search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
454 stars 391 forks source link

[ISSUE] Issue with `databricks_sql_permissions` resource #4140

Open nstans opened 3 weeks ago

nstans commented 3 weeks ago

Configuration

File structure: Screenshot 2024-10-23 121918

main.tf:

terraform {
  required_providers {
    databricks = {
      source  = "databricks/databricks"
      version = "~> 1.54.0" // for the succesful run ~> 1.38.0
    }
  }
}

provider "databricks" {
  host  = var.workspace_url
  token = var.pat_token
}

resource "databricks_sql_permissions" "sp_any_file" {
  any_file = true

  privilege_assignments {
    principal  = trimprefix("servicePrincipals/DONSENTMATTERPRINCIPAL", "servicePrincipals/")
    privileges = ["SELECT", "MODIFY"]
  }
}

variables.tf:

variable "pat_token" {
  type        = string
  description = "Export at runtime as ... export TF_VAR_pat_token=<Your PAT>"
  default     = ""
}

variable "workspace_url" {
  type        = string
  description = "Export at runtime as ... export TF_VAR_workspace_url=<Your workspace url> "
  default     = ""
}

Expected Behavior

Note: the service principal provided in the example is a trivial variable, the issue is that the compute does not initialise, which is the point of the minimum reproducible example.

Should fire up a compute on the workspace to lodge the SQL query like below. This successful execution was carried out with databricks provider 1.38

Screenshot 2024-10-23 121326

Actual Behavior

Error output to console and no compute initialised on workspace.

Screenshot 2024-10-23 121637

Error: cannot create sql permissions: Access mode LEGACY_SHARED_TABLE_ACL is not compatible with single-node mode. Only NO_ISOLATION and SINGLE_USER are supported.

Steps to Reproduce

  1. Export your test workspace PAT token in console as per variable description
  2. Export your workspace url like https://dbc-AAAAAAAA-1111.cloud.databricks.com in console as per variable description
  3. Run terraform init from the root folder
  4. Run terraform apply and confirm with yes

Terraform and provider versions

Terraform v1.9.5 on linux_amd64

Is it a regression?

This was working in terraform version 1.38, noticedthe issue when updating to 1.53, and still a bug on 1.54

Debug Output

Important Factoids

No

Would you like to implement a fix?

alexott commented 3 weeks ago

The problem here is more on the backend side - I can't create a cluster with such a configuration anymore. Most probably the 1.38 used the cluster created long time ago that was kept for compatibility reasons.

NicholasFiorentini commented 2 weeks ago

Maybe it is related to the permission refactoring done in 1.53? I also have a regression: https://github.com/databricks/terraform-provider-databricks/issues/4143.

mgyucht commented 2 weeks ago

For posterity, this is a separate issue from databricks_permissions.