storage_credentials
Creates, updates, deletes, gets or lists a storage_credentials resource.
Overview
| Name | storage_credentials |
| Type | Resource |
| Id | databricks_workspace.catalog.storage_credentials |
Fields
The following fields are returned by SELECT queries:
- get
- list
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier of the credential. |
name | string | The credential name. The name must be unique among storage and service credentials within the metastore. |
metastore_id | string | Unique identifier of the parent metastore. |
full_name | string | The full name of the credential. |
aws_iam_role | object | The AWS IAM role configuration |
azure_managed_identity | object | The Azure managed identity configuration. |
azure_service_principal | object | The Azure service principal configuration. |
cloudflare_api_token | object | The Cloudflare API token configuration. |
comment | string | Comment associated with the credential. |
created_at | integer | Time at which this credential was created, in epoch milliseconds. |
created_by | string | Username of credential creator. |
databricks_gcp_service_account | object | The Databricks managed GCP service account configuration. |
isolation_mode | string | Create a collection of name/value pairs.<br /><br />Example enumeration:<br /><br />>>> class Color(Enum):<br />... RED = 1<br />... BLUE = 2<br />... GREEN = 3<br /><br />Access them by:<br /><br />- attribute access::<br /><br />>>> Color.RED<br /><Color.RED: 1><br /><br />- value lookup:<br /><br />>>> Color(1)<br /><Color.RED: 1><br /><br />- name lookup:<br /><br />>>> Color['RED']<br /><Color.RED: 1><br /><br />Enumerations can be iterated over, and know how many members they have:<br /><br />>>> len(Color)<br />3<br /><br />>>> list(Color)<br />[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]<br /><br />Methods can be added to enumerations, and members can have their own<br />attributes -- see the documentation for details. (ISOLATION_MODE_ISOLATED, ISOLATION_MODE_OPEN) |
owner | string | Username of current owner of credential. |
read_only | boolean | Whether the credential is usable only for read operations. Only applicable when purpose is **STORAGE**. |
updated_at | integer | Time at which this credential was last modified, in epoch milliseconds. |
updated_by | string | Username of user who last modified the credential. |
used_for_managed_storage | boolean | Whether this credential is the current metastore's root storage credential. Only applicable when purpose is **STORAGE**. |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier of the credential. |
name | string | The credential name. The name must be unique among storage and service credentials within the metastore. |
metastore_id | string | Unique identifier of the parent metastore. |
full_name | string | The full name of the credential. |
aws_iam_role | object | The AWS IAM role configuration |
azure_managed_identity | object | The Azure managed identity configuration. |
azure_service_principal | object | The Azure service principal configuration. |
cloudflare_api_token | object | The Cloudflare API token configuration. |
comment | string | Comment associated with the credential. |
created_at | integer | Time at which this credential was created, in epoch milliseconds. |
created_by | string | Username of credential creator. |
databricks_gcp_service_account | object | The Databricks managed GCP service account configuration. |
isolation_mode | string | Create a collection of name/value pairs.<br /><br />Example enumeration:<br /><br />>>> class Color(Enum):<br />... RED = 1<br />... BLUE = 2<br />... GREEN = 3<br /><br />Access them by:<br /><br />- attribute access::<br /><br />>>> Color.RED<br /><Color.RED: 1><br /><br />- value lookup:<br /><br />>>> Color(1)<br /><Color.RED: 1><br /><br />- name lookup:<br /><br />>>> Color['RED']<br /><Color.RED: 1><br /><br />Enumerations can be iterated over, and know how many members they have:<br /><br />>>> len(Color)<br />3<br /><br />>>> list(Color)<br />[<Color.RED: 1>, <Color.BLUE: 2>, <Color.GREEN: 3>]<br /><br />Methods can be added to enumerations, and members can have their own<br />attributes -- see the documentation for details. (ISOLATION_MODE_ISOLATED, ISOLATION_MODE_OPEN) |
owner | string | Username of current owner of credential. |
read_only | boolean | Whether the credential is usable only for read operations. Only applicable when purpose is **STORAGE**. |
updated_at | integer | Time at which this credential was last modified, in epoch milliseconds. |
updated_by | string | Username of user who last modified the credential. |
used_for_managed_storage | boolean | Whether this credential is the current metastore's root storage credential. Only applicable when purpose is **STORAGE**. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | name, deployment_name | Gets a storage credential from the metastore. The caller must be a metastore admin, the owner of the | |
list | select | deployment_name | include_unbound, max_results, page_token | Gets an array of storage credentials (as StorageCredentialInfo objects). The array is limited to |
create | insert | deployment_name, name | Creates a new storage credential. | |
update | update | name, deployment_name | Updates a storage credential on the metastore. | |
delete | delete | name, deployment_name | force | Deletes a storage credential from the metastore. The caller must be an owner of the storage |
validate | exec | deployment_name | Validates a storage credential. At least one of external_location_name and url need to be |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
deployment_name | string | The Databricks Workspace Deployment Name (default: dbc-abcd0123-a1bc) |
name | string | Name of the storage credential. |
force | boolean | Force an update even if there are dependent external locations or external tables (when purpose is STORAGE) or dependent services (when purpose is SERVICE). |
include_unbound | boolean | Whether to include credentials not bound to the workspace. Effective only if the user has permission to update the credential–workspace binding. |
max_results | integer | Maximum number of storage credentials to return. If not set, all the storage credentials are returned (not recommended). - when set to a value greater than 0, the page length is the minimum of this value and a server configured value; - when set to 0, the page length is set to a server configured value (recommended); - when set to a value less than 0, an invalid parameter error is returned; |
page_token | string | Opaque pagination token to go to next page based on previous query. |
SELECT examples
- get
- list
Gets a storage credential from the metastore. The caller must be a metastore admin, the owner of the
SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_workspace.catalog.storage_credentials
WHERE name = '{{ name }}' -- required
AND deployment_name = '{{ deployment_name }}' -- required
;
Gets an array of storage credentials (as StorageCredentialInfo objects). The array is limited to
SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_workspace.catalog.storage_credentials
WHERE deployment_name = '{{ deployment_name }}' -- required
AND include_unbound = '{{ include_unbound }}'
AND max_results = '{{ max_results }}'
AND page_token = '{{ page_token }}'
;
INSERT examples
- create
- Manifest
Creates a new storage credential.
