Added databricks_mws_permission_assignment resource
#1491
Conversation
nfx
changed the title
databricks_mws_permissionassignments resourcedatabricks_mws_permissionassignment resource
Codecov Report
@@ Coverage Diff @@
## master #1491 +/- ##
==========================================
- Coverage 90.13% 89.79% -0.35%
==========================================
Files 130 132 +2
Lines 10434 10551 +117
==========================================
+ Hits 9405 9474 +69
- Misses 658 704 +46
- Partials 371 373 +2
|
|
Is it only for MWS, or it covers all clouds? can we also change name to |
nfx
force-pushed
the
feature/identity-federation
branch
2 times, most recently
from
f6844bf
to
58dbcc0
Compare
nfx
changed the title
databricks_mws_permissionassignment resourcedatabricks_mws_permission_assignment resource
| In account context, adding account-level group to a workspace: | ||
|
|
There was a problem hiding this comment.
I see that we only have docs for updating role assignment in the account context. I think thats fine and sufficient but it will not work for workspace admin personas who are not account admins.
There was a problem hiding this comment.
yes, we'll add that "workspace level account scim user listing" in one of the following releases.
| --- | ||
| # databricks_mws_permission_assignment Resource | ||
|
|
||
| These resources are invoked in the account context. Provider must have `account_id` attribute configured. |
There was a problem hiding this comment.
+1 will there be a documentation for access/permission_assignment? For that one API doesn't need workspace id or account id, they can be derived from the workspace url.
There was a problem hiding this comment.
we don't have a way to retrieve account-level IDs from workspace in the provider yet. please "publish" the api ;)
| "github.com/databricks/terraform-provider-databricks/qa" | ||
| ) | ||
|
|
||
| func TestAccAssignGroupToWorkspace(t *testing.T) { |
There was a problem hiding this comment.
Just curious, what does this test do? Does it test that the template can be accepted?
There was a problem hiding this comment.
it does create, read, update, and delete test assignments of test principals
| Read: true, | ||
| Removed: true, | ||
| AccountID: "abc", | ||
| ID: "123|456", |
There was a problem hiding this comment.
| qa.CornerCaseAccountID("abc")) | ||
| } | ||
|
|
||
| func TestPermssionAssignmentFuzz_ApiErrors(t *testing.T) { |
There was a problem hiding this comment.
How does this test work? Do we need to verify that API errors are properly handled?
There was a problem hiding this comment.
yes. it does some fuzzing. see CONTRIBUTING.md for details
nfx
force-pushed
the
feature/identity-federation
branch
from
7f689f0
to
06cae22
Compare
These resources are invoked in the account context. Provider must have `account_id` attribute configured. Example usage in account context, adding account-level group to a workspace:
```hcl
provider "databricks" {
// <other properties>
account_id = "<databricks account id>"
}
resource "databricks_group" "data_eng" {
display_name = "Data Engineering"
}
resource "databricks_mws_permission_assignment" "add_admin_group" {
workspace_id = databricks_mws_workspaces.this.workspace_id
principal_id = databricks_group.data_eng.id
permissions = ["ADMIN"]
}
```
databricks_mws_permission_assignment Resource
These resources are invoked in the account context. Provider must have
account_idattribute configured.Example Usage
In account context, adding account-level group to a workspace:
In account context, adding account-level user to a workspace:
In account context, adding account-level service principal to a workspace:
Fix #1458