pulumi-databricks 1.74.0a1753335781__py3-none-any.whl → 1.77.0__py3-none-any.whl

pulumi_databricks/service_principal.py

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
 
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,40 +19,40 @@ __all__ = ['ServicePrincipalArgs', 'ServicePrincipal']
 @pulumi.input_type
 class ServicePrincipalArgs:
     def __init__(__self__, *,
-                 acl_principal_id: Optional[pulumi.Input[builtins.str]] = None,
-                 active: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_cluster_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_instance_pool_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 application_id: Optional[pulumi.Input[builtins.str]] = None,
-                 databricks_sql_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_as_user_deletion: Optional[pulumi.Input[builtins.bool]] = None,
-                 display_name: Optional[pulumi.Input[builtins.str]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 force: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_home_dir: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_repos: Optional[pulumi.Input[builtins.bool]] = None,
-                 home: Optional[pulumi.Input[builtins.str]] = None,
-                 repos: Optional[pulumi.Input[builtins.str]] = None,
-                 workspace_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 workspace_consume: Optional[pulumi.Input[builtins.bool]] = None):
+                 acl_principal_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 active: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_cluster_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_instance_pool_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 databricks_sql_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_as_user_deletion: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 force: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_home_dir: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_repos: Optional[pulumi.Input[_builtins.bool]] = None,
+                 home: Optional[pulumi.Input[_builtins.str]] = None,
+                 repos: Optional[pulumi.Input[_builtins.str]] = None,
+                 workspace_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 workspace_consume: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         The set of arguments for constructing a ServicePrincipal resource.
-        :param pulumi.Input[builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
-        :param pulumi.Input[builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
-        :param pulumi.Input[builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
-        :param pulumi.Input[builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
-        :param pulumi.Input[builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
-        :param pulumi.Input[builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
-        :param pulumi.Input[builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
-        :param pulumi.Input[builtins.str] external_id: ID of the service principal in an external identity provider.
-        :param pulumi.Input[builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
-        :param pulumi.Input[builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
-        :param pulumi.Input[builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
+        :param pulumi.Input[_builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+        :param pulumi.Input[_builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+        :param pulumi.Input[_builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
+        :param pulumi.Input[_builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
+        :param pulumi.Input[_builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+        :param pulumi.Input[_builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
+        :param pulumi.Input[_builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
+        :param pulumi.Input[_builtins.str] external_id: ID of the service principal in an external identity provider.
+        :param pulumi.Input[_builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+        :param pulumi.Input[_builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
+        :param pulumi.Input[_builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         if acl_principal_id is not None:
             pulumi.set(__self__, "acl_principal_id", acl_principal_id)
@@ -88,236 +87,236 @@ class ServicePrincipalArgs:
         if workspace_consume is not None:
             pulumi.set(__self__, "workspace_consume", workspace_consume)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="aclPrincipalId")
-    def acl_principal_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def acl_principal_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "acl_principal_id")
 
     @acl_principal_id.setter
-    def acl_principal_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def acl_principal_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "acl_principal_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def active(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def active(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
         """
         return pulumi.get(self, "active")
 
     @active.setter
-    def active(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def active(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "active", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowClusterCreate")
-    def allow_cluster_create(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_cluster_create(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
         """
         return pulumi.get(self, "allow_cluster_create")
 
     @allow_cluster_create.setter
-    def allow_cluster_create(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_cluster_create(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_cluster_create", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowInstancePoolCreate")
-    def allow_instance_pool_create(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_instance_pool_create(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
         """
         return pulumi.get(self, "allow_instance_pool_create")
 
     @allow_instance_pool_create.setter
-    def allow_instance_pool_create(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_instance_pool_create(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_instance_pool_create", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def application_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
         """
         return pulumi.get(self, "application_id")
 
     @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def application_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "application_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="databricksSqlAccess")
-    def databricks_sql_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def databricks_sql_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
         """
         return pulumi.get(self, "databricks_sql_access")
 
     @databricks_sql_access.setter
-    def databricks_sql_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def databricks_sql_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "databricks_sql_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAsUserDeletion")
-    def disable_as_user_deletion(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_as_user_deletion(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
         """
         return pulumi.get(self, "disable_as_user_deletion")
 
     @disable_as_user_deletion.setter
-    def disable_as_user_deletion(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_as_user_deletion(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_as_user_deletion", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def display_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         This is an alias for the service principal and can be the full name of the service principal.
         """
         return pulumi.get(self, "display_name")
 
