From 5f4df4a54ef9990a30ba9bcf5ac48aae3ec86211 Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 01:21:07 +0530 Subject: [PATCH 1/8] [Documentation] Add support for Unified Terraform Provider --- NEXT_CHANGELOG.md | 1 + docs/guides/unified-provider.md | 46 +++++++++++++++++++++++++++++++++ docs/index.md | 37 +++++++++++++++++++++----- 3 files changed, 78 insertions(+), 6 deletions(-) create mode 100644 docs/guides/unified-provider.md diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index ef006a79cd..80f8f66476 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -11,6 +11,7 @@ ### Documentation * Document `git_email` in `databricks_git_credential` resource ([#5099](https://github.com/databricks/terraform-provider-databricks/pull/5099)) +* Document Unified Terraform Provider ([]()). ### Exporter diff --git a/docs/guides/unified-provider.md b/docs/guides/unified-provider.md new file mode 100644 index 0000000000..1d55641571 --- /dev/null +++ b/docs/guides/unified-provider.md @@ -0,0 +1,46 @@ +# Unified Terraform Provider +[![Public Beta](https://img.shields.io/badge/Release_Stage-Public_Beta-orange)](https://docs.databricks.com/aws/en/release-notes/release-types) + +## Introduction +Manage workspace level resource through acccount level provider! + +## Usability +Specify `provider_config` at the resource level which would contain the workspace_id that the resource will belong to. This can be used as either block or attribute depending on the internal implementations of the resource. For details, please see the documentation of the specific resource or data source. + +### Block +```hcl +resource "workspace_level_resource" "this" { + provider_config { + workspace_id = "12345" + } + ... +} +``` + +#### Attribute +```hcl +resource "workspace_level_resource" "this" { + provider_config = { + workspace_id = "12345" + } + ... +} +``` + +## Migrating to Unified Provider +If you are managing both workspace and account level resources, you would have a 2 provider setup. For example: +```hcl +``` + +To migrate to unified provider, you can remove the workspace level provider and specify the workspace_id which can be through the workspace resource or environment variable. Example + +```hcl +``` + +## Limitations +There are some limitations to this feature and we plan to address them in near future. +1. Databricks and Azure CLI aren't supported currently +2. Some resources don't support unified provider. Please see the documentation for relevant resource or datasource if they have the `provider_config` attribute or block. + +## Issues +This feature is in Public Beta. In case you encounter an issue. Please report it to us on https://github.com/databricks/terraform-provider-databricks/issues and `Unified Provider` label. diff --git a/docs/index.md b/docs/index.md index 7fd7ed55c0..1c396df697 100644 --- a/docs/index.md +++ b/docs/index.md @@ -173,7 +173,7 @@ There are currently a number of supported methods to [authenticate](https://docs !> **Warning** Please be aware that hard coding any credentials in plain text is not something that is recommended. We strongly recommend using a Terraform backend that supports encryption. Please use [environment variables](#environment-variables), `~/.databrickscfg` file, encrypted `.tfvars` files or secret store of your choice (Hashicorp [Vault](https://www.vaultproject.io/), AWS [Secrets Manager](https://aws.amazon.com/secrets-manager/), AWS [Param Store](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html), Azure [Key Vault](https://azure.microsoft.com/en-us/services/key-vault/)) ### Authenticating with GitHub OpenID Connect (OIDC) -The arguments `host` and `client_id` are used for the authentication which maps to the `github-oidc` authentication type. +The arguments `host` and `client_id` are used for the authentication which maps to the `github-oidc` authentication type. These can be declared in the provider block or set in the environment variables `DATABRICKS_HOST` and `DATABRICKS_CLIENT_ID` respectively. Example: @@ -200,7 +200,7 @@ provider "databricks" { ### Authenticating with Databricks CLI -The provider can authenticate using the Databricks CLI. After logging in with the `databricks auth login` command to your account or workspace, you only need to specify the name of the profile in your provider configuration. Terraform will automatically read and reuse the cached OAuth token to interact with the Databricks REST API. See [the user-to-machine authentication guide](https://docs.databricks.com/aws/en/dev-tools/cli/authentication#oauth-user-to-machine-u2m-authentication) for more details. +The provider can authenticate using the Databricks CLI. After logging in with the `databricks auth login` command to