79192531

Date: 2024-11-15 13:20:29
Score: 2.5
Natty:
Report link

I've tried solving this with the following terraform code snippet

provider "databricks" {
  alias      = "account"
  account_id = "00000000-0000-0000-0000-000000000000"
  host       = "https://accounts.azuredatabricks.net"
}

provider "databricks" {
  account_id = "00000000-0000-0000-0000-000000000000"
  host       = module.databricks.workspace_url
}

locals {
  workspace_user_groups = toset([
    "my_account_group",
  ])
}

data "databricks_group" "workspace_user_groups" {
  provider   = databricks.account
  for_each   = local.workspace_user_groups

  display_name = each.value
}

resource "databricks_permission_assignment" "workspace_user_groups" {
  for_each = local.workspace_user_groups

  principal_id = data.databricks_group.workspace_user_groups[each.key].id
  permissions  = ["USER"]
}

resource "databricks_group" "workspace_user_groups" {
  depends_on = [databricks_permission_assignment.workspace_user_groups]
  for_each   = local.workspace_user_groups

  display_name = each.value
}

but this fails with a claim issue like the following when reading the account groups:

Error: cannot read group: io.jsonwebtoken.IncorrectClaimException: Expected iss claim to be: https://sts.windows.net/9652d7c2-1ccf-4940-8151-4a92bd474ed0/, but was: https://sts.windows.net/4ed310c5-f7a0-49ec-982b-34aeeeaea662/

anyone knows what's the issue here ?

Reasons:
  • Blacklisted phrase (1): anyone knows
  • Long answer (-1):
  • Has code block (-0.5):
  • Ends in question mark (2):
  • Low reputation (1):
Posted by: clowa