-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE] Databricks provider uses invalid access token #66
Comments
Note that this does not happen every time... it seems another issue where the API says it's okay, but you can't use it right away |
@sdebruyn hmm a bit tricky to recreate this, we can use the retry functionality implemented a little while ago to potentially retry http calls with this but, I am not sure if that is ideal. I want to see if others have any thoughts on why this is happening or if it is reproducible. If you find a way to reproduce it 1/n times that would be great! Till then I would like to hold off on making changes to the token configure. We will switch to AAD tokens when they support secrets 👍 . |
It doesn't happen on every run, but it did here: https://github.com/datarootsio/terraform-module-azure-datalake/commit/cc36e3c69acef26821ddbfb980b867a6d6241b82/checks |
We consistently see this issue when our deployments take longer than 10 minutes, which is often the case when cluster creation is part of the operation. I think I have tracked this down to the fact that the workspace access token created is hard-coded to live for 600 seconds: https://github.com/databrickslabs/terraform-provider-databricks/blob/master/databricks/azure_auth.go#L136 (not 60 mins as the comment suggests) I believe this may also explain the behavior seen in #94 (though the cause of the timeout there looks like a separate issue). |
That is a very good point. My deployments can take up to an hour because they involve connecting several components and some resources like Cosmos DB takes about 10 minutes for that resource alone. Maybe it would be useful to have an expiration of 1 hour with automatic renewal before it expires? |
proposed pull request is here at #110 please let me know if that seems appropriate fix for this. |
probably we'd need to re-issue PAT's on 403 responses, when they expire |
Terraform Version
Current master branch
Affected Resource(s)
Terraform Configuration Files
https://github.com/datarootsio/terraform-module-azure-datalake/blob/a3c400b5bf40c2d64159bd703428c062f0174a23/databricks.tf
Debug Output
https://github.com/datarootsio/terraform-module-azure-datalake/runs/709963745?check_suite_focus=true
Expected Behavior
Create a
databricks_secret
Actual Behavior
See error output above
Steps to Reproduce
Please list the steps required to reproduce the issue, for example:
Comments
At first sight I thought it was an issue with
databricks_token
but it does not seem to be directly related to that resource. It seems to be an issue with the token that this provider is using underneath to create the resources as this seems to happen with adatabricks_secret
that isn't using any access tokens explictly.The text was updated successfully, but these errors were encountered: