cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Authenticate with Terraform to Databricks Account level using Azure MSI(System assigned)

otydos
New Contributor II

‎05-04-2024 02:55 AM

Hello, I want to authenticate with terraform to databricks account level with : 

  • Azure Managed Identity(System-assigned) of my Azure VM

to perform operation like create group. I followed differents tutorial and the documentation on Azure and Databricks, but none is working.

Here is my tf file

 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
    databricks = {
      source = "databricks/databricks"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = "true"
  features {}
  subscription_id   = var.azure-subscription-id
  use_msi           = true
}
provider "databricks" {
  alias           = "accounts"
  host            = "https://accounts.azuredatabricks.net"
  account_id      = var.databricks-account-id
  azure_client_id = "xxxxx"
  azure_use_msi   = true
}

resource "databricks_group" "xxxxx" {
  display_name = "xxxxx"
}

resource "databricks_group_role" "my_group_account_admin" {
  group_id = databricks_group.xxxxx
  role     = "account_admin"
}

 

Here is the error I have

 

│ Error: cannot create group: default auth: cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method
│   with databricks_group.xxxxx,
│   on main.tf line 1, in resource "databricks_group" "xxxxx":
│    1: resource "databricks_group" "xxxxx" {
│

 

 Can you guys help me and tell me what are the steps I need to take to make it work ? 

0 Kudos
2 REPLIES 2

otydos
New Contributor II

‎05-04-2024 03:33 AM

Also I just found this page and I can see Databricks don't mention "Managed Identity Authentication" for Terraform here https://docs.databricks.com/en/dev-tools/auth/index.html#auth-types-tools-sdks 

But here they say it is possible, I'm confused
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/azure-mi#terraform

https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/#--supported-authentication-types-...

https://community.databricks.com/t5/administration-architecture/current-azure-managed-identity-capab...

0 Kudos

DonatienTessier
Contributor

‎05-13-2024 01:45 AM

Hello,

On my side, I always have to add the provider in each resource block.

You can try that:

 

 

resource "databricks_group" "xxxxx" {
  provider = databricks.accounts
  display_name = "xxxxx"
}

 

 

About authentication, you can also try to add:

auth_type  = "azure-cli"
0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top