection/)               | An implementation of [Data Exfiltration Protection on AWS](https://www.databricks.com/blog/2021/02/02/data-exfiltration-protection-with-databricks-on-aws.html)                                      |
@@ -68,6 +69,11 @@ The folder `modules` contains the following Terraform modules :
 | Azure | [adb-with-private-link-standard](modules/adb-with-private-link-standard/)                                 | Provisioning Databricks on Azure with Private Link - Standard deployment                                                                                                                  |
 | Azure | [adb-exfiltration-protection](modules/adb-exfiltration-protection/)                                       | A sample implementation of [Data Exfiltration Protection](https://www.databricks.com/blog/2020/03/27/data-exfiltration-protection-with-azure-databricks.html)                             |
 | Azure | [adb-with-private-links-exfiltration-protection](modules/adb-with-private-links-exfiltration-protection/) | Provisioning Databricks on Azure with Private Link and [Data Exfiltration Protection](https://www.databricks.com/blog/2020/03/27/data-exfiltration-protection-with-azure-databricks.html) |
+| Azure | [adb-overwatch-regional-config](modules/adb-overwatch-regional-config/)                                   | Overwatch regional configuration on Azure                                                                                                                                                 |
+| Azure | [adb-overwatch-mws-config](modules/adb-overwatch-mws-config/)                                             | Overwatch multi-workspace deployment on Azure                                                                                                                                             |
+| Azure | [adb-overwatch-main-ws](modules/adb-overwatch-main-ws/)                                                   | Main Overwatch workspace deployment                                                                                                                                                       |
+| Azure | [adb-overwatch-ws-to-monitor](modules/adb-overwatch-ws-to-monitor/)                                       | Overwatch deployment on the Azure workspace to monitor                                                                                                                                    |
+| Azure | [adb-overwatch-analysis](modules/adb-overwatch-analysis/)                                                 | Overwatch analysis notebooks deployment on Azure                                                                                                                                          |
 | AWS   | [aws-workspace-basic](modules/aws-workspace-basic/)                                                       | Provisioning AWS Databricks E2                                                                                                                                                            |
 | AWS   | [aws-databricks-base-infra](modules/aws-databricks-base-infra/)                                           | Provisioning AWS Infrastructure to be used for the deployment of a Databricks E2 workspace                                                                                                |
 | AWS   | [aws-databricks-unity-catalog](modules/aws-databricks-unity-catalog/)                                     | Provisioning the AWS Infrastructure and setting up the metastore for Databricks Unity Catalog                                                                                             |
 
@@ -0,0 +1,38 @@
+# Deploying Overwatch on Azure Databricks
+
+This example contains Terraform code used to deploy Overwatch using the following modules :
+- [adb-overwatch-regional-config](../../modules/adb-overwatch-regional-config)
+- [adb-overwatch-mws-config](../../modules/adb-overwatch-mws-config)
+- [adb-overwatch-main-ws](../../modules/adb-overwatch-main-ws)
+- [adb-overwatch-ws-to-monitor](../../modules/adb-overwatch-ws-to-monitor)
+- [adb-overwatch-analysis](../../modules/adb-overwatch-analysis)
+
+
+## Example content
+
+This code uses the [multi-workspace deployment of Overwatch](https://databrickslabs.github.io/overwatch/deployoverwatch/cloudinfra/azure/#reference-architecturehttps://databrickslabs.github.io/overwatch/deployoverwatch/cloudinfra/azure/#reference-architecture). Overwatch runs in a dedicated, or existing, Azure Databricks workspace, and monitors the specified workspaces in the config file [overwatch_deployment_config.csv](./overwatch_deployment_config.csv). This configuration file is generated automatically by the module [adb-overwatch-ws-to-monitor](../../modules/adb-overwatch-ws-to-monitor).
+
+  ![Overwatch_Arch_Azure](https://user-images.githubusercontent.com/103026825/230571464-5892c5c7-82c2-4808-9003-61b501b75f69.png?raw=true)
+
+The deployment is structured as followed :
+* Use an existing **Resource group**
+* Deploy **Eventhubs** topic per workspace, that could be in the same **Eventhubs** namespace
+* Deploy **Storage Accounts**, one for the cluster logs and one for Overwatch database output
+* Deploy the dedicated **Azure Databricks** workspace, or use an existing one for Overwatch, with some Databricks quick-start notebooks to analyse the results
+* Deploy **Azure Key Vault** to store the secrets
+* Configure **Role Assignments** and **mounts** to attribute the necessary permissions
+* Configure **Diagnostic Logs** on the Databricks workspaces to monitor
+
+> **Note**  
+> As Terraform requires providers and modules to be declared statically before deploying the resources, we are using in this example a [bash script](./dynamic_providers_modules_generation.sh)
+> that generates the provider configurations for N workspaces along with the modules references.
