search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
456 stars 393 forks source link

[ISSUE] How to Authenticate with OpenID Connect via Azure Service Principal and Terraform Enterprise #4127

Open juicybaba opened 1 month ago

juicybaba commented 1 month ago

Configuration

# Copy-paste your Terraform configuration here
provider "azuread" {}
provider "azapi" {}
provider "azurerm" {
  features {}
}
provider "databricks" {
  host                = format("https://%s", azurerm_databricks_workspace.default.workspace_url)
  # azure_client_secret = <azure_client_secret>
  azure_tenant_id     = <azure_tenant_id>
  azure_client_id     = <azure_client_id>
}

resource "azurerm_databricks_workspace" "default" {
  ***
}
data "databricks_spark_version" "latest_lts" {
  long_term_support = true
}

Expected Behavior

I am trying to utlize Dynamic Provider Credentials (Azure Service Principal with federated credential) and Authenticate with OpenID Connect for authentication.

databricks works well with azure_client_secret. azurerm, azuread, azapi works well without azure_client_secret, this is to make sure the federated credential works as expected.

Environment variables as per Dynamic Provider Credentials doc.

image

Actual Behavior

When i commenting out azure_client_secret for databricks provider, I got below error on databricks provider. is there any special configuration required with Terraform Enterprise? or it is still pending on https://github.com/databricks/databricks-sdk-go/issues/495 ?

image

Steps to Reproduce

Terraform and provider versions

terraform enterprise: v202409-3 terraform: 1.9.4 databricks provider: 1.54.0

Is it a regression?

Debug Output

Important Factoids

Would you like to implement a fix?