If you're running a Databricks instance which is not on the premium tier, ACL is not available.
Regardless if your config has acls set or not, the operator will still try to list all ACLs. Listing ACLs will return Error: {"error_code":"PERMISSION_DENIED","message":"ACL is not supported in your workspace."} if you are not on the premium tier.
If ACLs are not available, the config will fail and be put back onto the reconcile loop. It will try create the secret scope again and because it already exists, fail and but put back on the loop.
Instead what should happen is:
If acls is not set in the config, don't call submitACLs.
If acls is set in the config and not on premium tier, don't put job back on the reconcile loop and an event should be logged.
If you're running a Databricks instance which is not on the premium tier, ACL is not available.
Regardless if your config has
aclsset or not, the operator will still try to list all ACLs. Listing ACLs will returnError: {"error_code":"PERMISSION_DENIED","message":"ACL is not supported in your workspace."}if you are not on the premium tier.If ACLs are not available, the config will fail and be put back onto the reconcile loop. It will try create the secret scope again and because it already exists, fail and but put back on the loop.
Instead what should happen is:
aclsis not set in the config, don't callsubmitACLs.aclsis set in the config and not on premium tier, don't put job back on the reconcile loop and an event should be logged.