upd

Author: MyroslavLevchyk

README.md

@@ -214,11 +214,8 @@ No modules.
 | <a name="input_iam_workspace_groups"></a> [iam\_workspace\_groups](#input\_iam\_workspace\_groups) | Used to create workspace group. Map of group name and its parameters, such as users and service principals added to the group. Also possible to configure group entitlements. | <pre>map(object({<br>    user              = optional(list(string))<br>    service_principal = optional(list(string))<br>    entitlements      = optional(list(string))<br>  }))</pre> | `{}` | no |
 | <a name="input_ip_addresses"></a> [ip\_addresses](#input\_ip\_addresses) | A map of IP address ranges | `map(string)` | <pre>{<br>  "all": "0.0.0.0/0"<br>}</pre> | no |
 | <a name="input_key_vault_secret_scope"></a> [key\_vault\_secret\_scope](#input\_key\_vault\_secret\_scope) | Object with Azure Key Vault parameters required for creation of Azure-backed Databricks Secret scope | <pre>list(object({<br>    name         = string<br>    key_vault_id = string<br>    dns_name     = string<br>    tenant_id    = string<br>  }))</pre> | `[]` | no |
-| <a name="input_mount_cluster_name"></a> [mount\_cluster\_name](#input\_mount\_cluster\_name) | Name of the cluster that will be used during storage mounting. If mount\_adls\_passthrough == true, cluster should also have option cluster\_conf\_passthrought == true | `string` | `null` | no |
+| <a name="input_mount_configuration"></a> [mount\_configuration](#input\_mount\_configuration) | Configuration for mounting storage, including only service principal details | <pre>object({<br>    service_principal = object({<br>      client_id     = string<br>      client_secret = string<br>      tenant_id     = string<br>    })<br>  })</pre> | <pre>{<br>  "service_principal": {<br>    "client_id": null,<br>    "client_secret": null,<br>    "tenant_id": null<br>  }<br>}</pre> | no |
 | <a name="input_mount_enabled"></a> [mount\_enabled](#input\_mount\_enabled) | Boolean flag that determines whether mount point for storage account filesystem is created | `bool` | `false` | no |
-| <a name="input_mount_service_principal_client_id"></a> [mount\_service\_principal\_client\_id](#input\_mount\_service\_principal\_client\_id) | Application(client) Id of Service Principal used to perform storage account mounting | `string` | `null` | no |
-| <a name="input_mount_service_principal_secret"></a> [mount\_service\_principal\_secret](#input\_mount\_service\_principal\_secret) | Service Principal Secret used to perform storage account mounting | `string` | `null` | no |
-| <a name="input_mount_service_principal_tenant_id"></a> [mount\_service\_principal\_tenant\_id](#input\_mount\_service\_principal\_tenant\_id) | Service Principal tenant id used to perform storage account mounting | `string` | `null` | no |
 | <a name="input_mountpoints"></a> [mountpoints](#input\_mountpoints) | Mountpoints for databricks | <pre>map(object({<br>    storage_account_name = string<br>    container_name       = string<br>  }))</pre> | `{}` | no |
 | <a name="input_pat_token_lifetime_seconds"></a> [pat\_token\_lifetime\_seconds](#input\_pat\_token\_lifetime\_seconds) | The lifetime of the token, in seconds. If no lifetime is specified, the token remains valid indefinitely | `number` | `315569520` | no |
 | <a name="input_secret_scope"></a> [secret\_scope](#input\_secret\_scope) | Provides an ability to create custom Secret Scope, store secrets in it and assigning ACL for access management<br>scope\_name - name of Secret Scope to create;<br>acl - list of objects, where 'principal' custom group name, this group is created in 'Premium' module; 'permission' is one of "READ", "WRITE", "MANAGE";<br>secrets - list of objects, where object's 'key' param is created key name and 'string\_value' is a value for it; | <pre>list(object({<br>    scope_name = string<br>    scope_acl = optional(list(object({<br>      principal  = string<br>      permission = string<br>    })))<br>    secrets = optional(list(object({<br>      key          = string<br>      string_value = string<br>    })))<br>  }))</pre> | `[]` | no |

