cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Terraform databricks_grants errors on external_location

Go to solution
Conlyn
New Contributor III

‎06-05-2024 11:42 AM

We are using terraform to setup Unity Catalog external locations and when using databricks_grants to set permissions on the external locations it throws the following error:

 

 

Error: cannot create grants: permissions for external_location-test_location are &{[{TEST_ROLE [ALL_PRIVILEGES] [Principal]}]}, but have to be {[{TEST_ROLE [ALL_PRIVILEGES] []}]}

 

 

Here is the plan output:

 

 

# databricks_grants.external_locations["test_location"] will be created
  + resource "databricks_grants" "external_locations" {
      + external_location = "test_location"
      + id                = (known after apply)

      + grant {
          + principal  = "TEST_ROLE"
          + privileges = [
              + "ALL_PRIVILEGES",
            ]
        }
    }

 

 

 

We have tried multiple TF and Databricks provider versions including latest and all throw the same error.

Thanks,

-Conlyn

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Conlyn
New Contributor III

‎06-05-2024 03:38 PM

I figured out my issue... The principal name is case sensitive and if the input value doesn't match the case of the email address or Group Name in the workspace/account it throws that ambiguous error.  

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Conlyn
New Contributor III

‎06-05-2024 01:18 PM

I should mention that the apply actually succeeds setting the permission, but the error is output and the state file only lists the workspace and external_location data elements.

0 Kudos

Go to solution
Conlyn
New Contributor III

‎06-05-2024 03:38 PM

I figured out my issue... The principal name is case sensitive and if the input value doesn't match the case of the email address or Group Name in the workspace/account it throws that ambiguous error.  

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements