I have a Databricks SQL warehouse. When I try to start it, I get the following error:
Clusters are failing to launch. Cluster launch will be retried.
Details for the latest failure: Error: Cannot fetch secrets referred in the Spark configuration. Please check that the secrets exists and the cluster's owner has read permissions. Type: CLIENT_ERROR Code: INVALID_ARGUMENT
I am not sure what's wrong, can somebody explain?
Each Databricks workspace allows administrators to define "data access configuration" for their SQL warehouses.
The most common use cases for these are to configure credentials of service principals with direct access to cloud object storage (eg. ADLS, S3, GCS) that can be then be used by the compute on behalf of users accessing Delta tables or other files stored in the cloud.
Databricks allows you to use Databricks secrets in the configuration so you can secure and rotate the value of a client secret independently of the configuration itself.
In the error above, one of the secrets being used in the configuration is no longer readable, either because permissions have changed on the secret scope, or (most commonly) the secret was removed entirely.
Unfortunately, there's not a way to currently to identify which secret or secrets are causing the error. You have to check for the existence of secret manually or remove secrets from the configuration until the error is resolved.