[ISSUE] Provider wants to redeploy `databricks_permissions` when importing it

[camilo-s]

Configuration

terraform {
  required_providers {
    databricks = {
      source = "databricks/databricks"
    }
  }
}
locals {
  entra_id_groups = {
    platform = "<REDACTED>"
    dsc      = "<REDACTED>"
    bi       = "<REDACTED>"
  }
}

resource "databricks_directory" "release_folder" {
  for_each = local.entra_id_groups
  path     = "/Repos/${each.key}"
}

data "databricks_service_principal" "workspace" {
  application_id = var.service_principal_application_id
}

data "databricks_group" "entra_id_groups" {
  for_each = local.entra_id_groups

  display_name = local.entra_id_groups[each.key]
}

resource "databricks_permissions" "release_folder" {
  for_each       = local.entra_id_groups
  directory_path = databricks_directory.release_folder[each.key].path

  access_control {
    service_principal_name = data.databricks_service_principal.workspace.application_id
    permission_level       = "CAN_MANAGE"
  }

  access_control {
    group_name       = data.databricks_group.entra_id_groups["platform"].display_name
    permission_level = "CAN_READ"
  }

  dynamic "access_control" {
    for_each = each.key != "platform" ? [0] : []
    content {
      group_name       = data.databricks_group.entra_id_groups[each.key].display_name
      permission_level = "CAN_READ"
    }
  }

}

# Copy-paste your Terraform configuration here

Expected Behavior

The provider imports both the databricks_directory and the databricks_permissions resources, which match the existing resources's configuration.

Actual Behavior

The provider is able to import the databricks_directory resources with no problem, but plans to redeploy the databricks_permissions due to a claimed change in the directory_id and the directory_path.

