Viewing docs for Databricks v1.91.1
published on Friday, May 1, 2026 by Pulumi
published on Friday, May 1, 2026 by Pulumi
Viewing docs for Databricks v1.91.1
published on Friday, May 1, 2026 by Pulumi
published on Friday, May 1, 2026 by Pulumi
This resource can be used with an account or workspace-level provider.
Optionally, each databricks.Metastore can have a default databricks.StorageCredential defined as databricks.MetastoreDataAccess. This will be used by Unity Catalog to access data in the root storage location if defined.
Example Usage
For AWS
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
const _this = new databricks.Metastore("this", {
name: "primary",
storageRoot: `s3://${metastore.id}/metastore`,
owner: "uc admins",
region: "us-east-1",
forceDestroy: true,
});
const thisMetastoreDataAccess = new databricks.MetastoreDataAccess("this", {
metastoreId: _this.id,
name: metastoreDataAccess.name,
awsIamRole: {
roleArn: metastoreDataAccess.arn,
},
isDefault: true,
});
import pulumi
import pulumi_databricks as databricks
this = databricks.Metastore("this",
name="primary",
storage_root=f"s3://{metastore['id']}/metastore",
owner="uc admins",
region="us-east-1",
force_destroy=True)
this_metastore_data_access = databricks.MetastoreDataAccess("this",
metastore_id=this.id,
name=metastore_data_access["name"],
aws_iam_role={
"role_arn": metastore_data_access["arn"],
},
is_default=True)
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
this, err := databricks.NewMetastore(ctx, "this", &databricks.MetastoreArgs{
Name: pulumi.String("primary"),
StorageRoot: pulumi.Sprintf("s3://%v/metastore", metastore.Id),
Owner: pulumi.String("uc admins"),
Region: pulumi.String("us-east-1"),
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = databricks.NewMetastoreDataAccess(ctx, "this", &databricks.MetastoreDataAccessArgs{
MetastoreId: this.ID(),
Name: pulumi.Any(metastoreDataAccess.Name),
AwsIamRole: &databricks.MetastoreDataAccessAwsIamRoleArgs{
RoleArn: pulumi.Any(metastoreDataAccess.Arn),
},
IsDefault: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.Index.Metastore("this", new()
{
Name = "primary",
StorageRoot = $"s3://{metastore.Id}/metastore",
Owner = "uc admins",
Region = "us-east-1",
ForceDestroy = true,
});
var thisMetastoreDataAccess = new Databricks.Index.MetastoreDataAccess("this", new()
{
MetastoreId = @this.Id,
Name = metastoreDataAccess.Name,
AwsIamRole = new Databricks.Inputs.MetastoreDataAccessAwsIamRoleArgs
{
RoleArn = metastoreDataAccess.Arn,
},
IsDefault = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Metastore;
import com.pulumi.databricks.MetastoreArgs;
import com.pulumi.databricks.MetastoreDataAccess;
import com.pulumi.databricks.MetastoreDataAccessArgs;
import com.pulumi.databricks.inputs.MetastoreDataAccessAwsIamRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new Metastore("this", MetastoreArgs.builder()
.name("primary")
.storageRoot(String.format("s3://%s/metastore", metastore.id()))
.owner("uc admins")
.region("us-east-1")
.forceDestroy(true)
.build());
var thisMetastoreDataAccess = new MetastoreDataAccess("thisMetastoreDataAccess", MetastoreDataAccessArgs.builder()
.metastoreId(this_.id())
.name(metastoreDataAccess.name())
.awsIamRole(MetastoreDataAccessAwsIamRoleArgs.builder()
.roleArn(metastoreDataAccess.arn())
.build())
.isDefault(true)
.build());
}
}
resources:
this:
type: databricks:Metastore
properties:
name: primary
storageRoot: s3://${metastore.id}/metastore
owner: uc admins
region: us-east-1
forceDestroy: true
thisMetastoreDataAccess:
type: databricks:MetastoreDataAccess
name: this
properties:
metastoreId: ${this.id}
name: ${metastoreDataAccess.name}
awsIamRole:
roleArn: ${metastoreDataAccess.arn}
isDefault: true
For Azure using managed identity as credential (recommended)
import * as pulumi from "@pulumi/pulumi";
import * as databricks from "@pulumi/databricks";
import * as std from "@pulumi/std";
const _this = new databricks.Metastore("this", {
name: "primary",
storageRoot: std.format({
input: "abfss://%s@%s.dfs.core.windows.net/",
args: [
unityCatalog.name,
unityCatalogAzurermStorageAccount.name,
