Creating Group in Terraform using external_id

cgrass — Thu, 03 Oct 2024 21:59:35 GMT

The documentation here doesn't give much information about how to use `external_id` when creating a new group. If I reference the object_id for an Azure AD Group, the databricks group gets created but the members from the AD group are not added, nor is the AD group a member group of the databricks group. I looked at the tf code and it seems to just pass along the id to the scim databricks api.

Any ideas?

Re: Creating Group in Terraform using external_id

MiPa — Mon, 05 May 2025 15:39:52 GMT

Greetings from the future! 😉

Now it is clear that external_id, which IS Azure's ObjectID, comes from the internal sync mechanism, that can be enabled in your account under previews:

I was able to reference my security group in Terraform and create that group in an account, with this code:

# Reference to existing Microsoft Entra ID (Azure AD) group data "azuread_group" "databricks_group1" { display_name = "Databricks_Group1" security_enabled = true } # Output the object ID of the group output "databricks_group1_object_id" { value = data.azuread_group.databricks_group1.object_id description = "Object ID of the Databricks_Group1 Entra ID group" } // ...existing code... # Create Databricks account external group linked to Entra ID group resource "databricks_group" "databricks_group1_external" { provider = databricks.account display_name = data.azuread_group.databricks_group1.display_name external_id = data.azuread_group.databricks_group1.object_id } # Output the Databricks external group ID output "databricks_group1_external_id" { value = databricks_group.databricks_group1_external.id description = "ID of the Databricks external group linked to Entra ID group" }

This updated my Terraform plan and I was able to deploy it:

Plan: 1 to add, 0 to change, 0 to destroy. Changes to Outputs: + databricks_group1_external_id = (known after apply) + databricks_group1_object_id = "f1b22903-2c5c-4f60-a673-4c52b8cd1e24" Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes databricks_group.databricks_group1_external: Creating... databricks_group.databricks_group1_external: Creation complete after 5s [id=597986374716779] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: databricks_group1_external_id = "597986374716779" databricks_group1_object_id = "f1b22903-2c5c-4f60-a673-4c52b8cd1e24" test2_group_id = "848008903310313" workspace_group_id = "236839776286494"

which ends with a brand new group created in the account, with all existing members of that group! What a nice feature, and all without any SCIM integration!

topic Re: Creating Group in Terraform using external_id in Administration & Architecture

Creating Group in Terraform using external_id

Re: Creating Group in Terraform using external_id