terraform-provider-databricks icon indicating copy to clipboard operation
terraform-provider-databricks copied to clipboard

Published 20 hours ago verified publisher icon databricks

[ISSUE] Issue with `databricks_user` resource. Users made 'inactive' instead of being removed on terraform destroy

Open canhassancode opened this issue 1 year ago • 2 comments

Configuration

locals {
  grant_statements = flatten([
    for user in var.grants : [
      for grant in user.grants : {
        role_name = grant
        user_id   = user.id
      }
    ]
  ])
}

resource "databricks_user" "account_admin_user" {
  for_each = {
    for grant in local.grant_statements : join("_", [grant.user_id, grant.role_name]) => grant if grant.role_name == "account admins"
  }
  user_name             = each.value.user_id
  display_name          = join(" ", [split(".", split("@", each.value.user_id)[0])[0], split(".", split("@", each.value.user_id)[0])[1]])
  allow_cluster_create  = true
  databricks_sql_access = true
  active                = true
}

Expected Behavior

User deleted (removed) from Databricks User Management successfully. Available to be re-provisioned if needs be.

Actual Behavior

User made Inactive instead of being removed. This causes an issue when trying to re-apply the same resource with the same email:

Error: cannot create user: User with email [email protected] already exists in this account. Note: emails are case insensitive (i.e [email protected] and [email protected] are considered equivalent)

Steps to Reproduce

  1. terraform apply user from json map of ids. Json is format: test-file.json
[
  {
    "id": "[email protected]",
    "grants": [
      "account admins"
    ]
  },
...
]
  1. Remove [email protected] from json.
  2. terraform apply will remove user [email protected] because # (because key ["[email protected]_account admins"] is not in for_each map).
  3. Check User Management tab in Databricks -> user still exists but is instead Inactive.

Terraform and provider versions

  • Terraform: 1.4.6
  • Databricks: 1.33.0

canhassancode avatar Jan 10 '24 09:01 canhassancode

It's documented here: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/user#disable_as_user_deletion

alexott avatar Jan 10 '24 10:01 alexott

Setting disable_as_user_deletion to false didn't work as expected. However, it states force_delete_repos and force_delete_home_dir needs to also be set for it to work? I'm going to enable those flags to true and see if this works. Before I proceed with that, will this affect any other users? What are the responsibilities of repos and home_dir. Does it pertain to a single user? Thanks in advance!

canhassancode avatar Jan 12 '24 08:01 canhassancode