your account or workspace, you only need to specify the name of the profile in your provider configuration. Terraform will automatically read and reuse the cached OAuth token to interact with the Databricks REST API. See [the user-to-machine authentication guide](https://docs.databricks.com/aws/en/dev-tools/cli/authentication#oauth-user-to-machine-u2m-authentication) for more details. You can specify a [CLI connection profile](https://docs.databricks.com/aws/en/dev-tools/cli/profiles) through `profile` parameter or `DATABRICKS_CONFIG_PROFILE` environment variable: @@ -275,7 +275,7 @@ provider "databricks" { ### Authenticating with Workload Identity Federation (WIF) -Workload Identity Federation can be used to authenticate Databricks from automated workflows. This is done through the tokens issued by the automation environment. For more details on environment variables regarding the specific environments, please see: https://docs.databricks.com/aws/en/dev-tools/auth/oauth-federation-provider. +Workload Identity Federation can be used to authenticate Databricks from automated workflows. This is done through the tokens issued by the automation environment. For more details on environment variables regarding the specific environments, please see: https://docs.databricks.com/aws/en/dev-tools/auth/oauth-federation-provider. To create resources at both the account and workspace levels, you can create two providers as shown below: @@ -300,7 +300,32 @@ provider "databricks" { } ``` -Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. +Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. + +### Authenticating with Unified Terraform Provider +Unified Terraform Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see: ./guides/unified-provider.md + +Example: +```hcl +provider "databricks" { + host = var.account_host + client_id = var.client_id + client_secret = var.client_secret + account_id = "00000000-0000-0000-0000-000000000000" +} + +resource "databricks_mws_workspaces" "this" { + ... +} + +resource "databricks_workspace_level_resource" "this" { + provider_config = { + workspace_id = databricks_mws_workspaces.this.workspace_id + } + ... +} + +``` ## Special configurations for Azure @@ -351,7 +376,7 @@ resource "databricks_user" "my-user" { } ``` -Follow the [Configuring OpenID Connect in Azure](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure). You can then use the Azure service principal to authenticate in databricks. +Follow the [Configuring OpenID Connect in Azure](https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-azure). You can then use the Azure service principal to authenticate in databricks. There are `ARM_*` environment variables provide a way to share authentication configuration using the `databricks` provider alongside the [`azurerm` provider](https://registry.terraform.io/providers/hashicorp/azurerm/latest). @@ -462,7 +487,7 @@ To make Databricks Terraform Provider generally available, we've moved it from [ You should have [`.terraform.lock.hcl`](https://github.com/databrickslabs/terraform-provider-databricks/blob/v0.6.2/scripts/versions-lock.hcl) file in your state directory that is checked into source control. terraform init will give you the following warning. ```text -Warning: Additional provider information from registry +Warning: Additional provider information from registry The remote registry returned warnings for registry.terraform.io/databrickslabs/databricks: - For users on Terraform 0.13 or greater, this provider has moved to databricks/databricks. Please update your source in required_providers. From d0aaf52aab4066fded9af133df5faa9f9b9b0d5f Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 01:35:55 +0530 Subject: [PATCH 2/8] - --- NEXT_CHANGELOG.md | 2 +- docs/index.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index 80f8f66476..8455a1314e 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -11,7 +11,7 @@ ### Documentation * Document `git_email` in `databricks_git_credential` resource ([#5099](https://github.com/databricks/terraform-provider-databricks/pull/5099)) -* Document Unified Terraform Provider ([]()). +* Document Unified Terraform Provider ([#5122](https://github.com/databricks/terraform-provider-databricks/pull/5122)) ### Exporter diff --git a/docs/index.md b/docs/index.md index 1c396df697..13b0efc0d3 100644 --- a/docs/index.md +++ b/docs/index.md @@ -303,7 +303,7 @@ provider "databricks" { Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. ### Authenticating with Unified Terraform Provider -Unified Terraform Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see: ./guides/unified-provider.md +Unified Terraform Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md) for more