cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Error: cannot create permissions: invalid character '<' looking for beginning of value

abhaigh
New Contributor III

‎08-21-2023 08:31 AM

I'm trying to use terraform to assign a cluster policy to an account-level group (sync'd from AAD via SCIM)

My provider is configured like this

provider "databricks" {
alias = "azure_account"
host = "accounts.azuredatabricks.net"
account_id = "%DATABRICKS_ACCOUNT_ID%"
auth_type = "azure-cli"
}

Each time I try tun it though? I get the error message in the Subject line

I believe that this is the opening "<" of the "<html>" tag of a log-in page - and not the value the system is expecting to be returned from the API endpoint

I know that this configuration IS working correctly when I use it to deploy a test group on the account level with this

resource "databricks_group" "databricks_group_data_engineers" {
provider = databricks.azure_account
display_name = "Test Group"
}

And on the workspace level when I comment out the "providers" line

But I can only appear to be able to apply the policy to a group if the group exists in the workspace level - when I try for an account-level group? I get the invalid "<" character error

Does anyone know how to get around this problem? OR can someone point me in the direction of the code needed to add account-level groups to the individual workspaces? I need to do this as part of a pipeline as we want to simplify databricks user-management as much as possible

Thanks in advance

-=abhaigh=-

.

0 Kudos
1 REPLY 1

Kaniz
Community Manager
Community Manager

‎09-06-2023 04:01 PM

Hi @abhaigh , 

• The issue is related to applying a cluster policy to an account-level group using Terraform.
• The error message indicates that the returned value from the API endpoint is not as expected.

• To resolve the issue, follow these steps:
  - Verify the correctness of the provider configuration, including the hostaccount_id, and auth_type settings.
  - Check if you have permission to apply cluster policies to account-level groups.
  - Ensure that the account-level group exists and is correctly synced from AAD via SCIM.
  - Refer to the Databricks Terraform provider documentation for specific requirements or limitations.
• If the issue persists, provide more specific details about the error message for further troubleshooting.
0 Kudos
Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.