Fixed updating owners for UC resources (#3189)

* Fix updating owners

* fix tests

* -

* test

* integration test

* test

* Test

* Update connection resource

* restore connection

* restore connection

* update

* docs

* docs

* docs

Author: tanmay-db

catalog/resource_catalog.go

@@ -148,6 +148,10 @@ func ResourceCatalog() common.Resource {
 				}
 			}
 
+			if !d.HasChangeExcept("owner") {
+				return nil
+			}
+
 			updateCatalogRequest.Owner = ""
 			ci, err := w.Catalogs.Update(ctx, updateCatalogRequest)
 

catalog/resource_external_location.go

@@ -108,6 +108,10 @@ func ResourceExternalLocation() common.Resource {
 				}
 			}
 
+			if !d.HasChangeExcept("owner") {
+				return nil
+			}
+
 			updateExternalLocationRequest.Owner = ""
 			_, err = w.ExternalLocations.Update(ctx, updateExternalLocationRequest)
 			if err != nil {

catalog/resource_metastore.go

@@ -138,6 +138,11 @@ func ResourceMetastore() common.Resource {
 						return err
 					}
 				}
+
+				if !d.HasChangeExcept("owner") {
+					return nil
+				}
+
 				update.Owner = ""
 				_, err := acc.Metastores.Update(ctx, catalog.AccountsUpdateMetastore{
 					MetastoreId:   d.Id(),
@@ -171,6 +176,11 @@ func ResourceMetastore() common.Resource {
 						return err
 					}
 				}
+
+				if !d.HasChangeExcept("owner") {
+					return nil
+				}
+
 				update.Owner = ""
 				_, err := w.Metastores.Update(ctx, update)
 				if err != nil {

catalog/resource_metastore_test.go

@@ -172,14 +172,42 @@ func TestUpdateMetastore_NoChanges(t *testing.T) {
 				StorageRoot: "s3://b/abc",
 				Name:        "abc",
 			}, nil)
+		},
+		Resource:    ResourceMetastore(),
+		ID:          "abc",
+		Update:      true,
+		RequiresNew: true,
+		InstanceState: map[string]string{
+			"name":                "abc",
+			"storage_root":        "s3:/a",
+			"owner":               "admin",
+			"delta_sharing_scope": "INTERNAL_AND_EXTERNAL",
+			"delta_sharing_recipient_token_lifetime_in_seconds": "1002",
+		},
+		HCL: `
+		name = "abc"
+		storage_root = "s3:/a"
+		owner = "admin"
+		delta_sharing_scope = "INTERNAL_AND_EXTERNAL"
+		delta_sharing_recipient_token_lifetime_in_seconds = 1002
+		`,
+	}.ApplyNoError(t)
+}
+
+func TestUpdateMetastore_OnlyOwnerChanges(t *testing.T) {
+	qa.ResourceFixture{
+		MockWorkspaceClientFunc: func(w *mocks.MockWorkspaceClient) {
+			e := w.GetMockMetastoresAPI().EXPECT()
 			e.Update(mock.Anything, catalog.UpdateMetastore{
-				Id:                "abc",
-				Name:              "abc",
-				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
-				ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
+				Id:    "abc",
+				Owner: "updatedOwner",
 			}).Return(&catalog.MetastoreInfo{
-				Name:              "a",
+				Name:  "abc",
+				Owner: "updatedOwner",
+			}, nil)
+			e.GetById(mock.Anything, "abc").Return(&catalog.MetastoreInfo{
+				Name:              "abc",
+				Owner:             "updatedOwner",
 				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
 				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
 			}, nil)
@@ -198,14 +226,14 @@ func TestUpdateMetastore_NoChanges(t *testing.T) {
 		HCL: `
 		name = "abc"
 		storage_root = "s3:/a"
-		owner = "admin"
+		owner = "updatedOwner"
 		delta_sharing_scope = "INTERNAL_AND_EXTERNAL"
 		delta_sharing_recipient_token_lifetime_in_seconds = 1002
 		`,
 	}.ApplyNoError(t)
 }
 
-func TestUpdateMetastore_OwnerChanges(t *testing.T) {
+func TestUpdateMetastore_OwnerAndOtherChanges(t *testing.T) {
 	qa.ResourceFixture{
 		MockWorkspaceClientFunc: func(w *mocks.MockWorkspaceClient) {
 			e := w.GetMockMetastoresAPI().EXPECT()
@@ -220,19 +248,18 @@ func TestUpdateMetastore_OwnerChanges(t *testing.T) {
 				Id:                "abc",
 				Name:              "abc",
 				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
+				DeltaSharingRecipientTokenLifetimeInSeconds: 1004,
 				ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
 			}).Return(&catalog.MetastoreInfo{
-				Name:              "a",
 				Owner:             "updatedOwner",
 				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
+				DeltaSharingRecipientTokenLifetimeInSeconds: 1004,
 			}, nil)
 			e.GetById(mock.Anything, "abc").Return(&catalog.MetastoreInfo{
 				Name:              "abc",
 				Owner:             "updatedOwner",
 				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
+				DeltaSharingRecipientTokenLifetimeInSeconds: 1004,
 			}, nil)
 		},
 		Resource:    ResourceMetastore(),
@@ -251,7 +278,7 @@ func TestUpdateMetastore_OwnerChanges(t *testing.T) {
 		storage_root = "s3:/a"
 		owner = "updatedOwner"
 		delta_sharing_scope = "INTERNAL_AND_EXTERNAL"
-		delta_sharing_recipient_token_lifetime_in_seconds = 1002
+		delta_sharing_recipient_token_lifetime_in_seconds = 1004
 		`,
 	}.ApplyNoError(t)
 }
@@ -271,7 +298,7 @@ func TestUpdateMetastore_Rollback(t *testing.T) {
 				Id:                "abc",
 				Name:              "abc",
 				DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-				DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
+				DeltaSharingRecipientTokenLifetimeInSeconds: 1004,
 				ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
 			}).Return(nil, errors.New("Something unexpected happened"))
 			e.Update(mock.Anything, catalog.UpdateMetastore{
@@ -298,7 +325,7 @@ func TestUpdateMetastore_Rollback(t *testing.T) {
 		storage_root = "s3:/a"
 		owner = "updatedOwner"
 		delta_sharing_scope = "INTERNAL_AND_EXTERNAL"
-		delta_sharing_recipient_token_lifetime_in_seconds = 1002
+		delta_sharing_recipient_token_lifetime_in_seconds = 1004
 		`,
 	}.Apply(t)
 	qa.AssertErrorStartsWith(t, err, "Something unexpected happened")
@@ -507,22 +534,6 @@ func TestUpdateAccountMetastore_NoChanges(t *testing.T) {
 	qa.ResourceFixture{
 		MockAccountClientFunc: func(a *mocks.MockAccountClient) {
 			e := a.GetMockAccountMetastoresAPI().EXPECT()
-			e.Update(mock.Anything, catalog.AccountsUpdateMetastore{
-				MetastoreId: "abc",
-				MetastoreInfo: &catalog.UpdateMetastore{
-					Id:                "abc",
-					Name:              "abc",
-					DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-					DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
-					ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
-				},
-			}).Return(&catalog.AccountsMetastoreInfo{
-				MetastoreInfo: &catalog.MetastoreInfo{
-					Name:              "abc",
-					DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-					DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
-				},
-			}, nil)
 			e.GetByMetastoreId(mock.Anything, "abc").Return(&catalog.AccountsMetastoreInfo{
 				MetastoreInfo: &catalog.MetastoreInfo{
 					StorageRoot: "s3://b/abc",
@@ -569,22 +580,6 @@ func TestUpdateAccountMetastore_OwnerChanges(t *testing.T) {
 					Owner: "updatedOwner",
 				},
 			}, nil)
-			e.Update(mock.Anything, catalog.AccountsUpdateMetastore{
-				MetastoreId: "abc",
-				MetastoreInfo: &catalog.UpdateMetastore{
-					Id:                "abc",
-					Name:              "abc",
-					DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-					DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
-					ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
-				},
-			}).Return(&catalog.AccountsMetastoreInfo{
-				MetastoreInfo: &catalog.MetastoreInfo{
-					Name:              "abc",
-					DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-					DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
-				},
-			}, nil)
 			e.GetByMetastoreId(mock.Anything, "abc").Return(&catalog.AccountsMetastoreInfo{
 				MetastoreInfo: &catalog.MetastoreInfo{
 					StorageRoot: "s3://b/abc",
@@ -637,7 +632,7 @@ func TestUpdateAccountMetastore_Rollback(t *testing.T) {
 					Id:                "abc",
 					Name:              "abc",
 					DeltaSharingScope: "INTERNAL_AND_EXTERNAL",
-					DeltaSharingRecipientTokenLifetimeInSeconds: 1002,
+					DeltaSharingRecipientTokenLifetimeInSeconds: 1004,
 					ForceSendFields: []string{"DeltaSharingRecipientTokenLifetimeInSeconds"},
 				},
 			}).Return(nil, errors.New("Something unexpected happened"))
@@ -671,7 +666,7 @@ func TestUpdateAccountMetastore_Rollback(t *testing.T) {
 		storage_root = "s3:/a"
 		owner = "updatedOwner"
 		delta_sharing_scope = "INTERNAL_AND_EXTERNAL"
-		delta_sharing_recipient_token_lifetime_in_seconds = 1002
+		delta_sharing_recipient_token_lifetime_in_seconds = 1004
 		`,
 	}.Apply(t)
 	qa.AssertErrorStartsWith(t, err, "Something unexpected happened")