],
}).then(invoke => invoke.result),
owner: "uc admins",
region: "eastus",
forceDestroy: true,
});
const thisMetastoreDataAccess = new databricks.MetastoreDataAccess("this", {
metastoreId: _this.id,
name: "mi_dac",
azureManagedIdentity: {
accessConnectorId: accessConnectorId,
},
isDefault: true,
});
import pulumi
import pulumi_databricks as databricks
import pulumi_std as std
this = databricks.Metastore("this",
name="primary",
storage_root=std.format(input="abfss://%s@%s.dfs.core.windows.net/",
args=[
unity_catalog["name"],
unity_catalog_azurerm_storage_account["name"],
]).result,
owner="uc admins",
region="eastus",
force_destroy=True)
this_metastore_data_access = databricks.MetastoreDataAccess("this",
metastore_id=this.id,
name="mi_dac",
azure_managed_identity={
"access_connector_id": access_connector_id,
},
is_default=True)
package main
import (
"github.com/pulumi/pulumi-databricks/sdk/go/databricks"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFormat, err := std.Format(ctx, &std.FormatArgs{
Input: "abfss://%s@%s.dfs.core.windows.net/",
Args: []interface{}{
unityCatalog.Name,
unityCatalogAzurermStorageAccount.Name,
},
}, nil)
if err != nil {
return err
}
this, err := databricks.NewMetastore(ctx, "this", &databricks.MetastoreArgs{
Name: pulumi.String("primary"),
StorageRoot: pulumi.String(invokeFormat.Result),
Owner: pulumi.String("uc admins"),
Region: pulumi.String("eastus"),
ForceDestroy: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = databricks.NewMetastoreDataAccess(ctx, "this", &databricks.MetastoreDataAccessArgs{
MetastoreId: this.ID(),
Name: pulumi.String("mi_dac"),
AzureManagedIdentity: &databricks.MetastoreDataAccessAzureManagedIdentityArgs{
AccessConnectorId: pulumi.Any(accessConnectorId),
},
IsDefault: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Databricks = Pulumi.Databricks;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @this = new Databricks.Index.Metastore("this", new()
{
Name = "primary",
StorageRoot = Std.Index.Format.Invoke(new()
{
Input = "abfss://%s@%s.dfs.core.windows.net/",
Args = new[]
{
unityCatalog.Name,
unityCatalogAzurermStorageAccount.Name,
},
}).Apply(invoke => invoke.Result),
Owner = "uc admins",
Region = "eastus",
ForceDestroy = true,
});
var thisMetastoreDataAccess = new Databricks.Index.MetastoreDataAccess("this", new()
{
MetastoreId = @this.Id,
Name = "mi_dac",
AzureManagedIdentity = new Databricks.Inputs.MetastoreDataAccessAzureManagedIdentityArgs
{
AccessConnectorId = accessConnectorId,
},
IsDefault = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.databricks.Metastore;
import com.pulumi.databricks.MetastoreArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FormatArgs;
import com.pulumi.databricks.MetastoreDataAccess;
import com.pulumi.databricks.MetastoreDataAccessArgs;
import com.pulumi.databricks.inputs.MetastoreDataAccessAzureManagedIdentityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var this_ = new Metastore("this", MetastoreArgs.builder()
.name("primary")
.storageRoot(StdFunctions.format(FormatArgs.builder()
.input("abfss://%s@%s.dfs.core.windows.net/")
.args(
unityCatalog.name(),
unityCatalogAzurermStorageAccount.name())
.build()).result())
.owner("uc admins")
.region("eastus")
.forceDestroy(true)
.build());
var thisMetastoreDataAccess = new MetastoreDataAccess("thisMetastoreDataAccess", MetastoreDataAccessArgs.builder()
.metastoreId(this_.id())
.name("mi_dac")
.azureManagedIdentity(MetastoreDataAccessAzureManagedIdentityArgs.builder()
.accessConnectorId(accessConnectorId)
.build())
.isDefault(true)
.build());
}
}
resources:
this:
type: databricks:Metastore
properties:
name: primary
storageRoot:
fn::invoke:
function: std:format
arguments:
input: abfss://%s@%s.dfs.core.windows.net/
args:
- ${unityCatalog.name}
- ${unityCatalogAzurermStorageAccount.name}
return: result
owner: uc admins
region: eastus
forceDestroy: true
thisMetastoreDataAccess:
type: databricks:MetastoreDataAccess
name: this
properties:
metastoreId: ${this.id}
name: mi_dac
azureManagedIdentity:
accessConnectorId: ${accessConnectorId}
isDefault: true
