Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ISSUE] SQL Endpoint Permissions #661

Closed
ghost opened this issue May 25, 2021 · 5 comments · Fixed by #662
Closed

[ISSUE] SQL Endpoint Permissions #661

ghost opened this issue May 25, 2021 · 5 comments · Fixed by #662
Assignees
@alexott

Comments

@ghost
Copy link

ghost commented May 25, 2021
edited by ghost
Loading

Terraform Version

Terraform v0.14.8

  • provider registry.terraform.io/databrickslabs/databricks v0.3.4

Affected Resource(s)

  • databricks_permissions
  • databricks_sql_endpoint

Environment variable names

none

Terraform Configuration Files

resource "databricks_sql_endpoint" "default" {
  name = "default"
  cluster_size = "Small"
  max_num_clusters = 1
}

resource "databricks_group" "maintenance" {
  display_name = "Engineering - Maintenance Access"
  allow_sql_analytics_access = true
}

resource "databricks_group" "default" {
  display_name = "Engineering - Default Access"
  allow_sql_analytics_access = true
}

resource "databricks_permissions" "endpoint_usage" {
  sql_endpoint_id = databricks_sql_endpoint.default.id

  access_control {
    group_name = databricks_group.default.display_name
    permission_level = "CAN_USE"
  }

  access_control {
    group_name = databricks_group.maintenance.display_name
    permission_level = "CAN_MANAGE"
  }

}

Debug Output

Did even use trace, but unfortunately I can just see other resources completing, but when it gets to the endpoint there are no details

2021/05/25 09:45:54 [TRACE] EvalWriteState: writing current state object for databricks_sql_permissions.catalog
2021/05/25 09:45:54 [TRACE] vertex "databricks_sql_permissions.catalog": visit complete
2021/05/25 09:45:54 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
2021/05/25 09:45:54 [TRACE] dag/walk: upstream of "provider[\"registry.terraform.io/databrickslabs/databricks\"] (close)" errored, so skipping
2021/05/25 09:45:54 [TRACE] dag/walk: upstream of "root" errored, so skipping
2021-05-25T09:45:54.411+0100 [WARN]  plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
2021-05-25T09:45:54.414+0100 [DEBUG] plugin: plugin process exited: path=.terraform/providers/registry.terraform.io/databrickslabs/databricks/0.3.4/darwin_amd64/terraform-provider-databricks_v0.3.4 pid=65835
2021-05-25T09:45:54.414+0100 [DEBUG] plugin: plugin exited

The output to stdout also says:

databricks_sql_permissions.catalog: Modifications complete after 29s [id=catalog/]

Error: Model not found for endpoints

  on sql_analytics.tf line 26, in resource "databricks_permissions" "endpoint_usage":
  26: resource "databricks_permissions" "endpoint_usage" {

From what I can see this comes from the permissions API:

curl -u 'token:dapixxx' https://foo.cloud.databricks.com/api/2.0/preview/sql/permissions/endpoints/123aaaccca123                  
{"message": "Model not found for endpoints"}%

Toying around a bit more (verifying it works for other resources and checking if the endpoints url is different):

curl -u 'token:dapixxx https://foo.cloud.databricks.com/api/2.0/preview/sql/permissions/queries/bar
{"object_id": "queries/foo", "object_type": "query", "access_control_list": [{"user_name": "xxx", "permission_level": "CAN_MANAGE"}]}

curl -u 'token:dapixxx' https://foo.cloud.databricks.com/api/2.0/preview/sql/permissions/endpoint/123aaaccca123 
{"message": "Model not found for endpoint"}

curl -u 'token:dapixxx' https:/foo.cloud.databricks.com/api/2.0/preview/sql/permissions/sql_endpoints/123aaaccca123
{"message": "Model not found for sql_endpoints"}

curl -u 'token:dapixxx' https://foo.cloud.databricks.com/api/2.0/preview/sql/permissions/sql-endpoints/123aaaccca123
{"message": "Model not found for sql-endpoints"}

curl -u 'token:dapixxx' https://foo.cloud.databricks.com/api/2.0/preview/sql/permissions/sql_endpoint/123aaaccca123 
{"message": "Model not found for sql_endpoint"}

A side note here, our workspace is on v3.46. Is this not released yet?

Expected Behavior

SQL Analytics endpoint permissions should have been applied.

Actual Behavior

Apply failed. Just doing plan actually succeeded.

Steps to Reproduce

  1. terraform apply
@alexott alexott self-assigned this May 25, 2021
@alexott
Copy link
Contributor

alexott commented May 25, 2021

yep, that's the bug...

@ghost
Copy link
Author

ghost commented May 25, 2021

Thanks for the quick reply. Do you mean the bug is that the permissions endpoint is not released yet in our workspace version?

@alexott
Copy link
Contributor

alexott commented May 25, 2021

it's a bug in provider

alexott added a commit that referenced this issue May 25, 2021
@alexott
Use correct API endpoint for SQLA Endpoints
3f46065 
The "main" permissions API is not in the preview anymore, so I switched from
`/preview/permissions` to `/permissions`

This fixes #661
@alexott alexott mentioned this issue May 25, 2021
Merged
@alexott
Copy link
Contributor

alexott commented May 25, 2021

You can build from linked PR & test.

@ghost
Copy link
Author

ghost commented May 25, 2021

Yes, can confirm that worked, thank you.

@nfx nfx closed this as completed in #662 May 26, 2021
nfx pushed a commit that referenced this issue May 26, 2021
@alexott @nfx
Use correct API endpoint for SQLA Endpoints
12dee7d 
The "main" permissions API is not in the preview anymore, so I switched from
`/preview/permissions` to `/permissions`

This fixes #661
@nfx nfx mentioned this issue Jun 2, 2021
Merged
michael-berk pushed a commit to michael-berk/terraform-provider-databricks that referenced this issue Feb 15, 2023
@alexott @nfx
Use correct API endpoint for SQLA Endpoints
4dd1878 
The "main" permissions API is not in the preview anymore, so I switched from
`/preview/permissions` to `/permissions`

This fixes databricks#661
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alexott alexott

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use correct API endpoint for SQLA Endpoints databricks/terraform-provider-databricks
1 participant
@alexott