terraform-provider-databricks
terraform-provider-databricks copied to clipboard
databricks
[ISSUE] Issue with authentication using Azure managed service principal - environmental variables
Configuration
terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = "1.50.0"
}
azurerm = {
source = "hashicorp/azurerm"
version = "3.114.0"
}
}
}
provider "azurerm" {
features {
resource_group {
prevent_deletion_if_contains_resources = true
}
}
skip_provider_registration = true
storage_use_azuread = true
subscription_id = "X"
}
provider "databricks" {
host = "https://accounts.azuredatabricks.net"
account_id = "X"
}
data "azurerm_resource_group" "rg" {
name = "x"
}
data "databricks_user" "me" {
user_name = "[email protected]"
}
You also need to set up 3 environment variables - credentials of service principal having necessary permissions to both Azure and Databricks:
ARM_CLIENT_ID ARM_CLIENT_SECRET ARM_TENANT_ID
Expected Behavior
terraform plan succeeds - is able to authenticate to both Azure and Databricks and fetch data.
Actual Behavior
data.databricks_user.me: Reading... data.azurerm_resource_group.rg: Reading... data.azurerm_resource_group.rg: Read complete after 0s [id=/subscriptions/x/resourceGroups/x]
Planning failed. Terraform encountered an error while generating this plan.
Error: cannot read user: failed during request visitor: inner token: AADSTS70025: Client application has no configured federated identity credentials
with data.databricks_user.me, on mw.tf line 36, in data "databricks_user" "me": 36: data "databricks_user" "me" {
Terraform Plan Failed!
Steps to Reproduce
- Set environment variables with authentication details
-
terraform apply
Terraform and provider versions
Terraform v1.9.5 on linux_amd64
- provider registry.terraform.io/databricks/databricks v1.50.0
- provider registry.terraform.io/hashicorp/azurerm v3.114.0
Is it a regression?
The same code (run on github actions) worked in version 1.48.2 of the provider
Debug Output
2024-08-21T13:05:04.4855452Z 2024-08-21T13:05:04.454Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: plugin address: address=/tmp/plugin2527261444 network=unix timestamp=2024-08-21T13:05:04.454Z 2024-08-21T13:05:04.4856663Z 2024-08-21T13:05:04.454Z [DEBUG] provider: using plugin: version=5 2024-08-21T13:05:04.4859644Z 2024-08-21T13:05:04.465Z [INFO] provider.terraform-provider-databricks_v1.50.0: Explicit and implicit attributes: account_id, actions_id_token_request_token, actions_id_token_request_url, azure_client_id, azure_client_secret, azure_tenant_id, host: tf_rpc=Configure @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/provider/provider.go:278 @module=databricks tf_provider_addr=registry.terraform.io/databricks/databricks tf_req_id=X timestamp=2024-08-21T13:05:04.465Z 2024-08-21T13:05:04.4862713Z 2024-08-21T13:05:04.465Z [DEBUG] Resource instance state not found for node "data.databricks_user.me", instance data.databricks_user.me 2024-08-21T13:05:04.4863857Z 2024-08-21T13:05:04.465Z [DEBUG] ReferenceTransformer: "data.databricks_user.me" references: [] 2024-08-21T13:05:04.4865168Z 2024-08-21T13:05:04.480Z [WARN] ValidateProviderConfig from "provider["registry.terraform.io/hashicorp/azurerm"]" changed the config value, but that value is unused 2024-08-21T13:05:04.4866865Z 2024-08-21T13:05:04.481Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: Configuring built-in cloud environment by name: "public": timestamp=2024-08-21T13:05:04.481Z 2024-08-21T13:05:04.4868700Z 2024-08-21T13:05:04.481Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: POST https://login.microsoftonline.com/X/oauth2/v2.0/token: timestamp=2024-08-21T13:05:04.481Z 2024-08-21T13:05:04.4869829Z data.databricks_user.me: Reading... 