Terraform Databricks AWS 实例配置文件 - “未为提供商配置身份验证" [英] Terraform Databricks AWS instance profile - "authentication is not configured for provider"

问题描述

我正在尝试使用 文档.

Terraform 可以成功生成计划，但是当我尝试应用它时，它给了我这个错误:

Terraform can generate the plan successfully but when I try to apply it it gives me this error:

╷
│ Error: cannot create instance profile: authentication is not configured for provider.. Please check https://registry.terraform.io/providers/databrickslabs/databricks/latest/docs#authentication for details
│
│   with databricks_instance_profile.shared,
│   on IAM.tf line 73, in resource "databricks_instance_profile" "shared":
│   73: resource "databricks_instance_profile" "shared" {

我在我的 terraform tfvars 文件中为数据块设置了用户名/密码身份验证，这很有效 - 它能够实际配置工作区，但在创建实例配置文件时失败.

I have setup username/password authentication for databricks in my terraform tfvars files and this works - it is able to actually provision a workspace, but fails when creating the instance profile.

感谢任何关于我做错了什么的意见.

Appreciate any inputs on what I'm doing wrong.

推荐答案

通常在创建工作空间时会出现这种问题尝试在同一个 terraform 模板中使用它.解决方案是有两个 Databricks 提供程序声明 - 一个将用于创建工作区，第二个 - 用于创建工作区内的对象.AWS 配置指南 是官方文档并包含完整示例:

Usually this kind of problems arise when you create a workspace & attempt to use it in the same terraform template. The solution for that is to have two declarations of the Databricks provider - one will be used for creation of the workspace, and second - for creation of the objects inside workspace. The AWS provisioning guide is a part of official documentation and contains full example:

provider "databricks" {
  alias    = "mws"
  host     = "https://accounts.cloud.databricks.com"
  username = var.databricks_account_username
  password = var.databricks_account_password
}

# Notice "provider = databricks.mws" !
resource "databricks_mws_credentials" "this" {
  provider         = databricks.mws
  account_id       = var.databricks_account_id
  role_arn         = aws_iam_role.cross_account_role.arn
  credentials_name = "${local.prefix}-creds"
  depends_on       = [aws_iam_role_policy.this]
}

provider "databricks" {
  host  = var.databricks_host
  token = var.databricks_token
}

resource "databricks_instance_profile" "shared" {
  depends_on = [databricks_mws_workspaces.this]
  instance_profile_arn = aws_iam_instance_profile.shared.arn
}

另一个常见问题是 Terraform 试图并行运行尽可能多的任务，因此它可能会在创建工作空间之前尝试创建 Terraform 资源 - 这是 明确记录AWS 配置指南，因此您需要将 depends_on = [databricks_mws_workspaces.this] 添加到所有 databricks 资源，因此 Terraform 在创建工作区之前不会尝试创建 Databricks 对象:

Another common issue arises from the fact that Terraform is trying to run as many tasks as possible in parallel, so it may attempt to create Terraform resource before workspace is created - this is explicitly documented in the AWS provisioning guide, so you need to add depends_on = [databricks_mws_workspaces.this] to all databricks resources, so Terraform won't attempt to create Databricks objects before creating workspace:

附:还建议升级到最新版本的提供程序(截至目前为 0.4.4)，该版本对此类问题有更好的错误消息.

P.S. It's also recommended to upgrade to the latest version of provider (0.4.4 as of right now) that has better error messages for such problems.

这篇关于Terraform Databricks AWS 实例配置文件 - “未为提供商配置身份验证"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！