search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
445 stars 384 forks source link

[ISSUE] Issue with `databricks_instance_profile` resource: Error: cannot create instance profile: HTTP method POST is not supported by this URL #2183

Closed drewipsonhq closed 1 year ago

drewipsonhq commented 1 year ago

Configuration

# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.

provider "registry.terraform.io/databricks/databricks" {
  version     = "1.14.0"
  constraints = "~> 1.14"
  hashes = [
    "h1:cyFiBMtCZB47KCy/9Oy0e6+t4bCyFTUGhh6PxrY27u0=",
    "zh:128a372f2091e1869ac5c15b58e9c79f168aee3f1245217c1d6414c106a86531",
    "zh:2e65e6b5e4cfaf24d5ec95b3a4b52f8b0214c47011b1e012f043d04a8395743d",
    "zh:382b7a3427ad3ed024477cac01e3f7f6bbe03fc8acb110c9a1a642bd0bf653dc",
    "zh:415034c29225afdd6bf1d33a4fc2f23ddce1bbb4e8b87c558e1b73d6f085f9bd",
    "zh:468234b15c62d127806e080f6f0dc3e2dcd0452ee66b6b5c7e9c3432d1021b95",
    "zh:5ad4fde78e4647564e8f1ebf3c5880103d065ab021de20de3878518dc8c431c8",
    "zh:7d7e966996e860c148d0c2b2814de32fc7c496bc9069736233013c08da419ced",
    "zh:9b324ca2b01ac2ae950487b1b134cd333332e995f5afd3948131ec4f31534459",
    "zh:9bdb03cd4a2d1afce290ed6871e961ecc2f355316132d5555f01295fe45d05ac",
    "zh:e82023db07df9c50829e38c7487393162f24710be938adea9c4efa5b76a588a0",
  ]
}

provider "registry.terraform.io/hashicorp/aws" {
  version     = "4.61.0"
  constraints = ">= 3.15.0, ~> 4.0"
  hashes = [
    "h1:qyBawxoNN6EpiiX5h5ZG5P2dHsBeA5Z67xESl2c1HRk=",
    "zh:051e2588410b7448a5c4c30d668948dd6fdfa8037700bfc00fb228986ccbf3a5",
    "zh:082fbcf9706b48d0880ba552a11c29527e228dadd6d83668d0789abda24e5922",
    "zh:0e0e72f214fb24f4f9c601cab088a2d8e00ec3327c451bc753911951d773214a",
    "zh:3af6d38ca733ca66cce15c6a5735ded7c18348ad26040ebd9a59778b2cd9cf6c",
    "zh:404898bc2258bbb9527fa06c72cb927ca011fd9bc3f4b90931c0912652c3f9e9",
    "zh:4f617653b0f17a7708bc896f029c4ab0b677a1a1c987bd77166acad1d82db469",
    "zh:5dbe393355ac137aa3fd329e3d24871f27012d3ba93d714485b55820df240349",
    "zh:6067c2127eb5c879227aca671f101de6dcba909d0d8d15d5711480351962a248",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:a939f94461f91aa3b7ec7096271e2714309bd917fe9a03e02f68afb556d65e0f",
    "zh:b21227b9082e5fafe8b7c415dc6a99c0d82da05492457377a5fe7d4acaed80e2",
    "zh:b8d9f09ed5fc8c654b768b7bee1237eaf1e2287c898249e740695055fb0fe072",
    "zh:d360e1e185b148ff6b1d0ed4f7d574e08f2391697ab43df62085b04a1a5b1284",
    "zh:da962da17ddda744911cb1e92b983fa3874d73a28f3ee72faa9ddb6680a63774",
    "zh:e2f1c4f5ebeb4fd7ef690178168a4c529025b54a91bb7a087dcea48e0b82737a",
  ]
}

Expected Behavior

Create a databricks instance profile in workspace.

