search

databricks / terraform-databricks-examples

Examples of using Terraform to deploy Databricks resources
https://registry.terraform.io/modules/databricks/examples/databricks/latest
Other
187 stars 116 forks source link

Remove threading from Table ACLs #101

Closed mwojtyczka closed 8 months ago

mwojtyczka commented 8 months ago

There is a bug in the Grants API. It does not support concurrent grant/revoke operations.

TableAcl grant/revoke operations are not atomic. When granting the permissions, the service would first get all existing permissions, append with the new permissions and set the full list in the database. If there are concurrent grant requests, both requests might succeed and emit the audit logs, but what actually happens could be that the new permission list from one request overrides the other one, causing permission loss.

See the ES ticket here.

Since this bug in the platform should be fixed in the future. It should be enough to just use 1 thread for the Table ACLs. We can increase it to more threads again once the issue is fixed.

mwojtyczka commented 8 months ago

Entered by mistake. It's for another project.