Re: Understanding the Use of a Specific Terraform ...

jv_v · ‎06-27-2024

I implemented the following Terraform code for configuring a Databricks metastore data access:

terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
databricks = {
source = "databricks/databricks"

}
}
}

provider "azurerm"{
alias = "azure"
skip_provider_registration = true
features {}
subscription_id = var.subscription_id
tenant_id = var.tenant_id
client_id = var.client_id
client_secret = var.client_secret
}

// Provider for databricks account
provider "databricks" {
alias = "azure_account"
host = "https://accounts.azuredatabricks.net"
account_id = var.account_id
#auth_type = "azure-cli"
client_id = var.client_id
client_secret = var.db_client_secret

}

// Provider for databricks workspace
provider "databricks" {
alias = "Workspace"
host = local.databricks_workspace_host
client_id = var.client_id
client_secret = var.db_client_secret
}

// Task: Create the first unity catalog metastore
resource "databricks_metastore" "this" {
provider = databricks.azure_account
name = var.metastore_name
region = var.use_existing_resource_group ? data.azurerm_resource_group.existing[0].location : azurerm_resource_group.new[0].location
storage_root = format("abfss://%s@%s.dfs.core.windows.net/",
azurerm_storage_container.unity_catalog.name,
azurerm_storage_account.unity_catalog.name)
force_destroy = true
owner = var.owner
}
// Task : Attach the databricks workspace to the metastore
resource "databricks_metastore_assignment" "this" {
provider = databricks.Workspace
workspace_id = local.databricks_workspace_id
metastore_id = databricks_metastore.this.id
default_catalog_name = var.default_catalog_name
}

//Task :Assign managed identity to metastore
resource "databricks_metastore_data_access" "first" {
provider = databricks.azure_account
metastore_id = databricks_metastore.this.id
name = "the-metastore-key"
azure_managed_identity {
access_connector_id = azurerm_databricks_access_connector.unity.id
}
is_default = true
depends_on = [databricks_metastore_assignment.this]
}

output "metastore_data_access_details" {
value = {
metastore_id = databricks_metastore_data_access.first.id
access_connector_id = databricks_metastore_data_access.first.azure_managed_identity
}
}

However, I'm encountering the following error when executing this code:

"databricks_metastore_data_access.first" error: cannot create metastore data access: User does not have CREATE EXTERNAL LOCATION on Metastore"

Any insights or suggestions to resolve this issue would be greatly appreciated!