Actual Behavior

The following error:

╷
│ Error: cannot create instance profile: HTTP method POST is not supported by this URL
│
│   with databricks_instance_profile.shared,
│   on iam.tf line 49, in resource "databricks_instance_profile" "shared":
│   49: resource "databricks_instance_profile" "shared" {
│
╵

Steps to Reproduce

  1. Using this code from databricks provider terraform docs: 
    variable "crossaccount_role_name" {
type        = string
description = "Role that you've specified on https://accounts.cloud.databricks.com/#aws"
}
data "aws_iam_policy_document" "assume_role_for_ec2" {
statement {
effect  = "Allow"
actions = ["sts:AssumeRole"]
principals {
  identifiers = ["ec2.amazonaws.com"]
  type        = "Service"
}
}
}
resource "aws_iam_role" "role_for_s3_access" {
name               = "shared-ec2-role-for-s3"
description        = "Role for shared access"
assume_role_policy = data.aws_iam_policy_document.assume_role_for_ec2.json
}
data "aws_iam_policy_document" "pass_role_for_s3_access" {
statement {
effect    = "Allow"
actions   = ["iam:PassRole"]
resources = [aws_iam_role.role_for_s3_access.arn]
}
}
resource "aws_iam_policy" "pass_role_for_s3_access" {
name   = "shared-pass-role-for-s3-access"
path   = "/"
policy = data.aws_iam_policy_document.pass_role_for_s3_access.json
}
resource "aws_iam_role_policy_attachment" "cross_account" {
policy_arn = aws_iam_policy.pass_role_for_s3_access.arn
role       = var.crossaccount_role_name
}
resource "aws_iam_instance_profile" "shared" {
name = "shared-instance-profile"
role = aws_iam_role.role_for_s3_access.name
}
resource "databricks_instance_profile" "shared" {
instance_profile_arn = aws_iam_instance_profile.shared.arn
}
  2. Ensure IAM Role/Instance Profile are created in AWS.
  3. terraform apply

Terraform and provider versions

terraform {
  required_providers {
    databricks = {
      source  = "databricks/databricks"
      version = "~>1.14"
    }
    aws = {
      source  = "hashicorp/aws"
      version = "~>4"
    }
  }
}

provider "aws" {
  region  = var.region
}

// Initialize provider in "MWS" mode to provision the new workspace.
// alias = "mws" instructs Databricks to connect to https://accounts.cloud.databricks.com, to create
// a Databricks workspace that uses the E2 version of the Databricks on AWS platform.
// See https://registry.terraform.io/providers/databricks/databricks/latest/docs#authentication
provider "databricks" {
  alias      = "mws"
  host       = "https://accounts.cloud.databricks.com"
  account_id = var.databricks_account_id
}
// initialize provider at workspace level, to create UC resources
provider "databricks" {
  alias      = "workspace"
  host       = databricks_mws_workspaces.this.workspace_url
  account_id = var.databricks_account_id
}

Debug Output

2023-03-31T12:05:08.159-0600 [ERROR] provider.terraform-provider-databricks_v1.14.0: Response contains error diagnostic: tf_proto_version=5.3 @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/diag/diagnostics.go:55 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="cannot create instance profile: HTTP method POST is not supported by this URL" tf_provider_addr=registry.terraform.io/databricks/databricks tf_req_id=5b54df57-c3b0-edef-3cb2-c05ce23f09c8 tf_resource_type=databricks_instance_profile diagnostic_detail= tf_rpc=ApplyResourceChange timestamp=2023-03-31T12:05:08.158-0600
2023-03-31T12:05:08.160-0600 [ERROR] vertex "databricks_instance_profile.shared" error: cannot create instance profile: HTTP method POST is not supported by this URL
2023-03-31T12:05:08.161-0600 [DEBUG] states/remote: state read serial is: 39; serial is: 39
2023-03-31T12:05:08.161-0600 [DEBUG] states/remote: state read lineage is: 5b536e14-df61-3f02-dabf-39535fb32bcc; lineage is: 5b536e14-df61-3f02-dabf-39535fb32bcc

Error: cannot create instance profile: HTTP method POST is not supported by this URL

  with databricks_instance_profile.shared,
  on iam.tf line 48, in resource "databricks_instance_profile" "shared":
  48: resource "databricks_instance_profile" "shared" {

2023-03-31T12:05:08.168-0600 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"
2023-03-31T12:05:08.170-0600 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/databricks/databricks/1.14.0/darwin_arm64/terraform-provider-databricks_v1.14.0 pid=78056
2023-03-31T12:05:08.170-0600 [DEBUG] provider: plugin exited

Important Factoids

nkvuong commented 1 year ago

@drewipsonhq you have defined 2 providers with aliases, so you need to specify provider = databricks.workspace for your instance_profile resource

drewipsonhq commented 1 year ago

@nkvuong that resolved the issue; thank you!