+
+## How to use
+
+1. Configure the workspaces that will be observed by Overwatch in [workspaces_to_monitor.json](./workspaces_to_monitor.json)
+2. Make the script [dynamic_providers_modules_generation.sh](./dynamic_providers_modules_generation.sh) executable : `chmod +x dynamic_providers_modules_generation.sh`
+3. Update the `terraform.tfvars` file with your environment values 
+4. Run the script [dynamic_providers_modules_generation.sh](./dynamic_providers_modules_generation.sh) : `./dynamic_providers_modules_generation.sh`. This will dynamically generate `providers_ws_to_monitor.tf` and `main_ws_to_monitor.tf` files with the right terraform setup for all the workspaces defined in [workspaces_to_monitor.json](./workspaces_to_monitor.json)
+5. Run `terraform init` to initialize terraform and get provider ready
+6. Run `terraform plan` to check the resources that are affected
+7. Run `terraform apply` to create the resources
@@ -0,0 +1,94 @@
+#!/bin/bash
+
+# Load JSON file into variable
+json=$(cat workspaces_to_monitor.json)
+
+# set the name of the module's source
+module_source="../../modules/adb-overwatch-ws-to-monitor"
+modules_list=(module.adb-overwatch-mws-config)
+
+# Loop through JSON objects
+for row in $(echo "${json}" | jq -r '.[] | @base64'); do
+    # Decode JSON object
+    _jq() {
+        echo "${row}" | base64 --decode | jq -r "${1}"
+    }
+
+    # Generate Terraform Databricks provider configuration
+    workspace_name=$(_jq '.workspace_name')
+    host=$(_jq '.host')
+
+    echo -e "provider \"databricks\" {
+  alias = \"$workspace_name\"
+  host = \"$host\"
+}\n" >> providers_ws_to_monitor.tf
+
+    # Set the name of the module dynamically
+    module_name="adb-overwatch-monitor-$workspace_name"
+
+    # Set the name of the provider and the Databricks value you want to use
+    provider_name="databricks"
+    databricks_provider_value="databricks.$workspace_name"
+
+    # Generate the JSON block
+    json_block=$(cat <<EOF
+module "$module_name" {
+  source = "$module_source"
+
+  providers = {
+    $provider_name = $databricks_provider_value
+  }
+
+  adb_ws_name = "$workspace_name"
+  random_string                 = random_string.strapp.result
+  tenant_id                     = var.tenant_id
+  rg_name                       = var.rg_name
+  overwatch_spn_app_id          = var.overwatch_spn_app_id
+  ehn_name                      = module.adb-overwatch-regional-config.ehn_name
+  ehn_auth_rule_name            = module.adb-overwatch-regional-config.ehn_ar_name
+  logs_sa_name                  = module.adb-overwatch-regional-config.logs_sa_name
+  akv_name                      = module.adb-overwatch-regional-config.akv_name
+  databricks_secret_scope_name  = var.databricks_secret_scope_name
+  etl_storage_prefix = module.adb-overwatch-mws-config.etl_storage_prefix
+  active                        = var.active
+  api_waiting_time              = var.api_waiting_time
+  automated_dbu_price           = var.automated_dbu_price
+  enable_unsafe_SSL             = var.enable_unsafe_SSL
+  error_batch_size              = var.error_batch_size
+  excluded_scopes               = var.excluded_scopes
+  interactive_dbu_price         = var.interactive_dbu_price
+  jobs_light_dbu_price          = var.jobs_light_dbu_price
+  max_days                      = var.max_days
+  proxy_host                    = var.proxy_host
+  proxy_password_key            = var.proxy_password_key
+  proxy_password_scope          = var.proxy_password_scope
+  proxy_port                    = var.proxy_port
+  proxy_user_name               = var.proxy_user_name
+  sql_compute_dbu_price         = var.sql_compute_dbu_price
+  success_batch_size            = var.success_batch_size
+  thread_pool_size              = var.thread_pool_size
+  auditlog_prefix_source_path    = var.auditlog_prefix_source_path
+
+  depends_on = [module.adb-overwatch-regional-config]
+}
+EOF
+)
+
+    echo -e "$json_block\n" >> main_ws_to_monitor.tf
+
+    element="module.adb-overwatch-monitor-$workspace_name"
+    modules_list+=("$element")
+
+done
+
