terraform-provider-databricks
terraform-provider-databricks copied to clipboard
databricks
[ISSUE] Issue with `databricks_grants` resource changes the principal name to lowercase
Configuration
Module Code
---------------
terraform {
required_providers {
databricks = {
source = "databricks/databricks"
version = "=1.33.0"
}
}
}
variable "catalog" {
description = "Databricks unity catalog catalog name"
type = string
}
variable "managed_location_url" {
description = "Databricks unity catalog managed location"
type = string
}
variable "metastore_id" {
description = "Databricks unity catalog metastore id"
type = string
}
variable "owner" {
description = "Account admin group name"
type = string
}
variable "enable_grants" {
description = "Check if the Grants are needed"
type = string
}
variable "grants" {
type = list(object({
principal = string
privileges = list(string)
}))
default = null # Set default value to null, making it optional
}
variable "comment" {
default = null
}
resource "databricks_catalog" "databricks_unity_catalog" {
metastore_id = var.metastore_id
name = var.catalog
storage_root = var.managed_location_url
provider = databricks
owner = var.owner
comment = var.comment
}
resource "databricks_grants" "catalog" {
# Conditionally set the resource count to 1 if enable_grants is "true", else 0
count = var.enable_grants == "true" ? 1 : 0
depends_on = [ databricks_catalog.databricks_unity_catalog ]
catalog = databricks_catalog.databricks_unity_catalog.id
provider = databricks
# Use the grants if available
dynamic "grant" {
for_each = var.grants != null ? var.grants : []
content {
principal = grant.value.principal
privileges = grant.value.privileges
}
}
}
main.tf
-----------
# create a Unity catalog
module "unity_catalog_creation" {
source = "./modules/uc-create"
catalog = "uc_customer_${var.env}"
# managed_location_url = "abfss://[email protected]"
managed_location_url = "abfss://${var.uc_storage_container}@${var.datalake_name}.dfs.core.windows.net"
metastore_id = var.metastore_id
owner = var.unity_catalog_owner
providers = { databricks = databricks.workspace }
# Set the enable_grants to "false" if no grants needed for this resource
# Setting the enable_grants to "true" makes grants variable mandatory
enable_grants = "true"
grants = [
{
principal = "xyz_DATABRICKS_GRANTS_photon_user"
privileges = ["USE_CATALOG"]
},
{
principal = "xyz_azure_ad_cmr_user"
privileges = ["USE_CATALOG"]
},
]
}
Expected Behavior
Expected behavior is to pick the grants and assign the the grants to the catalog and the principal was case sensitive.
Actual Behavior
This terraform code workes fine in the version "=1.33.0" but gives me error when i upgrade the databricks provider version to "=1.52.0"
Steps to Reproduce
Terraform and provider versions
Is it a regression?
Yes it works fine in version = "=1.33.0"
Debug Output
Error: cannot update grants: Could not find principal with name xyz_databricks_grants_photon_user with module.unity_catalog_creation.databricks_grants.catalog[0] modules/uc-create/ucgrants.tf line 1, in resource "databricks_grants" "catalog": resource "databricks_grants" "catalog"
Important Factoids
The provider is automatically converting the principal name to lower case even if we give camel case principal name
Would you like to implement a fix?
you should fix so that the provider should take the principal name as provided by the user with out changing it to lower case
