Hi,
I am trying to manage Azure databricks cluster usage using databricks_permissions resource:
resource "databricks_permissions" "cluster_usage" {
cluster_id = databricks_cluster.shared_autoscaling.id
access_control {
group_name = "aad_group_name"
permission_level = "CAN_ATTACH_TO"
}
}
we’re following Microsoft’s best practices and we’re using only account level groups. We have enabled identity federation for all our workspaces too. However, when trying to deploy (terraform apply) resource block from above, terraform returns an error:
Error: cannot update permissions: Principal: GroupName(aad_group_name) does not exist
This group exists in databricks, at account level though. So I created this group “aad_group_name” in databricks on workspace level, and that worked fine.
My question is, when using databricks_permissions resource, am I limited to use workspace-level group(s) only?
All the documentation about this resource seems to use workspace level groups, but then it conflicts with Microsoft recommendation to use account-level groups in Databricks.