+echo "workspace_name,workspace_id,workspace_url,api_url,cloud,primordial_date,etl_storage_prefix,etl_database_name,consumer_database_name,secret_scope,secret_key_dbpat,auditlogprefix_source_path,eh_name,eh_scope_key,interactive_dbu_price,automated_dbu_price,sql_compute_dbu_price,jobs_light_dbu_price,max_days,excluded_scopes,active,proxy_host,proxy_port,proxy_user_name,proxy_password_scope,proxy_password_key,success_batch_size,error_batch_size,enable_unsafe_SSL,thread_pool_size,api_waiting_time" > overwatch_deployment_config.csv
+
+dependencies="["$(IFS=, ; echo "${modules_list[*]}")"]"
+
+echo -e "resource \"databricks_dbfs_file\" \"overwatch_deployment_config\" {
+  provider = databricks.adb-ow-main-ws
+
+  source = \"\${path.module}/overwatch_deployment_config.csv\"
+  path   = \"/mnt/\${module.adb-overwatch-mws-config.databricks_mount_db_name}/config/overwatch_deployment_config.csv\"
+  depends_on = $dependencies
+}" >> main_ws_to_monitor.tf
@@ -0,0 +1,62 @@
+resource "random_string" "strapp" {
+  length  = 5
+  lower = true
+  upper = false
+  special = false
+}
+
+
+module "adb-overwatch-regional-config" {
+  source = "../../modules/adb-overwatch-regional-config"
+
+  random_string         = random_string.strapp.result
+  rg_name               = var.rg_name
+  overwatch_spn_app_id  = var.overwatch_spn_app_id
+  ehn_name              = var.ehn_name
+  logs_sa_name          = var.logs_sa_name
+  key_vault_prefix      = var.key_vault_prefix
+  overwatch_spn_secret  = var.overwatch_spn_secret
+}
+
+
+module "adb-overwatch-main-ws" {
+  source = "../../modules/adb-overwatch-main-ws"
+
+  subscription_id = var.subscription_id
+  rg_name = var.rg_name
+  use_existing_ws = var.use_existing_overwatch_ws
+  overwatch_ws_name = var.overwatch_ws_name
+}
+
+
+module "adb-overwatch-mws-config" {
+  source = "../../modules/adb-overwatch-mws-config"
+  providers = {
+    databricks = databricks.adb-ow-main-ws
+  }
+
+  tenant_id                        = var.tenant_id
+  rg_name                          = var.rg_name
+  overwatch_spn_app_id             = var.overwatch_spn_app_id
+  overwatch_ws_name                = var.overwatch_ws_name
+  akv_name                         = module.adb-overwatch-regional-config.akv_name
+  databricks_secret_scope_name     = var.databricks_secret_scope_name
+  latest_dbr_lts = module.adb-overwatch-main-ws.latest_lts
+  random_string                 = random_string.strapp.result
+  ow_sa_name                       = var.ow_sa_name
+
+  depends_on = [module.adb-overwatch-main-ws, module.adb-overwatch-regional-config]
+}
+
+
+module "adb-overwatch-analysis" {
+  source = "../../modules/adb-overwatch-analysis"
+  providers = {
+    databricks = databricks.adb-ow-main-ws
+  }
+
+  rg_name = var.rg_name
+  overwatch_ws_name = var.overwatch_ws_name
+
+  depends_on = [module.adb-overwatch-main-ws]
+}
@@ -0,0 +1 @@
+workspace_name,workspace_id,workspace_url,api_url,cloud,primordial_date,etl_storage_prefix,etl_database_name,consumer_database_name,secret_scope,secret_key_dbpat,auditlogprefix_source_path,eh_name,eh_scope_key,interactive_dbu_price,automated_dbu_price,sql_compute_dbu_price,jobs_light_dbu_price,max_days,excluded_scopes,active,proxy_host,proxy_port,proxy_user_name,proxy_password_scope,proxy_password_key,success_batch_size,error_batch_size,enable_unsafe_SSL,thread_pool_size,api_waiting_time
@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    azurerm = {
+      source = "hashicorp/azurerm"
+    }
+
+    databricks = {
+      source = "databricks/databricks"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {}
+  subscription_id = var.subscription_id
+}
+
+provider "databricks" {
+  alias = "adb-ow-main-ws"
+  host = module.adb-overwatch-main-ws.adb_ow_main_ws_url
+}
@@ -0,0 +1,11 @@
+subscription_id = ""
+tenant_id = ""
+overwatch_spn_app_id = ""
+overwatch_spn_secret = ""
+ehn_name = ""
+logs_sa_name = ""
+ow_sa_name = ""
+key_vault_prefix = ""
+rg_name = ""
+overwatch_ws_name = ""
+use_existing_overwatch_ws = false
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+workspace_name,workspace_id,workspace_url,api_url,cloud,primordial_date,etl_storage_prefix,etl_database_name,consumer_database_name,secret_scope,secret_key_dbpat,auditlogprefix_source_path,eh_name,eh_scope_key,interactive_dbu_price,automated_dbu_price,sql_compute_dbu_price,jobs_light_dbu_price,max_days,excluded_scopes,active,proxy_host,proxy_port,proxy_user_name,proxy_password_scope,proxy_password_key,success_batch_size,error_batch_size,enable_unsafe_SSL,thread_pool_size,api_waiting_time`