app.md

subcategory	Apps

databricks_app Resource

Databricks Apps run directly on a customer's Databricks instance, integrate with their data, use and extend Databricks services, and enable users to interact through single sign-on. This resource creates the application but does not handle app deployment, which should be handled separately as part of your CI/CD pipeline.

-> This resource can only be used with a workspace-level provider!

Example Usage

resource "databricks_app" "this" {
  name        = "my-custom-app"
  description = "My app"

  resources = [{
    name = "sql-warehouse"
    sql_warehouse = {
      id         = "e9ca293f79a74b5c"
      permission = "CAN_MANAGE"
    }
    },
    {
      name = "serving-endpoint"
      serving_endpoint = {
        name       = "databricks-meta-llama-3-1-70b-instruct"
        permission = "CAN_MANAGE"
      }
    },
    {
      name = "job"
      job = {
        id         = "1234"
        permission = "CAN_MANAGE"
      }
  }]
}

Argument Reference

The following arguments are required:

• name - (Required) The name of the app. The name must contain only lowercase alphanumeric characters and hyphens. It must be unique within the workspace.
• description - (Optional) The description of the app.
• budget_policy_id - (Optional) The Budget Policy ID set for this resource. When the app is in a space, this may be automatically populated from the space's usage policy.
• resources - (Optional) A list of resources that the app has access to. When the app is in a space, this may be automatically populated from the space's resource configuration.
• user_api_scopes - (Optional) A list of api scopes granted to the user access token. When the app is in a space, this may be automatically populated from the space's configuration.
• compute_size - (Optional) A string specifying compute size for the App. Possible values are MEDIUM, LARGE.

resources Configuration Attribute

This attribute describes a resource used by the app.

• name - (Required) The name of the resource.
• description - (Optional) The description of the resource.

Exactly one of the following attributes must be provided:

• secret attribute
  • scope - Scope of the secret to grant permission on.
  • key - Key of the secret to grant permission on.
  • permission - Permission to grant on the secret scope. For secrets, only one permission is allowed. Permission must be one of: READ, WRITE, MANAGE.
• sql_warehouse attribute
  • id - Id of the SQL warehouse to grant permission on.
  • permission - Permission to grant on the SQL warehouse. Supported permissions are: CAN_MANAGE, CAN_USE, IS_OWNER.
• serving_endpoint attribute
  • name - Name of the serving endpoint to grant permission on.
  • permission - Permission to grant on the serving endpoint. Supported permissions are: CAN_MANAGE, CAN_QUERY, CAN_VIEW.
• job attribute
  • id - Id of the job to grant permission on.
  • permission - Permissions to grant on the Job. Supported permissions are: CAN_MANAGE, IS_OWNER, CAN_MANAGE_RUN, CAN_VIEW.
• uc_securable attribute (see the API docs for full list of supported UC objects)
  • securable_type - the type of UC securable, i.e. VOLUME.
  • securable_full_name - the full name of UC securable, i.e. my-catalog.my-schema.my-volume.
  • permission - Permissions to grant on UC securable, i.e. READ_VOLUME, WRITE_VOLUME.
• database attribute
  • database_name - The name of database.
  • instance_name - The name of database instance.
  • permission - Permission to grant on database. Supported permissions are: CAN_CONNECT_AND_CREATE.
• genie_space attribute
  • name - The name of Genie Space.
  • ``permission- Permission to grant on Genie Space. Supported permissions areCAN_MANAGE`, `CAN_EDIT`, `CAN_RUN`, `CAN_VIEW`.
  • space_id - The unique ID of Genie Space.

Attribute Reference

In addition to all arguments above, the following attributes are exported:

• compute_status attribute
  • state - State of the app compute.
  • message - Compute status message
• app_status attribute
  • state - State of the application.
  • message - Application status message
• url - The URL of the app once it is deployed.
• create_time - The creation time of the app.
• creator - The email of the user that created the app.
• update_time - The update time of the app.
• updater - The email of the user that last updated the app.
• service_principal_client_id - client_id (application_id) of the app service principal
• service_principal_id - id of the app service principal
• service_principal_name - name of the app service principal
• default_source_code_path - The default workspace file system path of the source code from which app deployment are created. This field tracks the workspace source code path of the last active deployment.
• effective_budget_policy_id - The effective budget policy ID.
• effective_user_api_scopes - A list of effective api scopes granted to the user access token.

Import

This resource can be imported by name:

import {
  to = databricks_app.this
  id = "<app_name>"
}

Alternatively, when using terraform version 1.4 or earlier, import using the terraform import command:

terraform import databricks_app.this <app_name>

Related Resources

The following resources are used in the same context:

• databricks_sql_endpoint to manage Databricks SQL Endpoints.
• databricks_model_serving to serve this model on a Databricks serving endpoint.
• databricks_secret to manage secrets in Databricks workspace.
• databricks_job to manage Databricks Jobs to run non-interactive code.