terraform-provider-databricks icon indicating copy to clipboard operation
terraform-provider-databricks copied to clipboard

Published 20 hours ago verified publisher icon databricks

[ISSUE] Issue with `databricks_access_control_rule_set` resource

Open no-clone opened this issue 1 year ago • 2 comments

Configuration

# Copy-paste your Terraform configuration here

data "databricks_group" "ds" { provider = databricks.accounts display_name = "Data Science" } data "databricks_service_principal" "spn" { provider = databricks.accounts display_name = "Ajay_ws_repro" }

resource "databricks_access_control_rule_set" "automation_sp_rule_set" { provider = databricks.accounts

name = "accounts/${local.account_id}/servicePrincipals/${data.databricks_service_principal.spn.application_id}/ruleSets/default"

grant_rules { principals = [data.databricks_group.ds.acl_principal_id] role = "roles/servicePrincipal.user" } }

Expected Behavior

The issue is when we reference an SP with its application name in this resource, and if we delete that SP from the UI and create another one with the same name, the change should reflect in the state file.

Actual Behavior

the change is not reflected in the state file. Consequently, every time you run Tf apply, a change will be shown(even if there isn’t one). To overcome this, we must either delete the state file or edit the value of the sp id manually

Steps to Reproduce

Create a SP and reference it with the App name inside the provider databricks_access_control_rule_set. After the creation of the state file, delete this SP and create another SP with the same name from the UI. And now when you do a TF apply, the plan will show a change but the state file will not be updated. Therefore subsequently when you do a TF apply there will always be a change shown in the action even though there isn't one after the first apply. This in turn will cause the apply to fail, once TF recogonises that there isn't a resource actually available with the old SP's application ID.

Terraform and provider versions

terraform { required_providers { databricks = { source = "databricks/databricks" version = "1.37.1" } } }

Is it a regression?

NO

Debug Output

Attached the debug log file.

Important Factoids

Would you like to implement a fix?

no-clone avatar Mar 13 '24 23:03 no-clone

Adding the debug logs Uploading tf-debug.log…

no-clone avatar Mar 26 '24 15:03 no-clone

@no-clone the issue is that you are removing the databricks_access_control_rule_set resource by deleting the sp in the UI, TF does not know about it and therefore failed in subsequent planning steps.

From TF 1.7, you can use removed block to fix this issue

nkvuong avatar Apr 05 '24 11:04 nkvuong