cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Authenticate with Terraform to Databricks Account level using Azure MSI(System assigned)

otydos
New Contributor II

โ€Ž05-04-2024 02:55 AM

Hello, I want to authenticate with terraform to databricks account level with : 

  • Azure Managed Identity(System-assigned) of my Azure VM

to perform operation like create group. I followed differents tutorial and the documentation on Azure and Databricks, but none is working.

Here is my tf file

 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
    }
    databricks = {
      source = "databricks/databricks"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = "true"
  features {}
  subscription_id   = var.azure-subscription-id
  use_msi           = true
}
provider "databricks" {
  alias           = "accounts"
  host            = "https://accounts.azuredatabricks.net"
  account_id      = var.databricks-account-id
  azure_client_id = "xxxxx"
  azure_use_msi   = true
}

resource "databricks_group" "xxxxx" {
  display_name = "xxxxx"
}

resource "databricks_group_role" "my_group_account_admin" {
  group_id = databricks_group.xxxxx
  role     = "account_admin"
}

 

Here is the error I have

 

โ”‚ Error: cannot create group: default auth: cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method
โ”‚   with databricks_group.xxxxx,
โ”‚   on main.tf line 1, in resource "databricks_group" "xxxxx":
โ”‚    1: resource "databricks_group" "xxxxx" {
โ”‚

 

 Can you guys help me and tell me what are the steps I need to take to make it work ? 

0 Kudos
2 REPLIES 2

otydos
New Contributor II

โ€Ž05-04-2024 03:33 AM

Also I just found this page and I can see Databricks don't mention "Managed Identity Authentication" for Terraform here https://docs.databricks.com/en/dev-tools/auth/index.html#auth-types-tools-sdks 

But here they say it is possible, I'm confused
https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/azure-mi#terraform

https://learn.microsoft.com/en-us/azure/databricks/dev-tools/auth/#--supported-authentication-types-...

https://community.databricks.com/t5/administration-architecture/current-azure-managed-identity-capab...

0 Kudos

DonatienTessier
Contributor

โ€Ž05-13-2024 01:45 AM

Hello,

On my side, I always have to add the provider in each resource block.

You can try that:

 

 

resource "databricks_group" "xxxxx" {
  provider = databricks.accounts
  display_name = "xxxxx"
}

 

 

About authentication, you can also try to add:

auth_type  = "azure-cli"
0 Kudos
Join 100K+ Data Experts: Register Now & Grow with Us!

Excited to expand your horizons with us? Click here to Register and begin your journey to success!

Already a member? Login and join your local regional user group! If there isn’t one near you, fill out this form and we’ll create one for you to join!

Announcements