Closed panselaukik closed 2 years ago
Show your provider block - are you trying it against account or workspace?
Show your provider block - are you trying it against account or workspace?
If I try it with account block, it creates the first time, but if you run terraform plan
again, it errors out saying ApplicationID should not be passed
Anyway, paste your provider configuration
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
account_id = var.account_id
username = var.databricks-username
password = var.databricks-password
}
Thank you. @nfx - is it known issue with identity federation?
FYI: These are 2 different things:
If you use:
provider "databricks" {
host = var.databricks_host
token = var..databricks_token
alias = "example-alias"
}
It won't create a Service Principal at all, with error: Error: cannot create service principal: Required attribute applicationID is missing in the SCIM Object. Request is unparsable, syntactically incorrect, or violates schema.
If you use:
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
account_id = var.account_id
username = var.databricks-username
password = var.databricks-password
}
This should create the service principal on your first run, but if you run terraform plan
again, it will error with applicationId is passed
@alexott I was able to create the Service Principals, maybe some additional documentation needed
1. Create Service Principal on account level
2. Add to a group on account level
3. Give Token Creation permission on workspace level
4. Create OBO token on workspace level
Also one issue is, I cannot create a non-expiring token, Resource databricks_obo_token
errors out if we don't pass lifetime_seconds
Thankyou
All tokens need to have a lifetime, non-expiring tokens aren't recommended... Regarding documentation - please open PR for it
Hi @alexott , there are some apps we connect them to Databricks where we use the non-expiring tokens, currently we use the API's to create those tokens which allow omitting the lifetime_seconds
parameter and create such tokens, we now are implementing this through Terraform
, is this something we can add to the resource? Thankyou
@panselaukik did you try setting application_id in the resource?
Configuration
Expected Behavior
The resource should create a service-principal in databricks hosted on AWS cloud without passing the application_id, as the document says: application_id - This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
Actual Behavior
Steps to Reproduce
Terraform and provider versions