account_storage_credentials
Creates, updates, deletes, gets or lists an account_storage_credentials resource.
Overview
| Name | account_storage_credentials |
| Type | Resource |
| Id | databricks_account.catalog.account_storage_credentials |
Fields
The following fields are returned by SELECT queries:
- account_storage_credentials_get
- account_storage_credentials_list
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier of the credential. |
name | string | The credential name. The name must be unique among storage and service credentials within the metastore. |
metastore_id | string | Unique identifier of the parent metastore. |
full_name | string | The full name of the credential. |
aws_iam_role | object | The AWS IAM role configuration |
azure_managed_identity | object | The Azure managed identity configuration. |
azure_service_principal | object | The Azure service principal configuration. |
cloudflare_api_token | object | The Cloudflare API token configuration. |
comment | string | Comment associated with the credential. |
created_at | integer | Time at which this credential was created, in epoch milliseconds. |
created_by | string | Username of credential creator. |
databricks_gcp_service_account | object | The Databricks managed GCP service account configuration. |
isolation_mode | string | Whether the current securable is accessible from all workspaces or a specific set of workspaces. (ISOLATION_MODE_ISOLATED, ISOLATION_MODE_OPEN) |
owner | string | Username of current owner of credential. |
read_only | boolean | Whether the credential is usable only for read operations. Only applicable when purpose is **STORAGE**. |
updated_at | integer | Time at which this credential was last modified, in epoch milliseconds. |
updated_by | string | Username of user who last modified the credential. |
used_for_managed_storage | boolean | Whether this credential is the current metastore's root storage credential. Only applicable when purpose is **STORAGE**. |
| Name | Datatype | Description |
|---|---|---|
id | string | The unique identifier of the credential. |
name | string | The credential name. The name must be unique among storage and service credentials within the metastore. |
metastore_id | string | Unique identifier of the parent metastore. |
full_name | string | The full name of the credential. |
aws_iam_role | object | The AWS IAM role configuration |
azure_managed_identity | object | The Azure managed identity configuration. |
azure_service_principal | object | The Azure service principal configuration. |
cloudflare_api_token | object | The Cloudflare API token configuration. |
comment | string | Comment associated with the credential. |
created_at | integer | Time at which this credential was created, in epoch milliseconds. |
created_by | string | Username of credential creator. |
databricks_gcp_service_account | object | The Databricks managed GCP service account configuration. |
isolation_mode | string | Whether the current securable is accessible from all workspaces or a specific set of workspaces. (ISOLATION_MODE_ISOLATED, ISOLATION_MODE_OPEN) |
owner | string | Username of current owner of credential. |
read_only | boolean | Whether the credential is usable only for read operations. Only applicable when purpose is **STORAGE**. |
updated_at | integer | Time at which this credential was last modified, in epoch milliseconds. |
updated_by | string | Username of user who last modified the credential. |
used_for_managed_storage | boolean | Whether this credential is the current metastore's root storage credential. Only applicable when purpose is **STORAGE**. |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
account_storage_credentials_get | select | account_id, metastore_id, storage_credential_name | Gets a storage credential from the metastore. The caller must be a metastore admin, the owner of the | |
account_storage_credentials_list | select | account_id, metastore_id | Gets a list of all storage credentials that have been assigned to given metastore. | |
account_storage_credentials_create | insert | account_id, metastore_id | Creates a new storage credential. The request object is specific to the cloud: - AwsIamRole for | |
account_storage_credentials_update | replace | account_id, metastore_id, storage_credential_name | Updates a storage credential on the metastore. The caller must be the owner of the storage credential. | |
account_storage_credentials_delete | delete | account_id, metastore_id, storage_credential_name | force | Deletes a storage credential from the metastore. The caller must be an owner of the storage |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
metastore_id | string | Unity Catalog metastore ID |
storage_credential_name | string | Name of the storage credential. |
force | boolean | Force deletion even if the Storage Credential is not empty. Default is false. |
SELECT examples
- account_storage_credentials_get
- account_storage_credentials_list
Gets a storage credential from the metastore. The caller must be a metastore admin, the owner of the
SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_account.catalog.account_storage_credentials
WHERE account_id = '{{ account_id }}' -- required
AND metastore_id = '{{ metastore_id }}' -- required
AND storage_credential_name = '{{ storage_credential_name }}' -- required
;
Gets a list of all storage credentials that have been assigned to given metastore.
SELECT
id,
name,
metastore_id,
full_name,
aws_iam_role,
azure_managed_identity,
azure_service_principal,
cloudflare_api_token,
comment,
created_at,
created_by,
databricks_gcp_service_account,
isolation_mode,
owner,
read_only,
updated_at,
updated_by,
used_for_managed_storage
FROM databricks_account.catalog.account_storage_credentials
WHERE account_id = '{{ account_id }}' -- required
AND metastore_id = '{{ metastore_id }}' -- required
;
INSERT examples
- account_storage_credentials_create
- Manifest
Creates a new storage credential. The request object is specific to the cloud: - AwsIamRole for
INSERT INTO databricks_account.catalog.account_storage_credentials (
credential_info,
skip_validation,
account_id,
metastore_id
)
SELECT
'{{ credential_info }}',
{{ skip_validation }},
'{{ account_id }}',
'{{ metastore_id }}'
RETURNING
credential_info
;
# Description fields are for documentation purposes
- name: account_storage_credentials
props:
- name: account_id
value: "{{ account_id }}"
description: Required parameter for the account_storage_credentials resource.
- name: metastore_id
value: "{{ metastore_id }}"
description: Required parameter for the account_storage_credentials resource.
- name: credential_info
description: |
:param skip_validation: bool (optional) Optional, default false. Supplying true to this argument skips validation of the created set of credentials.
value:
name: "{{ name }}"
aws_iam_role:
role_arn: "{{ role_arn }}"
azure_managed_identity:
access_connector_id: "{{ access_connector_id }}"
managed_identity_id: "{{ managed_identity_id }}"
azure_service_principal:
directory_id: "{{ directory_id }}"
application_id: "{{ application_id }}"
client_secret: "{{ client_secret }}"
cloudflare_api_token:
access_key_id: "{{ access_key_id }}"
secret_access_key: "{{ secret_access_key }}"
account_id: "{{ account_id }}"
comment: "{{ comment }}"
databricks_gcp_service_account: "{{ databricks_gcp_service_account }}"
read_only: {{ read_only }}
- name: skip_validation
value: {{ skip_validation }}
REPLACE examples
- account_storage_credentials_update
Updates a storage credential on the metastore. The caller must be the owner of the storage credential.
REPLACE databricks_account.catalog.account_storage_credentials
SET
credential_info = '{{ credential_info }}',
skip_validation = {{ skip_validation }}
WHERE
account_id = '{{ account_id }}' --required
AND metastore_id = '{{ metastore_id }}' --required
AND storage_credential_name = '{{ storage_credential_name }}' --required
RETURNING
credential_info;
DELETE examples
- account_storage_credentials_delete
Deletes a storage credential from the metastore. The caller must be an owner of the storage
DELETE FROM databricks_account.catalog.account_storage_credentials
WHERE account_id = '{{ account_id }}' --required
AND metastore_id = '{{ metastore_id }}' --required
AND storage_credential_name = '{{ storage_credential_name }}' --required
AND force = '{{ force }}'
;