[FEATURE] `databricks_metastore_assignment` desired state resource

[joshua-holland-aware]

Use-cases

Currently the only way to assign a Unity Catalog Metastore to a Databricks Workspace is to create multiple databricks_metastore_assignment `resources, that will add individual workspaces to a resource.

Currently there is no way to define a "Desired state" where you define an authoritative list, so that when there are any Metastore assignments that happen outside of Terraform will always silently remain.

This means the Terraform provider can't be part of the Security controls to prevent data leakage between environments, even if it is the only place supposed to be assigning all the permissions.

Attempted Solutions

There currently is no documented approach for this.

Proposal

Implement a new databricks_metastore_assignment resource that fetches the current list of all Databricks Workspaces using the Get all workspaces assigned to a metastore API call and perform the changes that will need to be done to make that list match the Workspace ID list in the Terraform.

This would match what has been done:

• databricks_grant has the matching desired state resource databricks_grants
• databricks_permission_assignment has the matching desired state resource databricks_permissions

References

• This is the inverse of #1976