You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Info for configuration pasted in steps to produce. Essentially using azuread and databricks to look at a list of users from an azuread group and create them in databricks. Up until 1.49.1 this worked. After it starts failing to retrieve credential using service principal with azure cli.
Expected Behavior
Should retrieve credential and perform as expected, refreshing state and creating any new users and deleting any users that no longer exist in azure ad.
Actual Behavior
Fails to get credential from local cache past version 1.49.1
Steps to Reproduce
az cli using service principal with account admin
add required providers like
terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = "1.49.1"
}
}
add provider for account like
provider "databricks" {
alias = "azure_account_id"
host = "accounts.azuredatabricks.net"
account_id = var.account_id
auth_type = "azure-cli"
}
add a set of databricks users
resource "databricks_user" "business_users" {
provider = databricks.azure_account_id
user_name = data.azuread_user.business_users[each.value].user_principal_name
display_name = data.azuread_user.business_users[each.value].display_name
active = true
force = true
}
5. fail on refreshing information from account, cannot retrieve credential from local cache.
Terraform and provider versions
Terraform v1.9.6
on windows_amd64
provider registry.terraform.io/databricks/databricks v1.49.1 (stops working on v1.50 and v1.51)
│ Error: cannot read user: failed during request visitor: default auth: azure-cli: cannot get access token: WARNING: Could not retrieve credential from local cache for service principal e0da535f-4aa5-45fd-ad10-0817c932b48c under tenant common. Trying credential under tenant 1e98afad-8153-4889-a48f-60dc77bc87a8, assuming that is an app credential.
│ ERROR: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 3e7f0d70-f60c-4276-bbcb-996f4dac2200 Correlation ID: fbb9e0db-dfdc-44f5-95a7-68b18f7d64a6 Timestamp: 2024-10-01 15:50:11Z
│ Interactive authentication is needed. Please run:
│ az login
│ . Config: host=https://accounts.azuredatabricks.net, account_id=..., azure_tenant_id=common
with databricks_user.business_users["e19e3ae5-7d22-44eb-ac2f-282badf9b128"],
│ on sync_ad_business_users.tf line 20, in resource "databricks_user" "business_users":
│ 20: resource "databricks_user" "business_users" {
Important Factoids
Would you like to implement a fix?
The text was updated successfully, but these errors were encountered:
Configuration
Info for configuration pasted in steps to produce. Essentially using azuread and databricks to look at a list of users from an azuread group and create them in databricks. Up until 1.49.1 this worked. After it starts failing to retrieve credential using service principal with azure cli.
Expected Behavior
Should retrieve credential and perform as expected, refreshing state and creating any new users and deleting any users that no longer exist in azure ad.
Actual Behavior
Fails to get credential from local cache past version 1.49.1
Steps to Reproduce
terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = "1.49.1"
}
}
provider "databricks" {
alias = "azure_account_id"
host = "accounts.azuredatabricks.net"
account_id = var.account_id
auth_type = "azure-cli"
}
resource "databricks_user" "business_users" {
provider = databricks.azure_account_id
for_each = toset(data.azuread_group.business_users.members)
user_name = data.azuread_user.business_users[each.value].user_principal_name
display_name = data.azuread_user.business_users[each.value].display_name
active = true
force = true
}
5. fail on refreshing information from account, cannot retrieve credential from local cache.
Terraform and provider versions
Terraform v1.9.6
on windows_amd64
Is it a regression?
This works up until 1.49.1, stops working at 1.50
Debug Output
│ Error: cannot read user: failed during request visitor: default auth: azure-cli: cannot get access token: WARNING: Could not retrieve credential from local cache for service principal e0da535f-4aa5-45fd-ad10-0817c932b48c under tenant common. Trying credential under tenant 1e98afad-8153-4889-a48f-60dc77bc87a8, assuming that is an app credential.
│ ERROR: AADSTS50059: No tenant-identifying information found in either the request or implied by any provided credentials. Trace ID: 3e7f0d70-f60c-4276-bbcb-996f4dac2200 Correlation ID: fbb9e0db-dfdc-44f5-95a7-68b18f7d64a6 Timestamp: 2024-10-01 15:50:11Z
│ Interactive authentication is needed. Please run:
│ az login
│ . Config: host=https://accounts.azuredatabricks.net, account_id=..., azure_tenant_id=common
with databricks_user.business_users["e19e3ae5-7d22-44eb-ac2f-282badf9b128"],
│ on sync_ad_business_users.tf line 20, in resource "databricks_user" "business_users":
│ 20: resource "databricks_user" "business_users" {
Important Factoids
Would you like to implement a fix?
The text was updated successfully, but these errors were encountered: