How do i give access to a databricks access connector to my storage account using terraform. the below code gives error saying principal id is not guid
resource "azurerm_role_assignment" "databricks_connector_role_assignment" {
scope = azurerm_storage_account.storage_account.id
role_definition_name = "Storage Blob Data Contributor"
principal_id = azurerm_databricks_access_connector.databricks_cdf_audit_access_connector.id
}
There is no principal_id attribute available for databricks access connector. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/databricks_access_connector
and here is my databricks connector resource definition:
resource "azurerm_databricks_access_connector" "databricks_cdf_audit_access_connector" {
name = "databricks-cdf-connector"
resource_group_name = data.azurerm_resource_group.cdf_audit_log_rg.name
location = var.databricks_location
identity {
type = "SystemAssigned"
}
tags = {
Environment = var.environment
service = var.service
team = var.team
}
}
As described in Unity Catalog docs you don't grant access to the connector, but rather to managed identity assigned to that connector. In Terraform managed identities are exposed under identity block.
Assuming you use system-assigned managed identity:
principal_id = azurerm_databricks_access_connector.databricks_cdf_audit_access_connector.identity[0].principal_id