Skip to content

Commit bdfb990

Browse files
alexottalexott
authored
[Exporter] Emit permission assignment and users/SPs/groups when processing databricks_mws_workspaces (#5012)
## Changes <!-- Summary of your changes that are easy to understand --> ## Tests <!-- How is this tested? Please see the checklist below and also describe any other relevant tests --> - [x] `make test` run locally - [ ] relevant change in `docs/` folder - [ ] covered with integration tests in `internal/acceptance` - [ ] using Go SDK - [ ] using TF Plugin Framework - [x] has entry in `NEXT_CHANGELOG.md` file
1 parent c368c77 commit bdfb990

File tree

3 files changed

+71
-42
lines changed

3 files changed

+71
-42
lines changed

NEXT_CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,5 +20,6 @@
2020

2121
* Improve handling of dependencies for vector search index ([#4989](https://github.com/databricks/terraform-provider-databricks/pull/4989)).
2222
* Handle new attributes for Slack and MS Teams in `databricks_notification_destination` ([#5008](https://github.com/databricks/terraform-provider-databricks/pull/5008)).
23+
* Emit permission assignment and users/SPs/groups when processing `databricks_mws_workspaces` ([#5012](https://github.com/databricks/terraform-provider-databricks/pull/5012)).
2324

2425
### Internal Changes

exporter/impl_scim.go

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,10 @@ package exporter
33
import (
44
"fmt"
55
"log"
6+
"strconv"
67
"strings"
78

9+
"github.com/databricks/terraform-provider-databricks/mws"
810
"github.com/databricks/terraform-provider-databricks/scim"
911
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
1012
"golang.org/x/exp/maps"
@@ -279,3 +281,53 @@ func importServicePrincipal(ic *importContext, r *resource) error {
279281
}
280282
return nil
281283
}
284+
285+
func emitIdfedAndUsersSpsGroups(ic *importContext, workspaceId int64) error {
286+
log.Printf("[DEBUG] Emitting permission assignments for workspace %d", workspaceId)
287+
pas, err := ic.accountClient.WorkspaceAssignment.ListByWorkspaceId(ic.Context, workspaceId)
288+
if err != nil {
289+
log.Printf("[ERROR] listing workspace permission assignments for workspace %d: %s",
290+
workspaceId, err.Error())
291+
return err
292+
}
293+
for _, pa := range pas.PermissionAssignments {
294+
perm := "unknown"
295+
if len(pa.Permissions) > 0 {
296+
perm = pa.Permissions[0].String()
297+
}
298+
nm := fmt.Sprintf("mws_pa_%d_%s_%s_%d", workspaceId, pa.Principal.DisplayName,
299+
perm, pa.Principal.PrincipalId)
300+
// We generate Data directly to avoid calling APIs
301+
data := mws.ResourceMwsPermissionAssignment().ToResource().TestResourceData()
302+
paId := fmt.Sprintf("%d|%d", workspaceId, pa.Principal.PrincipalId)
303+
data = ic.generateNewData(data, "databricks_mws_permission_assignment", paId, pa)
304+
data.Set("workspace_id", workspaceId)
305+
data.Set("principal_id", pa.Principal.PrincipalId)
306+
ic.Emit(&resource{
307+
Resource: "databricks_mws_permission_assignment",
308+
ID: paId,
309+
Name: nameNormalizationRegex.ReplaceAllString(nm, "_"),
310+
Data: data,
311+
})
312+
// Emit principals
313+
strPrincipalId := strconv.FormatInt(pa.Principal.PrincipalId, 10)
314+
if pa.Principal.ServicePrincipalName != "" {
315+
ic.Emit(&resource{
316+
Resource: "databricks_service_principal",
317+
ID: strPrincipalId,
318+
})
319+
} else if pa.Principal.UserName != "" {
320+
ic.Emit(&resource{
321+
Resource: "databricks_user",
322+
ID: strPrincipalId,
323+
})
324+
} else if pa.Principal.GroupName != "" {
325+
ic.Emit(&resource{
326+
Resource: "databricks_group",
327+
ID: strPrincipalId,
328+
})
329+
}
330+
}
331+
332+
return nil
333+
}

