Error deploying lakebase with permissions #4818
Description
Describe the issue
Error while deploying a databricks bundle containing a lakebase postgres_project with associated permissions.
Steps to reproduce the behavior
Sample bundle:
bundle:
name: my-bundle
engine: direct
databricks_cli_version: ">=0.295.0"
workspace:
host: ...
resources:
postgres_projects:
lakebase:
project_id: test-id
display_name: Lakebase test
permissions:
- group_name: ...
level: CAN_MANAGE
When deploying the above bundle
databricks bundle deploy
I get an error message due to permission denied for api endpoint:
Error: cannot create resources.postgres_projects.lakebase.permissions: User *** does not have database-projects.ruleSets/get on workspaces/***/database-projects/test-id/ruleSets/default (403 PERMISSION_DENIED)
Endpoint: PUT https://***.azuredatabricks.net/api/2.0/permissions/database-projects/test-id
HTTP Status: 403 Forbidden
API error_code: PERMISSION_DENIED
API message: User *** does not have database-projects.ruleSets/get on workspaces/***/database-projects/test-id/ruleSets/default
It works fine without permissions specified in the bundle.
My suspicion is that the wrong id is used, as it attempts to use the project_id for the API request rather than the uid. Attempt to validate this with the cli as below:
databricks permissions get database-projects ID
works if I use the uid from databricks postgres list-projects but not with the project_id
Expected Behavior
No error messages.
Actual Behavior
Error message stating insufficient permissions.
OS and CLI version
Windows 11
Databricks CLI v0.295.0
Is this a regression?
Did this work in a previous version of the CLI? If so, which versions did you try?
Debug Logs
Output logs if you run the command with debug logs enabled. Example: databricks clusters list --log-level=debug. Redact if needed