Improve databricks_service_principals data source (#5164)

alexott · web-flow · commit 7376ed9d3c11 · 2025-11-07T10:34:43.000Z
## Changes  Changes include: - don't throw an error when nothing is found/got an empty result - Added `service_principals` attribute to contain more information about service principals - SCIM ID, display name, etc. Resolves #5162, Resolves #4997 ## Tests  - [x] `make test` run locally - [x] relevant change in `docs/` folder - [ ] covered with integration tests in `internal/acceptance` - [ ] using Go SDK - [ ] using TF Plugin Framework - [x] has entry in `NEXT_CHANGELOG.md` file
diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md
@@ -6,6 +6,8 @@
 
 ### New Features and Improvements
 
+* Improve `databricks_service_principals` data source ([#5164](https://github.com/databricks/terraform-provider-databricks/pull/5164))
+
 ### Bug Fixes
 
 ### Documentation
diff --git a/docs/data-sources/service_principal.md b/docs/data-sources/service_principal.md
@@ -47,8 +47,7 @@ Data source exposes the following attributes:
 - `home` - Home folder of the [service principal](../resources/service_principal.md), e.g. `/Users/11111111-2222-3333-4444-555666777888`.
 - `repos` - Repos location of the [service principal](../resources/service_principal.md), e.g. `/Repos/11111111-2222-3333-4444-555666777888`.
 - `active` - Whether service principal is active or not.
-
-* `acl_principal_id` - identifier for use in [databricks_access_control_rule_set](../resources/access_control_rule_set.md), e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
+- `acl_principal_id` - identifier for use in [databricks_access_control_rule_set](../resources/access_control_rule_set.md), e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
 
 ## Related Resources
 
diff --git a/docs/data-sources/service_principals.md b/docs/data-sources/service_principals.md
@@ -43,7 +43,17 @@ Data source allows you to pick service principals by the following attributes
 
 Data source exposes the following attributes:
 
-- `application_ids` - List of `application_ids` of service principals.  Individual service principal can be retrieved using [databricks_service_principal](service_principal.md) data source
+- `application_ids` - List of `application_ids` of service principals.  Individual service principal can be retrieved using [databricks_service_principal](service_principal.md) data source or from `service_principals` attribute.
+- `service_principals` - List of objects describing individual service principals. Each object has the following attributes:
+  - `id` - The id of the service principal (SCIM ID).
+  - `application_id` - Application ID of the service principal.
+  - `display_name` - Display name of the [service principal](../resources/service_principal.md), e.g. `Foo SPN`.
+  - `scim_id` - same as `id`.
+  - `external_id` - ID of the service principal in an external identity provider.
+  - `home` - Home folder of the [service principal](../resources/service_principal.md), e.g. `/Users/11111111-2222-3333-4444-555666777888`.
+  - `repos` - Repos location of the [service principal](../resources/service_principal.md), e.g. `/Repos/11111111-2222-3333-4444-555666777888`.
+  - `active` - Whether service principal is active or not.
+  - `acl_principal_id` - identifier for use in [databricks_access_control_rule_set](../resources/access_control_rule_set.md), e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
 
 ## Related Resources
 
diff --git a/scim/data_service_principal.go b/scim/data_service_principal.go
@@ -8,22 +8,23 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
+type servicePrincipalData struct {
+	ApplicationID  string `json:"application_id,omitempty" tf:"computed"`
+	DisplayName    string `json:"display_name,omitempty" tf:"computed"`
+	SpID           string `json:"sp_id,omitempty" tf:"computed"`
+	ScimID         string `json:"scim_id,omitempty" tf:"computed"`
+	ID             string `json:"id,omitempty" tf:"computed"`
+	Home           string `json:"home,omitempty" tf:"computed"`
+	Repos          string `json:"repos,omitempty" tf:"computed"`
+	Active         bool   `json:"active,omitempty" tf:"computed"`
+	ExternalID     string `json:"external_id,omitempty" tf:"computed"`
+	AclPrincipalID string `json:"acl_principal_id,omitempty" tf:"computed"`
+}
+
 // DataSourceServicePrincipal returns information about the spn specified by the application_id, id, display_name, or scim_id
 func DataSourceServicePrincipal() common.Resource {
-	type spnData struct {
-		ApplicationID  string `json:"application_id,omitempty" tf:"computed"`
-		DisplayName    string `json:"display_name,omitempty" tf:"computed"`
-		SpID           string `json:"sp_id,omitempty" tf:"computed"`
-		ScimID         string `json:"scim_id,omitempty" tf:"computed"`
-		ID             string `json:"id,omitempty" tf:"computed"`
-		Home           string `json:"home,omitempty" tf:"computed"`
-		Repos          string `json:"repos,omitempty" tf:"computed"`
-		Active         bool   `json:"active,omitempty" tf:"computed"`
-		ExternalID     string `json:"external_id,omitempty" tf:"computed"`
-		AclPrincipalID string `json:"acl_principal_id,omitempty" tf:"computed"`
-	}
 
