cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Warehousing & Analytics
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I associate an account group with a workspace in Terraform?

Go to solution
Andrei_Radulesc
Contributor III

‎11-17-2022 01:24 PM

I can create account groups in Terraform as follows:

resource "databricks_group" "dev_perception" {

 provider    = databricks.mws

 display_name = "Perception"

}

Or I can create a workspace group, using the workspace provider instead of the account provider:

resource "databricks_group" "dev_perception" {

 provider    = databricks.dev_workspace

 display_name = "Perception"

}

However, the latter mechanism seems to be obsolete, b/c the UI only allows you to create account level groups.

What I would like to do is:

  • Create the account level group
  • Then, associate it to a workspace (so I can actually use it)

I can do this association in the UI. But how can I do the association in Terraform? I'd like to avoid mixing manual config with Terraform config.

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Pat
Honored Contributor III

‎11-22-2022 12:07 AM

Hi @Andrei Radulescu-Banu​ ,

to assign the 'account level group' to workspace you should use `databricks_mws_permission_assignment` resource, i.e.:

data "databricks_group" "this" {
  provider = databricks.mws
  for_each     = toset(keys(var.groups))
  display_name = each.key
}
 
resource "databricks_mws_permission_assignment" "this" {
  provider = databricks.mws
  for_each     = { for key, value in var.groups : key => value }
  workspace_id = var.workspace_id
  principal_id = data.databricks_group.this[each.key].id
  permissions  = [each.value.permissions]
}
 
-- example params:
workspace_id = "${dependency.workspace.outputs.databricks_workspace_id}"
    groups = {
      "data-engineers" = { permissions = "ADMIN" }
      "data-analysts"  = { permissions = "USER" }
    }

docs: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_a...

View solution in original post

2 REPLIES 2

Go to solution
Pat
Honored Contributor III

‎11-22-2022 12:07 AM

Hi @Andrei Radulescu-Banu​ ,

to assign the 'account level group' to workspace you should use `databricks_mws_permission_assignment` resource, i.e.:

data "databricks_group" "this" {
  provider = databricks.mws
  for_each     = toset(keys(var.groups))
  display_name = each.key
}
 
resource "databricks_mws_permission_assignment" "this" {
  provider = databricks.mws
  for_each     = { for key, value in var.groups : key => value }
  workspace_id = var.workspace_id
  principal_id = data.databricks_group.this[each.key].id
  permissions  = [each.value.permissions]
}
 
-- example params:
workspace_id = "${dependency.workspace.outputs.databricks_workspace_id}"
    groups = {
      "data-engineers" = { permissions = "ADMIN" }
      "data-analysts"  = { permissions = "USER" }
    }

docs: https://registry.terraform.io/providers/databricks/databricks/latest/docs/resources/mws_permission_a...

Go to solution
Andrei_Radulesc
Contributor III

‎11-30-2022 06:58 AM

Thank you, that works!

0 Kudos
Announcements