Skip to content

Commit 75a5444

Browse files
owlleg6owlleg6
committed
fix: key vault secret scope fixed
1 parent c24d48a commit 75a5444

File tree

2 files changed

+23
-17
lines changed

2 files changed

+23
-17
lines changed

secrets.tf

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -59,20 +59,26 @@ resource "azurerm_key_vault_access_policy" "databricks" {
5959
}
6060

6161
resource "databricks_secret_scope" "external" {
62-
count = var.key_vault_secret_scope.key_vault_id != null ? 1 : 0
62+
for_each = {
63+
for param in var.key_vault_secret_scope : (param.name) => param
64+
if param.name != null
65+
}
6366

64-
name = "external"
67+
name = each.value.name
6568
keyvault_metadata {
66-
resource_id = var.key_vault_secret_scope.key_vault_id
67-
dns_name = var.key_vault_secret_scope.dns_name
69+
resource_id = each.value.key_vault_id
70+
dns_name = each.value.dns_name
6871
}
6972
depends_on = [azurerm_key_vault_access_policy.databricks]
7073
}
7174

7275
resource "databricks_secret_acl" "external" {
73-
count = var.key_vault_secret_scope.key_vault_id != null ? 1 : 0
76+
for_each = {
77+
for param in var.key_vault_secret_scope : (param.name) => param
78+
if param.name != null
79+
}
7480

75-
scope = databricks_secret_scope.external[0].name
81+
scope = databricks_secret_scope.external[each.value.name].name
7682
principal = "users"
7783
permission = "READ"
7884
}

variables.tf

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -132,6 +132,17 @@ variable "key_vault_id" {
132132
description = "ID of the Key Vault instance where the Secret resides"
133133
}
134134

135+
# Azure Key Vault-backed Secret Scope
136+
variable "key_vault_secret_scope" {
137+
type = object({
138+
name = optional(string)
139+
key_vault_id = optional(string)
140+
dns_name = optional(string)
141+
})
142+
description = "Object with Azure Key Vault parameters required for creation of Azure-backed Databricks Secret scope"
143+
default = {}
144+
}
145+
135146
variable "tenant_id_secret_name" {
136147
type = string
137148
description = "The name of Azure Key Vault secret that contains tenant ID secret of Service Principal to access in Azure Key Vault"
@@ -215,14 +226,3 @@ variable "mount_cluster_name" {
215226
default = null
216227
}
217228

218-
variable "key_vault_secret_scope" {
219-
type = object({
220-
key_vault_id = string
221-
dns_name = string
222-
})
223-
description = "Object with Azure Key Vault parameters required for creation of Azure-backed Databricks Secret scope"
224-
default = {
225-
key_vault_id = null
226-
dns_name = null
227-
}
228-
}

0 commit comments

Comments
 (0)