how to enable the PAT token in databricks for users under a azure group through terraform

Question

I want to add the configs to the databricks account to enable PAT token generation for certain time for all nonadmin users which are part of a azure group.

But I dont find the settings to enable this in terraform.

I see this documentation but it does have any config for PAT token. Databricks in azure

Then I also see this config, this does speak about PAT token config but how to link it to the databricks workspace I created and how to give assignment to a specific azure user group. Enable PAT token in databricks

---

From the answers, I wrote below code to give token use access for users, but it threw errors. Terraform code :

    terraform {
  required_providers {
    databricks = {
      source = "databricks/databricks"
      version = "1.21.0"
    }
    azurerm = {
      version = ">=3.2.1"
    }
  }
}



provider "azurerm" {
  features {}
}

provider "databricks" {
  azure_workspace_resource_id = azurerm_databricks_workspace.myworkspace.id
  auth_type = "azure-client-secret"
}

provider "null" {}
resource "azurerm_resource_group" "myresourcegroup" {
  name     = "samghj2-myresourcegroup"
  location = "centralus"
}

resource "azurerm_databricks_workspace" "myworkspace" {
  location                      = azurerm_resource_group.myresourcegroup.location
  name                          = "samghj2-workspace"
  resource_group_name           = azurerm_resource_group.myresourcegroup.name
  sku                           = "trial"

}



resource "databricks_workspace_conf" "config_map" {
  custom_config = {
    "maxTokenLifetimeDays" : "1",
    "enableTokensConfig" : true
  }
  depends_on                          = [azurerm_databricks_workspace.myworkspace]

}

resource "databricks_permissions" "token_usage" {
  authorization = "tokens"

  access_control {
    group_name       = "users"
    permission_level = "CAN_USE"
  }

  depends_on                          = [azurerm_databricks_workspace.myworkspace]
}

The error which I get :

│ Error: cannot create permissions: tokens tokens does not exist
│ 
│   with databricks_permissions.token_usage,
│   on main.tf line 51, in resource "databricks_permissions" "token_usage":
│   51: resource "databricks_permissions" "token_usage" {

---

edit 3 : it seems there is a an requirement where an admin needs to create a token first before he can enable users to create their own token. This doesnt make any sense to me. I want to know more about it. Tracking this qsn here -> why we need to create a token before applying Token permissions in databricks

Answer 1

There are two separate Terraform resources, one is databricks_workspace_conf to enable tokens at workspace level:

resource "databricks_workspace_conf" "this" {
  custom_config = {
    "enableTokensConfig": true
  }
}

Other - databricks_permissions - to grant CAN USE permission for specific group:

resource "databricks_permissions" "token_usage" {
  authorization = "tokens"

  access_control {
    group_name       = "users"
    permission_level = "CAN_USE"
  }
}