Skip to main content

Manage Databricks Git folders using Terraform

You can manage Databricks Git folders in a fully automated environment using Terraform and the databricks_repo Terraform resource.

Authentication with personal access tokens

This approach uses Git personal access tokens for repository authentication.

In your Terraform configuration (.tf) file, set databricks_repo to the URL of the Git repository that you'll use for your Git folders:

resource "databricks_repo" "this" {
  url = "https://github.com/user/demo.git"
}

To use a Databricks service principal with personal access token-based Git credentials, follow these steps:

Step 1: Configure the Databricks provider

Set the provider databricks to the URL of your Databricks workspace. You will define the access token databricks_obo_token in a later step.

provider "databricks" {
  # Configuration options
}

# Example 'databricks' provider configuration
provider "databricks" {
  alias = "sp"
  host = "https://....cloud.databricks.com"
  token = databricks_obo_token.this.token_value
}

Step 2: Create the service principal

Define the resources for the Databricks service principal. You can find the service principal name in the Databricks account console under User management > Service principals.

resource "databricks_service_principal" "sp" {
  display_name = "<service_principal_name_here>"
}

Step 3: Create the authorization token

Set the authorization token for your Databricks service principal account using the application ID. You can find the service principal's application ID in the Databricks account console under User management > Service principals.

resource "databricks_obo_token" "this" {
  application_id   = databricks_service_principal.sp.application_id
  comment          = "PAT on behalf of ${databricks_service_principal.sp.display_name}"
  lifetime_seconds = 3600
}

Step 4: Configure Git credentials

Set the Git credentials that the service principal will use to access your Git repository.

resource "databricks_git_credential" "sp" {
  provider = databricks.sp
  depends_on = [databricks_obo_token.this]
  git_username          = "<the_git_user_account_used_by_the_servcie_principal>"
  git_provider          = "<your_git_provider_string here>"
  personal_access_token = "<auth_token_string_for_git_user>"
}
Last updated on