cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Authenticate with Terraform to Databricks Account level using Azure MSI(System assigned)

otydos
New Contributor II

‎05-04-2024 02:55 AM

Hello, I want to authenticate with terraform to databricks account level with : 

  • Azure Managed Identity(System-assigned) of my Azure VM

to perform operation like create group. I followed differents tutorial and the documentation on Azure and Databricks, but none is working.

Here is my tf file

 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
    databricks = {
      source = "databricks/databricks"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = "true"
  features {}
  subscription_id   = var.azure-subscription-id
  use_msi           = true
}
provider "databricks" {
  alias           = "accounts"
  host            = "https://accounts.azuredatabricks.net"
  account_id      = var.databricks-account-id
  azure_client_id = "xxxxx"
  azure_use_msi   = true
}

resource "databricks_group" "xxxxx" {
  display_name = "xxxxx"
}

resource "databricks_group_role" "my_group_account_admin" {
  group_id = databricks_group.xxxxx
  role     = "account_admin"
}

 

Here is the error I have

 

│ Error: cannot create group: default auth: cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method
│   with databricks_group.xxxxx,
│   on main.tf line 1, in resource "databricks_group" "xxxxx":
│    1: resource "databricks_group" "xxxxx" {
│

 

 Can you guys help me and tell me what are the steps I need to take to make it work ? 

0 Kudos
2 REPLIES 2

otydos
New Contributor II

‎05-04-2024 03:33 AM

Also I just found this page and I can see Databricks don't mention "Managed Identity Authentication" for Terraform here https://docs.databricks.com/en/dev-tools/auth/index.html#auth-types-tools-sdks 

But here they say it is possible, I'm confused
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/azure-mi#terraform

https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/#--supported-authentication-types-...

https://community.databricks.com/t5/administration-architecture/current-azure-managed-identity-capab...

0 Kudos

DonatienTessier
Contributor

‎05-13-2024 01:45 AM

Hello,

On my side, I always have to add the provider in each resource block.

You can try that:

 

 

resource "databricks_group" "xxxxx" {
  provider = databricks.accounts
  display_name = "xxxxx"
}

 

 

About authentication, you can also try to add:

auth_type  = "azure-cli"
0 Kudos

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements