I have problems adding a service-principal to an account-level group. To eliminate errors I hard-coded the IDs, but even then it dont work.
Configuration
resource "databricks_group_member" "cicd_sp_in_databricks_group" {
group_id = "778143257983011" # This is the group ID from accounts.azuredatabricks.net - groups - THE_GROUP - Group Information
member_id = "67f5fc18-1a8c-4c4b-b7b9-773db16bcceb" # This is the UUID from accounts.azuredatabricks.net - Service principals - THE_SP - Principal information - UUID
}
Expected Behavior
The SP should be added to the account level group
Actual Behavior
I get the responce
╷
│ Error: cannot read group member: Group has no member
│
│ with databricks_group_member.cicd_sp_in_databricks_group,
│ on prelect_groups.tf line 17, in resource "databricks_group_member" "cicd_sp_in_databricks_group":
│ 17: resource "databricks_group_member" "cicd_sp_in_databricks_group" {
│
╵
The log entries right before the error is as follows (name changed). It prints out all the existing members of the group
< ...
< "$ref": "Users/7961626071215147",
< "display": "FAKE NAMESEN",
< "value": "7961626071215147"
< },
< "... (5 additional elements)"
< ],
< "schemas": [
< "urn:ietf:params:scim:schemas:core:2.0:Group"
< ]
< }: @module=databricks tf_provider_addr=registry.terraform.io/databricks/databricks tf_rpc=ConfigureProvider tf_mux_provider=tf5to6server.v5tov6Server tf_req_id=da00e29a-0e10-9556-8da4-86d616528c06 @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/logger/logger.go:38 timestamp="2024-11-05T16:51:40.305+0100"
2024-11-05T16:51:40.307+0100 [ERROR] provider.terraform-provider-databricks_v1.56.0: Response contains error diagnostic: tf_req_id=bd02beb9-0f6e-1be7-60f4-23e86a2a256d tf_rpc=ApplyResourceChange @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov6/internal/diag/diagnostics.go:58 diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="cannot read group member: Group has no member" tf_provider_addr=registry.terraform.io/databricks/databricks @module=sdk.proto tf_proto_version=6.6 tf_resource_type=databricks_group_member timestamp="2024-11-05T16:51:40.306+0100"
2024-11-05T16:51:40.309+0100 [DEBUG] State storage *remote.State declined to persist a state snapshot
2024-11-05T16:51:40.309+0100 [ERROR] vertex "databricks_group_member.cicd_sp_in_databricks_group" error: cannot read group member: Group has no member
2024-11-05T16:51:40.310+0100 [DEBUG] states/remote: state read serial is: 167; serial is: 167
2024-11-05T16:51:40.310+0100 [DEBUG] states/remote: state read lineage is: eb3984a7-a6fe-5105-5e7c-3de2355a0f0c; lineage is: eb3984a7-a6fe-5105-5e7c-3de2355a0f0c
╷
Important Factoids
The group is an account level group, and the terraform is run by a CICD service-principal with account-level access.
The host is host = "https://accounts.azuredatabricks.net/"
I have problems adding a service-principal to an account-level group. To eliminate errors I hard-coded the IDs, but even then it dont work.
Configuration
Expected Behavior
The SP should be added to the account level group
Actual Behavior
I get the responce
Steps to Reproduce
Terraform and provider versions
Terraform v1.9.5 on linux_amd64
Is it a regression?
Not tested before.
Debug Output
The log entries right before the error is as follows (name changed). It prints out all the existing members of the group
< ... < "$ref": "Users/7961626071215147", < "display": "FAKE NAMESEN", < "value": "7961626071215147" < }, < "... (5 additional elements)" < ], < "schemas": [ < "urn:ietf:params:scim:schemas:core:2.0:Group" < ] < }: @module=databricks tf_provider_addr=registry.terraform.io/databricks/databricks tf_rpc=ConfigureProvider tf_mux_provider=tf5to6server.v5tov6Server tf_req_id=da00e29a-0e10-9556-8da4-86d616528c06 @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/logger/logger.go:38 timestamp="2024-11-05T16:51:40.305+0100" 2024-11-05T16:51:40.307+0100 [ERROR] provider.terraform-provider-databricks_v1.56.0: Response contains error diagnostic: tf_req_id=bd02beb9-0f6e-1be7-60f4-23e86a2a256d tf_rpc=ApplyResourceChange @caller=/home/runner/go/pkg/mod/github.com/hashicorp/terraform-plugin-go@v0.23.0/tfprotov6/internal/diag/diagnostics.go:58 diagnostic_detail="" diagnostic_severity=ERROR diagnostic_summary="cannot read group member: Group has no member" tf_provider_addr=registry.terraform.io/databricks/databricks @module=sdk.proto tf_proto_version=6.6 tf_resource_type=databricks_group_member timestamp="2024-11-05T16:51:40.306+0100" 2024-11-05T16:51:40.309+0100 [DEBUG] State storage *remote.State declined to persist a state snapshot 2024-11-05T16:51:40.309+0100 [ERROR] vertex "databricks_group_member.cicd_sp_in_databricks_group" error: cannot read group member: Group has no member 2024-11-05T16:51:40.310+0100 [DEBUG] states/remote: state read serial is: 167; serial is: 167 2024-11-05T16:51:40.310+0100 [DEBUG] states/remote: state read lineage is: eb3984a7-a6fe-5105-5e7c-3de2355a0f0c; lineage is: eb3984a7-a6fe-5105-5e7c-3de2355a0f0c ╷
Important Factoids
The group is an account level group, and the terraform is run by a CICD service-principal with account-level access. The host is
host = "https://accounts.azuredatabricks.net/"