-
Notifications
You must be signed in to change notification settings - Fork 384
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added databricks_mws_permission_assignment
resource
#1491
Conversation
databricks_mws_permissionassignments
resourcedatabricks_mws_permissionassignment
resource
Codecov Report
@@ Coverage Diff @@
## master #1491 +/- ##
==========================================
- Coverage 90.13% 89.79% -0.35%
==========================================
Files 130 132 +2
Lines 10434 10551 +117
==========================================
+ Hits 9405 9474 +69
- Misses 658 704 +46
- Partials 371 373 +2
|
Is it only for MWS, or it covers all clouds? can we also change name to |
f6844bf
to
58dbcc0
Compare
databricks_mws_permissionassignment
resourcedatabricks_mws_permission_assignment
resource
In account context, adding account-level group to a workspace: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that we only have docs for updating role assignment in the account context. I think thats fine and sufficient but it will not work for workspace admin personas who are not account admins.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, we'll add that "workspace level account scim user listing" in one of the following releases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM. I'm very new to terraform so will defer to Rohit to do another round of review
--- | ||
# databricks_mws_permission_assignment Resource | ||
|
||
These resources are invoked in the account context. Provider must have `account_id` attribute configured. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 will there be a documentation for access/permission_assignment? For that one API doesn't need workspace id or account id, they can be derived from the workspace url.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we don't have a way to retrieve account-level IDs from workspace in the provider yet. please "publish" the api ;)
"github.com/databricks/terraform-provider-databricks/qa" | ||
) | ||
|
||
func TestAccAssignGroupToWorkspace(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just curious, what does this test do? Does it test that the template can be accepted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it does create, read, update, and delete test assignments of test principals
Read: true, | ||
Removed: true, | ||
AccountID: "abc", | ||
ID: "123|456", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does this ID mean?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
qa.CornerCaseAccountID("abc")) | ||
} | ||
|
||
func TestPermssionAssignmentFuzz_ApiErrors(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How does this test work? Do we need to verify that API errors are properly handled?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes. it does some fuzzing. see CONTRIBUTING.md for details
7f689f0
to
06cae22
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
These resources are invoked in the account context. Provider must have `account_id` attribute configured. Example usage in account context, adding account-level group to a workspace: ```hcl provider "databricks" { // <other properties> account_id = "<databricks account id>" } resource "databricks_group" "data_eng" { display_name = "Data Engineering" } resource "databricks_mws_permission_assignment" "add_admin_group" { workspace_id = databricks_mws_workspaces.this.workspace_id principal_id = databricks_group.data_eng.id permissions = ["ADMIN"] } ```
databricks_mws_permission_assignment Resource
These resources are invoked in the account context. Provider must have
account_id
attribute configured.Example Usage
In account context, adding account-level group to a workspace:
In account context, adding account-level user to a workspace:
In account context, adding account-level service principal to a workspace:
Fix #1458