INSERT INTO databricks_workspace.catalog.storage_credentials (
name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
databricks_gcp_service_account,
read_only,
skip_validation,
deployment_name
)
SELECT
'{{ name }}' /* required */,
'{{ aws_iam_role }}',
'{{ azure_managed_identity }}',
'{{ azure_service_principal }}',
'{{ cloudflare_api_token }}',
'{{ comment }}',
'{{ databricks_gcp_service_account }}',
{{ read_only }},
{{ skip_validation }},
'{{ deployment_name }}'
RETURNING
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage
;
# Description fields are for documentation purposes
- name: storage_credentials
props:
- name: deployment_name
value: "{{ deployment_name }}"
description: Required parameter for the storage_credentials resource.
- name: name
value: "{{ name }}"
description: |
The credential name. The name must be unique among storage and service credentials within the metastore.
- name: aws_iam_role
description: |
The AWS IAM role configuration.
value:
role_arn: "{{ role_arn }}"
- name: azure_managed_identity
description: |
The Azure managed identity configuration.
value:
access_connector_id: "{{ access_connector_id }}"
managed_identity_id: "{{ managed_identity_id }}"
- name: azure_service_principal
description: |
The Azure service principal configuration.
value:
directory_id: "{{ directory_id }}"
application_id: "{{ application_id }}"
client_secret: "{{ client_secret }}"
- name: cloudflare_api_token
description: |
The Cloudflare API token configuration.
value:
access_key_id: "{{ access_key_id }}"
secret_access_key: "{{ secret_access_key }}"
account_id: "{{ account_id }}"
- name: comment
value: "{{ comment }}"
description: |
Comment associated with the credential.
- name: databricks_gcp_service_account
value: "{{ databricks_gcp_service_account }}"
description: |
The Databricks managed GCP service account configuration.
- name: read_only
value: {{ read_only }}
description: |
Whether the credential is usable only for read operations. Only applicable when purpose is **STORAGE**.
- name: skip_validation
value: {{ skip_validation }}
description: |
Supplying true to this argument skips validation of the created credential.
UPDATE examples
- update
Updates a storage credential on the metastore.
UPDATE databricks_workspace.catalog.storage_credentials
SET
aws_iam_role = '{{ aws_iam_role }}',
azure_managed_identity = '{{ azure_managed_identity }}',
azure_service_principal = '{{ azure_service_principal }}',
cloudflare_api_token = '{{ cloudflare_api_token }}',
comment = '{{ comment }}',
databricks_gcp_service_account = '{{ databricks_gcp_service_account }}',
force = {{ force }},
isolation_mode = '{{ isolation_mode }}',
new_name = '{{ new_name }}',
owner = '{{ owner }}',
read_only = {{ read_only }},
skip_validation = {{ skip_validation }}
WHERE
name = '{{ name }}' --required
AND deployment_name = '{{ deployment_name }}' --required
RETURNING
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage;
DELETE examples
- delete
Deletes a storage credential from the metastore. The caller must be an owner of the storage
DELETE FROM databricks_workspace.catalog.storage_credentials
WHERE name = '{{ name }}' --required
AND deployment_name = '{{ deployment_name }}' --required
AND force = '{{ force }}'
;
Lifecycle Methods
- validate
Validates a storage credential. At least one of external_location_name and url need to be
EXEC databricks_workspace.catalog.storage_credentials.validate
@deployment_name='{{ deployment_name }}' --required
@@json=
'{
"aws_iam_role": "{{ aws_iam_role }}",
"azure_managed_identity": "{{ azure_managed_identity }}",
"azure_service_principal": "{{ azure_service_principal }}",
"cloudflare_api_token": "{{ cloudflare_api_token }}",
"databricks_gcp_service_account": "{{ databricks_gcp_service_account }}",
"external_location_name": "{{ external_location_name }}",
"read_only": {{ read_only }},
"storage_credential_name": "{{ storage_credential_name }}",
"url": "{{ url }}"
}'
;