I'm testing deployment of various resources via CLI and it seems like even though grants should be supported for schema resource, they are never applied.
Grants should be applied after deployment.
Grants are not applied. Principal is not validated - I can put as principal any value and it will not do anything.
...
23:11:01 Debug: Apply pid=77875 mutator=ApplyWorkspaceRootPermissions
23:11:01 Debug: Apply pid=77875 mutator=trackUsedCompute
23:11:01 Debug: Apply pid=77875 mutator=deploy:resource_path_mkdir
Deploying resources...
23:11:01 Debug: POST /api/2.1/unity-catalog/schemas
...
< HTTP/2.0 200 OK
< {
< "browse_only": false,
< "cache_version_info": {
< "metastore_version": -1
< },
< "catalog_name": "poc",
< "catalog_type": "MANAGED_CATALOG",
< "comment": "Raw, unmodified data landed exactly as received from source systems. No transformations, no corr... (50 more bytes)",
< "created_at": 1782940261724,
< "created_by": "redacted",
< "effective_auto_maintenance_flag": {
< "inherited_from_name": "metastore_aws_eu_west_1",
< "inherited_from_type": "METASTORE",
< "value": "DISABLE"
< },
< "effective_predictive_optimization_flag": {
< "inherited_from_name": "metastore_aws_eu_west_1",
< "inherited_from_type": "METASTORE",
< "value": "DISABLE"
< },
< "enable_auto_maintenance": "INHERIT",
< "enable_predictive_optimization": "INHERIT",
< "etag": "CAESCAAAAZ8fhV1c",
< "full_name": "poc.redacted",
< "metastore_id": "7f06159f-20bb-4d8e-a1f9-48a0dd2fb179",
< "metastore_version": -1,
< "name": "redacted",
< "owner": "redacted",
< "schema_id": "201542c8-5a5e-4d52-a9b0-6caee452f84a",
< "secret_storage": {
< "storage_type": "STORAGE_TYPE_MANAGED"
< },
< "securable_kind": "SCHEMA_DB_STORAGE",
< "securable_type": "SCHEMA",
< "updated_at": 1782940261724,
< "updated_by": "redacted"
< } pid=77875 sdk=true
23:11:01 Info: deploying resources.schemas.bronze: Created resources.schemas.bronze id="redacted" pid=77875
Updating deployment state...
23:11:01 Debug: POST /api/2.0/workspace-files/import-file/Workspace/Users/redacted.bundle/poc-tests/dev/state/resources.json?overwrite=true
...
< HTTP/2.0 200 OK pid=77875 sdk=true
23:11:01 Debug: Apply pid=77875 mutator=statemgmt.Load
23:11:01 Debug: Apply pid=77875 mutator=metadata.Compute
23:11:01 Debug: Apply pid=77875 mutator=metadata.Upload
23:11:02 Debug: POST /api/2.0/workspace-files/import-file/Workspace/Users/redacted/.bundle/poc-tests/dev/state/metadata.json?overwrite=true
...
< HTTP/2.0 200 OK pid=77875 mutator=metadata.Upload sdk=true
23:11:02 Debug: Apply pid=77875 mutator=statemgmt.UploadStateForYamlSync
Deployment complete!
23:11:02 Debug: Apply pid=77875 mutator=scripts.postdeploy
23:11:02 Debug: No script defined for postdeploy, skipping pid=77875 mutator=scripts.postdeploy
23:11:02 Debug: Apply pid=77875 mutator=lock:release
23:11:02 Info: Skipping; locking is disabled pid=77875 mutator=lock:release
23:11:02 Info: completed execution pid=77875 exit_code=0
23:11:02 Debug: POST /telemetry-ext
> {
> "items": null,
> "protoLogs": [
> "{\"frontend_log_event_id\":\"d96e9aff-5bc1-4d75-872c-3d8f135a19bc\",\"entry\":{\"databricks_cli_log\":{\"... (2821 more bytes)"
> ],
> "uploadTime": 1782940262048
> }
< HTTP/2.0 200 OK
< {
< "errors": null,
< "numProtoSuccess": 1,
< "numRealtimeSuccess": 0,
< "numSuccess": 0
< } pid=77875 sdk=true
23:11:02 Debug: All 1 logs uploaded successfully pid=77875
....
Describe the issue
I'm testing deployment of various resources via CLI and it seems like even though grants should be supported for schema resource, they are never applied.
Configuration
Steps to reproduce the behavior
databricks bundle deploy ...Expected Behavior
Grants should be applied after deployment.
Actual Behavior
Grants are not applied. Principal is not validated - I can put as principal any value and it will not do anything.
OS and CLI version
OS: Fedora 44
CLI: v1.5.0 (direct deployment mode)
Target: Databricks Free
Debug Logs