Open seblatre opened 2 weeks ago
terraform { required_providers { databricks = { source = "databricks/databricks" version = "~> 1.56.0" } } } provider "databricks" { alias = "account" host = "https://accounts.azuredatabricks.net" account_id = "<databricksAccountId>" } provider "databricks" { alias = "workspace" host = "adb-<databricksWorkspaceId>.10.azuredatabricks.net" azure_workspace_resource_id = "/subscriptions/<subId>/resourceGroups/<rgName>/providers/Microsoft.Databricks/workspaces/<databricksWorkspaceName>" } resource "databricks_group" "account_group" { display_name = "GROUP-A45" provider = databricks.account } resource "databricks_mws_permission_assignment" "workspace_group" { workspace_id = "<databricksWorkspaceId>" principal_id = databricks_group.account_group.id permissions = ["USER"] provider = databricks.account } resource "databricks_secret_scope" "team" { name = "Scope_A45_team" keyvault_metadata { resource_id = "/subscriptions/<subId>/resourceGroups/<rgName>/providers/Microsoft.KeyVault/vaults/keyvaulttesta45" dns_name = "https://keyvaulttesta45.vault.azure.net/" } provider = databricks.workspace } resource "databricks_secret_acl" "team_acl" { principal = databricks_group.account_group.display_name permission = "READ" scope = databricks_secret_scope.team.name provider = databricks.workspace }
This configuration should work without issue
When running {{terraform apply}}, we run into the following error
databricks_group.account_group: Creating... databricks_secret_scope.team: Creating... databricks_group.account_group: Creation complete after 2s [id=980426357238593] databricks_mws_permission_assignment.workspace_group: Creating... databricks_secret_scope.team: Creation complete after 4s [id=Scope_A45_team] databricks_secret_acl.team_acl: Creating... databricks_mws_permission_assignment.workspace_group: Creation complete after 5s [id=25518447772330|980426357238593] ╷ │ Error: cannot create secret acl: User or Group GROUP-A45 does not exist. │ │ with databricks_secret_acl.team_acl, │ on main.tf line 41, in resource "databricks_secret_acl" "team_acl": │ 41: resource "databricks_secret_acl" "team_acl" { │ ╵
terraform apply
$ terraform version Terraform v1.9.8 on windows_amd64 + provider registry.terraform.io/databricks/databricks v1.56.0
I don't think
I sniffed the API call that were made by the provider:
I tried using account level provider for databricks_secret_acl but this is not allowed.
databricks_secret_acl
I also tried to add this depends_on block in the databricks_secret_acl resource without better chance:
depends_on = [ databricks_mws_permission_assignment.workspace_group ]
No, sorry
Configuration
Expected Behavior
This configuration should work without issue
Actual Behavior
When running {{terraform apply}}, we run into the following error
Steps to Reproduce
terraform apply(sometimes it doesn't allow to reproduce the issue, need to terraform destroy then try again)Terraform and provider versions
Is it a regression?
I don't think
Debug Output
I sniffed the API call that were made by the provider:
Important Factoids
I tried using account level provider for
databricks_secret_aclbut this is not allowed.I also tried to add this depends_on block in the
databricks_secret_aclresource without better chance:Would you like to implement a fix?
No, sorry