Set run_as permissions after variable interpolation #1141

shreyas-goenka · 2024-01-24T08:00:07Z

Changes

This PR sets run as permissions after variable interpolation.

Terraform does not allow specifying permissions for current user.

The following configuration would fail becuase we would assign a permission block for self, bypassing this check here:

Line 47 in 4ee926b

if runAs.UserName == me || runAs.ServicePrincipalName == me {

run_as:
  user_name: ${workspace.current_user.userName}

Tests

Manually, setting run_as to ${workspace.current_user.userName} works now

codecov-commenter · 2024-01-24T08:02:37Z

Codecov Report

Attention: 15 lines in your changes are missing coverage. Please review.

Comparison is base (7067782) 49.50% compared to head (a1b4a21) 49.46%.
Report is 4 commits behind head on main.

Files	Patch %	Lines
cmd/labs/project/entrypoint.go	18.75%	12 Missing and 1 partial ⚠️
bundle/bundle.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1141      +/-   ##
==========================================
- Coverage   49.50%   49.46%   -0.05%     
==========================================
  Files         281      281              
  Lines       10711    10726      +15     
==========================================
+ Hits         5303     5306       +3     
- Misses       4844     4855      +11     
- Partials      564      565       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

CLI: * Prompt for account profile only for account-level command execution instead of during `databricks labs install` flow ([#1128](#1128)). * Bring back `--json` flag for workspace-conf set-status command ([#1151](#1151)). Bundles: * Set `run_as` permissions after variable interpolation ([#1141](#1141)). * Add functionality to visit values in `dyn.Value` tree ([#1142](#1142)). * Add `dynvar` package for variable resolution with a `dyn.Value` tree ([#1143](#1143)). * Add support for `anyOf` to `skip_prompt_if` ([#1133](#1133)). * Added `bundle generate pipeline` command ([#1139](#1139)). Internal: * Use MockWorkspaceClient from SDK instead of WithImpl mocking ([#1134](#1134)). Dependency updates: * Bump github.com/databricks/databricks-sdk-go from 0.29.0 to 0.29.1 ([#1137](#1137)). * Bump github.com/hashicorp/terraform-json from 0.20.0 to 0.21.0 ([#1138](#1138)). * Update actions/setup-go to v5 ([#1148](#1148)). * Update codecov/codecov-action to v3 ([#1149](#1149)). * Use latest patch release of Go toolchain ([#1152](#1152)).

Set run_as permissions after variable interpolation

a1b4a21

shreyas-goenka requested review from andrewnester and pietern January 24, 2024 08:00

andrewnester approved these changes Jan 24, 2024

View reviewed changes

shreyas-goenka added this pull request to the merge queue Jan 24, 2024

Merged via the queue into main with commit cf2a1c3 Jan 24, 2024
4 checks passed

shreyas-goenka deleted the fix-run-as-self branch January 24, 2024 12:28

pietern mentioned this pull request Jan 25, 2024

Release v0.212.2 #1153

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set run_as permissions after variable interpolation #1141

Set run_as permissions after variable interpolation #1141

shreyas-goenka commented Jan 24, 2024

codecov-commenter commented Jan 24, 2024

Set run_as permissions after variable interpolation #1141

Set run_as permissions after variable interpolation #1141

Conversation

shreyas-goenka commented Jan 24, 2024

Changes

Tests

codecov-commenter commented Jan 24, 2024

Codecov Report