Skip to content

ServicePrincipal

`laktory.models.resources.databricks.ServicePrincipal` ¤

Bases: ServicePrincipalBase

Databricks account service principal

Examples:

import io

from laktory import models

sp_yaml = '''
display_name: neptune
application_id: baf147d1-a856-4de0-a570-8a56dbd7e234
group_ids:
- ${resources.group-role-engineer.id}
- ${resources.group-domain-finance.id}
roles:
- account_admin
'''
sp = models.resources.databricks.ServicePrincipal.model_validate_yaml(
    io.StringIO(sp_yaml)
)

References

Databricks Service Principal

BASE	DESCRIPTION
`acl_principal_id`	identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000` TYPE: `str \| None \| VariableType` DEFAULT: `None`
`active`	Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`allow_cluster_create`	Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with databricks_permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`allow_instance_pool_create`	Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with databricks_permissions and instance_pool_id argument TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`api`	Specifies whether to use account-level or workspace-level API. Valid values are `account` and `workspace`. When not set, the API level is inferred from the provider host TYPE: `str \| None \| VariableType` DEFAULT: `None`
`application_id`	TYPE: `str \| None \| VariableType` DEFAULT: `None`
`databricks_sql_access`	This is a field to allow the service principal to have access to Databricks SQL feature through databricks_sql_endpoint TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`disable_as_user_deletion`	Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`display_name`	This is an alias for the service principal and can be the full name of the service principal TYPE: `str \| None \| VariableType` DEFAULT: `None`
`external_id`	ID of the service principal in an external identity provider TYPE: `str \| None \| VariableType` DEFAULT: `None`
`force`	Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Terraform state, enforcing entitlements defined in the instance of resource. This functionality is experimental and is designed to simplify corner cases, like Azure Active Directory synchronisation TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`force_delete_home_dir`	This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`force_delete_repos`	This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`home`	Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000` TYPE: `str \| None \| VariableType` DEFAULT: `None`
`repos`	Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000` TYPE: `str \| None \| VariableType` DEFAULT: `None`
`workspace_access`	This is a field to allow the service principal to have access to a Databricks Workspace TYPE: `bool \| None \| VariableType` DEFAULT: `None`
`workspace_consume`	This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI. Couldn't be used with `workspace_access` or `databricks_sql_access` TYPE: `bool \| None \| VariableType` DEFAULT: `None`

LAKTORY	DESCRIPTION
`group_ids`	List of the group ids that the user should be member of. TYPE: `list[str \| VariableType] \| VariableType` DEFAULT: `[]`
`roles`	List of roles assigned to the user e.g. ('account_admin') TYPE: `list[str \| VariableType] \| VariableType` DEFAULT: `[]`
`workspace_permission_assignments`	TYPE: `list[MwsPermissionAssignment \| VariableType] \| VariableType` DEFAULT: `None`

ATTRIBUTE	DESCRIPTION
`additional_core_resources`	service principal roles TYPE: `list`

`additional_core_resources` `property` ¤

service principal roles
service principal group members

`laktory.models.resources.databricks.serviceprincipal.ServicePrincipalLookup` ¤

Bases: ResourceLookup

PARAMETER	DESCRIPTION
`application_id`	ID of the service principal. The service principal must exist before this resource can be retrieved. TYPE: `str \| VariableType`