details. Example: ```hcl From 12c04f5e3f2f885f4bf39a2d5238280846df578a Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 16:35:13 +0530 Subject: [PATCH 3/8] - --- docs/guides/unified-provider.md | 95 +++++++++++++++++++++++++++++---- 1 file changed, 84 insertions(+), 11 deletions(-) diff --git a/docs/guides/unified-provider.md b/docs/guides/unified-provider.md index 1d55641571..79a4192057 100644 --- a/docs/guides/unified-provider.md +++ b/docs/guides/unified-provider.md @@ -2,10 +2,16 @@ [![Public Beta](https://img.shields.io/badge/Release_Stage-Public_Beta-orange)](https://docs.databricks.com/aws/en/release-notes/release-types) ## Introduction -Manage workspace level resource through acccount level provider! -## Usability -Specify `provider_config` at the resource level which would contain the workspace_id that the resource will belong to. This can be used as either block or attribute depending on the internal implementations of the resource. For details, please see the documentation of the specific resource or data source. +The unified Terraform provider is a feature that allows you to manage workspace-level resources and data sources through an account-level provider. This significantly simplifies Terraform configurations and resource management, as only one provider is needed per account. + +**Note:** This feature is in [Public Beta](https://docs.databricks.com/aws/en/release-notes/release-types). If you experience any issues, please see the [Reporting Issues](#reporting-issues) section below. + +## Usage + +To manage a workspace-level resource through the account provider, specify the `provider_config` at the resource level with the `workspace_id` of the workspace the resource belongs to. + +Depending on the internal implementation of the resource or data source, `provider_config` can be either a block or an attribute. For details, please refer to the documentation of the specific resource or data source. ### Block ```hcl @@ -17,7 +23,7 @@ resource "workspace_level_resource" "this" { } ``` -#### Attribute +### Attribute ```hcl resource "workspace_level_resource" "this" { provider_config = { @@ -28,19 +34,86 @@ resource "workspace_level_resource" "this" { ``` ## Migrating to Unified Provider -If you are managing both workspace and account level resources, you would have a 2 provider setup. For example: + +If you are currently managing both workspace-level and account-level resources and data sources, you likely have multiple provider configurations that you specify for each resource using aliases. For example: ```hcl +// Define an account provider with alias +provider "databricks" { + alias = "account" + host = var.account_host + account_id = var.account_id + client_id = var.account_client_id + client_secret = var.account_client_secret +} + +// Use the account provider for account-level resources +resource "databricks_account_federation_policy" "this" { + provider = databricks.account + policy_id = "my-policy" + oidc_policy = { + issuer = "https://myidp.example.com" + subject_claim = "sub" + } +} + +// Define a workspace provider with alias +provider "databricks" { + alias = databricks.workspace + host = var.workspace_host + client_id = var.workspace_client_id + client_secret = var.workspace_client_secret +} + +// Use the workspace provider for workspace-level resources +resource "databricks_workspace_level_resource" "this" { + provider = databricks.workspace + name = "resource name" +} ``` -To migrate to unified provider, you can remove the workspace level provider and specify the workspace_id which can be through the workspace resource or environment variable. Example +To migrate to the unified provider, you can remove the workspace-level provider and specify the `workspace_id` in the `provider_config` attribute or block instead. For example: ```hcl +// Define an account provider +provider "databricks" { + host = var.account_host + account_id = var.account_id + client_id = var.account_client_id + client_secret = var.account_client_secret +} + +// Create an account-level resource +resource "databricks_account_federation_policy" "this" { + policy_id = "my-policy" + oidc_policy = { + issuer = "https://myidp.example.com" + subject_claim = "sub" + } +} + +// Create a workspace under the account +resource "databricks_mws_workspaces" "this" { + account_id = var.account_id + aws_region = "us-east-1" + compute_mode = "SERVERLESS" +} + +// Create a workspace-level resource using provider_config +resource "databricks_workspace_level_resource" "this" { + provider_config { + workspace_id = databricks_mws_workspaces.this.workspace_id + } + name = "resource name" +} ``` ## Limitations -There are some limitations to this feature and we plan to address them