- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 07:00 AM
Hi team,
A very weird behaviour when using databricks_sql_permissions with terraform, the changes keep repeating to show on plan and apply.
Its repeating also after i apply the changes...
Please advise.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:36 PM
I am not sure if I understand this correctly, but what you need to do is set privileges in one terraform resource, otherwise they will get overwritten, meaning you should do:
resource "databricks_sql_permissions" "any_file" {
any_file = true
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
privilege_assignments {
principal = "SOME_OTHER- DATA"
privileges = ["SELECT"]
}
}
not:
resource "databricks_sql_permissions" "ec_data_any_file" {
any_file = true
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
}
resource "databricks_sql_permissions" "some_other_data_any_file" {
any_file = true
privilege_assignments {
principal = "SOME_OTHER- DATA"
privileges = ["SELECT"]
}
}
You must specify one or many
privilege_assignments
configuration blocks to declare
privileges
to a
principal
, which corresponds to
display_name
of databricks_group or databricks_user. Terraform would ensure that only those principals and privileges defined in the resource are applied for the data object and would remove anything else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 08:00 AM
Hi @Avi Edriโ , What is the terraform version and databricks provider version that you are using? Looks like it is related to the issue reported here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:09 PM
Hi @Vivian Wilfredโ
Yes its look like as a same issue.
My terraform version is: terraform-1.0.11
databricks provider:
provider "databricks" {
alias = "mws"
host = "https://accounts.cloud.databricks.com"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:17 PM
I am not sure about this, what is your databricks provider version, is it 1.6.3+?
it looks like you are changing permissions, hence why there is an update.
"EC - data" group is new permission and other groups will loose permissions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:19 PM
to identify this you can do
terraform state show 'databricks_sql_permissions.data_any_file'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:31 PM
Yes, my databricks provider is 1.6.5
This is why its so weird, those changes on plan keep coming back even after apply them several times.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 03:01 PM
Hi @Avi Edriโ ,
I can see from the screen that you are using id = "any file/", it seems to be related to the import:
can you try the below:
resource "databricks_sql_permissions" "any_file" {
any_file = true
privilege_assignments {
principal = "group-name"
privileges = ["SELECT"]
}
privilege_assignments {
principal = "group-name2"
privileges = ["MODIFY", "SELECT"]
}
}
You can also share your terraform code.
thanks,
Pat
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:11 PM
Hi @Pat Sienkiewiczโ
Its already as you mention in my code, looks like on plan its adding this /
from my code:
resource "databricks_sql_permissions" "data_any_file" {
any_file = true
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:16 PM
Hi @Avi Edriโ ,
so maybe it's good, no? You will replace this way your existing privileges.
I mean that you probably had different privilege_assigments previously, now you have only:
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
"any file /" might be good I think now, it's just a representation of the resource, you can forget about that part.
thanks,
Pat.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:29 PM
correct, im using diffrent resource terraform names in order to make it uniqe assignment for diffrent principals.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:36 PM
I am not sure if I understand this correctly, but what you need to do is set privileges in one terraform resource, otherwise they will get overwritten, meaning you should do:
resource "databricks_sql_permissions" "any_file" {
any_file = true
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
privilege_assignments {
principal = "SOME_OTHER- DATA"
privileges = ["SELECT"]
}
}
not:
resource "databricks_sql_permissions" "ec_data_any_file" {
any_file = true
privilege_assignments {
principal = "EC - DATA"
privileges = ["SELECT", "MODIFY"]
}
}
resource "databricks_sql_permissions" "some_other_data_any_file" {
any_file = true
privilege_assignments {
principal = "SOME_OTHER- DATA"
privileges = ["SELECT"]
}
}
You must specify one or many
privilege_assignments
configuration blocks to declare
privileges
to a
principal
, which corresponds to
display_name
of databricks_group or databricks_user. Terraform would ensure that only those principals and privileges defined in the resource are applied for the data object and would remove anything else.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-06-2022 11:38 PM
Ohh I see,
Let me try this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-07-2022 12:11 AM
Thanks @Pat Sienkiewiczโ
You are correct, i organize them all under on resource and no plan repetitions!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-07-2022 12:14 AM
I am glad I could help, I've been there having similar issue with some other permissions ๐
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
โ12-07-2022 12:15 AM
Yess!
Appreciate that mate!
Have a great day