-	s := common.StructToSchema(spnData{}, func(
+	s := common.StructToSchema(servicePrincipalData{}, func(
 		s map[string]*schema.Schema) map[string]*schema.Schema {
 		s["application_id"].ExactlyOneOf = []string{"application_id", "display_name", "scim_id"}
 		s["display_name"].ExactlyOneOf = []string{"application_id", "display_name", "scim_id"}
@@ -34,7 +35,7 @@ func DataSourceServicePrincipal() common.Resource {
 	return common.Resource{
 		Schema: s,
 		Read: func(ctx context.Context, d *schema.ResourceData, m *common.DatabricksClient) error {
-			var response spnData
+			var response servicePrincipalData
 			var spList []User
 			var err error
 
diff --git a/scim/data_service_principals.go b/scim/data_service_principals.go
@@ -3,6 +3,7 @@ package scim
 import (
 	"context"
 	"fmt"
+	"log"
 	"sort"
 
 	"github.com/databricks/terraform-provider-databricks/common"
@@ -11,8 +12,9 @@ import (
 // DataSourceServicePrincipals searches for service principals based on display_name
 func DataSourceServicePrincipals() common.Resource {
 	type spnsData struct {
-		DisplayNameContains string   `json:"display_name_contains,omitempty" tf:"computed"`
-		ApplicationIDs      []string `json:"application_ids,omitempty" tf:"computed,slice_set"`
+		DisplayNameContains string                 `json:"display_name_contains,omitempty" tf:"computed"`
+		ApplicationIDs      []string               `json:"application_ids,omitempty" tf:"computed,slice_set"`
+		ServicePrincipals   []servicePrincipalData `json:"service_principals,omitempty" tf:"computed"`
 	}
 	return common.DataResource(spnsData{}, func(ctx context.Context, e any, c *common.DatabricksClient) error {
 		response := e.(*spnsData)
@@ -28,12 +30,27 @@ func DataSourceServicePrincipals() common.Resource {
 			return err
 		}
 		if len(spList) == 0 {
-			return fmt.Errorf("cannot find SPs with display name containing %s", response.DisplayNameContains)
+			log.Printf("[INFO] cannot find SPs with display name containing %s", response.DisplayNameContains)
 		}
 		for _, sp := range spList {
 			response.ApplicationIDs = append(response.ApplicationIDs, sp.ApplicationID)
+			response.ServicePrincipals = append(response.ServicePrincipals, servicePrincipalData{
+				ApplicationID:  sp.ApplicationID,
+				DisplayName:    sp.DisplayName,
+				Active:         sp.Active,
+				ID:             sp.ID,
+				SpID:           sp.ID,
+				ScimID:         sp.ID,
+				ExternalID:     sp.ExternalID,
+				AclPrincipalID: fmt.Sprintf("servicePrincipals/%s", sp.ApplicationID),
+				Home:           fmt.Sprintf("/Users/%s", sp.ApplicationID),
+				Repos:          fmt.Sprintf("/Repos/%s", sp.ApplicationID),
+			})
 		}
 		sort.Strings(response.ApplicationIDs)
+		sort.Slice(response.ServicePrincipals, func(i, j int) bool {
+			return response.ServicePrincipals[i].ApplicationID < response.ServicePrincipals[j].ApplicationID
+		})
 		return nil
 	})
 }
diff --git a/scim/data_service_principals_test.go b/scim/data_service_principals_test.go
@@ -42,7 +42,7 @@ func TestDataServicePrincipalsReadByDisplayName(t *testing.T) {
 }
 
 func TestDataServicePrincipalsReadNotFound(t *testing.T) {
-	_, err := qa.ResourceFixture{
+	qa.ResourceFixture{
 		Fixtures: []qa.HTTPFixture{
 			{
 				Method:   "GET",
@@ -55,8 +55,11 @@ func TestDataServicePrincipalsReadNotFound(t *testing.T) {
 		Read:        true,
 		NonWritable: true,
 		ID:          "_",
-	}.Apply(t)
-	require.Error(t, err)
+	}.ApplyAndExpectData(t, map[string]any{
+		"application_ids":       []string{},
+		"service_principals":    []any{},
+		"display_name_contains": "def",
+	})
 }
 
 func TestDataServicePrincipalsReadNoFilter(t *testing.T) {
