Closed cloudbustinguk closed 2 years ago
You need to use databricks_mws_permission_assignment instead to assign UC groups to the workspace (answered this today already in #1703 :-)
I'll update documentation to point to it explicitly
Quickest.Answer.Ever - thanks @alexott !
🍻
One quick question though - that resource works at the account level. Can this also be done at the workspace level, much how the the Add Group
button is accessible from the workspace UI?
Add Group for UC-enabled workspace should use that Account API under the hood... (if I remember correctly)
One question regarding this - how did you pass group ID to databricks_mws_permission_assignment
?
Since data "databricks_group"
works on workspace level and not account level - yet this group does not exist in workspace until you assign it to workspace on account level.
We are seeing a behaviour we can't quite explain (running an old provider btw - 0.5.4!)
SCIM enabled with Okta, SSO-FOO-Group1 pops up in account level just fine.
We then ClickOp's and
Add Group
onSSO-FOO-Group1
to the workspace, and all users are present automatically as expectedBut when we instead try to do step 2 with TF, we cannot get this behaviour; instead, we end up with the previously-added
SSO-FOO-Group1
group being added asWorkspace local
, and no longer has any users.Is this intentional behaviour?
The account-level SCIM API docs indicate that this is possible, but perhaps it hasn't yet made it into this provider, or I am misinformed and it's staring me right in the face: https://api-docs.databricks.com/rest/latest/identity-federated-workspaces-api.html
Thanks for any insight