cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Get Started Discussions
Start your journey with Databricks by joining discussions on getting started guides, tutorials, and introductory topics. Connect with beginners and experts alike to kickstart your Databricks experience.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

error creating token when creating databricks_mws_workspace resource on GCP

Go to solution
yurib
New Contributor III

ā€Ž07-16-2024 06:47 AM - edited ā€Ž07-16-2024 06:49 AM

 

resource "databricks_mws_workspaces" "this" {
  depends_on = [ databricks_mws_networks.this ]
  provider = databricks.account
  account_id = var.databricks_account_id
  workspace_name = "${local.prefix}-dbx-ws"
  location = var.google_region

  cloud_resource_container {
    gcp {
      project_id = var.google_project
    }
  }
  private_access_settings_id = var.databricks_pas_id 
  network_id = databricks_mws_networks.this.network_id
  gke_config {
    connectivity_type = "PRIVATE_NODE_PUBLIC_MASTER"
    master_ip_range = var.mws_workspace_gke_master_ip_range
  }
  token {}
  pricing_tier = "PREMIUM"
}
...
ā”‚ Error: cannot create mws workspaces: cannot create token: failed during request visitor: default auth: cannot configure default credentials, please check https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication to configure credentials for your preferred authentication method. Config: host=https://xxxx.gcp.databricks.com, google_service_account=xxxā€‹

 

The workspace appears to be created - I can interact with it in the Databricks account console and with the respective google resources via google cloud console, but the `terraform apply` command fails with the above error.

`terraform destroy` fails with a similar error about reading the token.

The errors go away if I authenticate with the newly created workspace (databricks auth login --host https://xxx.gcp.databricks.com  ) but at that point terraform marks the workspace resource as tainted, forcing re-creating it and producing the same error for the yet newer workspace.

versions / provider definition:

 

terraform {
  required_providers {
    databricks = {
      source  = "databricks/databricks"
      version = "1.48.3"
      configuration_aliases = [ databricks.account, databricks.workspace ]
    }
  }
}

provider "databricks" {
  alias                  = "account"
  host                   = var.account_console_url
  account_id             = var.databricks_account_id
  google_service_account = var.databricks_google_service_account
}

provider "databricks" {
  alias                  = "workspace"
  host                   = databricks_mws_workspaces.this.workspace_url
  token                  = databricks_mws_workspaces.this.token[0].token_value
}

 

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
yurib
New Contributor III

ā€Ž07-17-2024 02:22 PM

my issue was caused be credentials in `~/.databrickscfg` (generated by databricks cli) taking precedence over the creds set by `gcloud auth application-default login`. google's application default creds should be used when using the databricks google service account for deploying resources. deleting / renaming ~/.databrickscfg resolved my problem.

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
yurib
New Contributor III

ā€Ž07-17-2024 02:22 PM

my issue was caused be credentials in `~/.databrickscfg` (generated by databricks cli) taking precedence over the creds set by `gcloud auth application-default login`. google's application default creds should be used when using the databricks google service account for deploying resources. deleting / renaming ~/.databrickscfg resolved my problem.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityā€”sign up today to get started!

Sign Up Now
Announcements
Top