     @display_name.setter
-    def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def display_name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "display_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         ID of the service principal in an external identity provider.
         """
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def force(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
         """
         return pulumi.get(self, "force")
 
     @force.setter
-    def force(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteHomeDir")
-    def force_delete_home_dir(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force_delete_home_dir(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_home_dir")
 
     @force_delete_home_dir.setter
-    def force_delete_home_dir(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force_delete_home_dir(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force_delete_home_dir", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteRepos")
-    def force_delete_repos(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force_delete_repos(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_repos")
 
     @force_delete_repos.setter
-    def force_delete_repos(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force_delete_repos(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force_delete_repos", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def home(self) -> Optional[pulumi.Input[builtins.str]]:
+    def home(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "home")
 
     @home.setter
-    def home(self, value: Optional[pulumi.Input[builtins.str]]):
+    def home(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "home", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def repos(self) -> Optional[pulumi.Input[builtins.str]]:
+    def repos(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "repos")
 
     @repos.setter
-    def repos(self, value: Optional[pulumi.Input[builtins.str]]):
+    def repos(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "repos", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceAccess")
-    def workspace_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def workspace_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace.
         """
         return pulumi.get(self, "workspace_access")
 
     @workspace_access.setter
-    def workspace_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def workspace_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "workspace_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceConsume")
-    def workspace_consume(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def workspace_consume(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         return pulumi.get(self, "workspace_consume")
 
     @workspace_consume.setter
-    def workspace_consume(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def workspace_consume(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "workspace_consume", value)
 
 
 @pulumi.input_type
 class _ServicePrincipalState:
     def __init__(__self__, *,
-                 acl_principal_id: Optional[pulumi.Input[builtins.str]] = None,
-                 active: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_cluster_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_instance_pool_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 application_id: Optional[pulumi.Input[builtins.str]] = None,
-                 databricks_sql_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_as_user_deletion: Optional[pulumi.Input[builtins.bool]] = None,
-                 display_name: Optional[pulumi.Input[builtins.str]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 force: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_home_dir: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_repos: Optional[pulumi.Input[builtins.bool]] = None,
-                 home: Optional[pulumi.Input[builtins.str]] = None,
-                 repos: Optional[pulumi.Input[builtins.str]] = None,
-                 workspace_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 workspace_consume: Optional[pulumi.Input[builtins.bool]] = None):
+                 acl_principal_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 active: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_cluster_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_instance_pool_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 databricks_sql_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_as_user_deletion: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 force: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_home_dir: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_repos: Optional[pulumi.Input[_builtins.bool]] = None,
+                 home: Optional[pulumi.Input[_builtins.str]] = None,
+                 repos: Optional[pulumi.Input[_builtins.str]] = None,
+                 workspace_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 workspace_consume: Optional[pulumi.Input[_builtins.bool]] = None):
         """
         Input properties used for looking up and filtering ServicePrincipal resources.
-        :param pulumi.Input[builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
-        :param pulumi.Input[builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
-        :param pulumi.Input[builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
-        :param pulumi.Input[builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
-        :param pulumi.Input[builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
-        :param pulumi.Input[builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
-        :param pulumi.Input[builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
-        :param pulumi.Input[builtins.str] external_id: ID of the service principal in an external identity provider.
-        :param pulumi.Input[builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
-        :param pulumi.Input[builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
-        :param pulumi.Input[builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
+        :param pulumi.Input[_builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+        :param pulumi.Input[_builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+        :param pulumi.Input[_builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
+        :param pulumi.Input[_builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
+        :param pulumi.Input[_builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+        :param pulumi.Input[_builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
+        :param pulumi.Input[_builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
+        :param pulumi.Input[_builtins.str] external_id: ID of the service principal in an external identity provider.
+        :param pulumi.Input[_builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+        :param pulumi.Input[_builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
+        :param pulumi.Input[_builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         if acl_principal_id is not None:
             pulumi.set(__self__, "acl_principal_id", acl_principal_id)
@@ -352,196 +351,196 @@ class _ServicePrincipalState:
         if workspace_consume is not None:
             pulumi.set(__self__, "workspace_consume", workspace_consume)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="aclPrincipalId")
-    def acl_principal_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def acl_principal_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "acl_principal_id")
 
     @acl_principal_id.setter
-    def acl_principal_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def acl_principal_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "acl_principal_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def active(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def active(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
         """
         return pulumi.get(self, "active")
 
