[FEATURE] Feature request to support changing the entitlement for users/admins group

[pratikbhawsar26]

trafficstars

We get the users and admins group created by default in workspace. Hence if there can be a way we can change the entitlements of the group after the import, It will be very useful.

Configuration

resource "databricks_group" "db_default_users_group" {
  display_name               = "users"
  allow_cluster_create = true
  allow_instance_pool_create = true
  databricks_sql_access = true
}

Expected Behavior

It should change the entitlements for the group users. (I have imported the "users" group beforehand)

Actual Behavior

Getting this exception - │ Error: expected display_name to not be any of [users admins], got users │ │ with databricks_group.db_default_users_group, │ on groups.tf line 18, in resource "databricks_group" "db_default_users_group": │ 18: display_name = "users"

[nkvuong]

the provider validate the display_name to ensure it does not match system groups (admins/users), as you cannot delete it. @nfx would it make sense to still allow this in case users provide the force attribute, assuming they understand the consequence?

[alexott]

There are two approaches:

1. Handle these groups specially in the databricks_group, and when performing delete don't actually delete them, but reset to some defaults (maybe captured when we create them). Main pro: it's the same interface, etc. Main cons: we need to handle all corner cases correctly, etc.
2. Create a new resource for that groups. Main cons - it could be confusing for people.