Create MetastoreDataAccess Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new MetastoreDataAccess(name: string, args?: MetastoreDataAccessArgs, opts?: CustomResourceOptions);@overload
def MetastoreDataAccess(resource_name: str,
args: Optional[MetastoreDataAccessArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def MetastoreDataAccess(resource_name: str,
opts: Optional[ResourceOptions] = None,
api: Optional[str] = None,
aws_iam_role: Optional[MetastoreDataAccessAwsIamRoleArgs] = None,
azure_managed_identity: Optional[MetastoreDataAccessAzureManagedIdentityArgs] = None,
azure_service_principal: Optional[MetastoreDataAccessAzureServicePrincipalArgs] = None,
cloudflare_api_token: Optional[MetastoreDataAccessCloudflareApiTokenArgs] = None,
comment: Optional[str] = None,
databricks_gcp_service_account: Optional[MetastoreDataAccessDatabricksGcpServiceAccountArgs] = None,
force_destroy: Optional[bool] = None,
force_update: Optional[bool] = None,
gcp_service_account_key: Optional[MetastoreDataAccessGcpServiceAccountKeyArgs] = None,
is_default: Optional[bool] = None,
isolation_mode: Optional[str] = None,
metastore_id: Optional[str] = None,
name: Optional[str] = None,
owner: Optional[str] = None,
provider_config: Optional[MetastoreDataAccessProviderConfigArgs] = None,
read_only: Optional[bool] = None,
skip_validation: Optional[bool] = None)func NewMetastoreDataAccess(ctx *Context, name string, args *MetastoreDataAccessArgs, opts ...ResourceOption) (*MetastoreDataAccess, error)public MetastoreDataAccess(string name, MetastoreDataAccessArgs? args = null, CustomResourceOptions? opts = null)
public MetastoreDataAccess(String name, MetastoreDataAccessArgs args)
public MetastoreDataAccess(String name, MetastoreDataAccessArgs args, CustomResourceOptions options)
type: databricks:MetastoreDataAccess
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args MetastoreDataAccessArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args MetastoreDataAccessArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args MetastoreDataAccessArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args MetastoreDataAccessArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args MetastoreDataAccessArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var metastoreDataAccessResource = new Databricks.MetastoreDataAccess("metastoreDataAccessResource", new()
{
Api = "string",
AwsIamRole = new Databricks.Inputs.MetastoreDataAccessAwsIamRoleArgs
{
RoleArn = "string",
ExternalId = "string",
UnityCatalogIamArn = "string",
},
AzureManagedIdentity = new Databricks.Inputs.MetastoreDataAccessAzureManagedIdentityArgs
{
AccessConnectorId = "string",
CredentialId = "string",
ManagedIdentityId = "string",
},
AzureServicePrincipal = new Databricks.Inputs.MetastoreDataAccessAzureServicePrincipalArgs
{
ApplicationId = "string",
ClientSecret = "string",
DirectoryId = "string",
},
CloudflareApiToken = new Databricks.Inputs.MetastoreDataAccessCloudflareApiTokenArgs
{
AccessKeyId = "string",
AccountId = "string",
SecretAccessKey = "string",
},
Comment = "string",
DatabricksGcpServiceAccount = new Databricks.Inputs.MetastoreDataAccessDatabricksGcpServiceAccountArgs
{
CredentialId = "string",
Email = "string",
},
ForceDestroy = false,
ForceUpdate = false,
GcpServiceAccountKey = new Databricks.Inputs.MetastoreDataAccessGcpServiceAccountKeyArgs
{
Email = "string",
PrivateKey = "string",
PrivateKeyId = "string",
},
IsDefault = false,
IsolationMode = "string",
MetastoreId = "string",
Name = "string",
Owner = "string",
ProviderConfig = new Databricks.Inputs.MetastoreDataAccessProviderConfigArgs
{
WorkspaceId = "string",
},
ReadOnly = false,
SkipValidation = false,
});
example, err := databricks.NewMetastoreDataAccess(ctx, "metastoreDataAccessResource", &databricks.MetastoreDataAccessArgs{
Api: pulumi.String("string"),
AwsIamRole: &databricks.MetastoreDataAccessAwsIamRoleArgs{
RoleArn: pulumi.String("string"),
ExternalId: pulumi.String("string"),
UnityCatalogIamArn: pulumi.String("string"),
},
AzureManagedIdentity: &databricks.MetastoreDataAccessAzureManagedIdentityArgs{
AccessConnectorId: pulumi.String("string"),
