1. Packages
  2. Databricks
  3. API Docs
  4. IpAccessList
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

databricks.IpAccessList

Explore with Pulumi AI

databricks logo
Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi

    Security-conscious enterprises that use cloud SaaS applications need to restrict access to their own employees. Authentication helps to prove user identity, but that does not enforce network location of the users. Accessing a cloud service from an unsecured network can pose security risks to an enterprise, especially when the user may have authorized access to sensitive or personal data. Enterprise network perimeters apply security policies and limit access to external services (for example, firewalls, proxies, DLP, and logging), so access beyond these controls are assumed to be untrusted. Please see IP Access List for full feature documentation.

    The total number of IP addresses and CIDR scopes provided across all ACL Lists in a workspace can not exceed 1000. Refer to the docs above for specifics.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as databricks from "@pulumi/databricks";
    
    const _this = new databricks.WorkspaceConf("this", {customConfig: {
        enableIpAccessLists: "true",
    }});
    const allowed_list = new databricks.IpAccessList("allowed-list", {
        label: "allow_in",
        listType: "ALLOW",
        ipAddresses: [
            "1.1.1.1",
            "1.2.3.0/24",
            "1.2.5.0/24",
        ],
    }, {
        dependsOn: [_this],
    });
    
    import pulumi
    import pulumi_databricks as databricks
    
    this = databricks.WorkspaceConf("this", custom_config={
        "enableIpAccessLists": "true",
    })
    allowed_list = databricks.IpAccessList("allowed-list",
        label="allow_in",
        list_type="ALLOW",
        ip_addresses=[
            "1.1.1.1",
            "1.2.3.0/24",
            "1.2.5.0/24",
        ],
        opts = pulumi.ResourceOptions(depends_on=[this]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		this, err := databricks.NewWorkspaceConf(ctx, "this", &databricks.WorkspaceConfArgs{
    			CustomConfig: pulumi.StringMap{
    				"enableIpAccessLists": pulumi.String("true"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = databricks.NewIpAccessList(ctx, "allowed-list", &databricks.IpAccessListArgs{
    			Label:    pulumi.String("allow_in"),
    			ListType: pulumi.String("ALLOW"),
    			IpAddresses: pulumi.StringArray{
    				pulumi.String("1.1.1.1"),
    				pulumi.String("1.2.3.0/24"),
    				pulumi.String("1.2.5.0/24"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			this,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Databricks = Pulumi.Databricks;
    
    return await Deployment.RunAsync(() => 
    {
        var @this = new Databricks.WorkspaceConf("this", new()
        {
            CustomConfig = 
            {
                { "enableIpAccessLists", "true" },
            },
        });
    
        var allowed_list = new Databricks.IpAccessList("allowed-list", new()
        {
            Label = "allow_in",
            ListType = "ALLOW",
            IpAddresses = new[]
            {
                "1.1.1.1",
                "1.2.3.0/24",
                "1.2.5.0/24",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                @this,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.databricks.WorkspaceConf;
    import com.pulumi.databricks.WorkspaceConfArgs;
    import com.pulumi.databricks.IpAccessList;
    import com.pulumi.databricks.IpAccessListArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var this_ = new WorkspaceConf("this", WorkspaceConfArgs.builder()
                .customConfig(Map.of("enableIpAccessLists", true))
                .build());
    
            var allowed_list = new IpAccessList("allowed-list", IpAccessListArgs.builder()
                .label("allow_in")
                .listType("ALLOW")
                .ipAddresses(            
                    "1.1.1.1",
                    "1.2.3.0/24",
                    "1.2.5.0/24")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(this_)
                    .build());
    
        }
    }
    
    resources:
      this:
        type: databricks:WorkspaceConf
        properties:
          customConfig:
            enableIpAccessLists: true
      allowed-list:
        type: databricks:IpAccessList
        properties:
          label: allow_in
          listType: ALLOW
          ipAddresses:
            - 1.1.1.1
            - 1.2.3.0/24
            - 1.2.5.0/24
        options:
          dependson:
            - ${this}
    

    The following resources are often used in the same context:

    • End to end workspace management guide.
    • Provisioning AWS Databricks workspaces with a Hub & Spoke firewall for data exfiltration protection guide.
    • databricks.MwsNetworks to configure VPC & subnets for new workspaces within AWS.
    • databricks.MwsPrivateAccessSettings to create a Private Access Setting that can be used as part of a databricks.MwsWorkspaces resource to create a Databricks Workspace that leverages AWS PrivateLink.
    • databricks.Permissions to manage access control in Databricks workspace.
    • databricks.SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more.

    Create IpAccessList Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new IpAccessList(name: string, args: IpAccessListArgs, opts?: CustomResourceOptions);
    @overload
    def IpAccessList(resource_name: str,
                     args: IpAccessListArgs,
                     opts: Optional[ResourceOptions] = None)
    