     @active.setter
-    def active(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def active(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "active", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowClusterCreate")
-    def allow_cluster_create(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_cluster_create(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
         """
         return pulumi.get(self, "allow_cluster_create")
 
     @allow_cluster_create.setter
-    def allow_cluster_create(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_cluster_create(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_cluster_create", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowInstancePoolCreate")
-    def allow_instance_pool_create(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_instance_pool_create(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
         """
         return pulumi.get(self, "allow_instance_pool_create")
 
     @allow_instance_pool_create.setter
-    def allow_instance_pool_create(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_instance_pool_create(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_instance_pool_create", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def application_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
         """
         return pulumi.get(self, "application_id")
 
     @application_id.setter
-    def application_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def application_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "application_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="databricksSqlAccess")
-    def databricks_sql_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def databricks_sql_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
         """
         return pulumi.get(self, "databricks_sql_access")
 
     @databricks_sql_access.setter
-    def databricks_sql_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def databricks_sql_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "databricks_sql_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAsUserDeletion")
-    def disable_as_user_deletion(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def disable_as_user_deletion(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
         """
         return pulumi.get(self, "disable_as_user_deletion")
 
     @disable_as_user_deletion.setter
-    def disable_as_user_deletion(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def disable_as_user_deletion(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "disable_as_user_deletion", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def display_name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         This is an alias for the service principal and can be the full name of the service principal.
         """
         return pulumi.get(self, "display_name")
 
     @display_name.setter
-    def display_name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def display_name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "display_name", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> Optional[pulumi.Input[builtins.str]]:
+    def external_id(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         ID of the service principal in an external identity provider.
         """
         return pulumi.get(self, "external_id")
 
     @external_id.setter
-    def external_id(self, value: Optional[pulumi.Input[builtins.str]]):
+    def external_id(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "external_id", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def force(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
         """
         return pulumi.get(self, "force")
 
     @force.setter
-    def force(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteHomeDir")
-    def force_delete_home_dir(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force_delete_home_dir(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_home_dir")
 
     @force_delete_home_dir.setter
-    def force_delete_home_dir(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force_delete_home_dir(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force_delete_home_dir", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteRepos")
-    def force_delete_repos(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def force_delete_repos(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_repos")
 
     @force_delete_repos.setter
-    def force_delete_repos(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def force_delete_repos(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "force_delete_repos", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def home(self) -> Optional[pulumi.Input[builtins.str]]:
+    def home(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "home")
 
     @home.setter
-    def home(self, value: Optional[pulumi.Input[builtins.str]]):
+    def home(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "home", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def repos(self) -> Optional[pulumi.Input[builtins.str]]:
+    def repos(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "repos")
 
     @repos.setter
-    def repos(self, value: Optional[pulumi.Input[builtins.str]]):
+    def repos(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "repos", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceAccess")
-    def workspace_access(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def workspace_access(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace.
         """
         return pulumi.get(self, "workspace_access")
 
     @workspace_access.setter
-    def workspace_access(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def workspace_access(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "workspace_access", value)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceConsume")
-    def workspace_consume(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def workspace_consume(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         return pulumi.get(self, "workspace_consume")
 
     @workspace_consume.setter
-    def workspace_consume(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def workspace_consume(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "workspace_consume", value)
 
 
@@ -551,22 +550,22 @@ class ServicePrincipal(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 acl_principal_id: Optional[pulumi.Input[builtins.str]] = None,
-                 active: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_cluster_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_instance_pool_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 application_id: Optional[pulumi.Input[builtins.str]] = None,
-                 databricks_sql_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_as_user_deletion: Optional[pulumi.Input[builtins.bool]] = None,
-                 display_name: Optional[pulumi.Input[builtins.str]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 force: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_home_dir: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_repos: Optional[pulumi.Input[builtins.bool]] = None,
-                 home: Optional[pulumi.Input[builtins.str]] = None,
-                 repos: Optional[pulumi.Input[builtins.str]] = None,
-                 workspace_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 workspace_consume: Optional[pulumi.Input[builtins.bool]] = None,
+                 acl_principal_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 active: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_cluster_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_instance_pool_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 databricks_sql_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_as_user_deletion: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 force: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_home_dir: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_repos: Optional[pulumi.Input[_builtins.bool]] = None,
+                 home: Optional[pulumi.Input[_builtins.str]] = None,
+                 repos: Optional[pulumi.Input[_builtins.str]] = None,
+                 workspace_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 workspace_consume: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         """
         Directly manage [Service Principals](https://docs.databricks.com/administration-guide/users-groups/service-principals.html) that could be added to Group in Databricks account or workspace.
@@ -643,11 +642,12 @@ class ServicePrincipal(pulumi.CustomResource):
         The following resources are often used in the same context:
 
