diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index 30bdd6ae5a..ba69c62c5c 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -10,6 +10,7 @@ To disable this, set the environment variable DATABRICKS_CACHE_ENABLED to false. ### Bundles * Enable caching user identity by default ([#4202](https://github.com/databricks/cli/pull/4202)) +* Pass additional Azure DevOps system variables ([#4236](https://github.com/databricks/cli/pull/4236)) ### Dependency updates diff --git a/bundle/deploy/terraform/init.go b/bundle/deploy/terraform/init.go index 64c00adc00..a7aab9b8e2 100644 --- a/bundle/deploy/terraform/init.go +++ b/bundle/deploy/terraform/init.go @@ -166,18 +166,20 @@ func inheritEnvVars(ctx context.Context, environ map[string]string) error { environ[oidcTokenEnv] = oidcToken } - // If there's SYSTEM_ACCESSTOKEN set, we need to pass the value of the environment variable to Terraform. - // This is necessary to ensure that Terraform can use the same access token as the CLI for Azure DevOps OIDC auth. - systemAccessToken, ok := env.Lookup(ctx, "SYSTEM_ACCESSTOKEN") - if ok { - environ["SYSTEM_ACCESSTOKEN"] = systemAccessToken - } - - // If there's SYSTEM_TEAMFOUNDATIONCOLLECTIONURI set, we need to pass the value of the environment variable to Terraform. - // This is necessary for Azure DevOps OIDC auth to work properly. - systemCollectionUri, ok := env.Lookup(ctx, "SYSTEM_TEAMFOUNDATIONCOLLECTIONURI") - if ok { - environ["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"] = systemCollectionUri + // Pass additional Azure DevOps system variables required for OIDC authentication. + // These variables are used by the Databricks Go SDK to authenticate with Azure DevOps OIDC. + azureDevOpsVars := []string{ + "SYSTEM_ACCESSTOKEN", + "SYSTEM_TEAMFOUNDATIONCOLLECTIONURI", + "SYSTEM_PLANID", + "SYSTEM_COLLECTIONID", + "SYSTEM_TEAMPROJECTID", + "SYSTEM_OIDCREQUESTURI", + } + for _, varName := range azureDevOpsVars { + if val, ok := env.Lookup(ctx, varName); ok { + environ[varName] = val + } } // Map $DATABRICKS_TF_CLI_CONFIG_FILE to $TF_CLI_CONFIG_FILE diff --git a/bundle/deploy/terraform/init_test.go b/bundle/deploy/terraform/init_test.go index f0ddbcc652..764e9cac43 100644 --- a/bundle/deploy/terraform/init_test.go +++ b/bundle/deploy/terraform/init_test.go @@ -301,6 +301,23 @@ func TestInheritSystemTeamFoundationCollectionUri(t *testing.T) { assert.Equal(t, "foobar", env["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"]) } +func TestInheritAzureDevOpsSystemVariables(t *testing.T) { + // Set Azure DevOps system variables + t.Setenv("SYSTEM_PLANID", "plan-id-123") + t.Setenv("SYSTEM_COLLECTIONID", "collection-id-456") + t.Setenv("SYSTEM_TEAMPROJECTID", "project-id-789") + t.Setenv("SYSTEM_OIDCREQUESTURI", "https://oidc.example.com") + + ctx := context.Background() + env := map[string]string{} + err := inheritEnvVars(ctx, env) + require.NoError(t, err) + assert.Equal(t, "plan-id-123", env["SYSTEM_PLANID"]) + assert.Equal(t, "collection-id-456", env["SYSTEM_COLLECTIONID"]) + assert.Equal(t, "project-id-789", env["SYSTEM_TEAMPROJECTID"]) + assert.Equal(t, "https://oidc.example.com", env["SYSTEM_OIDCREQUESTURI"]) +} + func TestSetUserProfileFromInheritEnvVars(t *testing.T) { t.Setenv("USERPROFILE", "c:\\foo\\c")