Skip to content

direct: Fix permissions state path to match input config schema#4703

Merged
denik merged 93 commits intomainfrom
denik/permissions-reference
Mar 17, 2026
Merged

direct: Fix permissions state path to match input config schema#4703
denik merged 93 commits intomainfrom
denik/permissions-reference

Conversation

@denik
Copy link
Contributor

@denik denik commented Mar 11, 2026
edited
Loading

Changes

  • Add EmbeddedSlice field name convention to struct walkers in libs/structs/ — when a struct field is named EmbeddedSlice, walkers treat it as transparent (no path segment added), so its elements appear directly at the parent path
  • Apply this to PermissionsState: rename Permissions field to EmbeddedSlice, making state paths like resources.jobs.foo.permissions[0] match input config paths (previously resources.jobs.foo.permissions.permissions[0])
  • Change state file version to 2 and introduce automatic migration from 0 & 1 to 2.

Why

The direct deployment engine's permissions state used a wrapper struct that added an extra permissions segment to paths. This caused a mismatch with input config paths, preventing dependency tracking between permissions and their parent resources. With this fix, state and config paths are consistent.

Tests

  • New acceptance & invariant tests for references from/to permissions.
  • New invariant test that checks that bundle deployed with previous fixed version (0.293.0) does not have drift when CLI is upgraded to latest.

@denik denik temporarily deployed to test-trigger-is March 11, 2026 09:32 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 11, 2026 09:39 — with GitHub Actions Inactive
@eng-dev-ecosystem-bot
Copy link
Collaborator

eng-dev-ecosystem-bot commented Mar 11, 2026
edited
Loading

Commit: 79d09ab

Run: 23202024150

Env 🟨​KNOWN 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
🟨​ aws linux 7 1 9 268 796 7:35
🟨​ aws windows 7 1 9 270 794 6:06
🔄​ aws-ucws linux 2 7 9 364 711 7:41
🔄​ aws-ucws windows 2 7 9 366 709 5:51
💚​ azure linux 2 11 271 794 6:10
💚​ azure windows 2 11 273 792 4:53
🔄​ azure-ucws linux 2 1 11 369 707 7:21
🔄​ azure-ucws windows 2 1 11 371 705 6:27
💚​ gcp linux 2 11 267 797 5:47
💚​ gcp windows 2 11 269 795 4:18
18 interesting tests: 9 SKIP, 7 KNOWN, 1 flaky, 1 RECOVERED
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 🔄​f 🔄​f 💚​R 💚​R 🔄​f 🔄​f 💚​R 💚​R
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s
💚​ TestAccept/ssh/connection 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
Top 20 slowest tests (at least 2 minutes):
duration env testname
3:28 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:26 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:12 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:11 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:10 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:09 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
3:09 gcp linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:08 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
3:07 gcp windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:47 azure-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:47 azure windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:46 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:46 aws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:45 aws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:43 aws-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:31 aws-ucws windows TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:21 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:20 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=terraform
2:06 azure-ucws linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct
2:06 azure linux TestAccept/bundle/resources/apps/inline_config/DATABRICKS_BUNDLE_ENGINE=direct

@denik denik temporarily deployed to test-trigger-is March 11, 2026 10:41 — with GitHub Actions Inactive
@denik denik force-pushed the denik/permissions-reference branch from 66d736a to cf0178e Compare March 11, 2026 16:07
@denik denik temporarily deployed to test-trigger-is March 11, 2026 16:08 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 11, 2026 16:46 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 11, 2026 16:49 — with GitHub Actions Inactive
@denik denik force-pushed the denik/permissions-reference branch from 849df2a to 7824eb6 Compare March 11, 2026 22:31
@denik denik temporarily deployed to test-trigger-is March 11, 2026 22:31 — with GitHub Actions Inactive
simonfaltum
simonfaltum previously requested changes Mar 12, 2026
View reviewed changes
Copy link
Member

@simonfaltum simonfaltum left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Agent Swarm Review] Verdict: Not ready yet

  • 1 Critical
  • 2 Major
  • 2 Gap
  • 2 Nit
  • 2 Suggestion

The core idea (EmbeddedSlice convention for struct walkers) is sound and well-implemented across libs/structs/. However, there is a critical backward-compatibility issue: the JSON tag json:"_,omitempty" on PermissionsState.EmbeddedSlice means old state files using the "permissions" key will silently load as empty, erasing all permission state. The fix is straightforward: change to json:"permissions,omitempty" since the EmbeddedSlice convention is driven by Go field name, not JSON tag.

See inline comments for details.

bundle/direct/dresources/permissions.go Outdated
return err
}
*p = PermissionsState(raw)
migratePermissionLevel(p.EmbeddedSlice)
Copy link
Member

@simonfaltum simonfaltum Mar 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Agent Swarm Review] [Critical]

State backward compatibility: JSON key change from "permissions" to "_" breaks old state files.

EmbeddedSlice uses json:"_,omitempty", so old state files containing "permissions": [...] will silently load as empty. The custom UnmarshalJSON only migrates permission_level to level within elements, but does NOT handle the outer key name change. This erases all permission state on the first plan/deploy after upgrading.

Both reviewers independently found this issue and confirmed it in cross-review.

Suggestion: Change to json:"permissions,omitempty". The EmbeddedSlice convention is driven entirely by the Go field name, not the JSON tag. This preserves backward compat, produces readable JSON output, and eliminates the need for key-name migration.

Copy link
Contributor Author

@denik denik Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do want to rename permissions to _. The breakage will indeed cause a drift for all permissions resources. The drift will be removed on next "bundle deploy". However, given that direct engine is well adopted, I think it makes sense to migrate the state properly.

I bumped the state version to 2 and added migration function that takes old struct and produces a new one.

@denik denik force-pushed the denik/permissions-reference branch from 7824eb6 to 2b2b440 Compare March 13, 2026 12:39
@denik denik temporarily deployed to test-trigger-is March 13, 2026 12:40 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 12:53 — with GitHub Actions Inactive
@denik denik force-pushed the denik/permissions-reference branch from 29d6d69 to d0a4d17 Compare March 13, 2026 14:21
@denik denik temporarily deployed to test-trigger-is March 13, 2026 14:21 — with GitHub Actions Inactive
@denik denik requested a review from simonfaltum March 13, 2026 14:27
@denik denik temporarily deployed to test-trigger-is March 13, 2026 14:29 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 14:35 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 14:37 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 14:54 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 15:06 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 15:19 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 15:30 — with GitHub Actions Inactive
@denik denik temporarily deployed to test-trigger-is March 13, 2026 15:47 — with GitHub Actions Inactive
denik and others added 19 commits March 17, 2026 16:24
@denik @claude
Fix continue_293 exclusion comment: permissions cross-refs require fe…
1eeee9b 
…ature not in v0.293.0

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Add job_with_permissions invariant config; test state migration conti…
c1ed8cc 
…nuity

The new config deploys a job with a permission entry (group 'users' with CAN_VIEW)
and is included in the continue_293 test to verify that the current CLI can deploy
on top of state produced by v0.293.0 without drift.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Clean up unnecessary changes: restore comments, simplify intermediate…
23afaa6 
… variable

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Error on state version newer than supported instead of silently skipping
a122632 
Running an older CLI on state produced by a newer CLI is unsupported;
require an upgrade rather than silently treating it as up-to-date.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Remove migrate_test.go; migration is covered by acceptance/bundle/sta…
e71d844 
…te/permission_level_migration

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Add acceptance test for future state version error
f1d93a8 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik @claude
Exclude permissions and grants from parent resource walk in refschema
ecfd4cf 
These are separate sub-resource adapters with their own entries; walking them
from the parent produced duplicate paths with different types.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik
normalize NEXT_CHANGELOG
314b70d
@denik
update NEXT_CHANGELOG
56f4311
@denik
update tests
e80aca2
@denik @claude
Cache EmbeddedSlice field index and unify embed field lookup
41f54e6 
Introduce embedFieldIndex to cache the field index per reflect.Type,
so both findEmbedField and findEmbedFieldType share a single sync.Map
lookup and field access becomes an O(1) v.Field(idx) call.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@denik
Make continue_293 test as slow
50090e4
@denik
update test output
4f681e9
@denik
rename to __embed__
3c15b24
@denik
update cloud tests
67c3474
@denik
disable flaky check
a8bfb73
@denik
add a comment
8b402e0
@denik
record result on TF but not on direct where it's flaky
051b54a
@denik
restore NEXT_CHANGELOG
79d09ab
@denik denik force-pushed the denik/permissions-reference branch from 334d8b3 to 79d09ab Compare March 17, 2026 15:25
@denik denik enabled auto-merge March 17, 2026 15:25
@denik denik temporarily deployed to test-trigger-is March 17, 2026 15:26 — with GitHub Actions Inactive
@denik denik added this pull request to the merge queue Mar 17, 2026
Merged via the queue into main with commit 9767900 Mar 17, 2026
18 checks passed
@denik denik deleted the denik/permissions-reference branch March 17, 2026 16:08
@eng-dev-ecosystem-bot
Copy link
Collaborator

eng-dev-ecosystem-bot commented Mar 17, 2026

Commit: 9767900

Run: 23204018046

Env ❌​FAIL 🟨​KNOWN 🔄​flaky 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
❌​ aws linux 13 7 1 9 486 749 53:32
❌​ aws windows 3 7 5 1 9 463 757 68:11
❌​ aws-ucws linux 3 5 23 1 768 599 104:34
❌​ aws-ucws windows 3 3 8 22 1 726 610 140:42
❌​ azure linux 3 1 4 1 11 495 747 63:57
❌​ azure windows 3 1 1 11 471 755 56:03
🔄​ azure-ucws linux 4 4 10 750 602 137:39
🔄​ azure-ucws windows 3 5 10 713 613 78:59
❌​ gcp linux 3 1 1 11 482 755 57:41
❌​ gcp windows 3 1 1 11 454 763 52:20
55 interesting tests: 16 RECOVERED, 14 flaky, 13 FAIL, 11 KNOWN, 1 SKIP
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
🟨​ TestAccept 🟨​K 🟨​K 🟨​K 🟨​K 🟨​K 🟨​K 💚​R 💚​R 🟨​K 🟨​K
❌​ TestAccept/bundle/apps/job_permissions ❌​F ❌​F ❌​F ❌​F ❌​F ❌​F 🔄​f 🔄​f ❌​F ❌​F
❌​ TestAccept/bundle/apps/job_permissions/DATABRICKS_BUNDLE_ENGINE=direct ❌​F ❌​F ❌​F ❌​F ❌​F ❌​F 🔄​f 🔄​f ❌​F ❌​F
❌​ TestAccept/bundle/apps/job_permissions/DATABRICKS_BUNDLE_ENGINE=terraform ❌​F ❌​F ❌​F ❌​F ❌​F ❌​F ✅​p ✅​p ❌​F ❌​F
🔄​ TestAccept/bundle/integration_whl/base ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=direct ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=terraform ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🔄​ TestAccept/bundle/resources/permissions/factcheck ✅​p ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p 🙈​s 🙈​s
🔄​ TestAccept/bundle/resources/permissions/factcheck/DATABRICKS_BUNDLE_ENGINE=terraform ✅​p ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 🟨​K 🟨​K 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 🟨​K 🟨​K 💚​R 💚​R
🟨​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/postgres_branches/basic/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/basic/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/postgres_branches/recreate/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/recreate/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/postgres_branches/update_protected/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/update_protected/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/postgres_branches/without_branch_id/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R
💚​ TestAccept/bundle/resources/postgres_branches/without_branch_id/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R
🟨​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🟨​K 🔄​f 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/postgres_endpoints/basic/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🔄​f
💚​ TestAccept/bundle/resources/postgres_endpoints/recreate 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🟨​K 🟨​K 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🟨​ TestAccept/bundle/resources/postgres_projects/update_display_name/DATABRICKS_BUNDLE_ENGINE=terraform 🟨​K 🟨​K
💚​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S 💚​R 💚​R 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/synced_database_tables/basic/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/synced_database_tables/basic/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
❌​ TestAccept/bundle/templates/default-python/combinations/classic ❌​F ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=direct/DLT=yes/NBOOK=yes/PY=no/READPLAN= ✅​p ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=no/NBOOK=yes/PY=yes/READPLAN= ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=yes/NBOOK=no/PY=no/READPLAN= ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=yes/NBOOK=no/PY=yes/READPLAN= ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/bundle/templates/default-python/combinations/classic/DATABRICKS_BUNDLE_ENGINE=terraform/DLT=yes/NBOOK=yes/PY=no/READPLAN= ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/templates/default-python/integration_classic/DATABRICKS_BUNDLE_ENGINE=terraform/UV_PYTHON=3.10 ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/templates/default-python/integration_classic/DATABRICKS_BUNDLE_ENGINE=terraform/UV_PYTHON=3.11 ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/bundle/templates/default-python/integration_classic/DATABRICKS_BUNDLE_ENGINE=terraform/UV_PYTHON=3.13 ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/selftest/record_cloud/pipeline-crud ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/selftest/record_cloud/pipeline-crud/DATABRICKS_BUNDLE_ENGINE=direct ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestAccept/selftest/record_cloud/pipeline-crud/DATABRICKS_BUNDLE_ENGINE=terraform ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestAccept/ssh/connect-serverless-gpu 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s 🔄​f 🔄​f 🙈​s 🙈​s
🔄​ TestAccept/ssh/connection 💚​R 💚​R 💚​R 🔄​f 💚​R 💚​R 🔄​f 💚​R 💚​R 💚​R
🔄​ TestSparkJarTaskDeployAndRunOnVolumes ✅​p ✅​p ✅​p 🔄​f ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
🔄​ TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_14.3_LTS 🙈​s 🙈​s ✅​p 🔄​f 🙈​s 🙈​s ✅​p ✅​p 🙈​s 🙈​s
❌​ TestSparkJarTaskDeployAndRunOnWorkspace ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
❌​ TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS ❌​F ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p ✅​p
Top 50 slowest tests (at least 2 minutes):
duration env testname
22:52 aws-ucws windows TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
22:20 aws-ucws windows TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
20:56 aws-ucws linux TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
20:54 aws-ucws linux TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS
19:33 azure windows TestAccept/bundle/resources/permissions/factcheck/DATABRICKS_BUNDLE_ENGINE=terraform
18:12 aws windows TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
14:12 aws-ucws windows TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
13:35 gcp linux TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
13:31 aws-ucws windows TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
12:24 gcp windows TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
11:47 aws linux TestAccept/bundle/resources/permissions/factcheck/DATABRICKS_BUNDLE_ENGINE=terraform
11:36 gcp windows TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
11:24 aws linux TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
11:19 aws windows TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=terraform
11:15 aws windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
10:51 aws-ucws linux TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
10:50 aws windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS
10:50 aws windows TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=direct
10:39 gcp linux TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
10:31 aws-ucws windows TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_14.3_LTS
10:18 aws-ucws linux TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
9:48 azure-ucws linux TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
9:48 aws linux TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
9:47 azure windows TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
9:43 azure-ucws windows TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
9:43 aws linux TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
9:34 azure-ucws linux TestAccept/bundle/resources/permissions/factcheck/DATABRICKS_BUNDLE_ENGINE=terraform
9:28 aws-ucws linux TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
9:24 gcp linux TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
8:58 azure-ucws windows TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
8:56 azure windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:53 gcp linux TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:48 aws-ucws windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS
8:48 aws-ucws windows TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:29 aws-ucws windows TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
8:27 gcp windows TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=direct
8:25 aws-ucws linux TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_13.3_LTS
8:20 gcp windows TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=terraform
8:15 azure windows TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=direct
8:14 gcp windows TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:13 gcp linux TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=terraform
8:13 aws-ucws linux TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
8:11 gcp linux TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=SINGLE_USER
8:10 gcp linux TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=direct
8:03 gcp linux TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
8:01 gcp linux TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=direct
7:57 gcp windows TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=terraform
7:56 gcp windows TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
7:56 gcp linux TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
7:53 azure windows TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=direct