exporter/importables.go

Lines changed: 18 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -2434,58 +2434,26 @@ var resourcesMap map[string]importable = map[string]importable{
24342434
log.Printf("[DEBUG] Skipping workspace %d because it doesn't match to the filter", ws.WorkspaceId)
24352435
continue
24362436
}
2437-
pas, err := ic.accountClient.WorkspaceAssignment.ListByWorkspaceId(ic.Context, ws.WorkspaceId)
2437+
wsIdString := strconv.FormatInt(ws.WorkspaceId, 10)
2438+
ic.Emit(&resource{
2439+
Resource: "databricks_mws_workspaces",
2440+
ID: ic.accountClient.Config.AccountID + "/" + wsIdString,
2441+
Name: ws.WorkspaceName + "_" + wsIdString,
2442+
})
2443+
err = emitIdfedAndUsersSpsGroups(ic, ws.WorkspaceId)
24382444
if err != nil {
24392445
log.Printf("[ERROR] listing workspace permission assignments for workspace %d: %s",
24402446
ws.WorkspaceId, err.Error())
24412447
continue
24422448
}
2443-
log.Printf("[DEBUG] Emitting permission assignments for workspace %d", ws.WorkspaceId)
2444-
for _, pa := range pas.PermissionAssignments {
2445-
perm := "unknown"
2446-
if len(pa.Permissions) > 0 {
2447-
perm = pa.Permissions[0].String()
2448-
}
2449-
nm := fmt.Sprintf("mws_pa_%d_%s_%s_%d", ws.WorkspaceId, pa.Principal.DisplayName,
2450-
perm, pa.Principal.PrincipalId)
2451-
// We generate Data directly to avoid calling APIs
2452-
data := mws.ResourceMwsPermissionAssignment().ToResource().TestResourceData()
2453-
paId := fmt.Sprintf("%d|%d", ws.WorkspaceId, pa.Principal.PrincipalId)
2454-
data = ic.generateNewData(data, "databricks_mws_permission_assignment", paId, pa)
2455-
data.Set("workspace_id", ws.WorkspaceId)
2456-
data.Set("principal_id", pa.Principal.PrincipalId)
2457-
ic.Emit(&resource{
2458-
Resource: "databricks_mws_permission_assignment",
2459-
ID: paId,
2460-
Name: nameNormalizationRegex.ReplaceAllString(nm, "_"),
2461-
Data: data,
2462-
})
2463-
// Emit principals
2464-
strPrincipalId := strconv.FormatInt(pa.Principal.PrincipalId, 10)
2465-
if pa.Principal.ServicePrincipalName != "" {
2466-
ic.Emit(&resource{
2467-
Resource: "databricks_service_principal",
2468-
ID: strPrincipalId,
2469-
})
2470-
} else if pa.Principal.UserName != "" {
2471-
ic.Emit(&resource{
2472-
Resource: "databricks_user",
2473-
ID: strPrincipalId,
2474-
})
2475-
} else if pa.Principal.GroupName != "" {
2476-
ic.Emit(&resource{
2477-
Resource: "databricks_group",
2478-
ID: strPrincipalId,
2479-
})
2480-
}
2481-
}
24822449
}
24832450
return nil
24842451
},
24852452
Depends: []reference{
24862453
{Resource: "databricks_service_principal", Path: "principal_id"},
24872454
{Resource: "databricks_user", Path: "principal_id"},
24882455
{Resource: "databricks_group", Path: "principal_id"},
2456+
{Resource: "databricks_mws_workspaces", Path: "workspace_id", Match: "workspace_id"},
24892457
},
24902458
},
24912459
"databricks_dashboard": {
@@ -3056,10 +3024,11 @@ var resourcesMap map[string]importable = map[string]importable{
30563024
log.Printf("[DEBUG] skipping mws_workspaces '%s' that is not running", workspace.WorkspaceName)
30573025
continue
30583026
}
3027+
wsIdString := strconv.FormatInt(workspace.WorkspaceId, 10)
30593028
ic.Emit(&resource{
30603029
Resource: "databricks_mws_workspaces",
3061-
ID: ic.accountClient.Config.AccountID + "/" + strconv.FormatInt(workspace.WorkspaceId, 10),
3062-
Name: workspace.WorkspaceName,
3030+
ID: ic.accountClient.Config.AccountID + "/" + wsIdString,
3031+
Name: workspace.WorkspaceName + "_" + wsIdString,
30633032
})
30643033
}
30653034
return nil
@@ -3104,6 +3073,13 @@ var resourcesMap map[string]importable = map[string]importable{
31043073
ID: ic.accountClient.Config.AccountID + "/" + workspace.CredentialsID,
31053074
})
31063075
}
3076+
if ic.isServiceEnabled("idfed") {
3077+
err := emitIdfedAndUsersSpsGroups(ic, workspace.WorkspaceID)
3078+
if err != nil {
3079+
log.Printf("[ERROR] listing workspace permission assignments for workspace %d: %s",
3080+
workspace.WorkspaceID, err.Error())
3081+
}
3082+
}
31073083
return nil
31083084
},
31093085
Depends: []reference{

0 commit comments

Comments
 (0)