CredentialId: pulumi.String("string"),
ManagedIdentityId: pulumi.String("string"),
},
AzureServicePrincipal: &databricks.MetastoreDataAccessAzureServicePrincipalArgs{
ApplicationId: pulumi.String("string"),
ClientSecret: pulumi.String("string"),
DirectoryId: pulumi.String("string"),
},
CloudflareApiToken: &databricks.MetastoreDataAccessCloudflareApiTokenArgs{
AccessKeyId: pulumi.String("string"),
AccountId: pulumi.String("string"),
SecretAccessKey: pulumi.String("string"),
},
Comment: pulumi.String("string"),
DatabricksGcpServiceAccount: &databricks.MetastoreDataAccessDatabricksGcpServiceAccountArgs{
CredentialId: pulumi.String("string"),
Email: pulumi.String("string"),
},
ForceDestroy: pulumi.Bool(false),
ForceUpdate: pulumi.Bool(false),
GcpServiceAccountKey: &databricks.MetastoreDataAccessGcpServiceAccountKeyArgs{
Email: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
PrivateKeyId: pulumi.String("string"),
},
IsDefault: pulumi.Bool(false),
IsolationMode: pulumi.String("string"),
MetastoreId: pulumi.String("string"),
Name: pulumi.String("string"),
Owner: pulumi.String("string"),
ProviderConfig: &databricks.MetastoreDataAccessProviderConfigArgs{
WorkspaceId: pulumi.String("string"),
},
ReadOnly: pulumi.Bool(false),
SkipValidation: pulumi.Bool(false),
})
var metastoreDataAccessResource = new MetastoreDataAccess("metastoreDataAccessResource", MetastoreDataAccessArgs.builder()
.api("string")
.awsIamRole(MetastoreDataAccessAwsIamRoleArgs.builder()
.roleArn("string")
.externalId("string")
.unityCatalogIamArn("string")
.build())
.azureManagedIdentity(MetastoreDataAccessAzureManagedIdentityArgs.builder()
.accessConnectorId("string")
.credentialId("string")
.managedIdentityId("string")
.build())
.azureServicePrincipal(MetastoreDataAccessAzureServicePrincipalArgs.builder()
.applicationId("string")
.clientSecret("string")
.directoryId("string")
.build())
.cloudflareApiToken(MetastoreDataAccessCloudflareApiTokenArgs.builder()
.accessKeyId("string")
.accountId("string")
.secretAccessKey("string")
.build())
.comment("string")
.databricksGcpServiceAccount(MetastoreDataAccessDatabricksGcpServiceAccountArgs.builder()
.credentialId("string")
.email("string")
.build())
.forceDestroy(false)
.forceUpdate(false)
.gcpServiceAccountKey(MetastoreDataAccessGcpServiceAccountKeyArgs.builder()
.email("string")
.privateKey("string")
.privateKeyId("string")
.build())
.isDefault(false)
.isolationMode("string")
.metastoreId("string")
.name("string")
.owner("string")
.providerConfig(MetastoreDataAccessProviderConfigArgs.builder()
.workspaceId("string")
.build())
.readOnly(false)
.skipValidation(false)
.build());
metastore_data_access_resource = databricks.MetastoreDataAccess("metastoreDataAccessResource",
api="string",
aws_iam_role={
"role_arn": "string",
"external_id": "string",
"unity_catalog_iam_arn": "string",
},
azure_managed_identity={
"access_connector_id": "string",
"credential_id": "string",
"managed_identity_id": "string",
},
azure_service_principal={
"application_id": "string",
"client_secret": "string",
"directory_id": "string",
},
cloudflare_api_token={
"access_key_id": "string",
"account_id": "string",
"secret_access_key": "string",
},
comment="string",
databricks_gcp_service_account={
"credential_id": "string",
"email": "string",
},
force_destroy=False,
force_update=False,
gcp_service_account_key={
"email": "string",
"private_key": "string",
"private_key_id": "string",
},
is_default=False,
isolation_mode="string",
metastore_id="string",
name="string",
owner="string",
provider_config={
"workspace_id": "string",
},
read_only=False,
skip_validation=False)
const metastoreDataAccessResource = new databricks.MetastoreDataAccess("metastoreDataAccessResource", {
api: "string",
awsIamRole: {
roleArn: "string",
externalId: "string",
unityCatalogIamArn: "string",
},
azureManagedIdentity: {
accessConnectorId: "string",
credentialId: "string",
managedIdentityId: "string",
},
azureServicePrincipal: {
applicationId: "string",
clientSecret: "string",
directoryId: "string",
},
cloudflareApiToken: {
accessKeyId: "string",
accountId: "string",
secretAccessKey: "string",
