Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE] Allow data databricks_group on account #1754

Closed
BostjanBozic opened this issue Nov 11, 2022 · 1 comment
Closed

[FEATURE] Allow data databricks_group on account #1754

BostjanBozic opened this issue Nov 11, 2022 · 1 comment
Labels
feature New feature or request

Comments

@BostjanBozic
Copy link

BostjanBozic commented Nov 11, 2022
edited
Loading

Use-cases

It would be great to be able to fetch user group information on Databricks account level.

Use case behind it is:

  • enable SSO with SCIM enabled (e.g. using Okta)
  • groups are synced via SCIM, which means groups are available on Databricks account level
  • those groups would be assigned to workspace using databricks_mws_permission_assignment resource

Attempted Solutions

I tried to use data source object databricks_group with provider configured pointing toward account, but this object requires host parameter in provider configuration, which indicates that it is working on workspace level.

Code snippet includes only related resources.

provider "databricks" {
  alias    = "mws"
  host     = "https://accounts.cloud.databricks.com"
  username = var.databricks_account.username
  password = var.databricks_account.password
}

provider "databricks" {
  alias = "ws"
  host  = databricks_mws_workspaces.test.workspace_url
  token = databricks_mws_workspaces.test.token[0].token_value
}

data "databricks_group" "test_group" {
  provider     = databricks.mws
  display_name = "test-group"
}

resource "databricks_mws_permission_assignment" "test_group" {
  provider     = databricks.mws
  workspace_id = databricks_mws_workspaces.test.workspace_id
  principal_id = data.databricks_group.test_group.id
  permissions  = ["USER"]
}

This would fail with following error, which makes me believe it is only available on workspace scope:

│ Error: Databricks API (/api/2.0/preview/scim/v2/Groups) requires you to set `host` property (or DATABRICKS_HOST env variable) to result of `databricks_mws_workspaces.this.workspace_url`. This error may happen if you're using provider in both normal and multiworkspace mode. Please refactor your code into different modules. Runnable example that we use for integration testing can be found in this repository at https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-workspace

Proposal

Add additional resource/data source, which would work on Databricks account level, similar to how databricks_mws_permission_assignment is used. Maybe call it databricks_mws_group or something similar.

References
@BostjanBozic BostjanBozic added the feature New feature or request label Nov 11, 2022
@BostjanBozic
Copy link
Author

It seems that this is actually a bug in error message output. What happened that once I added account_id parameter to provider, it did the trick. I will open separate bug report.

@fuselessmatt fuselessmatt mentioned this issue Dec 5, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@BostjanBozic