search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
445 stars 384 forks source link

[ISSUE] Issue with `databricks_mws_permission_assignment` resource error in Azure #1717

Closed cmollgaard closed 1 year ago

cmollgaard commented 1 year ago

Configuration

terraform {
  required_providers {
    databricks = {
      source = "databricks/databricks"
    }
    azurerm = {
      source = "hashicorp/azurerm"
    }
  }
}
provider "databricks" {
  host                 = "https://accounts.azuredatabricks.net/"
  account_id           = "000-0000-000-000-0000"
  auth_type            = "azure-cli"
}
provider "azurerm" {
  features {}
}
data "azurerm_databricks_workspace" "this" {
  name = "some-name"
  resource_group_name = "some-rg"
}
data "databricks_group" "this" {
  display_name = "some-group-name"
}
resource "databricks_mws_permission_assignment" "this" {
  workspace_id = data.azurerm_databricks_workspace.this.workspace_id
  principal_id = data.databricks_group.this.id
  permissions  = ["USER"]
}

Expected Behavior

I would expect the group to available in the databricks workspace

Actual Behavior

│ Error: cannot create mws permission assignment: Databricks API (/api/2.0/preview/accounts/{AZURE-CONSOLE-ID}/workspaces/{WORKSPACE-ID}/permissionassignments/principals/{GROUP-ID}) requires you to set host property (or DATABRICKS_HOST env variable) to result of databricks_mws_workspaces.this.workspace_url. This error may happen if you're using provider in both normal and multiworkspace mode. Please refactor your code into different modules. Runnable example that we use for integration testing can be found in this repository at https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-workspace
│ │ with databricks_mws_permission_assignment.groups_in_subdomain, │ on main.tf line 27, in resource "databricks_mws_permission_assignment" "groups_in_subdomain": │ 27: resource "databricks_mws_permission_assignment" "this" {

Changing the setup to run using the workspace as host, as the error alludes to, gives another error: Error: cannot create mws permission assignment: Endpoint not found for /2.0/preview/accounts/{AZURE-CONSOLE-ID}/workspaces/{WORKSPACE-ID}/permissionassignments/principals/{GROUP-ID}

│ with databricks_mws_permission_assignment.this, │ on main.tf line 37, in resource "databricks_mws_permission_assignment" "this": │ 37: resource "databricks_mws_permission_assignment" "this" {

Steps to Reproduce

  1. terraform apply

Terraform and provider versions

Terraform v1.3.3 on windows_amd64

Debug Output

Looking at the logs I can see the response is

2022-11-02T08:23:56.643+0100 [DEBUG] provider.terraform-provider-databricks_v1.6.1.exe: 404 Not Found { "error_code": "RESOURCE_DOES_NOT_EXIST", "message": "Principal with id {GROUP-ID} does not exist" }: timestamp=2022-11-02T08:23:56.643+0100

So the feedback message is weird, and how come it does not know ID that it just retrieved using a data call?

Important Factoids

cmollgaard commented 1 year ago

Playing around with which group it is, I have somehow made it work with some other group. I think this is a platform bug.