Releases: databricks/terraform-provider-databricks
Release list
v1.120.0
New Features and Improvements
-
Add resource and data source for
databricks_postgres_data_api. -
Deprecate the SDKv2 fallback implementations of
databricks_library,databricks_quality_monitor, anddatabricks_shareresources, and thedatabricks_share,databricks_shares, anddatabricks_volumesdata sources. These resources have been served by the Plugin Framework by default since their migration; the SDKv2 implementations remain only as opt-in fallbacks via theUSE_SDK_V2_RESOURCES/USE_SDK_V2_DATA_SOURCESenvironment variables. Setting either environment variable for any of these names now emits a runtime warning (visible withTF_LOG=WARNor higher), and the SDKv2 implementations will be removed in the next major release of the provider.
Bug Fixes
-
Fix permanent permissions drift when
user_namecasing indatabricks_permissionsaccess_controlblocks differs from the API response (#5757). -
Allow setting
user_api_scopes = []ondatabricks_appto disable OBO (On-Behalf-Of) user authorization (#5834).The Apps API omits
user_api_scopesfrom its response when OBO is inactive, so a configured empty list previously failed withProvider produced inconsistent result after apply. The provider now preserves a configured empty list in state, mirroring the reconciliation used bydatabricks_app_space.
Internal Changes
- Make notification destination acceptance tests robust to the eventual consistency of the notification destinations list API.
v1.119.0
Documentation
- Document that read-only workspace bindings aren't applicable for non-catalog objects (#5611)
Internal Changes
- Run unit tests offline from a pre-warmed Go module cache for PRs that cannot authenticate to the internal Go module proxy (fork and Dependabot PRs), populated by the new "Warm Go Cache" workflow.
v1.118.0
New Features and Improvements
- Add resource and data sources for
databricks_ai_search_endpoint. - Add resource and data sources for
databricks_ai_search_index.
Bug Fixes
-
Fixed
databricks_instance_poolignoringenable_elastic_disk = falsedue toomitemptyJSON tag, which caused an infinite plan/replace cycle (#5802). -
Fix
databricks_entitlementsto honorprovider_config { workspace_id }when used with an account-level provider (#5680). -
Fix spurious
account_iddrift ondatabricks_mws_ncc_private_endpoint_rule(#5347). The backend echoesaccount_idon read; the schema previously marked it as a plainOptionalattribute, so once it landed in state (for example viaterraform import) the next plan reportedaccount_id = "..." -> nulland a subsequent apply failed withcannot update mws ncc private endpoint rule: Update mask must be specified.. Markingaccount_idasComputed(matching the siblingdatabricks_mws_network_connectivity_configresource) preserves the server-provided value across refreshes and eliminates the spurious in-place update. -
Fixed
databricks_mws_workspacesfailing to updateprivate_access_settings_idand other fields on GCP workspaces (#5430).
Documentation
- Added
disabledfield totaskblock indatabricks_jobresource, allowing individual tasks to be disabled (#5767).
Exporter
- Rewrote Exporter logging so it works with Databricks Go SDK logging (#5805).
v1.117.0
Bug Fixes
- Fix
databricks_external_locationso that creating a resource withenable_file_events = falseis sent in the POST request. Previously the field was silently dropped (Go SDK marshals the bool withomitempty), so the server applied itstruedefault andeffective_enable_file_eventscame backtrue.
v1.116.0
New Features and Improvements
- Added
principal_idargument todatabricks_git_credentialresource, enabling management of Git credentials on behalf of service principals. - Add support for managing permissions of Agent Bricks resources (#5708). Reverts #5582.
Bug Fixes
- Fix
databricks_metastoreso that updatingexternal_access_enabledfromtruetofalseis sent in the PATCH request. Previously the field was silently dropped from the request body, so the change never reached the API. - Fixed destroying of UC objects when workspace binding removed before actual destroy (#5581).
- Fixed handling of the case when library is removed outside of Terraform (#5678).
- Fix
databricks_vector_search_indexhardcoded 15-minute creation timeout: increased default to 75 minutes (consistent withdatabricks_vector_search_endpoint) and made it user-overridable via thetimeoutsblock. - Fixed child groups collection in
databricks_groupdata source (#5679).
Documentation
- Document that some
databricks_mws_*resources on GCP require Google-issued OIDC tokens (not Databricks OAuth) (#5654). - Remove non-existent field from the
databricks_vector_search_indexdoc (#5605). - Documented
principal_idargument fordatabricks_git_credentialresource.
Exporter
- Support
alert_taskwhen exportingdatabricks_job(#5629). - Add support for exporting Agent Bricks resources (#5704).