},
comment: "string",
databricksGcpServiceAccount: {
credentialId: "string",
email: "string",
},
forceDestroy: false,
forceUpdate: false,
gcpServiceAccountKey: {
email: "string",
privateKey: "string",
privateKeyId: "string",
},
isDefault: false,
isolationMode: "string",
metastoreId: "string",
name: "string",
owner: "string",
providerConfig: {
workspaceId: "string",
},
readOnly: false,
skipValidation: false,
});
type: databricks:MetastoreDataAccess
properties:
api: string
awsIamRole:
externalId: string
roleArn: string
unityCatalogIamArn: string
azureManagedIdentity:
accessConnectorId: string
credentialId: string
managedIdentityId: string
azureServicePrincipal:
applicationId: string
clientSecret: string
directoryId: string
cloudflareApiToken:
accessKeyId: string
accountId: string
secretAccessKey: string
comment: string
databricksGcpServiceAccount:
credentialId: string
email: string
forceDestroy: false
forceUpdate: false
gcpServiceAccountKey:
email: string
privateKey: string
privateKeyId: string
isDefault: false
isolationMode: string
metastoreId: string
name: string
owner: string
providerConfig:
workspaceId: string
readOnly: false
skipValidation: false
MetastoreDataAccess Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The MetastoreDataAccess resource accepts the following input properties:
- Api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - Aws
Iam MetastoreRole Data Access Aws Iam Role - Azure
Managed MetastoreIdentity Data Access Azure Managed Identity - Azure
Service MetastorePrincipal Data Access Azure Service Principal - Cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - Comment string
- Databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - Force
Destroy bool - Force
Update bool - Gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - Is
Default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- Isolation
Mode string - Metastore
Id string - Name string
- Owner string
- Provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- Read
Only bool - Skip
Validation bool
- Api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - Aws
Iam MetastoreRole Data Access Aws Iam Role Args - Azure
Managed MetastoreIdentity Data Access Azure Managed Identity Args - Azure
Service MetastorePrincipal Data Access Azure Service Principal Args - Cloudflare
Api MetastoreToken Data Access Cloudflare Api Token Args - Comment string
- Databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account Args - Force
Destroy bool - Force
Update bool - Gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key Args - Is
Default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- Isolation
Mode string - Metastore
Id string - Name string
- Owner string
- Provider
Config MetastoreData Access Provider Config Args - Configure the provider for management through account provider. This block consists of the following fields:
- Read
Only bool - Skip
Validation bool
- api String
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam MetastoreRole Data Access Aws Iam Role - azure
Managed MetastoreIdentity Data Access Azure Managed Identity - azure
Service MetastorePrincipal Data Access Azure Service Principal - cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - comment String
- databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - force
Destroy Boolean - force
Update Boolean - gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - is
Default Boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode String - metastore
Id String - name String
- owner String
- provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only Boolean - skip
Validation Boolean
- api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam MetastoreRole Data Access Aws Iam Role - azure
Managed MetastoreIdentity Data Access Azure Managed Identity - azure
Service MetastorePrincipal Data Access Azure Service Principal - cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - comment string
- databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - force
Destroy boolean - force
Update boolean - gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - is
