[ISSUE] Missing external_id argument when creating `databricks_user` resource against Azure Databricks account level

troyel commented 2 years ago

When authenticating against the Databricks account level the databricks_user resource object does not support the external_id argument. The resource does not fail, but the response recieved back is empty without accepting/using the external_id reference.

This causes some potential issues when trying to match users back with Azure AD references. It works as expected when authenticating the provider against the workspace.

Configuration

resource "databricks_user" "bi" {
  for_each     = local.databricks_scim_users
  external_id  = each.key
  user_name    = each.value.email
  display_name = each.value.displayName
  active       = lower(each.value.enabled)
}

Expected Behavior

Expected behaviour is that the external_id is persisted and exists in the created databricks_user resource on Databricks account.

Actual Behavior

external_id is not persisted on Databricks account and terraform creates a diff by trying to add "external_id" to update the resource for each user.

Steps to Reproduce

Create user using databricks_user against Azure Databricks account level with "external_id" set
Run terraform apply twice to see that external_id is not set and persisted but always tried to set through terraform apply

Terraform and provider versions

Terraform v1.2.3 on linux_amd64

provider registry.terraform.io/azure/azapi v1.0.0
provider registry.terraform.io/databricks/databricks v1.5.0
provider registry.terraform.io/hashicorp/azuread v2.29.0
provider registry.terraform.io/hashicorp/azurerm v3.1.0
provider registry.terraform.io/hashicorp/external v2.2.2

Debug Output

{ "@level": "warn", "@message": "Provider \"provider[\\"registry.terraform.io/databricks/databricks\\"]\" produced an unexpected new value for databricks_user.bi[\"userid\"], but we are tolerating it because it is using the legacy plugin SDK. The following problems may be the cause of any confusing errors from downstream operations:

.external_id: was cty.StringVal(\"82aa3de1-de96-433b-af2c-710871e1e784\"), but now cty.StringVal(\"\")", "@timestamp": "2022-10-19T09:13:24.006820Z" }

troyel commented 2 years ago

@nkvuong : I see you marked this as a platform bug, should we, or would it help for us to register a support case against this with Azure as well since this is Azure Databricks?

nkvuong commented 2 years ago

@troyel currently the account-level SCIM does not support persist external_id leading to behaviour as you noticed, hence it is a platform bug. If you raise a support case for this, it will reinforce the message

nfx commented 2 years ago

Following up - is this issue still relevant?

troyel commented 1 year ago

Following up - is this issue still relevant?

Yes, @nfx

databricks / terraform-provider-databricks