Skip to content

Releases: databricks/terraform-provider-databricks

v1.120.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 01 Jul 10:10
11d68e3

New Features and Improvements

  • Add resource and data source for databricks_postgres_data_api.

  • Deprecate the SDKv2 fallback implementations of databricks_library, databricks_quality_monitor, and databricks_share resources, and the databricks_share, databricks_shares, and databricks_volumes data sources. These resources have been served by the Plugin Framework by default since their migration; the SDKv2 implementations remain only as opt-in fallbacks via the USE_SDK_V2_RESOURCES / USE_SDK_V2_DATA_SOURCES environment variables. Setting either environment variable for any of these names now emits a runtime warning (visible with TF_LOG=WARN or higher), and the SDKv2 implementations will be removed in the next major release of the provider.

Bug Fixes

  • Fix permanent permissions drift when user_name casing in databricks_permissions access_control blocks differs from the API response (#5757).

  • Allow setting user_api_scopes = [] on databricks_app to disable OBO (On-Behalf-Of) user authorization (#5834).

    The Apps API omits user_api_scopes from its response when OBO is inactive, so a configured empty list previously failed with Provider produced inconsistent result after apply. The provider now preserves a configured empty list in state, mirroring the reconciliation used by databricks_app_space.

Internal Changes

  • Make notification destination acceptance tests robust to the eventual consistency of the notification destinations list API.

v1.119.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 24 Jun 09:30
c9ffe53

Documentation

  • Document that read-only workspace bindings aren't applicable for non-catalog objects (#5611)

Internal Changes

  • Run unit tests offline from a pre-warmed Go module cache for PRs that cannot authenticate to the internal Go module proxy (fork and Dependabot PRs), populated by the new "Warm Go Cache" workflow.

v1.118.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 17 Jun 13:56
992a499

New Features and Improvements

  • Add resource and data sources for databricks_ai_search_endpoint.
  • Add resource and data sources for databricks_ai_search_index.

Bug Fixes

  • Fixed databricks_instance_pool ignoring enable_elastic_disk = false due to omitempty JSON tag, which caused an infinite plan/replace cycle (#5802).

  • Fix databricks_entitlements to honor provider_config { workspace_id } when used with an account-level provider (#5680).

  • Fix spurious account_id drift on databricks_mws_ncc_private_endpoint_rule (#5347). The backend echoes account_id on read; the schema previously marked it as a plain Optional attribute, so once it landed in state (for example via terraform import) the next plan reported account_id = "..." -> null and a subsequent apply failed with cannot update mws ncc private endpoint rule: Update mask must be specified.. Marking account_id as Computed (matching the sibling databricks_mws_network_connectivity_config resource) preserves the server-provided value across refreshes and eliminates the spurious in-place update.

  • Fixed databricks_mws_workspaces failing to update private_access_settings_id and other fields on GCP workspaces (#5430).

Documentation

  • Added disabled field to task block in databricks_job resource, allowing individual tasks to be disabled (#5767).

Exporter

  • Rewrote Exporter logging so it works with Databricks Go SDK logging (#5805).

v1.117.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 03 Jun 07:42
df58573

Bug Fixes

  • Fix databricks_external_location so that creating a resource with enable_file_events = false is sent in the POST request. Previously the field was silently dropped (Go SDK marshals the bool with omitempty), so the server applied its true default and effective_enable_file_events came back true.

v1.116.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 28 May 15:55
1dcb8b9

New Features and Improvements

  • Added principal_id argument to databricks_git_credential resource, enabling management of Git credentials on behalf of service principals.
  • Add support for managing permissions of Agent Bricks resources (#5708). Reverts #5582.

Bug Fixes

  • Fix databricks_metastore so that updating external_access_enabled from true to false is sent in the PATCH request. Previously the field was silently dropped from the request body, so the change never reached the API.
  • Fixed destroying of UC objects when workspace binding removed before actual destroy (#5581).
  • Fixed handling of the case when library is removed outside of Terraform (#5678).
  • Fix databricks_vector_search_index hardcoded 15-minute creation timeout: increased default to 75 minutes (consistent with databricks_vector_search_endpoint) and made it user-overridable via the timeouts block.
  • Fixed child groups collection in databricks_group data source (#5679).

Documentation

  • Document that some databricks_mws_* resources on GCP require Google-issued OIDC tokens (not Databricks OAuth) (#5654).
  • Remove non-existent field from the databricks_vector_search_index doc (#5605).
  • Documented principal_id argument for databricks_git_credential resource.

Exporter

  • Support alert_task when exporting databricks_job (#5629).
  • Add support for exporting Agent Bricks resources (#5704).

Internal Changes

  • Add internal/retrier package for unified retry and backoff handling (#5746).

  • Pass excludedAttributes=entitlements on SCIM /Me requests (#5725).

  • workspace_id (provider attribute and provider_config.workspace_id block) now accepts workspace connection IDs in addition to classic numeric workspace IDs. On unified Databricks hosts, the platform gateway disambiguates the value server-side via the X-Databricks-Workspace-Id request header. The previous positive-integer validator has been relaxed to require only a non-empty string.