         * End to end workspace management guide.
-        * Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+        * Group to manage [Account-level](https://docs.databricks.com/aws/en/admin/users-groups/groups) or [Workspace-level](https://docs.databricks.com/aws/en/admin/users-groups/workspace-local-groups) groups.
         * Group data to retrieve information about Group members, entitlements and instance profiles.
         * GroupMember to attach users and groups as group members.
         * Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
-        * SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more to manage secrets for the service principal (only for AWS deployments)
+        * Grants to manage data access in Unity Catalog.
+        * ServicePrincipalSecret to manage secrets for a service principal.
 
         ## Import
 
@@ -673,22 +673,22 @@ class ServicePrincipal(pulumi.CustomResource):
 
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
-        :param pulumi.Input[builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
-        :param pulumi.Input[builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
-        :param pulumi.Input[builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
-        :param pulumi.Input[builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
-        :param pulumi.Input[builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
-        :param pulumi.Input[builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
-        :param pulumi.Input[builtins.str] external_id: ID of the service principal in an external identity provider.
-        :param pulumi.Input[builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
-        :param pulumi.Input[builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
-        :param pulumi.Input[builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
+        :param pulumi.Input[_builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+        :param pulumi.Input[_builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+        :param pulumi.Input[_builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
+        :param pulumi.Input[_builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
+        :param pulumi.Input[_builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+        :param pulumi.Input[_builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
+        :param pulumi.Input[_builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
+        :param pulumi.Input[_builtins.str] external_id: ID of the service principal in an external identity provider.
+        :param pulumi.Input[_builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+        :param pulumi.Input[_builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
+        :param pulumi.Input[_builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         ...
     @overload
@@ -771,11 +771,12 @@ class ServicePrincipal(pulumi.CustomResource):
         The following resources are often used in the same context:
 
         * End to end workspace management guide.
-        * Group to manage [groups in Databricks Workspace](https://docs.databricks.com/administration-guide/users-groups/groups.html) or [Account Console](https://accounts.cloud.databricks.com/) (for AWS deployments).
+        * Group to manage [Account-level](https://docs.databricks.com/aws/en/admin/users-groups/groups) or [Workspace-level](https://docs.databricks.com/aws/en/admin/users-groups/workspace-local-groups) groups.
         * Group data to retrieve information about Group members, entitlements and instance profiles.
         * GroupMember to attach users and groups as group members.
         * Permissions to manage [access control](https://docs.databricks.com/security/access-control/index.html) in Databricks workspace.
-        * SqlPermissions to manage data object access control lists in Databricks workspaces for things like tables, views, databases, and more to manage secrets for the service principal (only for AWS deployments)
+        * Grants to manage data access in Unity Catalog.
+        * ServicePrincipalSecret to manage secrets for a service principal.
 
