You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be really useful to be able to use Databricks terraform to create a Service Principal, generate a token on behalf of it, and save it as a secret. The missing piece on this workflow is the on behalf token creation that can be done via /api/2.0/token-management/on-behalf-of/tokens API.
The design could be something like this:
resource"databricks_service_principal""this" {
// TODO: currently not possible to change service principal name and it has to be re-createddisplay_name="Automation-only SP"
}
resource"databricks_permissions""token_usage" {
authorization="tokens"access_control {
service_principal_name=databricks_service_principal.this.application_idpermission_level="CAN_USE"
}
}
// OBO won't be created until this specific SP (or all users) will have permission to create a tokenresource"databricks_obo_token""this" {
depends_on=[databricks_permissions.token_usage]
application_id=databricks_service_principal.this.application_idcomment="PAT on behalf of ${databricks_service_principal.this.display_name}"lifetime_seconds=3600
}
output"obo" {
value=databricks_obo_token.this.token_valuesensitive=true
}
Please let me know if this makes sense or if there are other ways to achieve this.
Terraform Version
Terraform v0.14.5
Affected Resource(s)
databricks_obo_token
databricks_service_principal
The text was updated successfully, but these errors were encountered:
Hello,
It would be really useful to be able to use Databricks terraform to create a Service Principal, generate a token on behalf of it, and save it as a secret. The missing piece on this workflow is the on behalf token creation that can be done via
/api/2.0/token-management/on-behalf-of/tokens
API.The design could be something like this:
Please let me know if this makes sense or if there are other ways to achieve this.
Terraform Version
Affected Resource(s)
The text was updated successfully, but these errors were encountered: