feat: add service credential

Author: Artem Vovchenko

main.tf

@@ -0,0 +1,46 @@
+resource "databricks_credential" "this" {
+  name    = var.service_credential.name
+  owner   = var.service_credential.owner
+  purpose = "SERVICE"
+
+  # Dynamic block for Azure
+  dynamic "azure_managed_identity" {
+    for_each = var.cloud == "azure" ? [1] : []
+    content {
+      access_connector_id = var.service_credential.azure_access_connector_id
+    }
+  }
+
+  # Dynamic block for AWS
+  dynamic "aws_iam_role" {
+    for_each = var.cloud == "aws" ? [1] : []
+    content {
+      role_arn = var.service_credential.aws_iam_role_arn
+    }
+  }
+
+  # TDOO 
+  # Dynamic block for GCP
+  # GCP is not yet supported
+  # dynamic "databricks_gcp_service_account" {
+  #  for_each = var.cloud == "gcp" ? [1] : []
+  #  content {}
+  #}
+
+  force_destroy  = var.service_credential.force_destroy
+  comment        = var.service_credential.comment
+  isolation_mode = var.service_credential.isolation_mode
+}
+
+resource "databricks_grants" "credential" {
+  count = length(var.service_credential_permissions) == 0 ? 0 : 1
+
+  credential = databricks_credential.this.id
+  dynamic "grant" {
+    for_each = var.service_credential_permissions
+    content {
+      principal  = grant.value.principal
+      privileges = grant.value.privileges
+    }
+  }
+}

outputs.tf

@@ -0,0 +1,4 @@
+output "service_credential_name" {
+  value       = try(databricks_credential.this.name, null)
+  description = "Service Credential name"
+}

variables.tf

@@ -0,0 +1,26 @@
+variable "service_credential" {
+  type = object({
+    azure_access_connector_id = optional(string, null) # Azure Databricks Access Connector Id
+    aws_iam_role_arn          = optional(string, null) # AWS IAM role ARN
+    name                      = optional(string, null) # Custom whole name of resource    
+    owner                     = optional(string)       # Owner of resource
+    force_destroy             = optional(bool, true)
+    comment                   = optional(string, "Managed identity credential provisioned by Terraform")
+    isolation_mode            = optional(string, "ISOLATION_MODE_OPEN")
+  })
+  description = "Object with service credentials configuration attributes"
+}
+
+variable "cloud" {
+  type        = string
+  description = "Cloud (azure or aws)"
+}
+
+variable "service_credential_permissions" {
+  type = set(object({
+    principal  = string
+    privileges = list(string)
+  }))
+  default     = []
+  description = "Permissions granted on service credential"
+}

versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">=1.0.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4.0.1"
+    }
+    databricks = {
+      source  = "databricks/databricks"
+      version = "~>1.0"
+    }
+  }
+}