[ISSUE] Allow import of existing scim_user and scim_group resources

[al-lac]

It should be possible to import existing scim users and groups into the terraform state file. The documentation for version 0.2.4 already includes an import section: https://registry.terraform.io/providers/databrickslabs/databricks/latest/docs/resources/scim_user

The documentation for the scim_group resource is missing completely.

Terraform Version

0.12.29

Provider Version

0.2.4

Affected Resource(s)

Please list the resources as a list, for example:

• databricks_scim_user
• databricks_scim_group

Expected Behavior

I should be able to import these resources into the state file.

Actual Behavior

I get a message that says it is currently not supported.

Steps to Reproduce

terraform import 'databricks_scim_user.test["user@azuredomain.com"]' 6051372335468901
databricks_scim_user.de["user@azuredomain.com"]: Importing from ID "6051372335468901"...

Error: resource databricks_scim_user doesn't support import

Important Factoids

Are there anything atypical about your accounts that we should know?

[nfx]

@al-lac what do you use this resource for? please use databricks_group instead of databricks_scim_group. We're not recommending extensive use of databricks_scim_user, because it's way more manageable to create few databricks_group instances with all related permissions to them and let Identity provider use SCIM provisioning to populate users into those groups.

[al-lac]

@nfx ah yes, you are right, i will use databricks_group instead. But i need to use databricks_scim_user to sync my users from Azure. I am not sure on how to populate the groups without using the terraform provider or the API.

[al-lac]

Import is now possible, but on the next terraform plan the user would be replaced because the 'user_name' attribute is missing in the state file. Also the user is admin per default in the state.

terraform import 'databricks_scim_user.test-group-dev["testuser-dev@company.com"]' 1599117335337769

terraform state show 'databricks_scim_user.test-group-dev["testuser-dev@company.com"]'# databricks_scim_user.test-group-dev["testuser-dev@company.com"]:
resource "databricks_scim_user" "data-scientists-dev" {
    entitlements    = []
    id              = "1599117335337769"
    inherited_roles = []
    roles           = []
    set_admin       = true
}


terraform plan
  # databricks_scim_user.test-group-dev["testuser-dev@company.com"] must be replaced
-/+ resource "databricks_scim_user" "test-group-dev" {
      + display_name    = "Testuser DEV"
      ~ entitlements    = [
          + "allow-cluster-create",
        ]
      ~ id              = "1599117335337769" -> (known after apply)
      ~ inherited_roles = [] -> (known after apply)
      - roles           = [] -> null
      ~ set_admin       = true -> false
      + user_name       = "testuser-dev@company.com" # forces replacement
    }

Should be possible to import the user_name as well i hope.