search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
456 stars 393 forks source link

[ISSUE] Issue with importing `databricks_permissions` resource #2729

Open jaylynstoesz opened 1 year ago

jaylynstoesz commented 1 year ago

Configuration

Importing state into the following resource configuration for permissions for an existing SQL warehouse:

resource "databricks_permissions" "my_existing_endpoint_permissions" {
  sql_endpoint_id = databricks_sql_endpoint.my_existing_endpoint.id

  access_control {
    service_principal_name = "my-service-principal-name"
    permission_level = "CAN_USE"
  }
}

Related: Issue #2673

Expected Behavior

Permissions for existing databricks_sql_endpoint resource should be successfully imported into the statefile.

Actual Behavior

Running an import for a databricks_permissions resource yields the following error:

Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.

Doing a search in this repo, it appears there are a number of resources which call d.SetId(""), one of which is databricks_permissions (link).

Steps to Reproduce

terraform import databricks_permissions.my_existing_endpoint_permissions /warehouses/<warehouse_id>

Terraform and provider versions

Terraform version: 1.5.7 Databricks provider version: 1.26.0 Note: we are executing Terraform via Atlantis.

Debug Output

Full debug logs not accessible via Atlantis.

module.[path.to.module].databricks_permissions.[my_existing_endpoint_permissions]: Importing from ID "/warehouses/[id]"...

│ Error: The provider returned a resource missing an identifier during ImportResourceState. This is generally a bug in the resource implementation for import. Resource import code should not call d.SetId("") or create an empty ResourceData. If the resource is missing, instead return an error. Please report this to the provider developers.
alexott commented 1 year ago

I can't reproduce your issue. I was able to successfully import the existing SQL warehouse. Please provide logs as described in the troubleshooting guide.

gtitze commented 1 year ago

This might be an issue similar to the one which we are facing. Could you please confirm @jaylynstoesz or otherwise I am going to open a new ticket for our one.

We are trying to import IS_OWNER permissions for jobs and this worked fine for all jobs, except for one job, of which I am the owner. For this job owned by me, I faced the same issue. However, the error didn't occur, when a team mate without an explicit permission on any of the jobs executes the import. @jaylynstoesz, is this the case for you too, that your service principal is the same one that also executes the import when the error is occuring?

Havnig a look at the code, it seems, that when reading the resource permissions the current user is excluded from the permissions entity.