0

I am wondering if someone already encountered this error I am getting when trying to create OBO Tokens for Databricks Service Principals.

When setting up the databricks_permissions I get:

Error: ENDPOINT_NOT_FOUND: Unsupported path: /api/2.0/accounts/< my account >/scim/v2/Me for account: < my account >

My code is really no different from what you see in the documentation: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/obo_token

variable "principals" {
  type = list(
    object({
      name   = string
      active = bool
    })
  )
}

resource "databricks_service_principal" "sp" {
  count = length(var.principals)

  display_name          = "${var.prefix}-${var.principals[count.index].name}"
  active                = var.principals[count.index].active
  workspace_access      = var.principals[count.index].active
  databricks_sql_access = var.principals[count.index].active

  allow_cluster_create       = false
  allow_instance_pool_create = false
}

resource "databricks_permissions" "token_usage" {
  count = length(var.principals)
  
  authorization = "tokens"
  access_control {
    service_principal_name = databricks_service_principal.sp[count.index].application_id
    permission_level       = "CAN_USE"
  }
}

The Service Principals are created as expected, but then databricks_permissions throws the odd error.

Rafa
  • 443
  • 5
  • 14
  • How do you define `var.principals`? – Alex Ott Nov 01 '22 at 12:30
  • @AlexOtt - Hi, just updated the code with the variable definition. To be clear, that is not in use to create `databricks_permissions` which is where the error appears – Rafa Nov 02 '22 at 09:30

1 Answers1

1

Fixed.

The issue was that I was trying to provision databricks_permissions with the same Databricks provider I used to create the workspace.

After creating the workspace, creating a new provider with that new workspace token fixed the issue

So, first one has to create the workspace with the normal provider:

provider "databricks" {
  alias      = "mws"
  host       = "https://accounts.cloud.databricks.com"
  username   = < ... >
  password   = < ... >
  account_id = < ... >
}

Then, configure a new provider using that workspace:

provider "databricks" {
  alias = "workspace"
  host  = module.databricks-workspace.databricks_host
  token = module.databricks-workspace.databricks_token
}
Rafa
  • 443
  • 5
  • 14