我正在尝试创建一个版本,它可以对 terraform 发挥一些魔力,但当我尝试应用更改时我卡住了。
当我从桌面推送它时,它工作正常,但我使用 azure devops 的托管身份进行操作时,它崩溃了。
我做了一步一步的指导https://docs.databricks.com/en/dev-tools/auth/oauth-m2m.html#language-Terraform
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.62.0"
}
databricks = {
"source" = "databricks/databricks"
version = "~>1.34"
}
}
required_version = ">= 1.1.0"
}
provider "azurerm" {
features {}
}
provider "databricks" {
alias = "workspace"
host = "adb-xxxxxxxxx.azuredatabricks.net"
client_id = "xxxxxxxxxxxxx"
client_secret = "xxxxxxxxxxxxxxxxxxxxx"
}
data "databricks_jobs" "this" {}
resource "databricks_permissions" "everyone_can_view_all_jobs" {
for_each = data.databricks_jobs.this.ids
job_id = each.value
access_control {
group_name = "xxxxxxxxx"
permission_level = "CAN_MANAGE"
}
access_control {
permission_level = "xxxxxxxxxx"
service_principal_name = var.adf_id_for_env
}
}
我尝试使用 Terraform 任务和 Azure Powershell,但都给出了相同的错误。
读取作业:无法读取数据作业:默认身份验证:无法配置默认凭据,请检查https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication进行配置您首选的身份验证方法的凭据。配置:azure_use_msi=true、azure_tenant_id=xxxxxxxxx。环境:ARM_USE_MSI、ARM_TENANT_ID
无法读取数据作业:默认身份验证:无法配置默认凭据,请检查 https://docs.databricks.com/en/dev-tools/auth.html#databricks-client-unified-authentication 为您配置凭据首选身份验证方法
我想让它工作,对于powershell脚本,我有类似的东西来识别环境,但没有办法在terraform中强制它。
databricks jobs create --json @C:/Jobs/$_ -p 'TEST'
Azure Databricks Terraform“无法配置默认凭据”。
尝试在 Terraform 中读取 Databricks 作业时遇到的错误表明 Databricks 提供程序配置中的身份验证设置存在问题。看来默认身份验证机制无法使用提供的凭据或方法正确配置自身。
确保所使用的托管身份具有访问 Databricks 工作区的正确权限。它至少应具有 Databricks 工作区的贡献者权限才能读取作业数据。
确保正确设置与 Azure 身份验证(尤其是托管身份)相关的环境变量。其中包括:
ARM_USE_MSI
ARM_CLIENT_ID
(如果适用)ARM_TENANT_ID
ARM_SUBSCRIPTION_ID
在运行脚本之前,请确保在您的工作区中创建了作业,并确保您在工作区中拥有必要的权限。
我的地形配置:
main.tf
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
}
databricks = {
source = "databricks/databricks"
}
}
}
provider "azurerm" {
features {}
}
variable "azure_tenant_id" {
type = string
description = "Tenant ID for Azure account"
}
variable "adf_id_for_env" {
type = string
description = "Service Principal ID or Managed Identity used by Azure Data Factory"
}
provider "databricks" {
host = "https://adb-xxxxxxxxxxx.x.azuredatabricks.net"
azure_use_msi = true
azure_tenant_id = var.azure_tenant_id
}
data "databricks_jobs" "this" {}
resource "databricks_permissions" "everyone_can_view_all_jobs" {
for_each = data.databricks_jobs.this.ids
job_id = each.value
access_control {
group_name = "users"
permission_level = "CAN_MANAGE"
}
access_control {
permission_level = "IS_OWNER"
service_principal_name = var.adf_id_for_env
}
}
部署成功: