Skip to content

Commit 68bda16

Browse files
denikdenik
authored
Add a test for deleting secret scopes + permissions (#4359)
## Why I'm trying to reproduce user issue where they cannot delete secret scopes due to permissions error which is caused by terraform first deleting MANAGE ACL. ## Tests This test passes on cloud because we run tests under admin SP. When I run tests under non-admin SP I get this. ``` >>> [CLI] bundle deploy Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/secret-scope-basic-[UNIQUE_NAME]/default/files... Deploying resources... +Error: terraform apply: exit status 1 + +Error: cannot delete secret scope: User [USERNAME] does not have MANAGE permission on scope test-scope-2-[UNIQUE_NAME] to perform this action. ``` I cannot update test to switch to non-admin SP because that requires account env access.
1 parent a001ca5 commit 68bda16

File tree

9 files changed

+99
-0
lines changed

9 files changed

+99
-0
lines changed

acceptance/bundle/resources/secret_scopes/delete_scope/databricks.yml.tmpl

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
bundle:
2+
name: secret-scope-basic-$UNIQUE_NAME
3+
4+
resources:
5+
secret_scopes:
6+
first:
7+
name: test-scope-1-$UNIQUE_NAME
8+
backend_type: "DATABRICKS"
9+
second: # DELETE
10+
name: test-scope-2-$UNIQUE_NAME # DELETE
11+
backend_type: "DATABRICKS" # DELETE
12+
permissions: # DELETE
13+
- user_name: $CURRENT_USER_NAME # DELETE
14+
level: MANAGE # DELETE

acceptance/bundle/resources/secret_scopes/delete_scope/out.deploy.requests.direct.txt

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
2+
>>> print_requests.py ^//import-file/ ^//workspace/ ^//telemetry-ext
3+
{
4+
"method": "POST",
5+
"path": "/api/2.0/secrets/scopes/delete",
6+
"body": {
7+
"scope": "test-scope-2-[UNIQUE_NAME]"
8+
}
9+
}

acceptance/bundle/resources/secret_scopes/delete_scope/out.deploy.requests.terraform.txt

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
2+
>>> print_requests.py ^//import-file/ ^//workspace/ ^//telemetry-ext
3+
{
4+
"method": "POST",
5+
"path": "/api/2.0/secrets/acls/delete",
6+
"body": {
7+
"principal": "[USERNAME]",
8+
"scope": "test-scope-2-[UNIQUE_NAME]"
9+
}
10+
}
11+
{
12+
"method": "POST",
13+
"path": "/api/2.0/secrets/scopes/delete",
14+
"body": {
15+
"scope": "test-scope-2-[UNIQUE_NAME]"
16+
}
17+
}

acceptance/bundle/resources/secret_scopes/delete_scope/out.plan.direct.txt

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
2+
>>> [CLI] bundle plan
3+
delete secret_scopes.second
4+
delete secret_scopes.second.permissions
5+
6+
Plan: 0 to add, 0 to change, 2 to delete, 2 unchanged

acceptance/bundle/resources/secret_scopes/delete_scope/out.plan.terraform.txt

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
2+
>>> [CLI] bundle plan
3+
delete secret_scopes.second
4+
5+
Plan: 0 to add, 0 to change, 1 to delete, 1 unchanged

acceptance/bundle/resources/secret_scopes/delete_scope/out.test.toml

Lines changed: 5 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

acceptance/bundle/resources/secret_scopes/delete_scope/output.txt

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
2+
=== create the secret scope
3+
>>> [CLI] bundle deploy
4+
Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/secret-scope-basic-[UNIQUE_NAME]/default/files...
5+
Deploying resources...
6+
Updating deployment state...
7+
Deployment complete!
8+
9+
>>> [CLI] bundle deploy
10+
Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/secret-scope-basic-[UNIQUE_NAME]/default/files...
11+
Deploying resources...
12+
Updating deployment state...
13+
Deployment complete!
14+
15+
>>> [CLI] bundle destroy --auto-approve
16+
The following resources will be deleted:
17+
delete resources.secret_scopes.first
18+
19+
All files and directories at the following location will be deleted: /Workspace/Users/[USERNAME]/.bundle/secret-scope-basic-[UNIQUE_NAME]/default
20+
21+
Deleting files...
22+
Destroy complete!

acceptance/bundle/resources/secret_scopes/delete_scope/script

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
envsubst < databricks.yml.tmpl > databricks.yml
2+
3+
cleanup() {
4+
trace $CLI bundle destroy --auto-approve
5+
rm out.requests.txt
6+
}
7+
trap cleanup EXIT
8+
9+
title "create the secret scope"
10+
trace $CLI bundle deploy
11+
12+
grep -v DELETE < databricks.yml > databricks.yml.tmp && mv databricks.yml.tmp databricks.yml
13+
14+
trace $CLI bundle plan &> out.plan.$DATABRICKS_BUNDLE_ENGINE.txt
15+
rm out.requests.txt
16+
17+
trace $CLI bundle deploy
18+
trace print_requests.py '^//import-file/' '^//workspace/' '^//telemetry-ext' &> out.deploy.requests.$DATABRICKS_BUNDLE_ENGINE.txt

acceptance/bundle/resources/secret_scopes/delete_scope/test.toml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
Cloud = true
2+
Local = true
3+
RecordRequests = true

0 commit comments

Comments
 (0)