I want to set the account admin for a service principal in order to create the Unity Catalog metastore. The Terraform code looks like this:
data "databricks_service_principal" "application" {
count = var.environment == "dev" ? 1 : 0
application_id = "00000000-0000-0000-0000-000000000000"
}
resource "databricks_service_principal_role" "account_admin" {
count = var.environment == "dev" ? 1 : 0
service_principal_id = data.databricks_service_principal.application[0].id
role = "account_admin"
}
This should theoretically work according to the answers in this thread.
But unfortunately I get following error from Terraform for the resource "databricks_service_principal_role": Error: cannot read service principal role: Service Principal has no role
For me this error message is not very useful and I don't know what is wrong here. Is this maybe a bug in the Databricks Terraform provider?
Site notes (if relevant):
User has no roleLooking at the source code on GitHub (Databricks Terraform provider) I found the error message from above but I don't understand why the ReadContext section in there is even executed.
It would be really nice if someone can help me, as I have to enable the Unity Catalog metastore very soon 🙂
The code works just fine, like this:
data "databricks_service_principal" "application" {
application_id = "xxxxxxxxxx"
}
resource "databricks_service_principal_role" "account_admin" {
service_principal_id = data.databricks_service_principal.application.id
role = "account_admin"
}
Most probably you have the provider miscofigured - this should happen if you're trying to do this on the workspace level, while it should be done on the account level.
provider "databricks" {
host = "https://accounts.azuredatabricks.net"
account_id = "xxxxx"
}
P.S. It could be confusing because right now Unity Catalog resources are created via workspace-level API.