Open camilo-s opened 1 year ago
To be able to speak the permission assignment API at the account level, I tried using databricks_mws_permission_assignment
instead.
The Provider is able to make the API call, which returns a 200, but fails afterwards when it tries to find the new permission among the existing ones:
2023-04-25T12:14:33.7178926Z 2023-04-25T12:14:33.346Z [INFO] Starting apply for module.databricks_resources.databricks_mws_permission_assignment.users["group1"]
2023-04-25T12:14:33.7179448Z 2023-04-25T12:14:33.348Z [DEBUG] module.databricks_resources.databricks_mws_permission_assignment.users["group1"]: applying the planned Create change
2023-04-25T12:14:34.4944182Z 2023-04-25T12:14:34.493Z [DEBUG] provider.terraform-provider-databricks_v1.14.3: PUT /api/2.0/preview/accounts/***/workspaces/7181879217578353/permissionassignments/principals/784617661451777
2023-04-25T12:14:34.4944622Z > {
2023-04-25T12:14:34.4944744Z > "permissions": [
2023-04-25T12:14:34.4945004Z > "USERS"
2023-04-25T12:14:34.4945143Z > ]
2023-04-25T12:14:34.4945250Z > }
2023-04-25T12:14:34.4945385Z < HTTP/2.0 200 OK
2023-04-25T12:14:34.4945503Z < {
2023-04-25T12:14:34.4945635Z < "permissions": [
2023-04-25T12:14:34.4945773Z < "USER"
2023-04-25T12:14:34.4945885Z < ],
2023-04-25T12:14:34.4946016Z < "principal": {
2023-04-25T12:14:34.4946173Z < "display_name": "group1",
2023-04-25T12:14:34.4946369Z < "group_name": "group1",
2023-04-25T12:14:34.4946534Z < "principal_id": 784617661451777
2023-04-25T12:14:34.4946679Z < }
2023-04-25T12:14:34.4946934Z < }: timestamp=2023-04-25T12:14:34.493Z
2023-04-25T12:14:35.0717290Z 2023-04-25T12:14:35.069Z [DEBUG] provider.terraform-provider-databricks_v1.14.3: GET /api/2.0/preview/accounts/***/workspaces/7181879217578353/permissionassignments
2023-04-25T12:14:35.0717810Z < HTTP/2.0 200 OK
2023-04-25T12:14:35.0719324Z < {
2023-04-25T12:14:35.0719662Z < "permission_assignments": [
2023-04-25T12:14:35.0720521Z < {
2023-04-25T12:14:35.0721791Z < "permissions": [
2023-04-25T12:14:35.0722534Z < "ADMIN"
2023-04-25T12:14:35.0722708Z < ],
2023-04-25T12:14:35.0723365Z < "principal": {
2023-04-25T12:14:35.0724277Z < "display_name": "####",
2023-04-25T12:14:35.0724824Z < "service_principal_name": "####",
2023-04-25T12:14:35.0725871Z < "service_principal_name": "####"
2023-04-25T12:14:35.0726154Z < }
2023-04-25T12:14:35.0726305Z < },
2023-04-25T12:14:35.0726416Z < {
2023-04-25T12:14:35.0726923Z < "permissions": [
2023-04-25T12:14:35.0727636Z < "ADMIN"
2023-04-25T12:14:35.0727803Z < ],
2023-04-25T12:14:35.0728454Z < "principal": {
2023-04-25T12:14:35.0729200Z < "display_name": "####",
2023-04-25T12:14:35.0729940Z < "service_principal_name": "####",
2023-04-25T12:14:35.0730830Z < "user_name": "####"
2023-04-25T12:14:35.0731349Z < }
2023-04-25T12:14:35.0732122Z < },
2023-04-25T12:14:35.0732265Z < {
2023-04-25T12:14:35.0732916Z < "permissions": [
2023-04-25T12:14:35.0733095Z < "ADMIN"
2023-04-25T12:14:35.0733699Z < ],
2023-04-25T12:14:35.0733873Z < "principal": {
2023-04-25T12:14:35.0734660Z < "display_name": "####",
2023-04-25T12:14:35.0735156Z < "service_principal_name": "####",
2023-04-25T12:14:35.0740851Z < "service_principal_name": "####"
2023-04-25T12:14:35.0741189Z < }
