Skip to content

Commit

Permalink
fix: CDI-2604 Databricks cluster policy permission grants not being a…
Browse files Browse the repository at this point in the history 
…pplied correctly (#563)

* Change for each to dynamic

* fix: add note
  • Loading branch information
@jayengee
jayengee authored Mar 7, 2024
1 parent b1f6ee1 commit d85282f
Showing 1 changed file with 16 additions and 10 deletions.
26 changes: 16 additions & 10 deletions databricks-cluster-policy/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,12 +35,15 @@ resource "databricks_cluster_policy" "inherited_cluster_policy" {
}

resource "databricks_permissions" "can_use_inherited_cluster_policy" {
for_each = local.inherited_cluster_policy_grantees

cluster_policy_id = databricks_cluster_policy.inherited_cluster_policy[0].id
access_control {
group_name = each.value
permission_level = "CAN_USE"

# TF provider requires a dynamic block rather than a for_each - for_each will override permissions
dynamic "access_control" {
for_each = local.inherited_cluster_policy_grantees
content {
group_name = access_control.value
permission_level = "CAN_USE"
}
}
}

Expand All @@ -53,11 +56,14 @@ resource "databricks_cluster_policy" "custom_cluster_policy" {
}

resource "databricks_permissions" "can_use_custom_cluster_policy" {
for_each = local.custom_cluster_policy_grantees

cluster_policy_id = databricks_cluster_policy.custom_cluster_policy[0].id
access_control {
group_name = each.value
permission_level = "CAN_USE"

# TF provider requires a dynamic block rather than a for_each - for_each will override permissions
dynamic "access_control" {
for_each = local.custom_cluster_policy_grantees
content {
group_name = access_control.value
permission_level = "CAN_USE"
}
}
}

0 comments on commit d85282f

Please sign in to comment.