search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
444 stars 382 forks source link

[ISSUE] Azure UC guide is broken #2759

Open nfx opened 11 months ago

nfx commented 11 months ago

Configuration

resource "azurerm_databricks_access_connector" "unity" {
  name                = "${local.prefix}-mi"
  resource_group_name = azurerm_resource_group.this.name
  location            = azurerm_resource_group.this.location
  tags                = azurerm_resource_group.this.tags
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_storage_account" "unity_catalog" {
  name                     = "databrickslabsstorage"
  resource_group_name      = azurerm_resource_group.this.name
  location                 = azurerm_resource_group.this.location
  tags                     = azurerm_resource_group.this.tags
  account_tier             = "Standard"
  account_replication_type = "GRS"
  is_hns_enabled           = true
}

resource "azurerm_storage_container" "unity_catalog" {
  name                  = "${local.prefix}-container"
  storage_account_name  = azurerm_storage_account.unity_catalog.name
  container_access_type = "private"
}

resource "azurerm_role_assignment" "access_connector_blob_contributor" {
  scope                = azurerm_storage_account.unity_catalog.id
  role_definition_name = "Storage Blob Data Contributor"
  principal_id         = azurerm_databricks_access_connector.unity.identity[0].principal_id
}

resource "databricks_metastore" "this" {
  provider = databricks.account
  name     = "primary"
  region   = azurerm_resource_group.this.location
  storage_root = format("abfss://%s@%s.dfs.core.windows.net/",
    azurerm_storage_container.unity_catalog.name,
  azurerm_storage_account.unity_catalog.name)
  owner         = databricks_group.owners.display_name
  force_destroy = true
}

resource "databricks_storage_credential" "sandbox" {
  provider = databricks.account
  name     = azurerm_databricks_access_connector.unity.name
  azure_managed_identity {
    access_connector_id = azurerm_databricks_access_connector.unity.id
  }
  comment = "Managed identity credential managed by TF"
}
databrickslabsstorage_-_Microsoft_Azure

Fails with cannot create storage credential: No API found for 'POST /accounts/304d4d89-.../metastores/storage-credentials'

Original DAC creation fails with cannot create metastore data access: Azure Managed Identity Credential with Access Connector Id /subscriptions/.../resourceGroups/.../providers/Microsoft.Databricks/accessConnectors/labs-azure-sandbox-mi could not be found

resource "databricks_metastore_data_access" "first" {
  provider     = databricks.account
  metastore_id = databricks_metastore.this.id
  name         = "the-keys"
  azure_managed_identity {
    access_connector_id = azurerm_databricks_access_connector.unity.id
  }
  is_default = true
}
mgyucht commented 11 months ago

@nkvuong can one of you take a look at this guide, since you've been focusing a lot on UC resources recently?