DatabricksDsc

Author(s)

• Gijs Reijn

Functions

Get-DatabricksUser New-DatabricksUser Remove-DatabricksUser Set-DatabricksUser

DSCResources

DatabricksAccountMetastoreAssignment DatabricksAccountServicePrincipal DatabricksAccountUser DatabricksAccountWorkspacePermissionAssignment DatabricksClusterPolicy DatabricksClusterPolicyPermission DatabricksGroup DatabricksServicePrincipal DatabricksUser

Dependencies

This module has no dependencies.

Release Notes

## [0.4.0-preview0002] - 2025-11-23

### Added

- Added `DatabricksGroup` resource for managing groups in a Databricks workspace
 - Manages groups using the workspace-level SCIM API v2
 - Key property: `DisplayName` (unique identifier)
 - Properties: `ExternalId`, `Members`, `Entitlements`, `Roles`, and read-only
   `Groups` (parent groups)
 - Supports create, update, and delete operations
 - Uses workspace-level SCIM API endpoints:
   - POST: `/api/2.0/preview/scim/v2/Groups` for create
   - GET: `/api/2.0/preview/scim/v2/Groups` for list/read
   - PATCH: `/api/2.0/preview/scim/v2/Groups/{id}` for update (SCIM PatchOp format)
   - DELETE: `/api/2.0/preview/scim/v2/Groups/{id}` for remove
 - Implements complex types: `GroupMember`, `GroupEntitlement`, `GroupRole`,
   and `ParentGroup` following SCIM schema
 - Members can be users or other groups (nested groups)
 - Entitlements support values: `allow-cluster-create`, `allow-instance-pool-create`,
   `workspace-access`, `databricks-sql-access`
 - Roles support AWS instance profile ARNs
 - Groups property shows parent groups (read-only, cannot be set directly)
 - All array properties are sorted for consistent comparison
 - Validates WorkspaceUrl format (must start with https://)
 - Validates DisplayName is not empty
 - Includes comprehensive unit tests (40+ tests) covering all methods and scenarios
 - Implements Export functionality:
   - `GetAllResourcesFromApi()` retrieves all groups from workspace
   - `CreateExportInstance()` converts API group data to resource instances
   - `Export([FilteringInstance])` supports filtering by any property
   - Export() without parameters throws error requiring authentication
 - Added localization strings for all operations (DG0001-DG0018)
- Added `DatabricksAccountWorkspacePermissionAssignment` resource for managing
 workspace permission assignments at the account level
 - Manages permission assignments for principals (users, service principals,
   or groups) at the workspace level
 - Key properties: `AccountId`, `WorkspaceId`, `PrincipalId`, and `Permissions`
 - Supports assignment (create/update via PUT) and unassignment (DELETE)
 - Uses account-level API endpoints:
   - GET: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments`
   - PUT: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments/principals/{principal_id}`
   - DELETE: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/permissionassignments/principals/{principal_id}`
 - Validates AccountId as GUID, WorkspaceId and PrincipalId as numeric
 - Supports WorkspacePermissionLevel enum with User and Admin values
 - Handles API response structure with `principal.principal_id` for identification
   and `permissions` as string array
 - Includes comprehensive unit tests covering all methods and scenarios
 - Added localization strings for all operations (DAWPA0001-DAWPA0015)
- Added `WorkspacePermissionLevel` enum for workspace permission levels
 - Supported values: User and Admin
 - Used by `DatabricksAccountWorkspacePermissionAssignment` resource
- Added `DatabricksAccountMetastoreAssignment` resource for managing Unity
 Catalog metastore assignments to workspaces
 - Manages workspace-to-metastore assignments at the account level
 - Key properties: `AccountId`, `WorkspaceId`, and `MetastoreId`
 - Supports assignment (create/update via PUT) and unassignment (DELETE)
 - Uses account-level API endpoints:
   - GET: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/metastore`
   - POST: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/metastores`
   - DELETE: `/api/2.0/accounts/{account_id}/workspaces/{workspace_id}/metastores/{metastore_id}`
 - Validates AccountId and MetastoreId as GUIDs, WorkspaceId as numeric
 - Includes comprehensive unit tests with 32 test cases covering all methods
   and scenarios
 - Implements Export functionality:
   - `GetAllResourcesFromApi()` retrieves all workspace assignments for a
     metastore using GET `/api/2.0/accounts/{account_id}/metastores/{metastore_id}/workspaces`
   - `CreateExportInstance()` converts API workspace assignment data to
     resource instances
   - `Export([FilteringInstance])` supports filtering by WorkspaceId
   - Requires AccountId and MetastoreId to be set in the filtering instance
   - Added localization strings for export operations (DAMA0016-DAMA0019)
   - Added 7 unit tests for Export functionality covering all scenarios
- Added `DatabricksAccountResourceBase` intermediate base class for account-level
 DSC resources
 - Inherits from `DatabricksResourceBase` and provides specialized functionality
   for account-level operations
 - Introduces `AccountsUrl` property with default value `https://accounts.azuredatabricks.net/`
 - Constructor automatically sets `WorkspaceUrl` from `AccountsUrl` for base
   class compatibility
 - Simplifies configuration for account-level resources by providing sensible
   defaults
 - Account-level resources (`DatabricksAccountUser`, `DatabricksAccountServicePrincipal`,
   `DatabricksAccountMetastoreAssignment`) now inherit from this base class
- Added `_exist` property to all account-level resources
 - `DatabricksAccountUser`, `DatabricksAccountServicePrincipal`, and
   `DatabricksAccountMetastoreAssignment` now include the `_exist` property
 - Defaults to `$true` for proper existence management
 - Enables proper handling of resource presence/absence in desired state
- Added configuration examples for `DatabricksAccountMetastoreAssignment` resource
 - Example 001: Basic metastore assignment to workspace
 - Example 002: Remove metastore assignment from workspace

### Fixed

- Fixed `DatabricksClusterPolicy` resource examples to use hashtable format
 for the `Definition` property instead of JSON string
 - Updated all three examples (basic, complete, and user limit) to demonstrate
   proper hashtable usage with YAML syntax
 - Makes examples more readable and easier to maintain
- Fixed `DatabricksAccountMetastoreAssignment` to correctly parse API response
 - Updated to handle nested `metastore_assignment` object structure from API
 - Checks `$response.metastore_assignment.metastore_id` instead of flat structure
 - Updated unit test mocks to match actual API response format