Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: configure permissions for all MLflow models #1044

Closed
vynaloze opened this issue Jan 18, 2022 · 0 comments · Fixed by #1070
Closed

Feature: configure permissions for all MLflow models #1044

vynaloze opened this issue Jan 18, 2022 · 0 comments · Fixed by #1070

Comments

@vynaloze
Copy link

I'm trying to configure permissions for all models as per https://docs.databricks.com/security/access-control/workspace-acl.html#configure-permissions-for-all-mlflow-models-in-model-registry

Configuration

Try 1

resource "databricks_permissions" "ml_models_all" {
  registered_model_id = "root"

  access_control {
    group_name       = "users"
    permission_level = "CAN_READ"
  }
}

Try 2

resource "databricks_permissions" "ml_models_all" {
  registered_model_id = "root"

  access_control {
    group_name       = "users"
    permission_level = "CAN_READ"
  }

  access_control {
    group_name       = "admins"
    permission_level = "CAN_MANAGE"
  }
}

Expected Behavior

All users should be granted "CAN_READ" privilege.

Actual Behavior

Try 1

$ terraform apply
(...)
databricks_permissions.ml_models_all: Creating...
╷
│ Error: Cannot change permissions for group 'admins' to None.
│
│   with databricks_permissions.ml_models_all,
│   on main.tf line 1, in resource "databricks_permissions" "ml_models_all":
│    1: resource "databricks_permissions" "ml_models_all" {
│
╵

Try 2

$ terraform apply
╷
│ Error: It is not possible to restrict any permissions from `admins`.
│
│   with databricks_permissions.ml_models_all,
│   on main.tf line 1, in resource "databricks_permissions" "ml_models_all":
│    1: resource "databricks_permissions" "ml_models_all" {
│
╵

Steps to Reproduce

  1. terraform apply

Terraform and provider versions

Terraform v1.0.8
on linux_amd64

  • provider registry.terraform.io/databrickslabs/databricks v0.4.5

Debug Output

Try 1

databricks_permissions.ml_models_all: Creating...
2022-01-18T15:27:51.518+0100 [INFO]  Starting apply for databricks_permissions.ml_models_all
2022-01-18T15:27:51.518+0100 [DEBUG] databricks_permissions.ml_models_all: applying the planned Create change
2022-01-18T15:27:51.520+0100 [DEBUG] provider.terraform-provider-databricks_v0.4.5: PUT /api/2.0/permissions/registered-models/root {
  "access_control_list": [
    {
      "group_name": "users",
      "permission_level": "CAN_READ"
    }
  ]
}: timestamp=2022-01-18T15:27:51.520+0100
2022-01-18T15:27:51.750+0100 [DEBUG] provider.terraform-provider-databricks_v0.4.5: 500 Internal Server Error {
  "error_code": "INTERNAL_ERROR",
  "message": "Cannot change permissions for group 'admins' to None."
}: timestamp=2022-01-18T15:27:51.750+0100
2022-01-18T15:27:51.750+0100 [WARN]  provider.terraform-provider-databricks_v0.4.5: /api/2.0/permissions/registered-models/root:500 - Cannot change permissions for group 'admins' to None.: timestamp=2022-01-18T15:27:51.750+0100

Try 2

Nothing of interest as it's validation error during plan phase.
@nfx nfx changed the title [ISSUE] MLflow permissions - cannot configure permissions for all models Feature: configure permissions for all MLflow models Jan 18, 2022
nfx added a commit that referenced this issue Jan 28, 2022
@nfx
Allow configuring permissions for all MLflow models
45fd9d1 
Fixes #1044
@nfx nfx mentioned this issue Jan 28, 2022
Merged
@nfx nfx closed this as completed in #1070 Jan 28, 2022
nfx added a commit that referenced this issue Jan 28, 2022
@nfx
Allow configuring permissions for all MLflow models (#1070)
41f4d20 
Fixes #1044
@nfx nfx mentioned this issue Jan 28, 2022
Merged
100 tasks
michael-berk pushed a commit to michael-berk/terraform-provider-databricks that referenced this issue Feb 15, 2023
@nfx
Allow configuring permissions for all MLflow models (databricks#1070)
d17ff12 
Fixes databricks#1044
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow configuring permissions for all MLflow models databricks/terraform-provider-databricks
1 participant
@vynaloze