Skip to content

Commit 713ffa4

Browse files
owlleg6owlleg6
committed
fix: updated preconditions
1 parent 6c5c424 commit 713ffa4

File tree

1 file changed

+26
-6
lines changed

1 file changed

+26
-6
lines changed

permissions.tf

Lines changed: 26 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,8 +24,16 @@ resource "databricks_permissions" "clusters" {
2424

2525
lifecycle {
2626
precondition {
27-
condition = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])
28-
error_message = "Incorrect group_name set for permission 'databricks_cluster_configs' settings"
27+
condition = length(var.iam_account_groups) != 0 ? alltrue([
28+
for permission in each.value.permissions : contains(
29+
var.iam_account_groups[*].group_name, permission.group_name
30+
)
31+
]) : true
32+
error_message = <<-EOT
33+
Databricks Account group mentioned in 'permissions' parameter of 'cluster_config' variable doesn't exists or wasn't assigned to Workspace.
34+
Please make sure provided group exist within Databricks Account and then check if it assigned to target Workspace (look for 'iam_account_groups' variable).
35+
These are valid Account Groups on Workspace: ${join(", ", var.iam_account_groups[*].group_name)}
36+
EOT
2937
}
3038
}
3139
}
@@ -48,8 +56,16 @@ resource "databricks_permissions" "sql_endpoint" {
4856

4957
lifecycle {
5058
precondition {
51-
condition = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])
52-
error_message = "Incorrect group_name set for permission 'databricks_sql_endpoint' settings"
59+
condition = length(var.iam_account_groups) != 0 ? alltrue([
60+
for permission in each.value.permissions : contains(
61+
var.iam_account_groups[*].group_name, permission.group_name
62+
)
63+
]) : true
64+
error_message = <<-EOT
65+
Databricks Account group mentioned in 'permissions' parameter of 'sql_endpoint' variable doesn't exists or wasn't assigned to Workspace.
66+
Please make sure provided group exist within Databricks Account and then check if it assigned to target Workspace (look for 'iam_account_groups' variable).
67+
These are valid Account Groups on Workspace: ${join(", ", var.iam_account_groups[*].group_name)}
68+
EOT
5369
}
5470
}
5571
}
@@ -63,8 +79,12 @@ resource "databricks_secret_acl" "this" {
6379

6480
lifecycle {
6581
precondition {
66-
condition = alltrue([contains(var.iam_account_groups[*].group_name, each.value.principal)])
67-
error_message = "Incorrect principal set for acl databricks_secret_scope settings"
82+
condition = length(var.iam_account_groups) != 0 ? contains(var.iam_account_groups[*].group_name, each.value.principal): true
83+
error_message = <<-EOT
84+
Databricks Account group mentioned in 'acl' parameter of 'secret_scope' variable doesn't exists or wasn't assigned to Workspace.
85+
Please make sure provided group exist within Databricks Account and then check if it assigned to target Workspace (look for 'iam_account_groups' variable).
86+
These are valid Account Groups on Workspace: ${join(", ", var.iam_account_groups[*].group_name)}
87+
EOT
6888
}
6989
}
7090
}

0 commit comments

Comments
 (0)