I'm not able to use a service principal to configure the Databricks Terraform provider on account-level

557 views Asked by At

I want to configure the Databricks Terraform provider to authenticate with the Databricks account API using the account_id of a service principal with account_admin permissions. Is there a way to do so as I can't obtain the account_id from a service principal. When specifying the application ID of the service principal as the account_id, I will get following error messages:

Error: cannot read metastore: Failed to retrieve tenant ID for given token

Configuring the provider with an account_id from a "real" user with account_admin permissions is working though.

Here is my Terraform Databricks provider (account-level) configuration:

provider "databricks" {
  alias      = "account-level"
  host       = "https://accounts.azuredatabricks.net"
  account_id = "00000000-0000-0000-0000-000000000000"
}
1

There are 1 answers

4
Alex Ott On

To use service principal, you need to provide client ID, client secret, and Azure tenant ID (see docs). Here is the working example from my code:

provider "databricks" {
  host                = "https://accounts.azuredatabricks.net"
  account_id          = var.account_id
  azure_client_id     = var.client_id
  azure_client_secret = var.client_secret
  azure_tenant_id     = var.tenant_id
}