Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] The databricks_group resource shouldn't allow you to specify system groups #1089

Closed
Xophmeister opened this issue Feb 3, 2022 · 3 comments · Fixed by #1091
Closed

[ISSUE] The databricks_group resource shouldn't allow you to specify system groups #1089

Xophmeister opened this issue Feb 3, 2022 · 3 comments · Fixed by #1091

Comments

@Xophmeister
Copy link

Configuration

In v0.4.7 of the provider, the databricks_group resource has the force argument. This allows you to do, for example:

resource "databricks_group" "system" {
  for_each = toset(["admins", "user"])

  display_name = each.value
  force        = true
}

Expected Behavior

The provider should forbid this.

Actual Behavior

This works fine and it will even reflect new argument values to the group (e.g., allow_cluster_create, etc.). The problem comes when you try to destroy this resource: The Databricks API forbids this and so terraform destroy will fail.

Steps to Reproduce

  1. terraform apply
  2. terraform destroy

Terraform and provider versions

Terraform v1.0.11
on linux_amd64
+ provider registry.terraform.io/databrickslabs/databricks v0.4.7
@Xophmeister Xophmeister changed the title [ISSUE] The databricks_group shouldn't allow you to specify system groups [ISSUE] The databricks_group resource shouldn't allow you to specify system groups Feb 3, 2022
@nfx
Copy link
Contributor

nfx commented Feb 3, 2022

why do you want to use force with admins and users?...

@Xophmeister
Copy link
Author

I was trying to creating a mapping from external users to Databricks which allowed arbitrary input. In my testing -- not knowing that admins and users were special -- I hit this problem. I refactored my module such that users is avoided altogether (see #1088) and the ID for admins is fetched from a data source. So the mistake was mine, but it could have been avoided if invalid state was unrepresentable.

nfx added a commit that referenced this issue Feb 4, 2022
@nfx
Prevent creation ofusers and admins groups
772291a 
Fix #1089
@nfx nfx mentioned this issue Feb 4, 2022
Merged
@nfx
Copy link
Contributor

nfx commented Feb 4, 2022

@Xophmeister #1088 won't fix. though #1091 should fix this issue.

@nfx nfx closed this as completed in #1091 Feb 4, 2022
nfx added a commit that referenced this issue Feb 4, 2022
@nfx
Prevent creation ofusers and admins groups (#1091)
bddadd9 
Fix #1089
nfx added a commit that referenced this issue Feb 11, 2022
@nfx
Release v0.4.9
31655af 
# Version changelog

## 0.4.9

* Prevent creation of `databricks_group` with `users` and `admins` reserved names ([#1089](#1089)).
* Added support for shared clusters in multi-task `databricks_job` ([#1082](#1082)).
* Added diff suppression for `external_id` in `databricks_group` ([#1099](#1099)).
* Added diff suppression for `external_id` in `databricks_user` ([#1097](#1097)).
* Added `users`, `service_principals`, and `child_groups` exported properties to `databricks_group` data resource ([#1085](#1085)).
* Added various documentation improvements.
@nfx nfx mentioned this issue Feb 11, 2022
Merged
nfx added a commit that referenced this issue Feb 11, 2022
@nfx
Release v0.4.9 (#1104)
59c12c7 
* Release v0.4.9

# Version changelog

## 0.4.9

* Prevent creation of `databricks_group` with `users` and `admins` reserved names ([#1089](#1089)).
* Added support for shared clusters in multi-task `databricks_job` ([#1082](#1082)).
* Added diff suppression for `external_id` in `databricks_group` ([#1099](#1099)).
* Added diff suppression for `external_id` in `databricks_user` ([#1097](#1097)).
* Added `users`, `service_principals`, and `child_groups` exported properties to `databricks_group` data resource ([#1085](#1085)).
* Added various documentation improvements.
michael-berk pushed a commit to michael-berk/terraform-provider-databricks that referenced this issue Feb 15, 2023
@nfx
Prevent creation ofusers and admins groups (databricks#1091)
6fef8d9 
Fix databricks#1089
michael-berk pushed a commit to michael-berk/terraform-provider-databricks that referenced this issue Feb 15, 2023
@nfx
Release v0.4.9 (databricks#1104)
bd82885 
* Release v0.4.9

# Version changelog

## 0.4.9

* Prevent creation of `databricks_group` with `users` and `admins` reserved names ([databricks#1089](databricks#1089)).
* Added support for shared clusters in multi-task `databricks_job` ([databricks#1082](databricks#1082)).
* Added diff suppression for `external_id` in `databricks_group` ([databricks#1099](databricks#1099)).
* Added diff suppression for `external_id` in `databricks_user` ([databricks#1097](databricks#1097)).
* Added `users`, `service_principals`, and `child_groups` exported properties to `databricks_group` data resource ([databricks#1085](databricks#1085)).
* Added various documentation improvements.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Prevent creation ofusers and admins groups databricks/terraform-provider-databricks
2 participants
@nfx @Xophmeister