Cannot auth to Databricks provider over AZDO Federated Service Connection

[nonamecoder2002]

Hello. We have encountered an issue with auth into Databricks workspace over Federated Service Connection.

Databricks provider configuration:

provider "databricks" {
  host                        = azurerm_databricks_workspace.data_hub_dbw.workspace_url
  azure_workspace_resource_id = azurerm_databricks_workspace.data_hub_dbw.id
  # azure_use_msi = true
}

Pipeline task .yaml

steps:
- task: ms-devlabs.custom-terraform-tasks.custom-terraform-release-task.TerraformTaskV4@4
  displayName: 'Terraform : azurerm : plan'
  inputs:
    command: plan
    workingDirectory: '$(System.DefaultWorkingDirectory)/<PathToTerraformModule>'
    commandOptions: '-var-file=./$(component)-$(environment).tfvars '
    environmentServiceNameAzureRM: '<ServiceConnection>'
    backendAzureRmUseEnvironmentVariablesForAuthentication: false
    backendAzureRmUseEntraIdForAuthentication: true

Error we are getting:

2024-11-07T14:41:17.0769966Z Error: cannot read instance pool: failed during request visitor: default auth: azure-cli: cannot get account info: exit status 1. Config: host=<DatabricksWorkspaceURL>, azure_workspace_resource_id=<ResourseID>, azure_client_id=***, azure_tenant_id=<TenantID>. Env: ARM_CLIENT_ID, ARM_TENANT_ID

[mericstam]

Hi sorry for late reply. is this something you know anything about @jaredfholgate ?

br
Manuel

[jaredfholgate]

According to the docs for this provider it only supports Azure CLI auth. https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/azure-authenticate-with-oidc#create-a-devops-pipeline-that-authenticates-to-azure-databricks

If you want it to support environment variable based auth, you would need to raise an issue on that provider.