Skip to content

Schema privileges not applied during deploy #5794

Description

@pocelka

Describe the issue

I'm testing deployment of various resources via CLI and it seems like even though grants should be supported for schema resource, they are never applied.

Configuration

resources:
  schemas:
    bronze:
      catalog_name: poc
      name: bronze
      comment: "Raw, unmodified data landed exactly as received from source systems. No transformations, no corrections. The immutable audit trail."
      lifecycle:
        prevent_destroy: false
      grants:
        - principal: whatever
          privileges:
            - ALL_PRIVILEGES

Steps to reproduce the behavior

  1. Run databricks bundle deploy ...

Expected Behavior

Grants should be applied after deployment.

Actual Behavior

Grants are not applied. Principal is not validated - I can put as principal any value and it will not do anything.

OS and CLI version

OS: Fedora 44
CLI: v1.5.0 (direct deployment mode)
Target: Databricks Free

Debug Logs

...

23:11:01 Debug: Apply pid=77875 mutator=ApplyWorkspaceRootPermissions
23:11:01 Debug: Apply pid=77875 mutator=trackUsedCompute
23:11:01 Debug: Apply pid=77875 mutator=deploy:resource_path_mkdir
Deploying resources...
23:11:01 Debug: POST /api/2.1/unity-catalog/schemas

...

< HTTP/2.0 200 OK
< {
<   "browse_only": false,
<   "cache_version_info": {
<     "metastore_version": -1
<   },
<   "catalog_name": "poc",
<   "catalog_type": "MANAGED_CATALOG",
<   "comment": "Raw, unmodified data landed exactly as received from source systems. No transformations, no corr... (50 more bytes)",
<   "created_at": 1782940261724,
<   "created_by": "redacted",
<   "effective_auto_maintenance_flag": {
<     "inherited_from_name": "metastore_aws_eu_west_1",
<     "inherited_from_type": "METASTORE",
<     "value": "DISABLE"
<   },
<   "effective_predictive_optimization_flag": {
<     "inherited_from_name": "metastore_aws_eu_west_1",
<     "inherited_from_type": "METASTORE",
<     "value": "DISABLE"
<   },
<   "enable_auto_maintenance": "INHERIT",
<   "enable_predictive_optimization": "INHERIT",
<   "etag": "CAESCAAAAZ8fhV1c",
<   "full_name": "poc.redacted",
<   "metastore_id": "7f06159f-20bb-4d8e-a1f9-48a0dd2fb179",
<   "metastore_version": -1,
<   "name": "redacted",
<   "owner": "redacted",
<   "schema_id": "201542c8-5a5e-4d52-a9b0-6caee452f84a",
<   "secret_storage": {
<     "storage_type": "STORAGE_TYPE_MANAGED"
<   },
<   "securable_kind": "SCHEMA_DB_STORAGE",
<   "securable_type": "SCHEMA",
<   "updated_at": 1782940261724,
<   "updated_by": "redacted"
< } pid=77875 sdk=true
23:11:01 Info: deploying resources.schemas.bronze: Created resources.schemas.bronze id="redacted" pid=77875
Updating deployment state...
23:11:01 Debug: POST /api/2.0/workspace-files/import-file/Workspace/Users/redacted.bundle/poc-tests/dev/state/resources.json?overwrite=true

...

< HTTP/2.0 200 OK pid=77875 sdk=true
23:11:01 Debug: Apply pid=77875 mutator=statemgmt.Load
23:11:01 Debug: Apply pid=77875 mutator=metadata.Compute
23:11:01 Debug: Apply pid=77875 mutator=metadata.Upload
23:11:02 Debug: POST /api/2.0/workspace-files/import-file/Workspace/Users/redacted/.bundle/poc-tests/dev/state/metadata.json?overwrite=true

...

< HTTP/2.0 200 OK pid=77875 mutator=metadata.Upload sdk=true
23:11:02 Debug: Apply pid=77875 mutator=statemgmt.UploadStateForYamlSync
Deployment complete!
23:11:02 Debug: Apply pid=77875 mutator=scripts.postdeploy
23:11:02 Debug: No script defined for postdeploy, skipping pid=77875 mutator=scripts.postdeploy
23:11:02 Debug: Apply pid=77875 mutator=lock:release
23:11:02 Info: Skipping; locking is disabled pid=77875 mutator=lock:release
23:11:02 Info: completed execution pid=77875 exit_code=0
23:11:02 Debug: POST /telemetry-ext
> {
>   "items": null,
>   "protoLogs": [
>     "{\"frontend_log_event_id\":\"d96e9aff-5bc1-4d75-872c-3d8f135a19bc\",\"entry\":{\"databricks_cli_log\":{\"... (2821 more bytes)"
>   ],
>   "uploadTime": 1782940262048
> }
< HTTP/2.0 200 OK
< {
<   "errors": null,
<   "numProtoSuccess": 1,
<   "numRealtimeSuccess": 0,
<   "numSuccess": 0
< } pid=77875 sdk=true
23:11:02 Debug: All 1 logs uploaded successfully pid=77875
....

Metadata

Metadata

Assignees

No one assigned

    Labels

    DABsDABs related issues

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions