fix: create precondition

dmytro_velychko3 · dmytro_velychko3 · commit fcc627193bea · 2023-05-30T16:38:20.000+03:00
diff --git a/permissions.tf b/permissions.tf
@@ -21,6 +21,13 @@ resource "databricks_permissions" "clusters" {
       permission_level = access_control.value.permission_level
     }
   }
+
+  lifecycle {
+    precondition {
+      condition     = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])
+      error_message = "Incorrect group_name set for permission cluster settings"
+    }
+  }
 }
 
 resource "databricks_permissions" "sql_endpoint" {
@@ -38,6 +45,13 @@ resource "databricks_permissions" "sql_endpoint" {
       permission_level = access_control.value.permission_level
     }
   }
+
+  lifecycle {
+    precondition {
+      condition     = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])
+      error_message = "Incorrect group_name set for permission cluster settings"
+    }
+  }
 }
 
 resource "databricks_secret_acl" "this" {
@@ -46,4 +60,11 @@ resource "databricks_secret_acl" "this" {
   scope      = databricks_secret_scope.this[each.value.scope].name
   principal  = length(var.iam_account_groups) != 0 ? data.databricks_group.account_groups[each.value.principal].display_name : databricks_group.this[each.value.principal].display_name
   permission = each.value.permission
+
+  lifecycle {
+    precondition {
+      condition     = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])
+      error_message = "Incorrect group_name set for permission cluster settings"
+    }
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,13 @@ resource "databricks_permissions" "clusters" {`
`21`	`21`	`permission_level = access_control.value.permission_level`
`22`	`22`	`}`
`23`	`23`	`}`
	`24`	`+`
	`25`	`+ lifecycle {`
	`26`	`+ precondition {`
	`27`	`+ condition = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])`
	`28`	`+ error_message = "Incorrect group_name set for permission cluster settings"`
	`29`	`+ }`
	`30`	`+ }`
`24`	`31`	`}`
`25`	`32`
`26`	`33`	`resource "databricks_permissions" "sql_endpoint" {`
`@@ -38,6 +45,13 @@ resource "databricks_permissions" "sql_endpoint" {`
`38`	`45`	`permission_level = access_control.value.permission_level`
`39`	`46`	`}`
`40`	`47`	`}`
	`48`	`+`
	`49`	`+ lifecycle {`
	`50`	`+ precondition {`
	`51`	`+ condition = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])`
	`52`	`+ error_message = "Incorrect group_name set for permission cluster settings"`
	`53`	`+ }`
	`54`	`+ }`
`41`	`55`	`}`
`42`	`56`
`43`	`57`	`resource "databricks_secret_acl" "this" {`
`@@ -46,4 +60,11 @@ resource "databricks_secret_acl" "this" {`
`46`	`60`	`scope = databricks_secret_scope.this[each.value.scope].name`
`47`	`61`	`principal = length(var.iam_account_groups) != 0 ? data.databricks_group.account_groups[each.value.principal].display_name : databricks_group.this[each.value.principal].display_name`
`48`	`62`	`permission = each.value.permission`
	`63`	`+`
	`64`	`+ lifecycle {`
	`65`	`+ precondition {`
	`66`	`+ condition = alltrue([for i in each.value.permissions : contains(var.iam_account_groups[*].group_name, i.group_name)])`
	`67`	`+ error_message = "Incorrect group_name set for permission cluster settings"`
	`68`	`+ }`
	`69`	`+ }`
`49`	`70`	`}`