    Numeric workspace IDs continue to behave exactly as before, including the account-API workspace-deployment lookup. Connection IDs skip that lookup and route directly via the configured host. When the provider is configured at the workspace level (host + token), connection IDs surface a clear error directing the user to reconfigure with account-level credentials, since a workspace-level provider can only operate on a single workspace.

v1.115.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 11 May 15:54
240ebdd

Bug Fixes

  • Fix databricks_library, databricks_share, and databricks_quality_monitor failing to decode prior state with Error decoding ... from prior state: missing expected { after upgrading from v1.113.0 to v1.114.0 (#5669). Reverts #5582.
  • Fix databricks_service_principal data source failing on account-level provider with cannot populate provider_config for service principal: failed to resolve workspace_id (#5664). The data source now supports the api field and skips workspace-tracking when used at account level.
  • Fix databricks_service_principals data source failing on account-level provider with the same cannot populate provider_config for service principals: failed to resolve workspace_id regression (#5664). The data source now supports the api field and skips workspace-tracking when used at account level.
  • Fix databricks_mws_workspaces and databricks_mws_credentials data sources failing on account-level provider with cannot populate provider_config for mws workspaces: failed to resolve workspace_id (#5672). These account-only data sources are now exempted from the post-Read workspace-tracking hook, and provider_config (which had no effect on them) is now deprecated and will be removed in a future major release.
  • Fix databricks_disable_legacy_features_setting failing on account-level provider with cannot populate provider_config for disable legacy features setting: failed to resolve workspace_id: ... Unable to load OAuth Config. This account-only setting is now exempted from the post-Read workspace-tracking hook, and the auto-injected provider_config block is deprecated. The fix is applied at the generic-setting builder level (makeSettingResource in settings/generic_setting.go), so any future accountSetting-based resource inherits the opt-out automatically.

v1.114.2

Choose a tag to compare

@github-actions github-actions released this 30 Apr 18:30
fb5f1c1

Release v1.114.2

New Features and Improvements

  • Support adopting pre-existing databricks_postgres_branch and databricks_postgres_endpoint resources via replace_existing = true argument.

Internal Changes

  • Mark effective_file_event_queue as computed with diff suppression in databricks_external_location to prevent Terraform drift when the Unity Catalog backend returns the server-populated field.

v1.114.1

Choose a tag to compare

@github-actions github-actions released this 29 Apr 21:24
7a6b469

Release v1.114.1

Bug Fixes

Rolls back to v1.113.0 as the stable release.

v1.114.0

Choose a tag to compare

@cross-repo-secure-release-app cross-repo-secure-release-app released this 29 Apr 08:38
1f62e20

New Features and Improvements

  • Add resource and data sources for databricks_disaster_recovery_failover_group.
  • Add resource and data sources for databricks_disaster_recovery_stable_url.
  • Add resource and data sources for databricks_supervisor_agent.
  • Add resource and data sources for databricks_supervisor_agent_tool.
  • Add resource and data sources for databricks_secret_uc.
  • Support adopting pre-existing databricks_postgres_branch and databricks_postgres_endpoint resources via replace_existing = true argument.

Internal Changes

  • Update Go SDK to v0.128.0.
  • Bump minimum Go toolchain from 1.24.0 to 1.25.7 to pick up the crypto/tls TLS 1.3 session-resumption fix.
  • Fail at plan time with "please set api to account or workspace" for dual workspace/account resources when the provider is configured against a unified host and the resource's api field is not set.

v1.113.0

Choose a tag to compare

@github-actions github-actions released this 16 Apr 07:26
7a6b469

Release v1.113.0

New Features and Improvements

  • Add resource and data source for databricks_postgres_catalog.

  • Add resource and data source for databricks_postgres_synced_table.

  • Add resource and data sources for databricks_environments_workspace_base_environment.

  • Add resource and data source for databricks_environments_default_workspace_base_environment.

  • Added optional cloud argument to databricks_current_config data source to explicitly set the cloud type (aws, azure, gcp) instead of relying on host-based detection.

  • Added api field to dual account/workspace resources (databricks_user, databricks_service_principal, databricks_group, databricks_group_role, databricks_group_member, databricks_user_role, databricks_service_principal_role, databricks_user_instance_profile, databricks_group_instance_profile, databricks_metastore, databricks_metastore_assignment, databricks_metastore_data_access, databricks_storage_credential, databricks_service_principal_secret, databricks_access_control_rule_set) to explicitly control whether account-level or workspace-level APIs are used. This enables support for unified hosts like api.databricks.com where the API level cannot be inferred from the host (#5483).

Bug Fixes

  • Fixed import inconsistency for force_destroy and other schema-only fields causing "Provider produced inconsistent final plan" errors (#5487).

  • Fixed databricks_grant and databricks_grants to honor provider_config when using account-level providers (#5557).

    Fixes #5530.

Internal Changes

  • Update Go SDK to v0.127.0.
  • Use account host check instead of account ID check in databricks_access_control_rule_set to determine client type (#5484).