Closed ebarault closed 2 years ago
@ebarault what host do you use? why mws alias?
please provide api call logs from debug
@nfx i use a workspace host as with any Unity Catalog config right now, while it is not ported at the account level nevermind for the mws alias, it is just because i prepared my module for the day the api will be ported at account level
my setup works, it does create new permissions on the UC table and sees drifts on those permissions if altered from outside terraforml ; it just does not manage existing permissions
for the day the api will be ported at account level
i'll be splitting account-level entities into their own provider in the coming months. for now i recommend you splitting account and non-account into their own modules.
my setup works, it does create new permissions on the UC table and sees drifts on those permissions if altered from outside terraforml ; it just does not manage existing permissions
please specify exact step-by-step instructions on how to reproduce this issue.
@nfx I added step-by-step instructions in the issue description
@nfx IMPORTANT: the problem seems to happen only at the first terraform apply. Once the module is applied once, it seems it detects external GRANTS and proposes to remove them
EDIT: yes, I just tested again, that's the way it operates, i updated the description
Hi @nfx, I spotted another edge case:
databricks_grants
moduleWhich leaves us forced to destroy the module and recreate it
@ebarault yep, this is due to lack of simple "replace permissions" API. thanks for identifying corner cases.
Configuration
Expected Behavior
Existing permissions on a Unity Table should be detected and overwritten
Actual Behavior
The module manages new permissions, but does not detect/warns on existing permissions at the first
terraform apply
Steps to Reproduce
terraform apply
new permissions to a different userresource "databricks_grants" "grants" { for_each = data.databricks_tables.tables.ids
table = each.value
dynamic "grant" { for_each = var.grants content { principal = "admin" privileges = "MODIFY" } } }