I'm trying to create a UC catalog in Terraform on AWS, and grant "account users" ALL PRIVILEGES. Here is my code:
resource "databricks_catalog" "test" {
provider = databricks.workspace
metastore_id = var.metastore_id
name = "test"
owner = "account users"
comment = "Managed by Terraform"
properties = {
purpose = "testing"
}
When applying the config the 1st time, everything is fine. I can verify in the UI that the config was set. However, when applying the config a 2nd time, I get the error below:
Error: ALL PRIVILEGES is not allowed on catalog
Runnint terraform with TF_LOG=DEBUG gives me more detail about the error:
022-11-14T11:10:46.638-0500 [WARN] Provider "registry.terraform.io/databricks/databricks" produced an unexpected new value for module.unity_ca
talog.databricks_grants.test during refresh.
- .grant: planned set element cty.ObjectVal(map[string]cty.Value{"principal":cty.StringVal("account users"), "privileges":cty.SetVal([]cty
.Value{cty.StringVal("ALL PRIVILEGES")})}) does not correlate with any element in actual
2022-11-14T11:10:46.646-0500 [ERROR] provider.terraform-provider-databricks_v1.2.0: Response contains error diagnostic: tf_resource_type=databri
cks_grants @caller=/home/runner/work/terraform-provider-databricks/terraform-provider-databricks/vendor/github.com/hashicorp/terraform-plugin-go
/tfprotov5/internal/diag/diagnostics.go:56 @module=sdk.proto diagnostic_detail= diagnostic_severity=ERROR tf_provider_addr=provider tf_req_id=32
a078b5-8e24-7103-bc75-20127e8a24fa tf_rpc=PlanResourceChange diagnostic_summary="ALL PRIVILEGES is not allowed on catalog" tf_proto_version=5.3
timestamp=2022-11-14T11:10:46.646-0500
}
resource "databricks_grants" "test" {
provider = databricks.workspace
catalog = databricks_catalog.test.name
grant {
principal = "account users"
privileges = ["ALL PRIVILEGES"]
}
}
Any suggestion on how to set UC catalog permissions in Terraform?
