Show a warning message if a resource is not in GroupToTerraformName (#3463)

anton-107 · web-flow · commit 0a1a3092a7ec · 2025-08-22T14:28:38.000+02:00
## Why
&lt;!-- Why are these changes needed? Provide the context that the reviewer
might be missing.
For example, were there any decisions behind the change that are not
reflected in the code itself? --&gt;

When introducing a new resource to the system it does not get a mention
in the plan automatically. Instead, developer must know that the new
resource has to be added to the GroupToTerraformName map for it. The
warning message is a good indicator for the developer of the new
resource that an extra step is needed for the resource support. I opted
for the warning message instead of panicking because apparently there
are resources that do not need to be in the plan, but there is no
comprehensive list of such resources provided and I am not sure that the
test suite covers every such resource, it is not a great experience for
the bundle operation to be blocked just because the resource is in
neither of the lists.

## Tests
&lt;!-- How have you tested the changes? --&gt;
Existing tests are green

&lt;!-- If your PR needs to be included in the release notes for next
release,
add a separate entry in NEXT_CHANGELOG.md as part of your PR. --&gt;
diff --git a/bundle/deploy/terraform/showplanfile.go b/bundle/deploy/terraform/showplanfile.go
@@ -4,13 +4,22 @@ import (
 	"context"
 
 	"github.com/databricks/cli/bundle/deployplan"
+	"github.com/databricks/cli/libs/log"
 	"github.com/hashicorp/terraform-exec/tfexec"
 	tfjson "github.com/hashicorp/terraform-json"
 )
 
+// silentlyUpdatedResources contains resource types that are automatically created by DABs,
+// no need to show them in the plan
+var silentlyUpdatedResources = map[string]bool{
+	"databricks_grants":      true,
+	"databricks_permissions": true,
+	"databricks_secret_acl":  true,
+}
+
 // GetActions converts Terraform resource changes into deployplan.Action values.
 // The returned slice can be filtered using deployplan.Filter and FilterGroup helpers.
-func GetActions(changes []*tfjson.ResourceChange) []deployplan.Action {
+func GetActions(ctx context.Context, changes []*tfjson.ResourceChange) []deployplan.Action {
 	var result []deployplan.Action
 
 	for _, rc := range changes {
@@ -34,8 +43,9 @@ func GetActions(changes []*tfjson.ResourceChange) []deployplan.Action {
 
 		group, ok := TerraformToGroupName[rc.Type]
 		if !ok {
-			// Happens for databricks_grant, databricks_permissions, databricks_secrets_acl.
-			// These are automatically created by DABs, no need to show them.
+			if !silentlyUpdatedResources[rc.Type] {
+				log.Warnf(ctx, "unknown resource type '%s'", rc.Type)
+			}
 			continue
 		}
 
@@ -59,5 +69,5 @@ func ShowPlanFile(ctx context.Context, tf *tfexec.Terraform, planPath string) ([
 		return nil, err
 	}
 
-	return GetActions(plan.ResourceChanges), nil
+	return GetActions(ctx, plan.ResourceChanges), nil
 }
diff --git a/bundle/phases/deploy_test.go b/bundle/phases/deploy_test.go
@@ -41,7 +41,7 @@ func TestParseTerraformActions(t *testing.T) {
 		},
 	}
 
-	actions := terraform.GetActions(changes)
+	actions := terraform.GetActions(t.Context(), changes)
 	res := deployplan.FilterGroup(actions, "pipelines", deployplan.ActionTypeDelete, deployplan.ActionTypeRecreate)
 
 	assert.Equal(t, []deployplan.Action{

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func TestParseTerraformActions(t *testing.T) {`
`41`	`41`	`},`
`42`	`42`	`}`
`43`	`43`
`44`		`- actions := terraform.GetActions(changes)`
	`44`	`+ actions := terraform.GetActions(t.Context(), changes)`
`45`	`45`	`res := deployplan.FilterGroup(actions, "pipelines", deployplan.ActionTypeDelete, deployplan.ActionTypeRecreate)`
`46`	`46`
`47`	`47`	`assert.Equal(t, []deployplan.Action{`