Hi all,
When I use Terraform in an Azure DevOps pipeline to create Databricks Storage Credential, I got the following error. Has anybody met the same error before? Or is there any idea how to debug it?
Error: cannot create storage credential: failed during request visitor: default auth: azure-cli: cannot get account info: exit status 1.
My implementation.
(1) Below is my `main.tf`. It works well on my local using my own Azure account.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "4.2.0"
}
databricks = {
source = "databricks/databricks"
version = "1.52.0"
}
}
}
provider "azurerm" {
features {}
subscription_id = "${var.AZURE_SUBSCRIPTION_ID}"
}
provider "databricks" {
host = var.DATABRICKS_HOST
retry_timeout_seconds = 600
}
data "azurerm_databricks_access_connector" "unity_catalog_access_connector" {
name = "unity-catalog-access-connector"
resource_group_name = "rg-dbr-managed-${var.ENVIRONMENT}"
}
resource "databricks_storage_credential" "dbr_strg_cred" {
name = "dbr_strg_cred_${var.ENVIRONMENT}"
azure_managed_identity {
access_connector_id = data.azurerm_databricks_access_connector.unity_catalog_access_connector.id
}
}
(2) However, I got an error when I apply the Terraform file in an Azure DevOps pipeline. Below is my `azure-pipelines.yaml`.
trigger: none
pool:
vmImage: ubuntu-latest
variables:
- group: vg-dbr-dev
stages:
- stage: setup
jobs:
- job: setup
displayName: "Set up Databricks workspace using Terraform"
steps:
- script: |
echo "##vso[task.setvariable variable=TF_VAR_DATABRICKS_HOST]$DATABRICKS_HOST"
echo "##vso[task.setvariable variable=TF_VAR_AZURE_SUBSCRIPTION_ID]$AZURE_SUBSCRIPTION_ID"
echo "##vso[task.setvariable variable=TF_VAR_ENVIRONMENT]$ENV"
displayName: 'Set up environment variables'
- script: env | sort
displayName: 'Environment / Context'
- task: UsePythonVersion@0
displayName: 'Use Python 3.12'
inputs:
versionSpec: 3.12
- script: |
python -m pip install wheel
displayName: 'Install dependencies'
- task: TerraformInstaller@1
displayName: Install Terraform 1.9.2
inputs:
terraformVersion: 1.9.2
- task: TerraformTaskV4@4
displayName: Initialize Terraform
inputs:
provider: 'azurerm'
command: 'init'
backendServiceArm: '$(DEVOPS_SERVEICE_CONNECTION)'
backendAzureRmResourceGroupName: '$(TERRAFORM_STATE_STORAGE_RESOURCE_GROUP_NAME)'
backendAzureRmStorageAccountName: '$(TERRAFORM_STATE_STORAGE_ACCOUNT_NAME)'
backendAzureRmContainerName: '$(TERRAFORM_STATE_STORAGE_CONTAINER_NAME)'
backendAzureRmKey: 'state.tfstate'
- task: TerraformTaskV4@4
name: terraformPlan
displayName: Create Terraform Plan
inputs:
provider: 'azurerm'
command: 'plan'
commandOptions: '-out main.tfplan'
environmentServiceNameAzureRM: '$(DEVOPS_SERVEICE_CONNECTION)'
# Only runs if the 'terraformPlan' task has detected changes the in state.
- task: TerraformTaskV4@4
displayName: Apply Terraform Plan
condition: eq(variables['terraformPlan.changesPresent'], 'true')
inputs:
provider: 'azurerm'
command: 'apply'
commandOptions: 'main.tfplan'
environmentServiceNameAzureRM: '$(DEVOPS_SERVEICE_CONNECTION)'
(3) In the Azure DevOps pipeline, I use a DevOps Service Connection, which refers to a Microsoft Entra ID app (a service principal). I have added this service principal to the Databricks account and the Databricks workspace, and give the service principal the account admin and workspace admin permissions.
However, the pipeline reports error in the last step.
/opt/hostedtoolcache/terraform/1.9.2/x64/terraform apply -auto-approve main.tfplan
databricks_storage_credential.dbr_strg_cred: Creating...
ā·
ā Error: cannot create storage credential: failed during request visitor: default auth: azure-cli: cannot get account info: exit status 1. Config: host=https://adb-123123123123123.1.azuredatabricks.net, azure_client_id=***, azure_tenant_id=d123123-1234-1234-1234-123123123. Env: DATABRICKS_HOST, ARM_CLIENT_ID, ARM_TENANT_ID
ā
ā with databricks_storage_credential.dbr_strg_cred,
ā on main.tf line 33, in resource "databricks_storage_credential" "dbr_strg_cred":
ā 33: resource "databricks_storage_credential" "dbr_strg_cred" {
ā
āµ
##[error]Error: The process '/opt/hostedtoolcache/terraform/1.9.2/x64/terraform' failed with exit code 1
Does anybody have any idea? Thank you.