in near future. -1. Databricks and Azure CLI aren't supported currently -2. Some resources don't support unified provider. Please see the documentation for relevant resource or datasource if they have the `provider_config` attribute or block. -## Issues -This feature is in Public Beta. In case you encounter an issue. Please report it to us on https://github.com/databricks/terraform-provider-databricks/issues and `Unified Provider` label. +There are some limitations to this feature that we plan to address in the near future: + +1. Databricks CLI and Azure CLI authentication methods are not currently supported +2. Some resources do not yet support the unified provider. Please refer to the documentation for each resource or data source to check if they support the `provider_config` attribute or block. + +## Reporting Issues + +This feature is in Public Beta. If you encounter any issues, please report them on [GitHub Issues](https://github.com/databricks/terraform-provider-databricks/issues) with the `Unified Provider` label. From fb8ab5b20b7071c2faf563a3316f4830dab34e41 Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 16:41:36 +0530 Subject: [PATCH 4/8] - --- docs/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/index.md b/docs/index.md index 13b0efc0d3..74e0a0aa1b 100644 --- a/docs/index.md +++ b/docs/index.md @@ -302,8 +302,8 @@ provider "databricks" { Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. -### Authenticating with Unified Terraform Provider -Unified Terraform Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md) for more details. +### Authenticating with Unified Provider +Unified Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md) for more details. Example: ```hcl From c2b0fe47c2da05febf5c4643e7c358bc6a26faa1 Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 16:44:38 +0530 Subject: [PATCH 5/8] - --- docs/index.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 74e0a0aa1b..c0d072a514 100644 --- a/docs/index.md +++ b/docs/index.md @@ -307,17 +307,20 @@ Unified Provider allows management of workspace level terraform resources throug Example: ```hcl +// Create an account level provider provider "databricks" { host = var.account_host client_id = var.client_id client_secret = var.client_secret - account_id = "00000000-0000-0000-0000-000000000000" + account_id = var.account_id } +// Create a workspace under the account resource "databricks_mws_workspaces" "this" { ... } +// Create a workspace level resource under the workspace above resource "databricks_workspace_level_resource" "this" { provider_config = { workspace_id = databricks_mws_workspaces.this.workspace_id From 62641be900138a8ee1fdaa02a46707a5c1a0128b Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Tue, 21 Oct 2025 17:11:51 +0530 Subject: [PATCH 6/8] - --- docs/guides/unified-provider.md | 8 +++++--- docs/index.md | 12 +++++++++--- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/docs/guides/unified-provider.md b/docs/guides/unified-provider.md index 79a4192057..0d5bd55bcd 100644 --- a/docs/guides/unified-provider.md +++ b/docs/guides/unified-provider.md @@ -3,9 +3,9 @@ ## Introduction -The unified Terraform provider is a feature that allows you to manage workspace-level resources and data sources through an account-level provider. This significantly simplifies Terraform configurations and resource management, as only one provider is needed per account. +Unified Terraform Provider allows you to manage workspace-level resources and data sources through an account-level provider. This significantly simplifies Terraform configurations and resource management, as only one provider is needed per account. -**Note:** This feature is in [Public Beta](https://docs.databricks.com/aws/en/release-notes/release-types). If you experience any issues, please see the [Reporting Issues](#reporting-issues) section below. +**Note:** This feature is in [Public Beta](https://docs.databricks.com/aws/en/release-notes/release-types). If you experience any issues, please refer to the [Reporting Issues](#reporting-issues) section below. ## Usage @@ -33,6 +33,8 @@ resource "workspace_level_resource" "this" { } ``` +**Note:** This feature is being rolled out incrementally. Some resources do not yet support the unified provider. Please check the resource-specific documentation to see if the `provider_config` attribute or block is available. + ## Migrating to Unified Provider If you are currently managing both workspace-level and account-level resources and data sources, you likely have multiple provider configurations that you specify for each resource using aliases. For example: @@ -58,7 +60,7 @@ resource "databricks_account_federation_policy" "this" { // Define a workspace