I want to set the account admin for a service principal in order to create the Unity Catalog metastore. The Terraform code looks like this:
data "databricks_service_principal" "application" {
count = var.environment == "dev" ? 1 : 0
application_id = "00000000-0000-0000-0000-000000000000"
}
resource "databricks_service_principal_role" "account_admin" {
count = var.environment == "dev" ? 1 : 0
service_principal_id = data.databricks_service_principal.application[0].id
role = "account_admin"
}
This should theoretically work according to the answers in this thread.
But unfortunately I get following error from Terraform for the resource "databricks_service_principal_role": Error: cannot read service principal role: Service Principal has no role
For me this error message is not very useful and I don't know what is wrong here. Is this maybe a bug in the Databricks Terraform provider?
Site notes (if relevant):
- I'm using the newest Databricks Terraform provider (V 1.21)
- The Databricks workspace is deployed in Azure.
- Using the "databrick_user_role" resource and trying to assign the account_admin role to a Databricks user will produce the same error message:
User has no role
Looking at the source code on GitHub (Databricks Terraform provider) I found the error message from above but I don't understand why the ReadContext section in there is even executed.
It would be really nice if someone can help me, as I have to enable the Unity Catalog metastore very soon
The code works just fine, like this:
Most probably you have the provider miscofigured - this should happen if you're trying to do this on the workspace level, while it should be done on the account level.
P.S. It could be confusing because right now Unity Catalog resources are created via workspace-level API.