Pass additional Azure DevOps system variables

NEXT_CHANGELOG.md

@@ -10,6 +10,7 @@ To disable this, set the environment variable DATABRICKS_CACHE_ENABLED to false.
 
 ### Bundles
 * Enable caching user identity by default ([#4202](https://github.com/databricks/cli/pull/4202))
+* Pass additional Azure DevOps system variables ([#4236](https://github.com/databricks/cli/pull/4236))
 
 ### Dependency updates
 

bundle/deploy/terraform/init.go

@@ -166,18 +166,20 @@ func inheritEnvVars(ctx context.Context, environ map[string]string) error {
 		environ[oidcTokenEnv] = oidcToken
 	}
 
-	// If there's SYSTEM_ACCESSTOKEN set, we need to pass the value of the environment variable to Terraform.
-	// This is necessary to ensure that Terraform can use the same access token as the CLI for Azure DevOps OIDC auth.
-	systemAccessToken, ok := env.Lookup(ctx, "SYSTEM_ACCESSTOKEN")
-	if ok {
-		environ["SYSTEM_ACCESSTOKEN"] = systemAccessToken
-	}
-
-	// If there's SYSTEM_TEAMFOUNDATIONCOLLECTIONURI set, we need to pass the value of the environment variable to Terraform.
-	// This is necessary for Azure DevOps OIDC auth to work properly.
-	systemCollectionUri, ok := env.Lookup(ctx, "SYSTEM_TEAMFOUNDATIONCOLLECTIONURI")
-	if ok {
-		environ["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"] = systemCollectionUri
+	// Pass additional Azure DevOps system variables required for OIDC authentication.
+	// These variables are used by the Databricks Go SDK to authenticate with Azure DevOps OIDC.
+	azureDevOpsVars := []string{
+		"SYSTEM_ACCESSTOKEN",
+		"SYSTEM_TEAMFOUNDATIONCOLLECTIONURI",
+		"SYSTEM_PLANID",
+		"SYSTEM_COLLECTIONID",
+		"SYSTEM_TEAMPROJECTID",
+		"SYSTEM_OIDCREQUESTURI",
+	}
+	for _, varName := range azureDevOpsVars {
+		if val, ok := env.Lookup(ctx, varName); ok {
+			environ[varName] = val
+		}
 	}
 
 	// Map $DATABRICKS_TF_CLI_CONFIG_FILE to $TF_CLI_CONFIG_FILE

bundle/deploy/terraform/init_test.go

@@ -301,6 +301,23 @@ func TestInheritSystemTeamFoundationCollectionUri(t *testing.T) {
 	assert.Equal(t, "foobar", env["SYSTEM_TEAMFOUNDATIONCOLLECTIONURI"])
 }
 
+func TestInheritAzureDevOpsSystemVariables(t *testing.T) {
+	// Set Azure DevOps system variables
+	t.Setenv("SYSTEM_PLANID", "plan-id-123")
+	t.Setenv("SYSTEM_COLLECTIONID", "collection-id-456")
+	t.Setenv("SYSTEM_TEAMPROJECTID", "project-id-789")
+	t.Setenv("SYSTEM_OIDCREQUESTURI", "https://oidc.example.com")
+
+	ctx := context.Background()
+	env := map[string]string{}
+	err := inheritEnvVars(ctx, env)
+	require.NoError(t, err)
+	assert.Equal(t, "plan-id-123", env["SYSTEM_PLANID"])
+	assert.Equal(t, "collection-id-456", env["SYSTEM_COLLECTIONID"])
+	assert.Equal(t, "project-id-789", env["SYSTEM_TEAMPROJECTID"])
+	assert.Equal(t, "https://oidc.example.com", env["SYSTEM_OIDCREQUESTURI"])
+}
+
 func TestSetUserProfileFromInheritEnvVars(t *testing.T) {
 	t.Setenv("USERPROFILE", "c:\\foo\\c")