Default boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode string - metastore
Id string - name string
- owner string
- provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only boolean - skip
Validation boolean
- api str
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws_
iam_ Metastorerole Data Access Aws Iam Role Args - azure_
managed_ Metastoreidentity Data Access Azure Managed Identity Args - azure_
service_ Metastoreprincipal Data Access Azure Service Principal Args - cloudflare_
api_ Metastoretoken Data Access Cloudflare Api Token Args - comment str
- databricks_
gcp_ Metastoreservice_ account Data Access Databricks Gcp Service Account Args - force_
destroy bool - force_
update bool - gcp_
service_ Metastoreaccount_ key Data Access Gcp Service Account Key Args - is_
default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation_
mode str - metastore_
id str - name str
- owner str
- provider_
config MetastoreData Access Provider Config Args - Configure the provider for management through account provider. This block consists of the following fields:
- read_
only bool - skip_
validation bool
- api String
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam Property MapRole - azure
Managed Property MapIdentity - azure
Service Property MapPrincipal - cloudflare
Api Property MapToken - comment String
- databricks
Gcp Property MapService Account - force
Destroy Boolean - force
Update Boolean - gcp
Service Property MapAccount Key - is
Default Boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode String - metastore
Id String - name String
- owner String
- provider
Config Property Map - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only Boolean - skip
Validation Boolean
Outputs
All input properties are implicitly available as output properties. Additionally, the MetastoreDataAccess resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing MetastoreDataAccess Resource
Get an existing MetastoreDataAccess resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: MetastoreDataAccessState, opts?: CustomResourceOptions): MetastoreDataAccess@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
api: Optional[str] = None,
aws_iam_role: Optional[MetastoreDataAccessAwsIamRoleArgs] = None,
azure_managed_identity: Optional[MetastoreDataAccessAzureManagedIdentityArgs] = None,
azure_service_principal: Optional[MetastoreDataAccessAzureServicePrincipalArgs] = None,
cloudflare_api_token: Optional[MetastoreDataAccessCloudflareApiTokenArgs] = None,
comment: Optional[str] = None,
databricks_gcp_service_account: Optional[MetastoreDataAccessDatabricksGcpServiceAccountArgs] = None,
force_destroy: Optional[bool] = None,
force_update: Optional[bool] = None,
gcp_service_account_key: Optional[MetastoreDataAccessGcpServiceAccountKeyArgs] = None,
is_default: Optional[bool] = None,
isolation_mode: Optional[str] = None,
metastore_id: Optional[str] = None,
name: Optional[str] = None,
owner: Optional[str] = None,
provider_config: Optional[MetastoreDataAccessProviderConfigArgs] = None,
read_only: Optional[bool] = None,
skip_validation: Optional[bool] = None) -> MetastoreDataAccessfunc GetMetastoreDataAccess(ctx *Context, name string, id IDInput, state *MetastoreDataAccessState, opts ...ResourceOption) (*MetastoreDataAccess, error)public static MetastoreDataAccess Get(string name, Input<string> id, MetastoreDataAccessState? state, CustomResourceOptions? opts = null)public static MetastoreDataAccess get(String name, Output<String> id, MetastoreDataAccessState state, CustomResourceOptions options)resources: _: type: databricks:MetastoreDataAccess get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - Aws
Iam MetastoreRole Data Access Aws Iam Role - Azure
Managed MetastoreIdentity Data Access Azure Managed Identity - Azure
Service MetastorePrincipal Data Access Azure Service Principal - Cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - Comment string
- Databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - Force
Destroy bool - Force
Update bool - Gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - Is
