Hi all,
I'm trying to automate the deployment of Databricks into GCP. In order to streamline the process, I created a standalone project to hold the service accounts SA1 and SA2, with the second one then being manually populated into the Databricks account console as an "Account Admin" user. The idea was that this would then be a one-time manual intervention, allowing SA2 to be used for all workspace creation tasks regardless of the environment / project (each of our environments is a dedicated project in GCP). I have provisioned the SA2 account as "owner" of the project that will host the workspace, however this does not appear to be sufficient to create the workspace.
The API returns a 201 response, and the new workspace appears in the account console, but with a Status as "Failed", and a Status Message as "Workspace failed to launch. Error: Unknown Error." I can see no associated errors in the GCP logs for the project.
If I create the SA1 and SA2 accounts in the workspace project, the workspace is created successfully, which suggests to me that either a) there are additional roles I need to consider to enable SA2 to be hosted from a different project, or b) the workspace creation can only be conducted by a SA hosted on the workspace project.
Would anyone be able to advise on which of these is true?
Many thanks in advance