    @overload
    def IpAccessList(resource_name: str,
                     opts: Optional[ResourceOptions] = None,
                     ip_addresses: Optional[Sequence[str]] = None,
                     label: Optional[str] = None,
                     list_type: Optional[str] = None,
                     enabled: Optional[bool] = None)
    func NewIpAccessList(ctx *Context, name string, args IpAccessListArgs, opts ...ResourceOption) (*IpAccessList, error)
    public IpAccessList(string name, IpAccessListArgs args, CustomResourceOptions? opts = null)
    public IpAccessList(String name, IpAccessListArgs args)
    public IpAccessList(String name, IpAccessListArgs args, CustomResourceOptions options)
    
    type: databricks:IpAccessList
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args IpAccessListArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var ipAccessListResource = new Databricks.IpAccessList("ipAccessListResource", new()
    {
        IpAddresses = new[]
        {
            "string",
        },
        Label = "string",
        ListType = "string",
        Enabled = false,
    });
    
    example, err := databricks.NewIpAccessList(ctx, "ipAccessListResource", &databricks.IpAccessListArgs{
    	IpAddresses: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Label:    pulumi.String("string"),
    	ListType: pulumi.String("string"),
    	Enabled:  pulumi.Bool(false),
    })
    
    var ipAccessListResource = new IpAccessList("ipAccessListResource", IpAccessListArgs.builder()
        .ipAddresses("string")
        .label("string")
        .listType("string")
        .enabled(false)
        .build());
    
    ip_access_list_resource = databricks.IpAccessList("ipAccessListResource",
        ip_addresses=["string"],
        label="string",
        list_type="string",
        enabled=False)
    
    const ipAccessListResource = new databricks.IpAccessList("ipAccessListResource", {
        ipAddresses: ["string"],
        label: "string",
        listType: "string",
        enabled: false,
    });
    
    type: databricks:IpAccessList
    properties:
        enabled: false
        ipAddresses:
            - string
        label: string
        listType: string
    

    IpAccessList Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The IpAccessList resource accepts the following input properties:

    IpAddresses List<string>
    A string list of IP addresses and CIDR ranges.
    Label string
    This is the display name for the given IP ACL List.
    ListType string
    Can only be "ALLOW" or "BLOCK".
    Enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    IpAddresses []string
    A string list of IP addresses and CIDR ranges.
    Label string
    This is the display name for the given IP ACL List.
    ListType string
    Can only be "ALLOW" or "BLOCK".
    Enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses List<String>
    A string list of IP addresses and CIDR ranges.
    label String
    This is the display name for the given IP ACL List.
    listType String
    Can only be "ALLOW" or "BLOCK".
    enabled Boolean
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses string[]
    A string list of IP addresses and CIDR ranges.
    label string
    This is the display name for the given IP ACL List.
    listType string
    Can only be "ALLOW" or "BLOCK".
    enabled boolean
    Boolean true or false indicating whether this list should be active. Defaults to true
    ip_addresses Sequence[str]
    A string list of IP addresses and CIDR ranges.
    label str
    This is the display name for the given IP ACL List.
    list_type str
    Can only be "ALLOW" or "BLOCK".
    enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses List<String>
    A string list of IP addresses and CIDR ranges.
    label String
    This is the display name for the given IP ACL List.
    listType String
    Can only be "ALLOW" or "BLOCK".
    enabled Boolean
    Boolean true or false indicating whether this list should be active. Defaults to true

    Outputs

    All input properties are implicitly available as output properties. Additionally, the IpAccessList resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing IpAccessList Resource

    Get an existing IpAccessList resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: IpAccessListState, opts?: CustomResourceOptions): IpAccessList
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            enabled: Optional[bool] = None,
            ip_addresses: Optional[Sequence[str]] = None,
            label: Optional[str] = None,
            list_type: Optional[str] = None) -> IpAccessList
    func GetIpAccessList(ctx *Context, name string, id IDInput, state *IpAccessListState, opts ...ResourceOption) (*IpAccessList, error)
    public static IpAccessList Get(string name, Input<string> id, IpAccessListState? state, CustomResourceOptions? opts = null)
    public static IpAccessList get(String name, Output<String> id, IpAccessListState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    IpAddresses List<string>
    A string list of IP addresses and CIDR ranges.
    Label string
    This is the display name for the given IP ACL List.
    ListType string
    Can only be "ALLOW" or "BLOCK".
    Enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    IpAddresses []string
    A string list of IP addresses and CIDR ranges.
    Label string
    This is the display name for the given IP ACL List.
    ListType string
    Can only be "ALLOW" or "BLOCK".
    enabled Boolean
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses List<String>
    A string list of IP addresses and CIDR ranges.
    label String
    This is the display name for the given IP ACL List.
    listType String
    Can only be "ALLOW" or "BLOCK".
    enabled boolean
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses string[]
    A string list of IP addresses and CIDR ranges.
    label string
    This is the display name for the given IP ACL List.
    listType string
    Can only be "ALLOW" or "BLOCK".
    enabled bool
    Boolean true or false indicating whether this list should be active. Defaults to true
    ip_addresses Sequence[str]
    A string list of IP addresses and CIDR ranges.
    label str
    This is the display name for the given IP ACL List.
    list_type str
    Can only be "ALLOW" or "BLOCK".
    enabled Boolean
    Boolean true or false indicating whether this list should be active. Defaults to true
    ipAddresses List<String>
    A string list of IP addresses and CIDR ranges.
    label String
    This is the display name for the given IP ACL List.
    listType String
    Can only be "ALLOW" or "BLOCK".

    Import

    The databricks_ip_access_list can be imported using id:

    bash

    $ pulumi import databricks:index/ipAccessList:IpAccessList this <list-id>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    databricks pulumi/pulumi-databricks
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the databricks Terraform Provider.
    databricks logo
    Databricks v1.56.0 published on Tuesday, Nov 12, 2024 by Pulumi