Default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- Isolation
Mode string - Metastore
Id string - Name string
- Owner string
- Provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- Read
Only bool - Skip
Validation bool
- Api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - Aws
Iam MetastoreRole Data Access Aws Iam Role Args - Azure
Managed MetastoreIdentity Data Access Azure Managed Identity Args - Azure
Service MetastorePrincipal Data Access Azure Service Principal Args - Cloudflare
Api MetastoreToken Data Access Cloudflare Api Token Args - Comment string
- Databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account Args - Force
Destroy bool - Force
Update bool - Gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key Args - Is
Default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- Isolation
Mode string - Metastore
Id string - Name string
- Owner string
- Provider
Config MetastoreData Access Provider Config Args - Configure the provider for management through account provider. This block consists of the following fields:
- Read
Only bool - Skip
Validation bool
- api String
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam MetastoreRole Data Access Aws Iam Role - azure
Managed MetastoreIdentity Data Access Azure Managed Identity - azure
Service MetastorePrincipal Data Access Azure Service Principal - cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - comment String
- databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - force
Destroy Boolean - force
Update Boolean - gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - is
Default Boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode String - metastore
Id String - name String
- owner String
- provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only Boolean - skip
Validation Boolean
- api string
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam MetastoreRole Data Access Aws Iam Role - azure
Managed MetastoreIdentity Data Access Azure Managed Identity - azure
Service MetastorePrincipal Data Access Azure Service Principal - cloudflare
Api MetastoreToken Data Access Cloudflare Api Token - comment string
- databricks
Gcp MetastoreService Account Data Access Databricks Gcp Service Account - force
Destroy boolean - force
Update boolean - gcp
Service MetastoreAccount Key Data Access Gcp Service Account Key - is
Default boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode string - metastore
Id string - name string
- owner string
- provider
Config MetastoreData Access Provider Config - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only boolean - skip
Validation boolean
- api str
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws_
iam_ Metastorerole Data Access Aws Iam Role Args - azure_
managed_ Metastoreidentity Data Access Azure Managed Identity Args - azure_
service_ Metastoreprincipal Data Access Azure Service Principal Args - cloudflare_
api_ Metastoretoken Data Access Cloudflare Api Token Args - comment str
- databricks_
gcp_ Metastoreservice_ account Data Access Databricks Gcp Service Account Args - force_
destroy bool - force_
update bool - gcp_
service_ Metastoreaccount_ key Data Access Gcp Service Account Key Args - is_
default bool - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation_
mode str - metastore_
id str - name str
- owner str
- provider_
config MetastoreData Access Provider Config Args - Configure the provider for management through account provider. This block consists of the following fields:
- read_
only bool - skip_
validation bool
- api String
- Specifies whether to use account-level or workspace-level API. Valid values are
accountandworkspace. When not set, the API level is inferred from the provider host. - aws
Iam Property MapRole - azure
Managed Property MapIdentity - azure
Service Property MapPrincipal - cloudflare
Api Property MapToken - comment String
- databricks
Gcp Property MapService Account - force
Destroy Boolean - force
Update Boolean - gcp
Service Property MapAccount Key - is
Default Boolean - whether to set this credential as the default for the metastore. In practice, this should always be true.
