diff --git a/README.md b/README.md
index 89990fb..e35ba7b 100644
--- a/README.md
+++ b/README.md
@@ -76,13 +76,13 @@ module "databricks_locations" {
|------|---------|
| [terraform](#requirement\_terraform) | >=1.0.0 |
| [azurerm](#requirement\_azurerm) | >=3.40.0 |
-| [databricks](#requirement\_databricks) | >=1.27.0 |
+| [databricks](#requirement\_databricks) | >=1.48.2 |
## Providers
| Name | Version |
|------|---------|
-| [databricks](#provider\_databricks) | >=1.27.0 |
+| [databricks](#provider\_databricks) | >=1.48.2 |
## Modules
@@ -95,19 +95,21 @@ No modules.
| [databricks_external_location.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/external_location) | resource |
| [databricks_grants.credential](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) | resource |
| [databricks_grants.locations](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/grants) | resource |
-| [databricks_storage_credential.this](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/storage_credential) | resource |
+| [databricks_storage_credential.azure](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/storage_credential) | resource |
+| [databricks_storage_credential.gcp](https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/storage_credential) | resource |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [external\_locations](#input\_external\_locations) | List of object with external location configuration attributes | list(object({
index = string # Index of instance, for example short name, used later to access exact external location in output map
name = string # Custom whole name of resource
url = string # Path URL in cloud storage
owner = optional(string) # Owner of resource
skip_validation = optional(bool, true) # Suppress validation errors if any & force save the external location
read_only = optional(bool, false) # Indicates whether the external location is read-only.
force_destroy = optional(bool, true)
force_update = optional(bool, true)
comment = optional(string, "External location provisioned by Terraform")
permissions = optional(set(object({
principal = string
privileges = list(string)
})), [])
})) | `[]` | no |
-| [storage\_credential](#input\_storage\_credential) | Object with storage credentials configuration attributes | object({
azure_access_connector_id = string # Azure Databricks Access Connector Id
name = string # Custom whole name of resource
owner = optional(string) # Owner of resource
force_destroy = optional(bool, true)
comment = optional(string, "Managed identity credential provisioned by Terraform")
permissions = optional(set(object({
principal = string
privileges = list(string)
})), [])
}) | n/a | yes |
+| [external\_locations](#input\_external\_locations) | List of object with external location configuration attributes | list(object({
index = string # Index of instance, for example short name, used later to access exact external location in output map
name = string # Custom whole name of resource
url = string # Path URL in cloud storage
owner = optional(string) # Owner of resource
skip_validation = optional(bool, true) # Suppress validation errors if any & force save the external location
read_only = optional(bool, false) # Indicates whether the external location is read-only.
force_destroy = optional(bool, true)
force_update = optional(bool, true)
comment = optional(string, "External location provisioned by Terraform")
isolation_mode = optional(string, null)
permissions = optional(set(object({
principal = string
privileges = list(string)
})), [])
})) | `[]` | no |
+| [storage\_credential](#input\_storage\_credential) | Object with storage credentials configuration attributes | object({
azure_access_connector_id = optional(string, null) # Azure Databricks Access Connector Id
cloud = optional(string, "azure")
name = string # Custom whole name of resource
owner = optional(string) # Owner of resource
force_destroy = optional(bool, true)
comment = optional(string, "Managed identity credential provisioned by Terraform")
permissions = optional(set(object({
principal = string
privileges = list(string)
})), [])
}) | n/a | yes |
## Outputs
| Name | Description |
|------|-------------|
+| [databricks\_gcp\_service\_account](#output\_databricks\_gcp\_service\_account) | The email of the GCP service account created, to be granted access to relevant buckets |
