Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] Issue with databricks_permissions resource #4604

Open
caldempsey opened this issue Mar 28, 2025 · 1 comment
Open

[ISSUE] Issue with databricks_permissions resource #4604

caldempsey opened this issue Mar 28, 2025 · 1 comment
Labels
docs add explicit documentation about corner case

Comments

@caldempsey
Copy link
Contributor

caldempsey commented Mar 28, 2025
edited
Loading 

### Configuration
```hcl
data "databricks_service_principal" "foo" {
  # Your service principal configuration here
}

resource "databricks_permissions" "sql_warehouse_service_profile" {
  # Using display_name as documented (which is not a proper name, it's an ID) fails:
  principal = databricks_service_principal.foo.display_name
  # ... additional configuration ...
}

Expected Behavior

The documentation claims that using display_name is correct. In reality, this value is an ID—not a true name—and should just work or be accurately well-named.

Actual Behavior

Terraform fails with the following error:

Error: cannot create permissions: Principal: ServicePrincipalName(foo) does not exist

Switching to application_id resolves the error.

Steps to Reproduce

  1. Define a service principal and a permissions resource as shown above.
  2. Run terraform apply.
  3. Notice that using databricks_service_principal.data_lake_reader.display_name produces an error.
  4. Changing it to databricks_service_principal.data_lake_reader.application_id allows the configuration to apply correctly.

Terraform and Provider Versions

  • Terraform: e.g., v1.3.5 (please adjust as necessary)
  • Databricks Provider: [please replace with the version you are using, ideally the latest from https://github.com/databricks/terraform-provider-databricks/releases]

Is it a regression?

No, this is not a regression — it’s just confusing. We should deprecate usage of 'display_name' and add 'application_id', or let the display name seek for matching display names or identifiers (assuming they are unique).

Debug Output

TF_LOG=DEBUG output includes:
Error: cannot create permissions: Principal: ServicePrincipalName(foo) does not exist

Important Factoids

  • The documentation misleadingly instructs users to use display_name for service principals.
  • In practice, display_name is not a human-friendly name but an identifier, and using it results in the error above.
  • The provider should either fix the behavior or update the documentation to clarify that application_id is required.

Would you like to implement a fix?

sure
@nkvuong nkvuong added the docs add explicit documentation about corner case label Mar 30, 2025
@nkvuong
Copy link
Contributor

nkvuong commented Mar 30, 2025

@caldempsey could you let us know which section of the doc should be updated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs add explicit documentation about corner case
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@caldempsey @nkvuong