I want to set the account admin for a service principal in order to create the Unity Catalog metastore. The Terraform code looks like this:
data "databricks_service_principal" "application" {
count = var.environment == "dev" ? 1 : 0
application_id = "00000000-0000-0000-0000-000000000000"
}
resource "databricks_service_principal_role" "account_admin" {
count = var.environment == "dev" ? 1 : 0
service_principal_id = data.databricks_service_principal.application[0].id
role = "account_admin"
}
This should theoretically work according to the answers in this thread.
But unfortunately I get following error from Terraform for the resource "databricks_service_principal_role": Error: cannot read service principal role: Service Principal has no role
For me this error message is not very useful and I don't know what is wrong here. Is this maybe a bug in the Databricks Terraform provider?
Site notes (if relevant):
- I'm using the newest Databricks Terraform provider (V 1.21)
- The Databricks workspace is deployed in Azure.
- Using the "databrick_user_role" resource and trying to assign the account_admin role to a Databricks user will produce the same error message: User has no role
Looking at the source code on GitHub (Databricks Terraform provider) I found the error message from above but I don't understand why the "ReadContext" section in there is even executed.
It would be really nice if someone can help me, as I have to enable the Unity Catalog metastore very soon 🙂