mount.tf

@@ -1,21 +1,21 @@
 locals {
   mount_sp_secrets = var.cloud_name == "azure" ? {
-    mount-sp-client-id = { value = var.mount_service_principal_client_id }
-    mount-sp-secret    = { value = var.mount_service_principal_secret }
+    mount_sp_client_id = { value = var.mount_configuration.service_principal.client_id }
+    mount_sp_secret    = { value = var.mount_configuration.service_principal.client_secret }
   } : {}
 }
 
 resource "databricks_mount" "adls" {
-  for_each = var.mount_enabled && var.cloud_name == "azure" ? var.mountpoints : {}
+  for_each = var.mount_enabled && var.cloud_name == "azure" ? var.mount_configuration.mountpoints : {}
 
   name = each.key
   uri  = "abfss://${each.value["container_name"]}@${each.value["storage_account_name"]}.dfs.core.windows.net"
   extra_configs = {
     "fs.azure.account.auth.type" : "OAuth",
     "fs.azure.account.oauth.provider.type" : "org.apache.hadoop.fs.azurebfs.oauth2.ClientCredsTokenProvider",
-    "fs.azure.account.oauth2.client.id" : var.mount_service_principal_client_id,
+    "fs.azure.account.oauth2.client.id" : var.mount_configuration.service_principal.client_id,
     "fs.azure.account.oauth2.client.secret" : databricks_secret.main["mount-sp-secret"].config_reference,
-    "fs.azure.account.oauth2.client.endpoint" : "https://login.microsoftonline.com/${var.mount_service_principal_tenant_id}/oauth2/token",
+    "fs.azure.account.oauth2.client.endpoint" : "https://login.microsoftonline.com/${var.mount_configuration.service_principal.tenant_id}/oauth2/token",
     "fs.azure.createRemoteFileSystemDuringInitialization" : "false",
   }
 }

secrets.tf

@@ -31,8 +31,8 @@ resource "databricks_secret" "main" {
 
   lifecycle {
     precondition {
-      condition     = var.cloud_name == "azure" && var.mount_enabled ? length(compact([var.mount_service_principal_client_id, var.mount_service_principal_secret, var.mount_service_principal_tenant_id])) == 3 : true
-      error_message = "To mount ADLS Storage, please provide prerequisite Service Principal values - 'mount_service_principal_object_id', 'mount_service_principal_secret', 'mount_service_principal_tenant_id'."
+      condition     = var.cloud_name == "azure" && var.mount_enabled ? length(compact([var.mount_configuration.service_principal.client_id, var.mount_configuration.service_principal.client_secret, var.mount_configuration.service_principal.tenant_id])) == 3 : true
+      error_message = "To mount ADLS Storage, please provide prerequisite Service Principal values - 'mount_configuration.service_principal.client_id', 'mount_configuration.service_principal.client_secret', 'mount_configuration.service_principal.tenant_id'."
     }
   }
 }

variables.tf

@@ -187,23 +187,23 @@ variable "mount_enabled" {
   default     = false
 }
 
-variable "mount_service_principal_client_id" {
-  type        = string
-  description = "Application(client) Id of Service Principal used to perform storage account mounting"
-  default     = null
-}
-
-variable "mount_service_principal_secret" {
-  type        = string
-  description = "Service Principal Secret used to perform storage account mounting"
-  default     = null
-  sensitive   = true
-}
-
-variable "mount_service_principal_tenant_id" {
-  type        = string
-  description = "Service Principal tenant id used to perform storage account mounting"
-  default     = null
+variable "mount_configuration" {
+  type = object({
+    service_principal = object({
+      client_id     = string
+      client_secret = string
+      tenant_id     = string
+    })
+  })
+  description = "Configuration for mounting storage, including only service principal details"
+  default = {
+    service_principal = {
+      client_id     = null
+      client_secret = null
+      tenant_id     = null
+    }
+  }
+  sensitive = true
 }
 
 variable "mountpoints" {
@@ -215,12 +215,6 @@ variable "mountpoints" {
   default     = {}
 }
 
-variable "mount_cluster_name" {
-  type        = string
-  description = "Name of the cluster that will be used during storage mounting. If mount_adls_passthrough == true, cluster should also have option cluster_conf_passthrought == true"
-  default     = null
-}
-
 variable "system_schemas" {
   type        = set(string)
   description = "Set of strings with all possible System Schema names"