         ## Import
 
@@ -814,22 +815,22 @@ class ServicePrincipal(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 acl_principal_id: Optional[pulumi.Input[builtins.str]] = None,
-                 active: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_cluster_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 allow_instance_pool_create: Optional[pulumi.Input[builtins.bool]] = None,
-                 application_id: Optional[pulumi.Input[builtins.str]] = None,
-                 databricks_sql_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 disable_as_user_deletion: Optional[pulumi.Input[builtins.bool]] = None,
-                 display_name: Optional[pulumi.Input[builtins.str]] = None,
-                 external_id: Optional[pulumi.Input[builtins.str]] = None,
-                 force: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_home_dir: Optional[pulumi.Input[builtins.bool]] = None,
-                 force_delete_repos: Optional[pulumi.Input[builtins.bool]] = None,
-                 home: Optional[pulumi.Input[builtins.str]] = None,
-                 repos: Optional[pulumi.Input[builtins.str]] = None,
-                 workspace_access: Optional[pulumi.Input[builtins.bool]] = None,
-                 workspace_consume: Optional[pulumi.Input[builtins.bool]] = None,
+                 acl_principal_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 active: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_cluster_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 allow_instance_pool_create: Optional[pulumi.Input[_builtins.bool]] = None,
+                 application_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 databricks_sql_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 disable_as_user_deletion: Optional[pulumi.Input[_builtins.bool]] = None,
+                 display_name: Optional[pulumi.Input[_builtins.str]] = None,
+                 external_id: Optional[pulumi.Input[_builtins.str]] = None,
+                 force: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_home_dir: Optional[pulumi.Input[_builtins.bool]] = None,
+                 force_delete_repos: Optional[pulumi.Input[_builtins.bool]] = None,
+                 home: Optional[pulumi.Input[_builtins.str]] = None,
+                 repos: Optional[pulumi.Input[_builtins.str]] = None,
+                 workspace_access: Optional[pulumi.Input[_builtins.bool]] = None,
+                 workspace_consume: Optional[pulumi.Input[_builtins.bool]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -865,22 +866,22 @@ class ServicePrincipal(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            acl_principal_id: Optional[pulumi.Input[builtins.str]] = None,
-            active: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_cluster_create: Optional[pulumi.Input[builtins.bool]] = None,
-            allow_instance_pool_create: Optional[pulumi.Input[builtins.bool]] = None,
-            application_id: Optional[pulumi.Input[builtins.str]] = None,
-            databricks_sql_access: Optional[pulumi.Input[builtins.bool]] = None,
-            disable_as_user_deletion: Optional[pulumi.Input[builtins.bool]] = None,
-            display_name: Optional[pulumi.Input[builtins.str]] = None,
-            external_id: Optional[pulumi.Input[builtins.str]] = None,
-            force: Optional[pulumi.Input[builtins.bool]] = None,
-            force_delete_home_dir: Optional[pulumi.Input[builtins.bool]] = None,
-            force_delete_repos: Optional[pulumi.Input[builtins.bool]] = None,
-            home: Optional[pulumi.Input[builtins.str]] = None,
-            repos: Optional[pulumi.Input[builtins.str]] = None,
-            workspace_access: Optional[pulumi.Input[builtins.bool]] = None,
-            workspace_consume: Optional[pulumi.Input[builtins.bool]] = None) -> 'ServicePrincipal':
+            acl_principal_id: Optional[pulumi.Input[_builtins.str]] = None,
+            active: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_cluster_create: Optional[pulumi.Input[_builtins.bool]] = None,
+            allow_instance_pool_create: Optional[pulumi.Input[_builtins.bool]] = None,
+            application_id: Optional[pulumi.Input[_builtins.str]] = None,
+            databricks_sql_access: Optional[pulumi.Input[_builtins.bool]] = None,
+            disable_as_user_deletion: Optional[pulumi.Input[_builtins.bool]] = None,
+            display_name: Optional[pulumi.Input[_builtins.str]] = None,
+            external_id: Optional[pulumi.Input[_builtins.str]] = None,
+            force: Optional[pulumi.Input[_builtins.bool]] = None,
+            force_delete_home_dir: Optional[pulumi.Input[_builtins.bool]] = None,
+            force_delete_repos: Optional[pulumi.Input[_builtins.bool]] = None,
+            home: Optional[pulumi.Input[_builtins.str]] = None,
+            repos: Optional[pulumi.Input[_builtins.str]] = None,
+            workspace_access: Optional[pulumi.Input[_builtins.bool]] = None,
+            workspace_consume: Optional[pulumi.Input[_builtins.bool]] = None) -> 'ServicePrincipal':
         """
         Get an existing ServicePrincipal resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -888,22 +889,22 @@ class ServicePrincipal(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
-        :param pulumi.Input[builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
-        :param pulumi.Input[builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
-        :param pulumi.Input[builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
-        :param pulumi.Input[builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
-        :param pulumi.Input[builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
-        :param pulumi.Input[builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
-        :param pulumi.Input[builtins.str] external_id: ID of the service principal in an external identity provider.
-        :param pulumi.Input[builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
-        :param pulumi.Input[builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
-        :param pulumi.Input[builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
-        :param pulumi.Input[builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
-        :param pulumi.Input[builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
+        :param pulumi.Input[_builtins.str] acl_principal_id: identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] active: Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
+        :param pulumi.Input[_builtins.bool] allow_cluster_create: Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
+        :param pulumi.Input[_builtins.bool] allow_instance_pool_create: Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
+        :param pulumi.Input[_builtins.str] application_id: This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
+        :param pulumi.Input[_builtins.bool] databricks_sql_access: This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
+        :param pulumi.Input[_builtins.bool] disable_as_user_deletion: Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
+        :param pulumi.Input[_builtins.str] display_name: This is an alias for the service principal and can be the full name of the service principal.
+        :param pulumi.Input[_builtins.str] external_id: ID of the service principal in an external identity provider.
+        :param pulumi.Input[_builtins.bool] force: Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+        :param pulumi.Input[_builtins.bool] force_delete_home_dir: This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.bool] force_delete_repos: This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+        :param pulumi.Input[_builtins.str] home: Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.str] repos: Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
+        :param pulumi.Input[_builtins.bool] workspace_access: This is a field to allow the service principal to have access to a Databricks Workspace.
+        :param pulumi.Input[_builtins.bool] workspace_consume: This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
 
