使用 terraform 添加服务主体权限时出现问题

Question

我正在尝试添加在 azure 上管理的服务主体 Databricks，并使用 terraform 放置帐户级别权限，如下所示：

错误：无法创建mws权限分配：找不到/2.0/accounts/4f93b050-9cee-4668-8136-7937fe98f18e/workspaces/6491331033656740/permissionassignments/principals/187629890527464的端点

地形：

provider "databricks" {
  azure_workspace_resource_id = azurerm_databricks_workspace.xxxxx_workspace.id
  host = azurerm_databricks_workspace.xxxxx_workspace.workspace_url
  auth_type = "azure-cli"
}

resource "azurerm_databricks_workspace" "xxxxx_workspace" {
  name                    = "ADM-Databricks-xxxx"
  resource_group_name     = var.resource_group_name
  location                = var.region
  sku                     = "premium"
  custom_parameters {
    storage_account_name = "admdatalakedevxxxxx${random_string.naming.result}"
    
  }
}

resource "databricks_service_principal" "principal" {
  display_name         = "databricks-adm"
  allow_cluster_create = true
  workspace_access = true
  databricks_sql_access = true
}

resource "databricks_group_member" "i-am-admin" {
  group_id  = data.databricks_group.admins.id
  member_id = databricks_service_principal.principal.id
}

resource "databricks_mws_permission_assignment" "add_admin_group" {
  workspace_id = azurerm_databricks_workspace.xxxxx_workspace.workspace_id
  principal_id = databricks_service_principal.principal.id
  permissions  = ["ADMIN"]
}

Answer 1

使用 terraform 添加服务主体权限

您可以使用 terraform 添加权限到服务原理。这是修改后的 terraform 脚本来分配权限。

我的地形配置：

 terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
    }
    databricks = {
      source  = "databricks/databricks"
    }
  }
}

provider "azurerm" {
  features {}
}

variable "resource_group_name" {
  description = "Name of the Azure resource group"
  type        = string
  default = "vinay-rg"
}

variable "region" {
  description = "Azure region where the Databricks workspace will be deployed"
  type        = string
  default = "east us"
}

provider "databricks" {
  host       = "https://accountID.3.azuredatabricks.net/"  # Azure Databricks host
  account_id = "your DB accountID"  # Replace with your actual account ID
  auth_type  = "azure-cli"
}

# Add any other variables you need (e.g., storage account name, etc.)

resource "random_string" "naming" {
  length  = 3
  special = false
  upper   = false  
}


resource "azurerm_databricks_workspace" "my_workspace" {
  name                = "ADM-Databricks-vk"
  resource_group_name = var.resource_group_name
  location            = var.region
  sku                 = "premium"

  custom_parameters {
    storage_account_name = "admdataldevtest${random_string.naming.result}"
  }
}

resource "databricks_service_principal" "sp" {
        application_id       = "Service principle ID"
        display_name         = "testapp"
        allow_cluster_create = true
}

    
resource "databricks_service_principal_role" "account_admin" {
      service_principal_id = databricks_service_principal.sp.id
      role                 = "account_admin"
}

输出：

enter image description here

使用 terraform 添加服务主体权限时出现问题

问题描述投票：0回答：1

1个回答

最新问题

使用 terraform 添加服务主体权限时出现问题

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1