2024-08-12T06:37:56.4803182Z Terraform used the selected providers to generate the following execution
2024-08-12T06:37:56.4803447Z plan. Resource actions are indicated with the following symbols:
2024-08-12T06:37:56.4803971Z -/+ destroy and then create replacement
2024-08-12T06:37:56.4804082Z 
2024-08-12T06:37:56.4804251Z Terraform will perform the following actions:
2024-08-12T06:37:56.4804365Z 
2024-08-12T06:37:56.4804679Z   # module.databricks_subteams.databricks_directory.release_folder["bi"] will be imported
2024-08-12T06:37:56.4805144Z     resource "databricks_directory" "release_folder" {
2024-08-12T06:37:56.4805337Z         id             = "/Repos/bi"
2024-08-12T06:37:56.4805514Z         object_id      = <REDACTED>
2024-08-12T06:37:56.4805688Z         path           = "/Repos/bi"
2024-08-12T06:37:56.4805865Z         workspace_path = "/Workspace/Repos/bi"
2024-08-12T06:37:56.4806032Z     }
2024-08-12T06:37:56.4806097Z 
2024-08-12T06:37:56.4806403Z   # module.databricks_subteams.databricks_directory.release_folder["dsc"] will be imported
2024-08-12T06:37:56.4806721Z     resource "databricks_directory" "release_folder" {
2024-08-12T06:37:56.4806909Z         id             = "/Repos/dsc"
2024-08-12T06:37:56.4807068Z         object_id      = <REDACTED>
2024-08-12T06:37:56.4807239Z         path           = "/Repos/dsc"
2024-08-12T06:37:56.4807420Z         workspace_path = "/Workspace/Repos/dsc"
2024-08-12T06:37:56.4807579Z     }
2024-08-12T06:37:56.4807641Z 
2024-08-12T06:37:56.4807947Z   # module.databricks_subteams.databricks_directory.release_folder["platform"] will be imported
2024-08-12T06:37:56.4808272Z     resource "databricks_directory" "release_folder" {
2024-08-12T06:37:56.4808466Z         id             = "/Repos/platform"
2024-08-12T06:37:56.4808913Z         object_id      = <REDACTED>
2024-08-12T06:37:56.4809090Z         path           = "/Repos/platform"
2024-08-12T06:37:56.4809281Z         workspace_path = "/Workspace/Repos/platform"
2024-08-12T06:37:56.4809446Z     }
2024-08-12T06:37:56.4809495Z 
2024-08-12T06:37:56.4809829Z   # module.databricks_subteams.databricks_permissions.release_folder["bi"] must be replaced
2024-08-12T06:37:56.4810166Z   # (imported from "/directories/<REDACTED>")
2024-08-12T06:37:56.4810471Z   # Warning: this will destroy the imported resource
2024-08-12T06:37:56.4810906Z -/+ resource "databricks_permissions" "release_folder" {
2024-08-12T06:37:56.4811286Z       - directory_id   = "<REDACTED>" -> null # forces replacement
2024-08-12T06:37:56.4811632Z       + directory_path = "/Repos/bi" # forces replacement
2024-08-12T06:37:56.4811977Z       ~ id             = "/directories/<REDACTED>" -> (known after apply)
2024-08-12T06:37:56.4812298Z       ~ object_type    = "directory" -> (known after apply)
2024-08-12T06:37:56.4812395Z 
2024-08-12T06:37:56.4812537Z         access_control {
2024-08-12T06:37:56.4812777Z             group_name             = null
2024-08-12T06:37:56.4812966Z             permission_level       = "CAN_MANAGE"
2024-08-12T06:37:56.4813273Z             service_principal_name = "<REDACTED>"
2024-08-12T06:37:56.4813550Z             user_name              = null
2024-08-12T06:37:56.4813709Z         }
2024-08-12T06:37:56.4813856Z         access_control {
2024-08-12T06:37:56.4814046Z             group_name             = "<REDACTED>"
2024-08-12T06:37:56.4814230Z             permission_level       = "CAN_READ"
2024-08-12T06:37:56.4814488Z             service_principal_name = null
2024-08-12T06:37:56.4814729Z             user_name              = null
2024-08-12T06:37:56.4814889Z         }
2024-08-12T06:37:56.4815033Z         access_control {
2024-08-12T06:37:56.4815224Z             group_name             = "<REDACTED>"
2024-08-12T06:37:56.4815419Z             permission_level       = "CAN_READ"
2024-08-12T06:37:56.4815674Z             service_principal_name = null
2024-08-12T06:37:56.4815930Z             user_name              = null
2024-08-12T06:37:56.4816086Z         }
2024-08-12T06:37:56.4816217Z     }
2024-08-12T06:37:56.4816266Z 
2024-08-12T06:37:56.4816600Z   # module.databricks_subteams.databricks_permissions.release_folder["dsc"] must be replaced
2024-08-12T06:37:56.4816937Z   # (imported from "/directories/<REDACTED>")
2024-08-12T06:37:56.4817236Z   # Warning: this will destroy the imported resource
2024-08-12T06:37:56.4817562Z -/+ resource "databricks_permissions" "release_folder" {
2024-08-12T06:37:56.4817941Z       - directory_id   = "<REDACTED>" -> null # forces replacement
2024-08-12T06:37:56.4818293Z       + directory_path = "/Repos/dsc" # forces replacement
2024-08-12T06:37:56.4818639Z       ~ id             = "/directories/<REDACTED>" -> (known after apply)
2024-08-12T06:37:56.4818957Z       ~ object_type    = "directory" -> (known after apply)
2024-08-12T06:37:56.4819051Z 
2024-08-12T06:37:56.4819195Z         access_control {
2024-08-12T06:37:56.4819432Z             group_name             = null
2024-08-12T06:37:56.4819620Z             permission_level       = "CAN_MANAGE"
2024-08-12T06:37:56.4819930Z             service_principal_name = "<REDACTED>"
2024-08-12T06:37:56.4820207Z             user_name              = null
2024-08-12T06:37:56.4820361Z         }
2024-08-12T06:37:56.4820506Z         access_control {
2024-08-12T06:37:56.4820679Z             group_name             = "<REDACTED>"
2024-08-12T06:37:56.4820935Z             permission_level       = "CAN_READ"
2024-08-12T06:37:56.4821198Z             service_principal_name = null
2024-08-12T06:37:56.4821454Z             user_name              = null
2024-08-12T06:37:56.4821610Z         }
2024-08-12T06:37:56.4821758Z         access_control {
2024-08-12T06:37:56.4821942Z             group_name             = "<REDACTED>"
2024-08-12T06:37:56.4822133Z             permission_level       = "CAN_READ"
2024-08-12T06:37:56.4822431Z             service_principal_name = null
2024-08-12T06:37:56.4822745Z             user_name              = null
2024-08-12T06:37:56.4822901Z         }
2024-08-12T06:37:56.4823035Z     }
2024-08-12T06:37:56.4823085Z 
2024-08-12T06:37:56.4823429Z   # module.databricks_subteams.databricks_permissions.release_folder["platform"] must be replaced
2024-08-12T06:37:56.4823765Z   # (imported from "/directories/<REDACTED>")
2024-08-12T06:37:56.4824061Z   # Warning: this will destroy the imported resource
2024-08-12T06:37:56.4824386Z -/+ resource "databricks_permissions" "release_folder" {
2024-08-12T06:37:56.4824762Z       - directory_id   = "<REDACTED>" -> null # forces replacement
2024-08-12T06:37:56.4825115Z       + directory_path = "/Repos/platform" # forces replacement
2024-08-12T06:37:56.4825460Z       ~ id             = "/directories/<REDACTED>" -> (known after apply)
2024-08-12T06:37:56.4825770Z       ~ object_type    = "directory" -> (known after apply)
2024-08-12T06:37:56.4825866Z 
2024-08-12T06:37:56.4826010Z         access_control {
2024-08-12T06:37:56.4826247Z             group_name             = null
2024-08-12T06:37:56.4826436Z             permission_level       = "CAN_MANAGE"
2024-08-12T06:37:56.4826743Z             service_principal_name = "<REDACTED>"
2024-08-12T06:37:56.4827022Z             user_name              = null
2024-08-12T06:37:56.4827175Z         }
2024-08-12T06:37:56.4827319Z         access_control {
2024-08-12T06:37:56.4827491Z             group_name             = "<REDACTED>"
2024-08-12T06:37:56.4827690Z             permission_level       = "CAN_READ"
2024-08-12T06:37:56.4827949Z             service_principal_name = null
2024-08-12T06:37:56.4828203Z             user_name              = null
2024-08-12T06:37:56.4828361Z         }
2024-08-12T06:37:56.4828493Z     }
2024-08-12T06:37:56.4828543Z 
2024-08-12T06:37:56.4828792Z Plan: 6 to import, 3 to add, 0 to change, 3 to destroy.

Steps to Reproduce

1. terraform apply

Terraform and provider versions

Installed databricks/databricks v1.49.1 (self-signed, key ID 92A95A66446BCE3F)

Terraform v1.9.4
on linux_amd64

Is it a regression?

It didn't work with provider version 1.44.0 either.

Debug Output

Important Factoids

Would you like to implement a fix?