cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon databricks

CLI needs internet access to download additional components

Open jdavidheiser opened this issue 9 months ago • 8 comments

Describe the issue

When using the CLI to interact with Databricks Asset Bundles, it needs to fetch and install some Terraform libraries. This causes problems when installing the CLI in a Docker image and then using that CLI in an airgapped environment.

This is a re-raising of the issue brought up in https://github.com/databricks/cli/issues/1238#issuecomment-2671229292 since it's been a while since that was posted and I still have no idea when a solution will be available.

Steps to reproduce the behavior

  • Install CLI
  • block access to hasicorp.com
  • try to run databricks bundle ...

Expected Behavior

I would expect to be able to install all transitive dependencies when running the installer, and not have them dynamically installed later.

Actual Behavior

I have to manually install and configure terraform, or use a standalone Docker image, which does not really fit with my workflow here.

OS and CLI version

NA

Is this a regression?

No

Debug Logs

NA

jdavidheiser avatar Apr 10 '25 18:04 jdavidheiser

Long term we're planning to stop depending on downloaded terraform binary.

Short term, you can set up docker image by pre-downloading the needed binaries and setting up some environment variables. We do that in our own tests. See https://github.com/databricks/cli/blob/main/acceptance/install_terraform.py

denik avatar Apr 11 '25 08:04 denik

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Jun 11 '25 00:06 github-actions[bot]

Is there any update on plans to stop depending on the downloaded binary?

jdavidheiser avatar Jun 26 '25 19:06 jdavidheiser

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.

github-actions[bot] avatar Aug 27 '25 00:08 github-actions[bot]

Is there any update on plans to stop depending on the downloaded binary?

Yes, we're working on new deployment method that does not use terraform and that would make databricks cli binary self sufficient. Expected to be ready to use in 2 months.

denik avatar Aug 27 '25 06:08 denik

Could you say more about the new deployment method, or share any docs on the design? We're making long term plans on how we want to interface with Asset Bundles and it would be useful to understand your thinking here.

jdavidheiser avatar Aug 27 '25 13:08 jdavidheiser

If internet access is required, can the team provide a full list of urls required in using databricks cli? If the build agent is hosted in a secure (private virtual network environment), those urls would be required for whitelisting.

joehmchan avatar Oct 19 '25 13:10 joehmchan

Yes, we're working on new deployment method that does not use terraform and that would make databricks cli binary self sufficient. Expected to be ready to use in 2 months.

Any updates? Is there public roadmap, or Github issue, tracking this change?

bradser avatar Nov 04 '25 15:11 bradser