direct: fix migrate of model_serving_endpoints and database_instances permissions#5775
Merged
Conversation
…base_instances Adds invariant configs for model_serving_endpoints and database_instances with permissions. They pass no_drift and continue_293 but are excluded from the migrate invariant: migrate can't resolve the permissions object_id from terraform state for these types (the endpoint_id / id field is absent from tfstate). This is a regression introduced by #5399; the previous migrate impl read it from remote state. Co-authored-by: Isaac
… permissions The permissions object_id was re-derived from the parent resource's terraform state (endpoint_id for serving endpoints, id for database instances), but those fields aren't present in tfstate for these types, so migrate aborted with "cannot resolve field object_id". Take object_id from the permissions node's own terraform state ID instead, which already holds the full object id (e.g. "/serving-endpoints/<id>"). This is uniform across all resource types and removes the dependency on the parent's tfstate shape. Removes the migrate-invariant exclusions added earlier so both configs now run, and adds unit coverage in build_state_test.go. Co-authored-by: Isaac
Collaborator
Integration test reportCommit: 8ab146c
21 interesting tests: 13 SKIP, 7 KNOWN, 1 RECOVERED
|
Name the `id` variable (tfIDs[node]) as the source. Co-authored-by: Isaac
Co-authored-by: Isaac
Co-authored-by: Isaac
janniklasrose
approved these changes
Jun 30, 2026
pietern
approved these changes
Jun 30, 2026
denik
added a commit
that referenced
this pull request
Jun 30, 2026
## Why Ensure that all resource have invariant test coverage. Recent example where lack of coverage caused to release a bug in migrate rewrite #5775
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes
bundle deployment migrateaborted withcannot resolve field "object_id"formodel_serving_endpointsanddatabase_instanceswithpermissions: the object_id was re-derived from the parent's terraform state (endpoint_id/id), but those fields aren't present there.Set
object_idfrom the.permissionsnode's own terraform state ID (tfIDs[node]— thedatabricks_permissionsresource ID, already the full/serving-endpoints/<id>etc.) instead of resolving it from the parent. Uniform across all resource types.Regression from #5399 (tfstate-only migrate); the previous impl read the value from remote state.
Tests
New invariant configs (migrate / no_drift / continue_293) and unit cases in
build_state_test.go, confirmed failing without the fix.This pull request and its description were written by Isaac.