I'm trying to deploy a ADB workspace with vnet injection using Terraform via github actions.
I was using the existing terraform code HERE.
When I try to deploy this using a github actions workflow, I get the following error:
Error: default auth: cannot configure default credentials. Config: azure_client_secret=***, azure_client_id=***, azure_tenant_id=***. Env: ARM_CLIENT_SECRET, ARM_CLIENT_ID, ARM_TENANT_ID
My github action workflow looks like this:
name: Deploy ADB with VNET injection
on:
workflow_dispatch:
jobs:
terraform:
name: 'Deploy Terraform with remote state'
runs-on: ubuntu-latest
env:
ARM_CLIENT_ID: ${{ secrets.AZURE_AD_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.AZURE_AD_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_AD_TENANT_ID }}
defaults:
run:
shell: bash
working-directory: adb_vnetinjection
steps:
- name: Checkout
uses: actions/checkout@v3
- name: 'Terraform init'
id: init
run: |
terraform init
- name: 'Terraform plan'
id: plan
run: |
terraform plan
- name: 'Terraform apply'
id: apply
run: |
terraform apply -auto-approve
I've verified that the Service principal is the contributor to the subscription as I was able to use the same credentials and same workflow to deploy a normal databricks workspace. However I think, the terraform which I'm using is attempting to create a workspace and then create a cluster within the workspace. Is there some additional permissions which I need to assign to the Service principal to get this to work? Obviously I cannot assign the SPN as a admin to the workspace as the workspace is being created by the Terraform script itself. Any help would be appreciated.
