Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] Tolerate databricks_permissions resources for SQL warehouses with /warehouses/... IDs #4158

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Fix] Tolerate databricks_permissions resources for SQL warehouses with /warehouses/... IDs #4158

wants to merge 1 commit into from

Conversation

mgyucht
Copy link
Contributor

@mgyucht mgyucht commented Oct 25, 2024

Changes

#4143 reported a regression to the databricks_permissions resource caused by #3956. Normally, the ID for this resource when configured for a SQL warehouse is /sql/warehouses/<ID>. However, it seems like at some point in the past, some users may have had an ID of /warehouses/<ID>. It's possible that importing this resource worked like this: when calling the permissions REST API, whether using object type sql/warehouses or warehouses, the API returns permissions for the same resources:

15:13:01 DEBUG GET /api/2.0/permissions/sql/warehouses/<ID>
< HTTP/2.0 200 OK
< {
<   "access_control_list": [
<     {
<       "all_permissions": [
<         {
<           "inherited": false,
<           "permission_level": "IS_OWNER"
<         }
<       ],
<       "display_name": "<ME>",
<       "user_name": "<ME>"
<     },
<     {
<       "all_permissions": [
<         {
<           "inherited": true,
<           "inherited_from_object": [
<             "/sql/warehouses/"
<           ],
<           "permission_level": "CAN_MANAGE"
<         }
<       ],
<       "group_name": "admins"
<     }
<   ],
<   "object_id": "/sql/warehouses/<ID>",
<   "object_type": "warehouses"
< } pid=53287 sdk=true
...
15:12:56 DEBUG GET /api/2.0/permissions/warehouses/<ID>
< HTTP/2.0 200 OK
< {
<   "access_control_list": [
<     {
<       "all_permissions": [
<         {
<           "inherited": false,
<           "permission_level": "IS_OWNER"
<         }
<       ],
<       "display_name": "<ME>",
<       "user_name": "<ME>"
<     },
<     {
<       "all_permissions": [
<         {
<           "inherited": true,
<           "inherited_from_object": [
<             "/sql/warehouses/"
<           ],
<           "permission_level": "CAN_MANAGE"
<         }
<       ],
<       "group_name": "admins"
<     }
<   ],
<   "object_id": "/sql/warehouses/<ID>",
<   "object_type": "warehouses"
< } pid=53248 sdk=true

This PR modifies the SQL warehouse configuration for databricks_permissions to be chosen for instances with an ID of the form /warehouses/....

Tests

The additional integration test ensures that a resource can be imported with the /warehouses/<ID> format.

@mgyucht mgyucht requested review from a team as code owners October 25, 2024 13:14
@mgyucht mgyucht requested review from rauchy and removed request for a team October 25, 2024 13:14
@mgyucht mgyucht deployed to test-trigger-is October 25, 2024 13:15 — with GitHub Actions Active
@eng-dev-ecosystem-bot
Copy link
Collaborator

Test Details: go/deco-tests/11518956399

mgyucht
mgyucht commented Oct 25, 2024
View reviewed changes
internal/acceptance/permissions_test.go
Comment on lines +620 to +625
tags {
custom_tags {
key = "Owner"
value = "eng-dev-ecosystem-team_at_databricks.com"
}
}
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The test wasn't running locally before I added this. I'm not sure how it ran before. Our account requires the Owner tag, so this allows the test to run.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rauchy rauchy rauchy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mgyucht @eng-dev-ecosystem-bot @rauchy