Closed cloudbustinguk closed 2 years ago
alexott
commented
2 years ago You need to use databricks_mws_permission_assignment instead to assign UC groups to the workspace (answered this today already in #1703 :-)
I'll update documentation to point to it explicitly
cloudbustinguk
commented
2 years ago Quickest.Answer.Ever - thanks @alexott !
🍻
cloudbustinguk
commented
2 years ago One quick question though - that resource works at the account level. Can this also be done at the workspace level, much how the the Add Group button is accessible from the workspace UI?
alexott
commented
2 years ago Add Group for UC-enabled workspace should use that Account API under the hood... (if I remember correctly)
BostjanBozic
commented
2 years ago One question regarding this - how did you pass group ID to databricks_mws_permission_assignment?
Since data "databricks_group" works on workspace level and not account level - yet this group does not exist in workspace until you assign it to workspace on account level.
We are seeing a behaviour we can't quite explain (running an old provider btw - 0.5.4!)
SCIM enabled with Okta, SSO-FOO-Group1 pops up in account level just fine.
We then ClickOp's and
Add GrouponSSO-FOO-Group1to the workspace, and all users are present automatically as expectedBut when we instead try to do step 2 with TF, we cannot get this behaviour; instead, we end up with the previously-added
SSO-FOO-Group1group being added asWorkspace local, and no longer has any users.Is this intentional behaviour?
The account-level SCIM API docs indicate that this is possible, but perhaps it hasn't yet made it into this provider, or I am misinformed and it's staring me right in the face: https://api-docs.databricks.com/rest/latest/identity-federated-workspaces-api.html
Thanks for any insight