provider with alias provider "databricks" { - alias = databricks.workspace + alias = "workspace" host = var.workspace_host client_id = var.workspace_client_id client_secret = var.workspace_client_secret diff --git a/docs/index.md b/docs/index.md index c0d072a514..e5254ffe53 100644 --- a/docs/index.md +++ b/docs/index.md @@ -197,6 +197,7 @@ provider "databricks" { account_id = var.account_id } ``` +Note: Some workspace level resources can be managed through account provider. please see the [unified provider](./guides/unified-provider.md) for more details. ### Authenticating with Databricks CLI @@ -230,7 +231,9 @@ provider "databricks" { } ``` -To create resources at both the account and workspace levels, you can create two providers as shown below: +To create resources at both the account and workspace levels, you can create two providers as shown below. + +Note: Some workspace level resources can be managed through account provider. please see the [unified provider](./guides/unified-provider.md) for more details. ``` hcl provider "databricks" { @@ -277,7 +280,9 @@ provider "databricks" { Workload Identity Federation can be used to authenticate Databricks from automated workflows. This is done through the tokens issued by the automation environment. For more details on environment variables regarding the specific environments, please see: https://docs.databricks.com/aws/en/dev-tools/auth/oauth-federation-provider. -To create resources at both the account and workspace levels, you can create two providers as shown below: +To create resources at both the account and workspace levels, you can create two providers as shown below. + +Note: Some workspace level resources can be managed through account provider. please see the [unified provider](./guides/unified-provider.md) for more details. Workspace level provider: ```hcl @@ -303,7 +308,8 @@ provider "databricks" { Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. ### Authenticating with Unified Provider -Unified Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md) for more details. +Unified Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md). + Example: ```hcl From a3e64b3c0c29169b431eb40e0224d9ba5a8b865f Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Wed, 22 Oct 2025 19:55:15 +0530 Subject: [PATCH 7/8] comments --- docs/guides/unified-provider.md | 34 ++++++++++++++++----------------- docs/index.md | 2 +- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/docs/guides/unified-provider.md b/docs/guides/unified-provider.md index 0d5bd55bcd..4a2bcfe5b9 100644 --- a/docs/guides/unified-provider.md +++ b/docs/guides/unified-provider.md @@ -3,7 +3,7 @@ ## Introduction -Unified Terraform Provider allows you to manage workspace-level resources and data sources through an account-level provider. This significantly simplifies Terraform configurations and resource management, as only one provider is needed per account. +The Unified Terraform Provider allows you to manage workspace-level resources and data sources through an account-level provider. This significantly simplifies Terraform configurations and resource management, as only one provider is needed per account. **Note:** This feature is in [Public Beta](https://docs.databricks.com/aws/en/release-notes/release-types). If you experience any issues, please refer to the [Reporting Issues](#reporting-issues) section below. @@ -48,16 +48,15 @@ provider "databricks" { client_secret = var.account_client_secret } -// Use the account provider for account-level resources -resource "databricks_account_federation_policy" "this" { +// Create a workspace +resource "databricks_mws_workspaces" "this" { provider = databricks.account - policy_id = "my-policy" - oidc_policy = { - issuer = "https://myidp.example.com" - subject_claim = "sub" - } + ... } +``` +Once the workspace is created, create a workspace-level provider. +```hcl // Define a workspace provider with alias provider "databricks" { alias = "workspace" @@ -73,7 +72,11 @@ resource "databricks_workspace_level_resource" "this" { } ``` -To migrate to the unified provider, you can remove the workspace-level provider and specify the `workspace_id` in the `provider_config` attribute or block instead. For example: +Migration to unified provider happens in 2 steps. +1. Add `provider_config` and `workspace_id` to the resource without removing the workspace-level provider. Then do terraform apply so these values are part of the state. +2. Remove the workspace-level provider. + +you can remove the workspace-level provider and specify the `workspace_id` in the `provider_config` attribute or block instead. For example: ```hcl // Define an account provider @@ -84,15 +87,6 @@ provider "databricks" { client_secret = var.account_client_secret } -// Create an account-level resource -resource "databricks_account_federation_policy" "this" { - policy_id = "my-policy" - oidc_policy = { - issuer = "https://myidp.example.com" - subject_claim = "sub" - } -} - // Create a workspace under the account resource "databricks_mws_workspaces" "this" { account_id = var.account_id @@ -109,6 +103,10 @@ resource "databricks_workspace_level_resource" "this" { } ``` +## FAQ +* Workspace for which the workspace_id is supplied to the resource through provider_config must belong to the account the provider is configured with. +* Migration: Doing the migration in 1 step will lead to issues. This happens because the state doesn't have workspace_id during the refresh. + ## Limitations There are some limitations to this feature that we plan to address in the near future: diff --git a/docs/index.md b/docs/index.md index e5254ffe53..82c5a3bcf1 100644 --- a/docs/index.md +++ b/docs/index.md @@ -308,7 +308,7 @@ provider "databricks" { Note: `auth_type` for Github Actions would be "github-oidc". For more details, please see the document linked above. ### Authenticating with Unified Provider -Unified Provider allows management of workspace level terraform resources through account level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md). +The Unified Provider allows management of workspace-level terraform resources using an account-level provider. You can specify the `provider_config` block or attribute depending on the resource with the `workspace_id` that the resource will belong to. For more details, please see the [documentation](./guides/unified-provider.md). Example: From ef3fe9a0bdb6b0c9a0cc3800ee0aad1b42ea6d2c Mon Sep 17 00:00:00 2001 From: Tanmay Rustagi Date: Thu, 23 Oct 2025 02:55:49 +0530 Subject: [PATCH 8/8] - --- docs/guides/unified-provider.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/guides/unified-provider.md b/docs/guides/unified-provider.md index 4a2bcfe5b9..8c1b2dad0d 100644 --- a/docs/guides/unified-provider.md +++ b/docs/guides/unified-provider.md @@ -72,11 +72,11 @@ resource "databricks_workspace_level_resource" "this" { } ``` -Migration to unified provider happens in 2 steps. -1. Add `provider_config` and `workspace_id` to the resource without removing the workspace-level provider. Then do terraform apply so these values are part of the state. +Migration to the unified provider happens in 2 steps: +1. Add `provider_config` and `workspace_id` to the resource without removing the workspace-level provider. Then run `terraform apply` so these values are included in the state. 2. Remove the workspace-level provider. -you can remove the workspace-level provider and specify the `workspace_id` in the `provider_config` attribute or block instead. For example: +For example: ```hcl // Define an account provider @@ -104,15 +104,17 @@ resource "databricks_workspace_level_resource" "this" { ``` ## FAQ -* Workspace for which the workspace_id is supplied to the resource through provider_config must belong to the account the provider is configured with. -* Migration: Doing the migration in 1 step will lead to issues. This happens because the state doesn't have workspace_id during the refresh. + +* An empty `workspace_id` is not allowed, and `terraform plan` will fail with the error: `"workspace_id string length must be at least 1"`. +* The `workspace_id` supplied to the resource through `provider_config` must belong to the account for which the provider is configured. If the workspace does not belong to the account, you will receive an error: `"failed to get workspace client, please check the workspace_id provided in the provider_config"`. +* Migrating to the unified provider in a single step (i.e., removing the workspace-level provider and adding `provider_config` to the resource simultaneously) will result in an error: `"workspace_id is not set, please set the workspace_id in the provider_config"`. This occurs because the state does not contain `workspace_id` during the refresh phase. Migration must be done in 2 steps as described above. ## Limitations There are some limitations to this feature that we plan to address in the near future: 1. Databricks CLI and Azure CLI authentication methods are not currently supported -2. Some resources do not yet support the unified provider. Please refer to the documentation for each resource or data source to check if they support the `provider_config` attribute or block. +2. Some resources do not yet support the unified provider as the support is rolling out incrementally. Please refer to the documentation for each resource or data source to check if they support the `provider_config` attribute or block. ## Reporting Issues