2023-04-25T12:14:35.0741322Z < },
2023-04-25T12:14:35.0741990Z < {
2023-04-25T12:14:35.0742297Z < "permissions": [
2023-04-25T12:14:35.0742441Z < "USER"
2023-04-25T12:14:35.0742571Z < ],
2023-04-25T12:14:35.0742688Z < "principal": {
2023-04-25T12:14:35.0742961Z < "display_name": "####",
2023-04-25T12:14:35.0743726Z < "service_principal_name": "####",
2023-04-25T12:14:35.0744675Z < "service_principal_name": "####"
2023-04-25T12:14:35.0745222Z < }
2023-04-25T12:14:35.0745362Z < },
2023-04-25T12:14:35.0745999Z < {
2023-04-25T12:14:35.0746172Z < "permissions": [
2023-04-25T12:14:35.0746779Z < "ADMIN"
2023-04-25T12:14:35.0746944Z < ],
2023-04-25T12:14:35.0749024Z < "principal": {
2023-04-25T12:14:35.0749729Z < "display_name": "####",
2023-04-25T12:14:35.0750523Z < "service_principal_name": "####",
2023-04-25T12:14:35.0751372Z < "user_name": "####"
2023-04-25T12:14:35.0751883Z < }
2023-04-25T12:14:35.0752036Z < },
2023-04-25T12:14:35.0752722Z < {
2023-04-25T12:14:35.0752876Z < "permissions": [
2023-04-25T12:14:35.0753428Z < "ADMIN"
2023-04-25T12:14:35.0753554Z < ],
2023-04-25T12:14:35.0754147Z < "principal": {
2023-04-25T12:14:35.0754801Z < "display_name": "####",
2023-04-25T12:14:35.0755477Z < "service_principal_name": "####",
2023-04-25T12:14:35.0756247Z < "user_name": "####"
2023-04-25T12:14:35.0756979Z < }
2023-04-25T12:14:35.0757222Z < },
2023-04-25T12:14:35.0757356Z < "... (9 additional elements)"
2023-04-25T12:14:35.0757671Z < ]
2023-04-25T12:14:35.0757928Z < }: timestamp=2023-04-25T12:14:35.068Z
2023-04-25T12:14:35.0759712Z 2023-04-25T12:14:35.069Z [ERROR] provider.terraform-provider-databricks_v1.14.3: Response contains error diagnostic: tf_resource_type=databricks_mws_permission_assignment @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/diag/diagnostics.go:55 diagnostic_summary="cannot read mws permission assignment: 784617661451777 not found" tf_proto_version=5.3 tf_req_id=650d248e-2f47-c037-97b0-fe21ab10b24b @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_provider_addr=registry.terraform.io/databricks/databricks tf_rpc=ApplyResourceChange timestamp=2023-04-25T12:14:35.069Z
2023-04-25T12:14:35.0761005Z 2023-04-25T12:14:35.070Z [ERROR] vertex "module.databricks_resources.databricks_mws_permission_assignment.users[\"group1\"]" error: cannot read mws permission assignment: 784617661451777 not found
I came across the same error but it turns out that my permission was wrong. The permission would be "USER" and not "USERS". You also have this incorrect in your configuration @camilo-s . However the error message is also misleading.
I'm unable to enable account-level groups at the workspace level in our Azure Databricks deployment.
Context:
databricks_group
data source is able to successfully read the groups at the account level.Configuration
Expected Behavior
After reading the groups in the data source, the
databricks_permission_assignment
gets deployed, enabling the groups in the workspace for further workspace-level operations on them.Actual Behavior
terraform apply
fails while creating thedatabricks_permission_assignment
resource:Steps to Reproduce
Debug Output
https://gist.github.com/camilo-s/f1de9bf2cff1853ec80dd9fe04d77f78
Important Factoids
20_04-lts-gen2