@denik denik mentioned this pull request Mar 18, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Mar 18, 2026
@denik @claude
direct: support references to/from grants (#4774)
ed6f73f 
Follow up to #4703 but for grants.

Allows references to/from grant objects and removes grants.grants in the
path.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
deco-sdk-tagging bot added a commit that referenced this pull request Mar 18, 2026
@deco-sdk-tagging
[Release] Release v0.295.0
243a0e4 
## Release v0.295.0

### Notable Changes

* Databricks Asset Bundles have been renamed to Declarative Automation Bundles (DABs). This is a non-breaking change; no code or configuration modifications are required. See the [FAQ](https://docs.databricks.com/aws/en/dev-tools/bundles/faqs#why-was-databricks-asset-bundles-renamed-to-declarative-automation-bundles).
* Add `bundle.engine` config setting to select the deployment engine (`terraform` or [`direct`](https://docs.databricks.com/aws/en/dev-tools/bundles/direct)). The `bundle.engine` setting takes precedence over the `DATABRICKS_BUNDLE_ENGINE` environment variable. When the configured engine doesn't match existing deployment state, a warning is issued and the existing engine is used ([#4749](#4749), [#4782](#4782))

### CLI
* Add `databricks auth switch` command for setting the default profile ([#4651](#4651))
* Add positional argument support to `auth logout` ([#4744](#4744))
* Strip trailing slash from host in `auth login`, `auth token`, and `configure` commands ([#4633](#4633))

### Bundles
* Standardize `personal_schemas` enum across bundle templates ([#4401](#4401))
* engine/direct: Fix permanent drift on experiment name field ([#4627](#4627))
* engine/direct: Fix permissions state path to match input config schema ([#4703](#4703))
* Add default project name and success message to default-scala template ([#4661](#4661))
* Skip enum validation for unresolved variable references ([#4752](#4752))
* engine/direct: Support references to/from grants ([#4774](#4774))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@andrewnester andrewnester andrewnester approved these changes

@pietern pietern pietern approved these changes

@anton-107 anton-107 Awaiting requested review from anton-107 anton-107 is a code owner

@shreyas-goenka shreyas-goenka Awaiting requested review from shreyas-goenka shreyas-goenka is a code owner

@simonfaltum simonfaltum Awaiting requested review from simonfaltum simonfaltum is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@denik @eng-dev-ecosystem-bot @pietern @andrewnester @simonfaltum