Databricks Community

Andrei_Radulesc · ‎11-17-2022

I can create account groups in Terraform as follows:

resource "databricks_group" "dev_perception" {

provider = databricks.mws

display_name = "Perception"

}

Or I can create a workspace group, using the workspace provider instead of the account provider:

resource "databricks_group" "dev_perception" {

provider = databricks.dev_workspace

display_name = "Perception"

}

However, the latter mechanism seems to be obsolete, b/c the UI only allows you to create account level groups.

What I would like to do is:

Create the account level group
Then, associate it to a workspace (so I can actually use it)

I can do this association in the UI. But how can I do the association in Terraform? I'd like to avoid mixing manual config with Terraform config.

Pat · ‎11-22-2022

Hi @Andrei Radulescu-Banu ,

to assign the 'account level group' to workspace you should use `databricks_mws_permission_assignment` resource, i.e.:

data "databricks_group" "this" {
  provider = databricks.mws
  for_each     = toset(keys(var.groups))
  display_name = each.key
}
 
resource "databricks_mws_permission_assignment" "this" {
  provider = databricks.mws
  for_each     = { for key, value in var.groups : key => value }
  workspace_id = var.workspace_id
  principal_id = data.databricks_group.this[each.key].id
  permissions  = [each.value.permissions]
}
 
-- example params:
workspace_id = "${dependency.workspace.outputs.databricks_workspace_id}"
    groups = {
      "data-engineers" = { permissions = "ADMIN" }
      "data-analysts"  = { permissions = "USER" }
    }

docs: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_a...

View solution in original post

Pat · ‎11-22-2022

Hi @Andrei Radulescu-Banu ,

to assign the 'account level group' to workspace you should use `databricks_mws_permission_assignment` resource, i.e.:

data "databricks_group" "this" {
  provider = databricks.mws
  for_each     = toset(keys(var.groups))
  display_name = each.key
}
 
resource "databricks_mws_permission_assignment" "this" {
  provider = databricks.mws
  for_each     = { for key, value in var.groups : key => value }
  workspace_id = var.workspace_id
  principal_id = data.databricks_group.this[each.key].id
  permissions  = [each.value.permissions]
}
 
-- example params:
workspace_id = "${dependency.workspace.outputs.databricks_workspace_id}"
    groups = {
      "data-engineers" = { permissions = "ADMIN" }
      "data-analysts"  = { permissions = "USER" }
    }

docs: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_a...