Hi all
Long story short, I need to create a Databricks Worskpace on Azure by authenticating - on the very module that builds the workspace - with a Service Principal , instead of using my own account to create it. Is this possible? I cannot find anything on the web. But, I think I have configured it correctly, I have used the following on my parent module:
terraform {
required_version = "~>1.1"
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.96.0"
configuration_aliases = [azurerm.for_databricks]
}
null = {
source = "hashicorp/null"
version = "3.1.0"
}
}
}
provider "null" {
# Configuration options
}
provider "azurerm" {
features {}
skip_provider_registration = false
}
provider "azurerm" {
alias = "for_databricks"
features {}
skip_provider_registration = false
client_id = var.adb_client_id
client_secret = var.adb_client_secret
tenant_id = var.tenant_id
subscription_id = var.subscription_id # USE WITH EXTRA *CAUTION - normally we switch the Subscription through az cli*.
}
# VARIABLES DECLARATION
## GENERAL
variable "client_tags" {}
variable "common_tags" {}
variable "ANSIBLE_EXECUTABLE_PATH" {}
## DATABRICKS
# variable databricks_nat_gateway_public_ip_name {}
# variable databricks_nat_gateway_name {}
variable databricks_network_security_group_name {}
variable databricks_resource_group_name {}
variable databricks_resource_group_azure_location {}
variable databricks_resource_group_iam_contributors {}
variable databricks_resource_group_iam_readers {}
variable databricks_vnet_name {}
variable databricks_vnet_address_space {}
variable databricks_subnets {}
variable databricks_workspace_name {}
variable databricks_workspace_sku {}
## AUTH
variable "adb_client_id" {}
variable "adb_client_secret" {}
variable "tenant_id" {}
variable "subscription_id" {}
## MODULES
module "resource_group" {
source = "../../modules/resource_group"
resource_group_name = var.databricks_resource_group_name
resource_group_azure_location = var.databricks_resource_group_azure_location
resource_group_iam_contributors = var.databricks_resource_group_iam_contributors
resource_group_iam_readers = var.databricks_resource_group_iam_readers
common_tags = var.common_tags
client_tags = var.client_tags
}
module "network" {
source = "../../modules/virtual_network"
virtual_network_name = var.databricks_vnet_name
virtual_network_location = var.databricks_resource_group_azure_location
virtual_network_resource_group_name = var.databricks_resource_group_name
virtual_network_address_space = var.databricks_vnet_address_space
subnets = var.databricks_subnets
subnet_resource_group_name = var.databricks_resource_group_name
subnet_virtual_network_name = var.databricks_vnet_name
common_tags = var.common_tags
client_tags = var.client_tags
depends_on = [module.resource_group,]
}
module "workspace" {
providers = {
azurerm = azurerm
azurerm.for_databricks = azurerm.for_databricks
}
source = "../../modules/databricks/workspace"
databricks_name = var.databricks_workspace_name
databricks_resource_group_name = var.databricks_resource_group_name
databricks_location = var.databricks_resource_group_azure_location
databricks_sku = var.databricks_workspace_sku
databricks_network_security_group_name = var.databricks_network_security_group_name
databricks_vnet_name = var.databricks_vnet_name
# databricks_nat_gateway_public_ip_name = var.databricks_nat_gateway_public_ip_name
# databricks_nat_gateway_name = var.databricks_nat_gateway_name
common_tags = var.common_tags
client_tags = var.client_tags
ANSIBLE_EXECUTABLE_PATH = var.ANSIBLE_EXECUTABLE_PATH
depends_on = [module.network,]
}
It works perfectly, HOWEVER, it doesn’t seem to switch the authentication and still creates the workspace with my own account.
(NOTE : I have already set my account through the Azure CLI, beforehand.)
Any ideas ?
Thanks.