Internal Changes
-
Add
internal/retrierpackage for unified retry and backoff handling (#5746). -
Pass
excludedAttributes=entitlementson SCIM/Merequests (#5725). -
workspace_id(provider attribute andprovider_config.workspace_idblock) now accepts workspace connection IDs in addition to classic numeric workspace IDs. On unified Databricks hosts, the platform gateway disambiguates the value server-side via theX-Databricks-Workspace-Idrequest header. The previous positive-integer validator has been relaxed to require only a non-empty string.Numeric workspace IDs continue to behave exactly as before, including the account-API workspace-deployment lookup. Connection IDs skip that lookup and route directly via the configured host. When the provider is configured at the workspace level (host + token), connection IDs surface a clear error directing the user to reconfigure with account-level credentials, since a workspace-level provider can only operate on a single workspace.
v1.115.0
Bug Fixes
- Fix
databricks_library,databricks_share, anddatabricks_quality_monitorfailing to decode prior state withError decoding ... from prior state: missing expected {after upgrading from v1.113.0 to v1.114.0 (#5669). Reverts #5582. - Fix
databricks_service_principaldata source failing on account-level provider withcannot populate provider_config for service principal: failed to resolve workspace_id(#5664). The data source now supports theapifield and skips workspace-tracking when used at account level. - Fix
databricks_service_principalsdata source failing on account-level provider with the samecannot populate provider_config for service principals: failed to resolve workspace_idregression (#5664). The data source now supports theapifield and skips workspace-tracking when used at account level. - Fix
databricks_mws_workspacesanddatabricks_mws_credentialsdata sources failing on account-level provider withcannot populate provider_config for mws workspaces: failed to resolve workspace_id(#5672). These account-only data sources are now exempted from the post-Read workspace-tracking hook, andprovider_config(which had no effect on them) is now deprecated and will be removed in a future major release. - Fix
databricks_disable_legacy_features_settingfailing on account-level provider withcannot populate provider_config for disable legacy features setting: failed to resolve workspace_id: ... Unable to load OAuth Config. This account-only setting is now exempted from the post-Read workspace-tracking hook, and the auto-injectedprovider_configblock is deprecated. The fix is applied at the generic-setting builder level (makeSettingResourceinsettings/generic_setting.go), so any futureaccountSetting-based resource inherits the opt-out automatically.
v1.114.2
Release v1.114.2
New Features and Improvements
- Support adopting pre-existing
databricks_postgres_branchanddatabricks_postgres_endpointresources viareplace_existing = trueargument.
Internal Changes
- Mark
effective_file_event_queueas computed with diff suppression indatabricks_external_locationto prevent Terraform drift when the Unity Catalog backend returns the server-populated field.
v1.114.1
Release v1.114.1
Bug Fixes
Rolls back to v1.113.0 as the stable release.
v1.114.0
New Features and Improvements
- Add resource and data sources for
databricks_disaster_recovery_failover_group. - Add resource and data sources for
databricks_disaster_recovery_stable_url. - Add resource and data sources for
databricks_supervisor_agent. - Add resource and data sources for
databricks_supervisor_agent_tool. - Add resource and data sources for
databricks_secret_uc. - Support adopting pre-existing
databricks_postgres_branchanddatabricks_postgres_endpointresources viareplace_existing = trueargument.
Internal Changes
- Update Go SDK to v0.128.0.
- Bump minimum Go toolchain from 1.24.0 to 1.25.7 to pick up the
crypto/tlsTLS 1.3 session-resumption fix. - Fail at plan time with "please set api to account or workspace" for dual workspace/account resources when the provider is configured against a unified host and the resource's
apifield is not set.
v1.113.0
Release v1.113.0
New Features and Improvements
-
Add resource and data source for
databricks_postgres_catalog. -
Add resource and data source for
databricks_postgres_synced_table. -
Add resource and data sources for
databricks_environments_workspace_base_environment. -
Add resource and data source for
databricks_environments_default_workspace_base_environment. -
Added optional
cloudargument todatabricks_current_configdata source to explicitly set the cloud type (aws,azure,gcp) instead of relying on host-based detection. -
Added
apifield to dual account/workspace resources (databricks_user,databricks_service_principal,databricks_group,databricks_group_role,databricks_group_member,databricks_user_role,databricks_service_principal_role,databricks_user_instance_profile,databricks_group_instance_profile,databricks_metastore,databricks_metastore_assignment,databricks_metastore_data_access,databricks_storage_credential,databricks_service_principal_secret,databricks_access_control_rule_set) to explicitly control whether account-level or workspace-level APIs are used. This enables support for unified hosts likeapi.databricks.comwhere the API level cannot be inferred from the host (#5483).
Bug Fixes
-
Fixed import inconsistency for
force_destroyand other schema-only fields causing "Provider produced inconsistent final plan" errors (#5487). -
Fixed
databricks_grantanddatabricks_grantsto honorprovider_configwhen using account-level providers (#5557).Fixes #5530.
Internal Changes
- Update Go SDK to v0.127.0.
- Use account host check instead of account ID check in
databricks_access_control_rule_setto determine client type (#5484).