mlops-azure-infrastructure-with-sp-linking
databricks/mlops-azure-infrastructure-with-sp-linking/databricks
This module sets up multi-workspace model registry between an Azure Databricks development (dev) workspace, staging workspace, and production (prod) workspace, allowing READ access from dev/staging workspaces to staging & prod model registries. It also links pre-existing Azure Active Directory (AAD) applications to the service principals.
MLOps Azure Infrastructure Module with Service Principal Linking This module sets up multi-workspace model registry between a development (dev) workspace, a staging workspace, and a production (prod) workspace, allowing READ access from dev/staging workspaces to staging & prod model registries. The module performs this setup by linking pre-existing AAD applications with newly created Azure Databricks service principals in the staging and prod workspaces, then giving them READ-only access to their respective model registries. It will also create secret scopes and store the necessary secrets in the dev and staging workspaces, and only give READ access to this secret scope to the "users" group and the generated service principals group. The output of this module will be the secret scope names
| Name | Type | Description | Default |
|---|---|---|---|
| prod_workspace_id | string | Workspace ID of the prod workspace (can be often found in the URL) used for remo | |
| azure_staging_client_id | string | The client ID of the AAD service principal in the staging workspace that will be | |
| azure_prod_client_id | string | The client ID of the AAD service principal in the prod workspace that will be us | |
| staging_workspace_id | string | Workspace ID of the staging workspace (can be often found in the URL) used for r | |
| azure_prod_aad_token | string | The AAD token of the service principal in the prod workspace. This will need to | null |
| azure_prod_client_secret | string | The client secret of the AAD service principal in the prod workspace. NOTE: If a | null |
| additional_token_usage_groups | list(string) | List of groups that should have token usage permissions in the staging and prod | [] |
| azure_staging_tenant_id | string | The tenant ID of the AAD service principal in the staging workspace. NOTE: If az | null |
| azure_prod_tenant_id | string | The tenant ID of the AAD service principal in the prod workspace. NOTE: If azure | null |
| azure_staging_aad_token | string | The AAD token of the service principal in the staging workspace. This will need | null |
| azure_staging_client_secret | string | The client secret of the AAD service principal in the staging workspace. NOTE: I | null |
dev_secret_scope_name_for_prod — The name of the secret scope created in the dev workspace that is used for remote model registry accstaging_secret_scope_name_for_prod — The name of the secret scope created in the staging workspace that is used for remote model registrydev_secret_scope_prefix_for_staging — The prefix used in the dev workspace secret scope for remote model registry access to the staging wodev_secret_scope_prefix_for_prod — The prefix used in the dev workspace secret scope for remote model registry access to the prod worksstaging_secret_scope_prefix_for_prod — The prefix used in the staging workspace secret scope for remote model registry access to the prod wservice_principal_group_name — The name of the service principal group created in the staging and prod workspace.dev_secret_scope_name_for_staging — The name of the secret scope created in the dev workspace that is used for remote model registry acc