2024-08-21T13:05:04.6279462Z 2024-08-21T13:05:04.627Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: Generated Provider Correlation Request Id: x: timestamp=2024-08-21T13:05:04.627Z 2024-08-21T13:05:04.6408252Z 2024-08-21T13:05:04.640Z [DEBUG] provider.terraform-provider-databricks_v1.50.0: non-retriable error: failed during request visitor: inner token: AADSTS70025: Client application has no configured federated identity credentials: @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/logger/logger.go:33 tf_rpc=ReadDataSource tf_req_id=x @module=databricks tf_data_source_type=databricks_user tf_provider_addr=registry.terraform.io/databricks/databricks timestamp=2024-08-21T13:05:04.640Z 2024-08-21T13:05:04.6415296Z 2024-08-21T13:05:04.640Z [ERROR] provider.terraform-provider-databricks_v1.50.0: Response contains error diagnostic: @caller=/home/runner/go/pkg/mod/github.com/hashicorp/[email protected]/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_severity=ERROR diagnostic_summary="cannot read user: failed during request visitor: inner token: AADSTS70025: Client application has no configured federated identity credentials" tf_req_id=x tf_provider_addr=registry.terraform.io/databricks/databricks tf_rpc=ReadDataSource diagnostic_detail="" tf_data_source_type=databricks_user tf_proto_version=5.6 timestamp=2024-08-21T13:05:04.640Z 2024-08-21T13:05:04.6419821Z 2024-08-21T13:05:04.640Z [ERROR] vertex "data.databricks_user.me" error: cannot read user: failed during request visitor: inner token: AADSTS70025: Client application has no configured federated identity credentials 2024-08-21T13:05:04.6422130Z 2024-08-21T13:05:04.640Z [ERROR] vertex "data.databricks_user.me (expand)" error: cannot read user: failed during request visitor: inner token: AADSTS70025: Client application has no configured federated identity credentials 2024-08-21T13:05:04.6611756Z 2024-08-21T13:05:04.660Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: POST https://login.microsoftonline.com/x/oauth2/v2.0/token: timestamp=2024-08-21T13:05:04.660Z 2024-08-21T13:05:04.7815775Z 2024-08-21T13:05:04.781Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: AzureRM Request: 2024-08-21T13:05:04.7817008Z GET /subscriptions/x/providers?api-version=2022-09-01 HTTP/1.1 2024-08-21T13:05:04.7817933Z Host: management.azure.com 2024-08-21T13:05:04.7819441Z User-Agent: HashiCorp/go-azure-sdk (Go-http-Client/1.1 providers/2022-09-01) HashiCorp Terraform/1.9.5 (+https://www.terraform.io) terraform-provider-azurerm/3.114.0 pid-x 2024-08-21T13:05:04.7820973Z Accept: application/json; charset=utf-8; IEEE754Compatible=false 2024-08-21T13:05:04.7821766Z Content-Type: application/json; charset=utf-8 2024-08-21T13:05:04.7822291Z Odata-Maxversion: 4.0 2024-08-21T13:05:04.7822711Z Odata-Version: 4.0 2024-08-21T13:05:04.7823401Z X-Ms-Correlation-Request-Id: x 2024-08-21T13:05:04.7824207Z Accept-Encoding: gzip: timestamp=2024-08-21T13:05:04.781Z 2024-08-21T13:05:04.7826049Z 2024-08-21T13:05:04.781Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5: GET https://management.azure.com/subscriptions/x/providers?api-version=2022-09-01: timestamp=2024-08-21T13:05:04.781Z 2024-08-21T13:05:05.8463280Z 2024-08-21T13:05:05.799Z [DEBUG] provider.terraform-provider-azurerm_v3.114.0_x5:
Can provide more if needed
Important Factoids
I still have not figured out why this does happens on github runner, but not on codespaces. So it seems to be influences by something additional.... The same runner will execute code with older provider without any issues I first observe it in provider version 1.49.*.
