Support Authenticating using a Service Principal with Open ID Connect

[KarthicPortal]

Hi there,

Currently the supported authentication types are pat, basic, azure-client-secret, azure-msi, azure-cli, google-credentials, and google-id for databricks provider.

Proposal
With the introduction of Workload Identity federation in CI/CD pipelines for Azure Resource Manager, need azure-oidc support as well to authenticate azure databricks provider. This support is already available for AzureRM provider. When we combine both azurerm and azure-databricks providers for deployment in single CI/CD pipeline, it is hard to maintain different authentication types for each provider.

References
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_oidc

[tmh-msg]

any updates when this will be added?

[juicybaba]

Hello? 😃

[davidzenisu]

We're having high demand for this as well! With workload identity federation now being the default setup for service connection this requires us to maintain legacy configurations.

[ganesh-sahastrabuddhe]

@alexott any update on this issue?

[Chambras]

Please! can we get an update on this?

[KarthicPortal]

Hi All,

Meanwhile this is how I am working around for the both azurerm and azure-databricks providers to authenticate in single terraform state file (maybe it helps someone):

For azurerm,

   ARM_USE_OIDC=true
   ARM_CLIENT_ID=xxxx
   ARM_SUBSCRIPTION_ID=xxx
   ARM_TENANT_ID=xxx

For azure-databricks,

   DATABRICKS_AUTH_TYPE="pat"
   DATABRICKS_TOKEN=$(az account get-access-token --resource 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d --query "accessToken" -o tsv)
   DATABRICKS_HOST=xxx