search

databricks / terraform-provider-databricks

Databricks Terraform Provider
https://registry.terraform.io/providers/databricks/databricks/latest
Other
456 stars 393 forks source link

[FEATURE] Support partitions in policy data sources #4152

Closed drew-altana closed 1 week ago

drew-altana commented 4 weeks ago

Configuration

data "databricks_aws_bucket_policy" "this" {
  bucket = "mycoolbucket"
}

resource "aws_s3_bucket_policy" "root_bucket_policy" {
  bucket = "mycoolbucket"
  policy = data.databricks_aws_bucket_policy.this.json
}

Expected Behavior

Arns generated are in the govcloud partition with the govcloud AWS ARN

Actual Behavior

api error MalformedPolicy: Invalid principal in policy

  "bucketPolicy": {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Action": [
                        "s3:GetObject",
                        "s3:GetObjectVersion",
                        "s3:PutObject",
                        "s3:DeleteObject",
                        "s3:ListBucket",
                        "s3:GetBucketLocation"
                    ],
                    "Effect": "Allow",
                    "Principal": {
                        "AWS": "arn:aws:iam::414351767826:root"
                    },
                    "Resource": [
                        "arn:aws:s3:::mycoolbucket/*",
                        "arn:aws:s3:::mycoolbucket"
                    ]
                }
            ]
        },
        "bucketName": "mycoolbucket",
        "Host": "mycoolbucket.s3.us-gov-west-1.amazonaws.com",
        "policy": ""
    },

Steps to Reproduce

  1. terraform apply-->

Terraform and provider versions

1.51.0

Is it a regression?

unknown

Debug Output

Important Factoids

This is for us-gov-west-1 it's obvious the code here is not partition aware:

https://github.com/databricks/terraform-provider-databricks/blob/b827aeccb86c1cd7c5803e8a755d7085ebbdb207/aws/data_aws_bucket_policy.go#L33

Would you like to implement a fix?

No

Use-cases

Attempting to deploy databricks to govcloud.

Attempted Solutions

I just couldn't use data sources in the policies, had to generate them myself.

Proposal

The provider should alter the output based on paritition to support govcloud.

References

https://github.com/databricks/terraform-provider-databricks/issues/4054