databricks-sdk-go icon indicating copy to clipboard operation
databricks-sdk-go copied to clipboard

Published 20 hours ago verified publisher icon databricks

[ISSUE] Error: cannot create group: unexpected error handling request: invalid character 'h' looking for beginning of value

Open mike-decaro opened this issue 1 year ago • 4 comments
trafficstars

Description Attempting to create a workspace group through terraform; intent of the group is to manage workspace permissions for any service principal associated to the account

Provider access key being used is that of an account-level admin.

Apply works successfully without below databricks_group resource

Reproduction

Provider:

provider "databricks" {
  host  = data.aws_ssm_parameter.databricks_workspace_url.value
  token = data.aws_ssm_parameter.databricks_workspace_token.value
}

Resource:

resource "databricks_group" "service_principals" {
  display_name = "Service Principals - ${local.workspace_name}"
}

Expected behavior Group is created in workspace

Is it a regression? No

Debug Logs Request log:

│ POST /api/2.0/preview/scim/v2/Groups
│ > * Host: 
│ > * Accept: application/json
│ > * Authorization: REDACTED
│ > * Content-Type: application/scim+json; charset=utf-8
│ > * Traceparent: 00-03f3a8b365c15c5f7ba5441774ecae42-5471b186fc92ad05-01
│ > * User-Agent: databricks-tf-provider/1.50.0 databricks-sdk-go/0.44.0 go/1.22.6 os/darwin terraform/1.2.2 resource/group auth/pat
│ > {
│ >   "displayName": "Service Principals - playground",
│ >   "entitlements": [
│ >     {}
│ >   ],
│ >   "schemas": [
│ >     "urn:ietf:params:scim:schemas:core:2.0:Group"
│ >   ]
│ > }
│ < HTTP/2.0 403 Forbidden
│ < * Content-Type: application/json
│ < * Date: Wed, 21 Aug 2024 00:31:39 GMT
│ < * Server: databricks
│ < * Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
│ < * Vary: Accept-Encoding
│ < * X-Content-Type-Options: nosniff
│ < * X-Databricks-Org-Id: 1936515022650552
│ < * X-Databricks-Reason-Phrase: https://dbc-2afba066-fe0a.cloud.databricks.com/api/2.0/preview/scim/v2/Groups is only accessible by admins.
│ < https://dbc-2afba066-fe0a.cloud.databricks.com/api/2.0/preview/scim/v2/Groups is only accessible by admins.
│ 
│   with databricks_group.service_principals,
│   on groups.tf line 13, in resource "databricks_group" "service_principals":
│   13: resource "databricks_group" "service_principals" {
│

Other Information

  • Terraform version 1.2.2
  • Databricks provider 1.5.0

Additional context

Group is being created after change from basic auth to OAuth so that account level service principal's token can be used to apply workspace infrastructure.

mike-decaro avatar Aug 21 '24 00:08 mike-decaro