databricks_permissions - sql warehouse usage terraform

Question

Im trying to assign permissions on the SQL warehouse usage. But Im doing something wrong that I does not ring bell (new to terraform).

I have my auto.tfvars file defined like this

databricks_sql_warehouse = {
  sql_warehouse_dedicated = {
    name                      = "sql_warehouse-dedicated-dev"
    cluster_size              = "2X-Small"
    min_num_clusters             = 1
    max_num_clusters             = 2
    auto_stop_mins            = 30
    enable_serverless_compute = false
    warehouse_type            = "PRO" 
    # enable_photon

    access_control = {
      "DEMO-ADMINISTRATORS" = "IS_OWNER"
      "Demo-Contributors"   = "CAN_USE"
    }
  }


    sql_warehouse_serverless = {
    name                      = "sql_warehouse-serverless-dev"
    cluster_size              = "2X-Small"
    min_num_clusters             = 1
    max_num_clusters             = 1
    auto_stop_mins            = 1
    enable_serverless_compute = true
    warehouse_type            = "PRO"
    # enable_photon
    access_control = {
      "DEMO-ADMINISTRATORS" = "IS_OWNER"
      "Demo-Contributors"   = "CAN_USE"
    }
  }
}

My varibale defined

variable "databricks_sql_warehouse" {
  default = {}
}

my main.tf module

module "e61-tff" {
  source = "../e61-tif"


  # tags            = var.tags
  global_settings = var.global_settings

  databricks = {
    databricks_sql_warehouse           = var.databricks_sql_warehouse
           
  }
}

then again tf file to call the resource creation

module "databricks_sql_warehouse" {
  source   = "./modules/sql_warehouse"
  for_each = local.databricks.databricks_sql_warehouse

  global_settings = var.global_settings

  settings = each.value
}

And finally

resource "databricks_sql_endpoint" "this" {
  name             =  try(var.settings.name, "base_cluster_${var.global_settings.environment}")
  cluster_size     = try(var.settings.cluster_size, "2X-Small")
  min_num_clusters = try(var.settings.min_num_clusters, 1)
  max_num_clusters = try(var.settings.max_num_clusters, 1)
  auto_stop_mins   = var.settings.auto_stop_mins
  enable_serverless_compute = var.settings.enable_serverless_compute
  warehouse_type  = var.settings.warehouse_type

}




resource "databricks_permissions" "endpoint_usage" {
  for_each = var.settings.access_control
  
  sql_endpoint_id = databricks_sql_endpoint.this.id

  access_control {
    group_name       = each.key
    permission_level = each.value
  }
}

error saying that permission_level IS_OWNER is not supported with sql_endpoint_id objects but documentation saying it supports

EDIT:

I changed IS_OWNER with CAN_MANAGE and it shows the plan. So strange that doc says IS_OWNER is supported

Answer 1

I will answer to my own question.

First of all, my groups [DEMO-ADMINISTRATORS, Demo-Contributors ] were added on account level. First you need to add the groups also on the workspace level.

And regarding the IS_OWNER, I think it is not possible at this moment because first I created the SQL warehouses, using Service principle and autoamtically becomes the owner. My guess is that, since it has already an owner I can assign new owners. But CAN_MANAGE and IS_OWNER are having same rights