diff --git a/README.md b/README.md
index 3548c60..dede637 100644
--- a/README.md
+++ b/README.md
@@ -374,6 +374,7 @@ No modules.
| [databricks_cluster_policy.overrides](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster_policy) | resource |
| [databricks_cluster_policy.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/cluster_policy) | resource |
| [databricks_database_instance.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/database_instance) | resource |
+| [databricks_disable_legacy_dbfs_setting.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/disable_legacy_dbfs_setting) | resource |
| [databricks_entitlements.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/entitlements) | resource |
| [databricks_group.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/group) | resource |
| [databricks_ip_access_list.allowed_list](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/ip_access_list) | resource |
@@ -387,7 +388,6 @@ No modules.
| [databricks_secret_scope.main](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope) | resource |
| [databricks_secret_scope.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/secret_scope) | resource |
| [databricks_sql_endpoint.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/sql_endpoint) | resource |
-| [databricks_system_schema.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/system_schema) | resource |
| [databricks_token.pat](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/token) | resource |
| [databricks_workspace_conf.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/workspace_conf) | resource |
| [databricks_current_metastore.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/data-sources/current_metastore) | data source |
@@ -403,6 +403,7 @@ No modules.
| [custom\_cluster\_policies](#input\_custom\_cluster\_policies) | Provides an ability to create custom cluster policy, assign it to cluster and grant CAN\_USE permissions on it to certain custom groups
name - name of custom cluster policy to create
can\_use - list of string, where values are custom group names, there groups have to be created with Terraform;
definition - JSON document expressed in Databricks Policy Definition Language. No need to call 'jsonencode()' function on it when providing a value; | list(object({
name = string
can_use = list(string)
definition = any
})) | [
{
"can_use": null,
"definition": null,
"name": null
}
]
| no |
| [custom\_config](#input\_custom\_config) | Map of AD databricks workspace custom config | `map(string)` | {
"enable-X-Content-Type-Options": "true",
"enable-X-Frame-Options": "true",
"enable-X-XSS-Protection": "true",
"enableDbfsFileBrowser": "false",
"enableExportNotebook": "false",
"enableIpAccessLists": "true",
"enableNotebookTableClipboard": "false",
"enableResultsDownloading": "false",
"enableUploadDataUis": "false",
"enableVerboseAuditLogs": "true",
"enforceUserIsolation": "true",
"storeInteractiveNotebookResultsInCustomerAccount": "true"
} | no |
| [default\_cluster\_policies\_override](#input\_default\_cluster\_policies\_override) | Provides an ability to override default cluster policy
name - name of cluster policy to override
family\_id - family id of corresponding policy
definition - JSON document expressed in Databricks Policy Definition Language. No need to call 'jsonencode()' function on it when providing a value; | list(object({
name = string
family_id = string
definition = any
})) | [
{
"definition": null,
"family_id": null,
"name": null
}
]
| no |
+| [disable\_legacy\_dbfs](#input\_disable\_legacy\_dbfs) | Disables access to DBFS root and mounts in your existing Databricks workspace.
When set to true:
- Access to DBFS root and mounted paths is blocked.
- Manual restart of all-purpose compute clusters and SQL warehouses is required after enabling this setting.
- Note: This setting only takes effect when disabling access. Re-enabling must be done manually via the Databricks UI. | `bool` | `false` | no |
| [iam\_account\_groups](#input\_iam\_account\_groups) | List of objects with group name and entitlements for this group | list(object({
group_name = optional(string)
entitlements = optional(list(string))
})) | `[]` | no |
| [iam\_workspace\_groups](#input\_iam\_workspace\_groups) | Used to create workspace group. Map of group name and its parameters, such as users and service principals added to the group. Also possible to configure group entitlements. | map(object({
user = optional(list(string))
service_principal = optional(list(string))
entitlements = optional(list(string))
})) | `{}` | no |
| [ip\_addresses](#input\_ip\_addresses) | A map of IP address ranges | `map(string)` | {
"all": "0.0.0.0/0"
} | no |
@@ -415,8 +416,6 @@ No modules.
| [secret\_scope](#input\_secret\_scope) | Provides an ability to create custom Secret Scope, store secrets in it and assigning ACL for access management
scope\_name - name of Secret Scope to create;
acl - list of objects, where 'principal' custom group name, this group is created in 'Premium' module; 'permission' is one of "READ", "WRITE", "MANAGE";
secrets - list of objects, where object's 'key' param is created key name and 'string\_value' is a value for it; | list(object({
scope_name = string
scope_acl = optional(list(object({
principal = string
permission = string
})))
secrets = optional(list(object({
key = string
string_value = string
})))
})) | `[]` | no |
| [sql\_endpoint](#input\_sql\_endpoint) | Set of objects with parameters to configure SQL Endpoint and assign permissions to it for certain custom groups | set(object({
name = string
cluster_size = optional(string, "2X-Small")
min_num_clusters = optional(number, 0)
max_num_clusters = optional(number, 1)
auto_stop_mins = optional(string, "30")
enable_photon = optional(bool, false)
enable_serverless_compute = optional(bool, false)
spot_instance_policy = optional(string, "COST_OPTIMIZED")
warehouse_type = optional(string, "PRO")
permissions = optional(set(object({
group_name = string
permission_level = string
})), [])
})) | `[]` | no |
| [suffix](#input\_suffix) | Optional suffix that would be added to the end of resources names. | `string` | `""` | no |
-| [system\_schemas](#input\_system\_schemas) | Set of strings with all possible System Schema names | `set(string)` | [
"access",
"compute",
"marketplace",
"storage",
"serving",
"query",
"lakeflow"
]
| no |
-| [system\_schemas\_enabled](#input\_system\_schemas\_enabled) | System Schemas only works with assigned Unity Catalog Metastore. Boolean flag to enabled this feature | `bool` | `false` | no |
| [workspace\_admin\_token\_enabled](#input\_workspace\_admin\_token\_enabled) | Boolean flag to specify whether to create Workspace Admin Token | `bool` | n/a | yes |
## Outputs
diff --git a/main.tf b/main.tf
index fecb57d..a8e3e27 100644
--- a/main.tf
+++ b/main.tf
@@ -16,8 +16,8 @@ resource "databricks_token" "pat" {
lifetime_seconds = var.pat_token_lifetime_seconds
}
-resource "databricks_system_schema" "this" {
- for_each = var.system_schemas_enabled ? var.system_schemas : toset([])
-
- schema = each.value
+resource "databricks_disable_legacy_dbfs_setting" "this" {
+ disable_legacy_dbfs {
+ value = var.disable_legacy_dbfs
+ }
}
diff --git a/variables.tf b/variables.tf
index 15e4f59..2382701 100644
--- a/variables.tf
+++ b/variables.tf
@@ -215,18 +215,6 @@ variable "mountpoints" {
default = {}
}
-variable "system_schemas" {
- type = set(string)
- description = "Set of strings with all possible System Schema names"
- default = ["access", "compute", "marketplace", "storage", "serving", "query", "lakeflow"]
-}
-
-variable "system_schemas_enabled" {
- type = bool
- description = "System Schemas only works with assigned Unity Catalog Metastore. Boolean flag to enabled this feature"
- default = false
-}
-
variable "default_cluster_policies_override" {
type = list(object({
name = string
@@ -292,3 +280,16 @@ To deploy and use an OLTP database instance in Databricks:
- Database instances can only be deleted manually through the Databricks UI or using the Databricks CLI with the --purge option.
DESCRIPTION
}
+
+# Disable access to DBFS root
+variable "disable_legacy_dbfs" {
+ type = bool
+ default = false
+ description = <