catalog/resource_schema.go

@@ -99,6 +99,10 @@ func ResourceSchema() common.Resource {
 				}
 			}
 
+			if !d.HasChangeExcept("owner") {
+				return nil
+			}
+
 			updateSchemaRequest.Owner = ""
 			schema, err := w.Schemas.Update(ctx, updateSchemaRequest)
 			if err != nil {

catalog/resource_share.go

@@ -237,6 +237,10 @@ func ResourceShare() common.Resource {
 				}
 			}
 
+			if !d.HasChangeExcept("owner") {
+				return nil
+			}
+
 			err = NewSharesAPI(ctx, c).update(d.Id(), ShareUpdates{
 				Updates: changes,
 			})

catalog/resource_storage_credential.go

@@ -152,6 +152,11 @@ func ResourceStorageCredential() common.Resource {
 						return err
 					}
 				}
+
+				if !d.HasChangeExcept("owner") {
+					return nil
+				}
+
 				update.Owner = ""
 				_, err := acc.StorageCredentials.Update(ctx, catalog.AccountsUpdateStorageCredential{
 					CredentialInfo:        &update,
@@ -191,6 +196,11 @@ func ResourceStorageCredential() common.Resource {
 						return err
 					}
 				}
+
+				if !d.HasChangeExcept("owner") {
+					return nil
+				}
+
 				update.Owner = ""
 				_, err = w.StorageCredentials.Update(ctx, update)
 				if err != nil {

catalog/resource_volume.go

@@ -93,6 +93,10 @@ func ResourceVolume() common.Resource {
 				}
 			}
 
+			if !d.HasChangeExcept("owner") {
+				return nil
+			}
+
 			updateVolumeRequestContent.Owner = ""
 			v, err := w.Volumes.Update(ctx, updateVolumeRequestContent)
 			if err != nil {

docs/index.md

@@ -355,6 +355,10 @@ Except for metastore, metastore assignment and storage credential objects, Unity
 
 If you are configuring a new Databricks account for the first time, please create at least one workspace with an identity (user or service principal) that you intend to use for Unity Catalog rollout. You can then configure the provider using that identity and workspace to provision the required Unity Catalog resources.
 
+## Special considerations for Unity Catalog Resources
+
+When performing a single Terraform apply to update both the owner and other fields for Unity Catalog resources, the process first updates the owner, followed by the other fields using the new owner's permissions. If your principal is not the owner (specifically, the newly updated owner), you will not have the authority to modify those fields. In cases where you wish to change the owner to another individual and also update other fields, we recommend initially updating the fields using your principal, which should have owner permissions, and then updating the owner in a separate step.
+
 ## Miscellaneous configuration parameters
 
 !> **Warning** Combination of `debug_headers` and `debug_truncate_bytes` results in dumping of sensitive information to logs. Use it for troubleshooting purposes only.

internal/acceptance/catalog_test.go

@@ -70,6 +70,16 @@ func TestUcAccCatalogUpdate(t *testing.T) {
 			}
 			owner = "account users"
 		}`,
+	}, step{
+		Template: `
+		resource "databricks_catalog" "sandbox" {
+			name           = "sandbox{var.STICKY_RANDOM}"
+			comment        = "this catalog is managed by terraform"
+			properties     = {
+				purpose = "testing"
+			}
+			owner = "{env.TEST_DATA_ENG_GROUP}"
+		}`,
 	}, step{
 		Template: `
 		resource "databricks_catalog" "sandbox" {