Skip to content

Validate required/unit-constrained UC fields early in bundle validate#5818

Open
radakam wants to merge 3 commits into
mainfrom
cli-fix-bundle-validate-required-fields-and-retention-units
Open

Validate required/unit-constrained UC fields early in bundle validate#5818
radakam wants to merge 3 commits into
mainfrom
cli-fix-bundle-validate-required-fields-and-retention-units

Conversation

@radakam

@radakam radakam commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Changes

bundle validate (and therefore plan/deploy) now fails early with a clear, actionable error for three UC fields that the SDK models as optional but the backend requires:

  • sql_warehouses.*.name — errors with sql_warehouse name is required.
  • grants[*].principal — errors with grant principal is required, on every securable that supports grants (catalogs, schemas, volumes, external_locations, registered_models, vector_search_indexes).
  • catalogs/schemas.*.custom_max_retention_hours — errors when out of range: the field is in hours but the backend only accepts 0 or 168–720 (7–30 days), e.g. custom_max_retention_hours must be 0 or between 168 and 720 hours (7 to 30 days), got 7.

Implemented in the existing validate:required mutator (runs in phases.Initialize(), covering validate/plan/deploy), following the existing dashboard bespoke-validation precedent.

Why

These fields were modeled as loosely-typed/optional (json:"...,omitempty"), so bundle validate and bundle plan passed but the deploy was rejected by the backend with late, low-context 400s (e.g. Invalid PermissionsChange — at least one of 'principal' or 'principal_id' must be set, or recovery period must be 0 or between 7 and 30 days). Discovered via fuzz testing; affects both the Terraform and direct engines. Failing early with a message that names the offending field is much more actionable.

Tests

  • New acceptance tests under acceptance/bundle/validate/:
    • sql_warehouse_required_name/ (both engines)
    • grants_required_principal/ (direct-only; verifies a missing principal errors while a valid grant passes)
    • retention_hours_range/ (direct-only; verifies out-of-range values on catalogs and schemas error while in-range values pass)
  • Refreshed the empty_resources golden files that now surface the sql_warehouse name is required error.

Reject missing sql_warehouse name, missing grant principal, and
out-of-range catalog/schema custom_max_retention_hours at validate/plan
time instead of letting them pass and fail later at deploy with
low-context backend errors.

DECO-27550
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 10:57 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 10:57 — with GitHub Actions Inactive
@eng-dev-ecosystem-bot

eng-dev-ecosystem-bot commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Integration test report

Commit: cfbbb09

Run: 28658274282

Env 💚​RECOVERED 🙈​SKIP ✅​pass 🙈​skip Time
💚​ aws linux 7 14 230 1048 3:55
💚​ aws windows 7 14 232 1046 3:58
💚​ aws-ucws linux 7 14 314 966 4:53
💚​ aws-ucws windows 7 14 316 964 3:48
💚​ azure linux 4 15 230 1047 4:09
💚​ azure windows 4 15 232 1045 3:35
💚​ azure-ucws linux 4 15 316 963 4:42
💚​ azure-ucws windows 4 15 318 961 3:44
💚​ gcp linux 4 15 229 1049 3:55
💚​ gcp windows 4 15 231 1047 3:49
21 interesting tests: 14 SKIP, 7 RECOVERED
Test Name aws linux aws windows aws-ucws linux aws-ucws windows azure linux azure windows azure-ucws linux azure-ucws windows gcp linux gcp windows
💚​ TestAccept 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/invariant/no_drift 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions 💚​R 💚​R 💚​R 💚​R 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct 💚​R 💚​R 💚​R 💚​R
💚​ TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform 💚​R 💚​R 💚​R 💚​R
🙈​ TestAccept/bundle/resources/postgres_branches/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/recreate 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/replace_existing 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/update_protected 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_branches/without_branch_id 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_endpoints/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/postgres_projects/update_display_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/synced_database_tables/basic 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_endpoints/drift/recreated_same_name 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/bundle/resources/vector_search_indexes/recreate/embedding_dimension 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
🙈​ TestAccept/ssh/connection 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S 🙈​S
💚​ TestFetchRepositoryInfoAPI_FromRepo 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/root 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
💚​ TestFetchRepositoryInfoAPI_FromRepo/subdir 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R 💚​R
Top 5 slowest tests (at least 2 minutes):
duration env testname
3:08 aws windows TestAccept
3:05 gcp windows TestAccept
2:50 azure-ucws windows TestAccept
2:50 aws-ucws windows TestAccept
2:41 azure windows TestAccept

@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 11:27 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 11:27 — with GitHub Actions Inactive
@radakam radakam marked this pull request as ready for review July 3, 2026 11:29
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Approval status: pending

/acceptance/bundle/ - needs approval

17 files changed
Suggested: @denik
Also eligible: @janniklasrose, @pietern, @anton-107, @shreyas-goenka, @andrewnester, @lennartkats-db

/bundle/ - needs approval

Files: bundle/config/validate/required.go
Suggested: @denik
Also eligible: @janniklasrose, @pietern, @anton-107, @shreyas-goenka, @andrewnester, @lennartkats-db

General files (require maintainer)

Files: NEXT_CHANGELOG.md
Based on git history:

  • @denik -- recent work in ./, acceptance/bundle/validate/empty_resources/with_permissions/, acceptance/bundle/validate/empty_resources/empty_dict/

Any maintainer (@andrewnester, @anton-107, @denik, @pietern, @shreyas-goenka, @simonfaltum, @renaudhartert-db, @janniklasrose) can approve all areas.
See OWNERS for ownership rules.

@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 11:42 — with GitHub Actions Inactive
@radakam radakam temporarily deployed to test-trigger-is July 3, 2026 11:42 — with GitHub Actions Inactive
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants