search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
445 stars 384 forks source link

[ISSUE] Provider issue #1478

Closed bgiardie closed 2 years ago

bgiardie commented 2 years ago

Hi there,

Attempting to deploy account level permission on a service principle, but receive warning the provider must be set in Workspace mode.

Configuration

resource "databricks_permissions" "token_usage" {
  provider = databricks.mws
  authorization = "tokens"
  access_control {
    service_principal_name = var.sp_application_id
    permission_level       = "CAN_USE"
  }
}

resource "databricks_obo_token" "token" {
  depends_on       = [databricks_permissions.token_usage]
  application_id   = var.sp_application_id
  comment          = "PAT on behalf of ${var.sp_application_id}"
  lifetime_seconds = var.token_expire
}

output "obo" {
  value     = databricks_obo_token.token.token_value
  sensitive = true
}

module "service_principal" {
  source = "service_principal"

  aws_region = var.aws_region
  application = var.application
  environment = var.environment
  detail = "sp"
  group_name = "data_engineering"
  cluster_create = true
  workspace_access = true
  sql_access = true
}

module "sp_token" {
  source = "obo_token"

  sp_application_id = module.service_principal.application_id
}

Expected Behavior

Deploy module at account level.

Actual Behavior

Error: Databricks API (/api/2.0/preview/scim/v2/Groups) requires you to set host property (or DATABRICKS_HOST env variable) to result of databricks_mws_workspaces.this.workspace_url. This error may happen if you're using provider in both normal and multiworkspace mode. Please refactor your code into different modules. Runnable example that we use for integration testing can be found in this repository at https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-workspace

Terraform and provider versions

terraform 0.13.7 databricks 1.0.2

nkvuong commented 2 years ago

@bgiardie currently, the Databricks account console does not support token-based authentication, hence the error message.

bgiardie commented 2 years ago

@nkvuong , what about the group? There are account level groups, why is that data ref returning the same error?

nkvuong commented 2 years ago

do you have the terraform configuration for the group resource/data source? account-level groups are supported, but not all attributes are supported

nkvuong commented 2 years ago

I just tested locally, if you specify the provider with the following information, then group/user/sp management at account-level will work

provider "databricks" {
  host       = "https://accounts.cloud.databricks.com"
  account_id = var.databricks_account_id
  username   = var.databricks_account_username
  password   = var.databricks_account_password
}