terraform-provider-databricks
terraform-provider-databricks copied to clipboard
databricks
[ISSUE] Issue with `databricks_service_principal` Resource
Configuration
terraform {
required_version = ">=v0.14.7"
}
Expected Behavior
resource "databricks_service_principal" "sp" {
display_name = "Example service principal"
allow_cluster_create = true
}
The resource should create a service-principal in databricks hosted on AWS cloud without passing the application_id, as the document says: application_id - This is the application id of the given service principal and will be their form of access and identity. On other clouds than Azure this value is auto-generated.
Actual Behavior
Error: cannot create service principal: Required attribute applicationID is missing in the SCIM Object. Request is unparsable, syntactically incorrect, or violates schema.
Steps to Reproduce
resource "databricks_service_principal" "sp" {
display_name = "Example service principal"
allow_cluster_create = true
}
terraform plan
terraform apply
Terraform and provider versions
databricks = {
source = "databricks/databricks"
version = "1.2.0"
}
terraform {
required_version = ">=v0.14.7"
}
Show your provider block - are you trying it against account or workspace?
If I try it with account block, it creates the first time, but if you run terraform plan again, it errors out saying ApplicationID should not be passed
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
account_id = var.account_id
username = var.databricks-username
password = var.databricks-password
}
FYI: These are 2 different things:
If you use:
provider "databricks" {
host = var.databricks_host
token = var..databricks_token
alias = "example-alias"
}
It won't create a Service Principal at all, with error: Error: cannot create service principal: Required attribute applicationID is missing in the SCIM Object. Request is unparsable, syntactically incorrect, or violates schema.
If you use:
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
account_id = var.account_id
username = var.databricks-username
password = var.databricks-password
}
This should create the service principal on your first run, but if you run terraform plan again, it will error with applicationId is passed
@alexott I was able to create the Service Principals, maybe some additional documentation needed
1. Create Service Principal on account level
2. Add to a group on account level
3. Give Token Creation permission on workspace level
4. Create OBO token on workspace level
Also one issue is, I cannot create a non-expiring token, Resource databricks_obo_token errors out if we don't pass lifetime_seconds
Thankyou
All tokens need to have a lifetime, non-expiring tokens aren't recommended... Regarding documentation - please open PR for it
Hi @alexott , there are some apps we connect them to Databricks where we use the non-expiring tokens, currently we use the API's to create those tokens which allow omitting the lifetime_seconds parameter and create such tokens, we now are implementing this through Terraform, is this something we can add to the resource? Thankyou