- isolation
Mode String - metastore
Id String - name String
- owner String
- provider
Config Property Map - Configure the provider for management through account provider. This block consists of the following fields:
- read
Only Boolean - skip
Validation Boolean
Supporting Types
MetastoreDataAccessAwsIamRole, MetastoreDataAccessAwsIamRoleArgs
- Role
Arn string - External
Id string - Unity
Catalog stringIam Arn
- Role
Arn string - External
Id string - Unity
Catalog stringIam Arn
- role
Arn String - external
Id String - unity
Catalog StringIam Arn
- role
Arn string - external
Id string - unity
Catalog stringIam Arn
- role_
arn str - external_
id str - unity_
catalog_ striam_ arn
- role
Arn String - external
Id String - unity
Catalog StringIam Arn
MetastoreDataAccessAzureManagedIdentity, MetastoreDataAccessAzureManagedIdentityArgs
- Access
Connector stringId - Credential
Id string - Managed
Identity stringId
- Access
Connector stringId - Credential
Id string - Managed
Identity stringId
- access
Connector StringId - credential
Id String - managed
Identity StringId
- access
Connector stringId - credential
Id string - managed
Identity stringId
- access
Connector StringId - credential
Id String - managed
Identity StringId
MetastoreDataAccessAzureServicePrincipal, MetastoreDataAccessAzureServicePrincipalArgs
- Application
Id string - Client
Secret string - Directory
Id string
- Application
Id string - Client
Secret string - Directory
Id string
- application
Id String - client
Secret String - directory
Id String
- application
Id string - client
Secret string - directory
Id string
- application_
id str - client_
secret str - directory_
id str
- application
Id String - client
Secret String - directory
Id String
MetastoreDataAccessCloudflareApiToken, MetastoreDataAccessCloudflareApiTokenArgs
- Access
Key stringId - Account
Id string - Secret
Access stringKey
- Access
Key stringId - Account
Id string - Secret
Access stringKey
- access
Key StringId - account
Id String - secret
Access StringKey
- access
Key stringId - account
Id string - secret
Access stringKey
- access_
key_ strid - account_
id str - secret_
access_ strkey
- access
Key StringId - account
Id String - secret
Access StringKey
MetastoreDataAccessDatabricksGcpServiceAccount, MetastoreDataAccessDatabricksGcpServiceAccountArgs
- Credential
Id string - Email string
- Credential
Id string - Email string
- credential
Id String - email String
- credential
Id string - email string
- credential_
id str - email str
- credential
Id String - email String
MetastoreDataAccessGcpServiceAccountKey, MetastoreDataAccessGcpServiceAccountKeyArgs
- Email string
- Private
Key string - Private
Key stringId
- Email string
- Private
Key string - Private
Key stringId
- email String
- private
Key String - private
Key StringId
- email string
- private
Key string - private
Key stringId
- email str
- private_
key str - private_
key_ strid
- email String
- private
Key String - private
Key StringId
MetastoreDataAccessProviderConfig, MetastoreDataAccessProviderConfigArgs
- Workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- Workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id String - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id string - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace_
id str - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
- workspace
Id String - Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
Package Details
- Repository
- databricks pulumi/pulumi-databricks
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
databricksTerraform Provider.
Viewing docs for Databricks v1.91.1
published on Friday, May 1, 2026 by Pulumi
published on Friday, May 1, 2026 by Pulumi
