-
Notifications
You must be signed in to change notification settings - Fork 362
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE] Issue with databricks_metastore
resource
#2615
Comments
@probrittle could you check 2 things
|
@nkvuong Yes to both. |
@nkvuong Correction on my last comment:
|
you also need to configure the the error message you are getting is because the authentication has failed |
@nkvuong I added the authentication piece:
However, I'm still getting the same error:
|
@nkvuong I've also tried with the |
@nkvuong I was able to create the
This is a bug correct? Asking because you mentioned that the databricks provider needs to be at the Also, I'm now encountering the error message
Please let me know what can be done to resolve this. |
@probrittle the error message shows that the provider cannot authenticate with the account-level API - could you check that you are able to do this with just the sdk or api? |
@nkvuong This works using an account admin token for SDK and API. Additionally, this works in terraform IF we use a workspace-level databricks provider as opposed to a account-level databricks provider block. However, these resources are supposed to be deployed using an account-level databricks provider block correct? Or have I misunderstood and these resources are supposed to be created using a workspace-level databricks provider block? |
@probrittle from 1.24.0 onwards, these resources can be deployed (and it is recommended) using an account-level databricks provider block |
@nkvuong I'm running with the databricks provider version of 1.24.0 and I'm still having issues deploying these resources using an account-level databricks provider block:
|
@nkvuong Has there been any update on this? Additionally, I want add one thing to what I mentioned about SDK and API. This works using an account admin token for SDK and API but only if you use the workspace URL, if you use the account URL then this does not work. Could you please let us know as soon as this gets resolved? This seems more and more like a bug and this is blocking us from being able to deploy Unity Catalog/Databricks resources via Terraform at the account-level. Thanks. |
there is clearly an issue with the token you are using to auth with the account-level, and the Terraform provider just returns the error message. I am not sure if there is anything to be done on this project to help |
I think issue if with provider setup:
the host there should point to account console host, not the workspace host as it points, hence that's why you are getting auth error (the '<' error is auth error). for azure, this should look like this, the account endpoint host is static per cloud, hence you can hardcode it if you don't plan to run code on multiple clouds.
for Azure docs are here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/unity-catalog-azure#provider-initialization, see other guides for AWS and Google Cloud, all having the right endpoint for account console there. |
We are using the account console host for the host variable. I specified this at an earlier comment:
Where var.host is the account console host URL just like the example you gave me regarding Azure and we are still getting the authentication error. |
indeed you did mention you changed it, i did not notice it. could you please confirm what is the exact value in the |
also, please try running in debug mode, it should help to see what API calls are made:
more hints here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/troubleshooting |
Here is the exact value of var.host:
|
We also ran the debug and I cannot provide the full output as it showing personal credentials and account id. However, the reoccurring error is this: Error: default auth: cannot configure default credentials. |
We were able to use the CLI with cfg and verified that the client_secret, id combination works, however terraform provider still seems to run into the authentication issue |
We are no longer running into the authentication issue for terraform. We found out that there were conflicts in authentication due to us stating variables in both the databricks provider block and also exporting those same variables as environment variables. Example:
We resolved this by keeping the alias, host, and account_id variables in the databricks provider block, and removing the client_id and client_secret variables from the block and exporting them as environment variables instead. @bhupendra-patil thank you for all the help! |
Hello, I'm trying to deploy the
databricks_metastore
resource to our Databricks account but I'm encountering a weird error when trying to runterraform apply
.Configuration
Expected Behavior
Metastore resource is created in Databricks account.
Actual Behavior
Steps to Reproduce
Terraform and provider versions
The text was updated successfully, but these errors were encountered: