cancel
Showing results for 
Search instead for 
Did you mean: 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results for 
Search instead for 
Did you mean: 

Authenticate with Terraform to Databricks Account level using Azure MSI(System assigned)

otydos
New Contributor II

Hello, I want to authenticate with terraform to databricks account level with : 

  • Azure Managed Identity(System-assigned) of my Azure VM

to perform operation like create group. I followed differents tutorial and the documentation on Azure and Databricks, but none is working.

Here is my tf file

 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
    databricks = {
      source = "databricks/databricks"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = "true"
  features {}
  subscription_id   = var.azure-subscription-id
  use_msi           = true
}
provider "databricks" {
  alias           = "accounts"
  host            = "https://accounts.azuredatabricks.net"
  account_id      = var.databricks-account-id
  azure_client_id = "xxxxx"
  azure_use_msi   = true
}

resource "databricks_group" "xxxxx" {
  display_name = "xxxxx"
}

resource "databricks_group_role" "my_group_account_admin" {
  group_id = databricks_group.xxxxx
  role     = "account_admin"
}

 

Here is the error I have

 

│ Error: cannot create group: default auth: cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method
│   with databricks_group.xxxxx,
│   on main.tf line 1, in resource "databricks_group" "xxxxx":
│    1: resource "databricks_group" "xxxxx" {
│ 

 

 Can you guys help me and tell me what are the steps I need to take to make it work ? 

2 REPLIES 2

otydos
New Contributor II

DonatienTessier
Contributor

Hello,

On my side, I always have to add the provider in each resource block.

You can try that:

 

 

resource "databricks_group" "xxxxx" {
  provider = databricks.accounts
  display_name = "xxxxx"
}

 

 

About authentication, you can also try to add:

auth_type  = "azure-cli"
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!