@@ -927,129 +928,129 @@ class ServicePrincipal(pulumi.CustomResource):
         __props__.__dict__["workspace_consume"] = workspace_consume
         return ServicePrincipal(resource_name, opts=opts, __props__=__props__)
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="aclPrincipalId")
-    def acl_principal_id(self) -> pulumi.Output[builtins.str]:
+    def acl_principal_id(self) -> pulumi.Output[_builtins.str]:
         """
         identifier for use in databricks_access_control_rule_set, e.g. `servicePrincipals/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "acl_principal_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def active(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def active(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
         """
         return pulumi.get(self, "active")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowClusterCreate")
-    def allow_cluster_create(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_cluster_create(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Allow the service principal to have cluster create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and `cluster_id` argument. Everyone without `allow_cluster_create` argument set, but with permission to use Cluster Policy would be able to create clusters, but within the boundaries of that specific policy.
         """
         return pulumi.get(self, "allow_cluster_create")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowInstancePoolCreate")
-    def allow_instance_pool_create(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_instance_pool_create(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Allow the service principal to have instance pool create privileges. Defaults to false. More fine grained permissions could be assigned with Permissions and instance_pool_id argument.
         """
         return pulumi.get(self, "allow_instance_pool_create")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="applicationId")
-    def application_id(self) -> pulumi.Output[builtins.str]:
+    def application_id(self) -> pulumi.Output[_builtins.str]:
         """
         This is the Azure Application ID of the given Azure service principal and will be their form of access and identity. For Databricks-managed service principals this value is auto-generated.
         """
         return pulumi.get(self, "application_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="databricksSqlAccess")
-    def databricks_sql_access(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def databricks_sql_access(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature through databricks_sql_endpoint.
         """
         return pulumi.get(self, "databricks_sql_access")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="disableAsUserDeletion")
-    def disable_as_user_deletion(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def disable_as_user_deletion(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Deactivate the service principal when deleting the resource, rather than deleting the service principal entirely. Defaults to `true` when the provider is configured at the account-level and `false` when configured at the workspace-level. This flag is exclusive to force_delete_repos and force_delete_home_dir flags.
         """
         return pulumi.get(self, "disable_as_user_deletion")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="displayName")
-    def display_name(self) -> pulumi.Output[builtins.str]:
+    def display_name(self) -> pulumi.Output[_builtins.str]:
         """
         This is an alias for the service principal and can be the full name of the service principal.
         """
         return pulumi.get(self, "display_name")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="externalId")
-    def external_id(self) -> pulumi.Output[Optional[builtins.str]]:
+    def external_id(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         ID of the service principal in an external identity provider.
         """
         return pulumi.get(self, "external_id")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def force(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def force(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Pulumi state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
         """
         return pulumi.get(self, "force")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteHomeDir")
-    def force_delete_home_dir(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def force_delete_home_dir(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_home_dir")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="forceDeleteRepos")
-    def force_delete_repos(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def force_delete_repos(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
         """
         return pulumi.get(self, "force_delete_repos")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def home(self) -> pulumi.Output[builtins.str]:
+    def home(self) -> pulumi.Output[_builtins.str]:
         """
         Home folder of the service principal, e.g. `/Users/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "home")
 
-    @property
+    @_builtins.property
     @pulumi.getter
-    def repos(self) -> pulumi.Output[builtins.str]:
+    def repos(self) -> pulumi.Output[_builtins.str]:
         """
         Personal Repos location of the service principal, e.g. `/Repos/00000000-0000-0000-0000-000000000000`.
         """
         return pulumi.get(self, "repos")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceAccess")
-    def workspace_access(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def workspace_access(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace.
         """
         return pulumi.get(self, "workspace_access")
 
-    @property
+    @_builtins.property
     @pulumi.getter(name="workspaceConsume")
-    def workspace_consume(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def workspace_consume(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         This is a field to allow the service principal to have access to a Databricks Workspace as consumer, with limited access to workspace UI.  Couldn't be used with `workspace_access` or `databricks_sql_access`.
         """