search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
445 stars 384 forks source link

[ISSUE] Issue with `databricks_mws_permission_assignment` resource #2577

Closed ghost closed 1 year ago

ghost commented 1 year ago

Configuration

locals {
  dbw_group_workspace_access = {
    "subdomain_owner" : {
      group_name       = "AAD_group1"
      sql_access       = true
      workspace_access = true
      cluster_creation = true
    },

    "domain_owner" : {
      group_name       = "AAD_group2"
      sql_access       = true
      workspace_access = true
      cluster_creation = true
    },
  }
}

data "databricks_group" "groups_in_workspace" {
  for_each     = local.dbw_group_workspace_access
  display_name = each.value.group_name
  provider     = databricks.azure_account
}

resource "databricks_mws_permission_assignment" "groups_in_subdomain" {
  for_each     = data.databricks_group.groups_in_workspace
  workspace_id = local.dbw.workspace_id
  principal_id = each.value.id
  permissions  = ["USER"]
  provider     = databricks.azure_account
}

Expected Behavior

databricks account level group is added to workspace

Actual Behavior

terraform apply ends with an error. Group exists at account level. I even tried to add this group to workspace from databricks account web UI, I was able to "save" my change, however group is not added and no error from webpage is shown. debug log shows no more detail/information about why this error occurs

terraform apply error:

Error: cannot create mws permission assignment: Principal with id <id> does not exist

Steps to Reproduce

terraform apply

Terraform and provider versions

terraform version 1.4.6 databricks provider 1.23

Debug Output

[ERROR] provider.terraform-provider-databricks_v1.23.0: Response contains error diagnostic: tf_rpc=ApplyResourceChange @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/vendor/github.com/hashicorp/terraform-plugin-go/tfprotov5/internal/diag/diagnostics.go:58 @module=sdk.proto diagnostic_detail= diagnostic_summary="cannot create mws permission assignment: Principal with id does not exist" tf_resource_type=databricks_mws_permission_assignment diagnostic_severity=ERROR tf_proto_version=5.3 tf_provider_addr=registry.terraform.io/databricks/databricks tf_req_id=58574a80-20da-6db1-7db1-2040cd3cf4b7 timestamp=2023-08-11

alexott commented 1 year ago

try 

principal_id = data.databricks_group.groups_in_workspace[each.value].id
ghost commented 1 year ago

thanks for suggestion, I tried it and got back invalid index error. I believe my syntax is correct, since this code was, and still is used on 5 other environments, with no problem.

nkvuong commented 1 year ago

@MarekVitez did you manage to add this group via the UI? If not, then it is definitely a backend issue, e.g. the group was re-created but was not handled correctly. For backend issues like this, please raise a support ticket

ghost commented 1 year ago

@MarekVitez did you manage to add this group via the UI? If not, then it is definitely a backend issue, e.g. the group was re-created but was not handled correctly. For backend issues like this, please raise a support ticket

Hi, no, I was not able to add this group via UI. thanks, I'll create a support ticket at Microsoft.