| [external\_locations](#output\_external\_locations) | Map of objects with External Location parameters, like name, credentials name and url of target storage |
| [storage\_credential\_metastore\_id](#output\_storage\_credential\_metastore\_id) | Storage Credential metastore id |
| [storage\_credential\_name](#output\_storage\_credential\_name) | Storage Credential name |
diff --git a/main.tf b/main.tf
index d5b27ac..0084c1f 100644
--- a/main.tf
+++ b/main.tf
@@ -12,7 +12,21 @@ locals {
}
}
-resource "databricks_storage_credential" "this" {
+resource "databricks_storage_credential" "gcp" {
+ count = var.storage_credential.cloud == "gcp" ? 1 : 0
+
+ name = var.storage_credential.name
+ owner = var.storage_credential.owner
+
+ databricks_gcp_service_account {}
+
+ force_destroy = var.storage_credential.force_destroy
+ comment = var.storage_credential.comment
+}
+
+resource "databricks_storage_credential" "azure" {
+ count = var.storage_credential.cloud == "azure" ? 1 : 0
+
name = var.storage_credential.name
owner = var.storage_credential.owner
@@ -27,7 +41,7 @@ resource "databricks_storage_credential" "this" {
resource "databricks_grants" "credential" {
count = length(var.storage_credential.permissions) != 0 ? 1 : 0
- storage_credential = databricks_storage_credential.this.id
+ storage_credential = coalesce(try(databricks_storage_credential.azure[0].id, null), try(databricks_storage_credential.gcp[0].id, null))
dynamic "grant" {
for_each = var.storage_credential.permissions
content {
@@ -43,12 +57,13 @@ resource "databricks_external_location" "this" {
name = each.value.name
owner = each.value.owner
url = each.value.url
- credential_name = databricks_storage_credential.this.id
+ credential_name = coalesce(try(databricks_storage_credential.azure[0].id, null), try(databricks_storage_credential.gcp[0].id, null))
comment = each.value.comment
skip_validation = each.value.skip_validation
read_only = each.value.read_only
force_destroy = each.value.force_destroy
force_update = each.value.force_update
+ isolation_mode = each.value.isolation_mode
}
resource "databricks_grants" "locations" {
diff --git a/outputs.tf b/outputs.tf
index 911bde5..c208e35 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -1,10 +1,10 @@
output "storage_credential_name" {
- value = databricks_storage_credential.this.name
+ value = coalesce(try(databricks_storage_credential.azure[0].name, null), try(databricks_storage_credential.gcp[0].name, null))
description = "Storage Credential name"
}
output "storage_credential_metastore_id" {
- value = databricks_storage_credential.this.metastore_id
+ value = coalesce(try(databricks_storage_credential.azure[0].metastore_id, null), try(databricks_storage_credential.gcp[0].metastore_id, null))
description = "Storage Credential metastore id"
}
@@ -16,3 +16,8 @@ output "external_locations" {
} }
description = "Map of objects with External Location parameters, like name, credentials name and url of target storage"
}
+
+output "databricks_gcp_service_account" {
+ value = try(databricks_storage_credential.gcp[0].databricks_gcp_service_account[0].email, null)
+ description = "The email of the GCP service account created, to be granted access to relevant buckets"
+}
diff --git a/variables.tf b/variables.tf
index 085b1d0..087c905 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,6 +1,7 @@
variable "storage_credential" {
type = object({
- azure_access_connector_id = string # Azure Databricks Access Connector Id
+ azure_access_connector_id = optional(string, null) # Azure Databricks Access Connector Id
+ cloud = optional(string, "azure")
name = string # Custom whole name of resource
owner = optional(string) # Owner of resource
force_destroy = optional(bool, true)
@@ -24,6 +25,7 @@ variable "external_locations" {
force_destroy = optional(bool, true)
force_update = optional(bool, true)
comment = optional(string, "External location provisioned by Terraform")
+ isolation_mode = optional(string, null)
permissions = optional(set(object({
principal = string
privileges = list(string)
diff --git a/versions.tf b/versions.tf
index 145c0fc..ecd27c9 100644
--- a/versions.tf
+++ b/versions.tf
@@ -8,7 +8,7 @@ terraform {
}
databricks = {
source = "databricks/databricks"
- version = ">=1.27.0"
+ version = ">=1.48.2"
}
}
}