terraform-provider-databricks [ISSUE] Issue granting account level user group permissions for cluster policy

trafficstars

Configuration

Terraform v0.13.7

terraform {
  required_providers {
    databricks = {
      source  = "databricks/databricks"
      version = "~> 1.2.1"
    }
  }
}

provider databricks {
  alias   = "workspace"
}

provider "databricks" {
  alias      = "mws"
  host       = "https://accounts.cloud.databricks.com"
  account_id = var.account-id
  username   = var.databricks-username
  password   = var.databricks-password
}

# define cluster policy
locals {
  cluster_policy = {
    "dbus_per_hour" : {
      "type" : "range",
      "maxValue" : 10
    },
    "autotermination_minutes" : {
      "type" : "fixed",
      "value" : 20,
      "hidden" : true
    }
  }
}

# Create account level user group
resource "databricks_group" "account_group" {
  provider                   = databricks.mws
  display_name               = "test_terraform"
}

# Attach user group to workspace

resource "databricks_mws_permission_assignment" "add-group-to-workspace" {
  provider     = databricks.mws
  workspace_id = "XXX"
  principal_id = databricks_group.account_group.id
  permissions  = ["USER"]
}

# Add entitlements to workspace level work
resource "databricks_group" "workspace_group" {
  provider                   = databricks.workspace
  display_name               = "test_terraform"
  allow_cluster_create       = false
  allow_instance_pool_create = false
  databricks_sql_access      = false
  workspace_access           = true
  force                      = true

  depends_on = [
    databricks_group.account_group
  ]
}

# Create cluster policy
resource "databricks_cluster_policy" "this" {
  provider   = databricks.workspace
  name       = "Test Terraform Cluster Policy"
  definition = jsonencode(local.cluster_policy)
}

# Grant the workspace group access to the cluster policy
resource "databricks_permissions" "cluster_policy_permission" {
  provider          = databricks.workspace
  cluster_policy_id = databricks_cluster_policy.this.id
  access_control {
    group_name       = databricks_group.workspace_group.display_name
    permission_level = "CAN_USE"
  }

  depends_on = [
    databricks_group.workspace_group
  ]
}

Expected Behavior

terraform apply succeeds and user group has access to cluster policy.

Actual Behavior

terraform apply fails with the following message

Error: Provider produced inconsistent result after apply

When applying changes to databricks_permissions.cluster_policy_permission,
provider "registry.terraform.io/databricks/databricks" produced an unexpected
new value: Root resource was present, but now absent.

This is a bug in the provider, which should be reported in the provider's own
issue tracker.

User group does not have access to use the cluster policy.

Steps to Reproduce

Create account level user group
Create workspace level user group
Create cluster policy
Try to give the user group permission to the cluster policy.

Terraform and provider versions

Terraform v0.13.7 databricks/databricks 1.2.1

Aug 26 '22 21:08 jose-pvargas

@jose-pvargas could you add debug log to this issue, i.e. TF_LOG=DEBUG terraform apply -no-color please?

Aug 30 '22 13:08 nkvuong

Following up - is this issue still relevant?

Oct 13 '22 10:10 nfx

terraform-provider-databricks terraform-provider-databricks copied to clipboard

[ISSUE] Issue granting account level user group permissions for cluster policy

Configuration

Expected Behavior

Actual Behavior

Steps to Reproduce

Terraform and provider versions

terraform-provider-databricks
terraform-provider-databricks copied to clipboard