package permissions import ( "context" "fmt" "regexp" "strings" "github.com/databricks/cli/bundle" "github.com/databricks/cli/libs/diag" "github.com/databricks/cli/libs/log" ) func TryExtendTerraformPermissionError(ctx context.Context, b *bundle.Bundle, err error) diag.Diagnostics { _, assistance := analyzeBundlePermissions(b) // In a best-effort attempt to provide actionable error messages, we match // against a few specific error messages that come from the Jobs and Pipelines API. // For matching errors we provide a more specific error message that includes // details on how to resolve the issue. if !strings.Contains(err.Error(), "cannot update permissions") && !strings.Contains(err.Error(), "permissions on pipeline") && !strings.Contains(err.Error(), "cannot read permissions") && !strings.Contains(err.Error(), "cannot set run_as to user") { return nil } log.Errorf(ctx, "Terraform error during deployment: %v", err.Error()) // Best-effort attempt to extract the resource name from the error message. re := regexp.MustCompile(`databricks_(\w*)\.(\w*)`) match := re.FindStringSubmatch(err.Error()) resource := "resource" if len(match) > 1 { resource = match[2] } return diag.Diagnostics{{ Summary: fmt.Sprintf("permission denied creating or updating %s.\n"+ "%s\n"+ "They can redeploy the project to apply the latest set of permissions.\n"+ "Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions.", resource, assistance), Severity: diag.Error, ID: diag.ResourcePermissionDenied, }} }