[FEATURE] SCIM service principal resource about terraform-provider-databricks HOT 14 CLOSED

@tcz001 want to pick this up?

from terraform-provider-databricks.

@nfx we need Service principal in scim because it's without the Admin permission by default, while Azure RBAC contributor role will be added as Admin by default and it has 2000 role assignments limitation, that's why we need this resource to be implemented

from terraform-provider-databricks.

@nfx one quick question, should we name the resource as databricks_service_principal to follow your recent change on databricks_user and deprecated databricks_scim_user?

from terraform-provider-databricks.

@tcz001 , databricks_service_principal is naming convention to go ahead with, correct. SCIM is just the name of the industry standard interface to manage identities, it shouldn't leak into resource names. Most of people would even ask first - "what is SCIM?..".

To be clear, this is what we'd expect in PR:

• resource code itself, which has 90% coverage by unit tests - see examples for databricks_user. you can check coverage by running make coverage.
• acceptance tests
• documentation (+change to databricks_permissions resource doc in this particular case)

from terraform-provider-databricks.

issue is old and it doesn't seem it needs any attention. closing it for now

from terraform-provider-databricks.

Hi @nfx I hope we can reopen this issue, scim_service_principal is not implemented on this provider

from terraform-provider-databricks.

why do we need to create SP through scim api? won't it simply work if SP is granted contributor role on workspace resource in Azure through either Portal UI or terraform role assignment resource?

from terraform-provider-databricks.

I have a project starting in few weeks which will need Active Directory and SCIM integration features in Terraform. I wonder whether it is possible to completely automate in Terraform the workspace creation and the AD configuration with SCIM enabled.

from terraform-provider-databricks.

@dfanesiDB , just in case, Active Directory should trigger SCIM provisioning as enterprise app, Terraform should be used only for defining groups & their permissions. And yes, it is possible to automate complete workspace, see the very first link in readme :)

from terraform-provider-databricks.

@tcz001 want to pick this up?

yes, we will try to send a PR on this

from terraform-provider-databricks.

@nfx @sdebruyn PR is created

from terraform-provider-databricks.

Changes from #386 merged in #432 and will be part of 0.3.0 release.

from terraform-provider-databricks.

As this ticket is closed, is the original requirement (below) now possible with terraform?

I would like the scim service principal resource to be implemented, with acceptance tests and documented in the website docs. https://docs.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/scim/scim-sp

Are there any docs on this? I couldn't see anything here:

There's also a question on this topic stackoverflow.

from terraform-provider-databricks.

@snowch https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/service_principal

from terraform-provider-databricks.