I am wondering if someone already encountered this error I am getting when trying to create OBO Tokens for Databricks Service Principals.
When setting up the databricks_permissions I get:
Error: ENDPOINT_NOT_FOUND: Unsupported path: /api/2.0/accounts/< my account >/scim/v2/Me for account: < my account >
My code is really no different from what you see in the documentation: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/obo_token
variable "principals" {
type = list(
object({
name = string
active = bool
})
)
}
resource "databricks_service_principal" "sp" {
count = length(var.principals)
display_name = "${var.prefix}-${var.principals[count.index].name}"
active = var.principals[count.index].active
workspace_access = var.principals[count.index].active
databricks_sql_access = var.principals[count.index].active
allow_cluster_create = false
allow_instance_pool_create = false
}
resource "databricks_permissions" "token_usage" {
count = length(var.principals)
authorization = "tokens"
access_control {
service_principal_name = databricks_service_principal.sp[count.index].application_id
permission_level = "CAN_USE"
}
}
The Service Principals are created as expected, but then databricks_permissions throws the odd error.
Fixed.
The issue was that I was trying to provision databricks_permissions with the same Databricks provider I used to create the workspace.
After creating the workspace, creating a new provider with that new workspace token fixed the issue
So, first one has to create the workspace with the normal provider:
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
username = < ... >
password = < ... >
account_id = < ... >
}
Then, configure a new provider using that workspace:
provider "databricks" {
alias = "workspace"
host = module.databricks-workspace.databricks_host
token = module.databricks-workspace.databricks_token
}