terraform-databricks-examples
terraform-databricks-examples copied to clipboard
databricks
GCP/Terraform/Databricks Error: cannot create mws networks: failed during request visitor: inner token: impersonate: status code 403
When I use all 3 GCP examples in the repo I have an error:
│ Error: cannot create mws networks: failed during request visitor: inner token: impersonate: status code 403: { │ "error": { │ "code": 403, │ "message": "Permission 'iam.serviceAccounts.getOpenIdToken' denied on resource (or it may not exist).", │ "status": "PERMISSION_DENIED", │ "details": [ │ { │ "@type": "type.googleapis.com/google.rpc.ErrorInfo", │ "reason": "IAM_PERMISSION_DENIED", │ "domain": "iam.googleapis.com", │ "metadata": { │ "permission": "iam.serviceAccounts.getOpenIdToken" │ } │ } │ ] │ } │ } │ with module.gcp-byovpc.databricks_mws_networks.databricks_network, │ on ....\modules\gcp-workspace-byovpc\vpc.tf line 37, in resource "databricks_mws_networks" "databricks_network": │ 37: resource "databricks_mws_networks" "databricks_network" {
I can Terraform Apply the first example: Example 1: https://registry.terraform.io/modules/databricks/examples/databricks/latest/examples/gcp-sa-provisionning
But when I Terraform Apply the following two examples I have the above error: Example 2: https://registry.terraform.io/modules/databricks/examples/databricks/latest/examples/gcp-basic Example 3: https://registry.terraform.io/modules/databricks/examples/databricks/latest/examples/gcp-byovpc
Actually, this Permission, 'iam.serviceAccounts.getOpenIdToken', is added to the Custom Role in the project, and this Custom Role is added to the service account in GCP, but there is still the above error.
In the Example 2: https://registry.terraform.io/modules/databricks/examples/databricks/latest/examples/gcp-basic the Databricks workspace cannot be created due to the error above.
In the Example 3: https://registry.terraform.io/modules/databricks/examples/databricks/latest/examples/gcp-byovpc the VPC is being created successfully in my GCP project, but the Databricks workspace cannot be created due to the error above.
Has anybody succeeded in applying the second and the third example?
