-
Notifications
You must be signed in to change notification settings - Fork 386
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ISSUE|FEATURE] Existing Table permissions not detected at first apply #1164
Comments
@ebarault what host do you use? why mws alias? |
please provide api call logs from debug |
@nfx i use a workspace host as with any Unity Catalog config right now, while it is not ported at the account level my setup works, it does create new permissions on the UC table and sees drifts on those permissions if altered from outside terraforml ; it just does not manage existing permissions |
i'll be splitting account-level entities into their own provider in the coming months. for now i recommend you splitting account and non-account into their own modules.
please specify exact step-by-step instructions on how to reproduce this issue. |
@nfx I added step-by-step instructions in the issue description |
@nfx IMPORTANT: the problem seems to happen only at the first terraform apply. Once the module is applied once, it seems it detects external GRANTS and proposes to remove them EDIT: yes, I just tested again, that's the way it operates, i updated the description |
Hi @nfx, I spotted another edge case:
Which leaves us forced to destroy the module and recreate it |
@ebarault yep, this is due to lack of simple "replace permissions" API. thanks for identifying corner cases. |
Read existing permissions from platform before updating them, further improving drift detection. Existing permissions are merged onto diffs as removals. Fix #1164
Read existing permissions from platform before updating them, further improving drift detection. Existing permissions are merged onto diffs as removals. Fix #1164
Read existing permissions from platform before updating them, further improving drift detection. Existing permissions are merged onto diffs as removals. Fix #1164
Read existing permissions from platform before updating them, further improving drift detection. Existing permissions are merged onto diffs as removals. Fix databricks#1164
Configuration
Expected Behavior
Existing permissions on a Unity Table should be detected and overwritten
Actual Behavior
The module manages new permissions, but does not detect/warns on existing permissions at the first
terraform apply
Steps to Reproduce
terraform apply
new permissions to a different userTerraform proposes to add the "MODIFY" privilege on the
test
table but does not detect existing privilege granted tosome_user
outside of terraform.terraform apply
Terraform detects the pre-existing privileges on the
test
table and proposes to remove them.Terraform and provider versions
databricks provider version 0.5.2
The text was updated successfully, but these errors were encountered: