list of volumes

databricks-s3-volume-existing-catalog/grants.tf

@@ -1,14 +1,19 @@
-# volume
 resource "databricks_grant" "volume_r" {
-  for_each   = toset(var.volume_r_grant_principals)
-  volume     = databricks_volume.volume.id
-  principal  = each.value
+  for_each = {
+    for bucket in var.volume_buckets : "${bucket.bucket_name}_${bucket.volume_r_grant_principals}" => bucket
+    if length(bucket.volume_r_grant_principals) > 0
+  }
+  volume    = each.value.bucket_name
+  principal = each.value.volume_r_grant_principals[count.index]
   privileges = ["READ_VOLUME"]
 }
 
 resource "databricks_grant" "volume_rw" {
-  for_each   = toset(var.volume_rw_grant_principals)
-  volume     = databricks_volume.volume.id
-  principal  = each.value
+  for_each = {
+    for bucket in var.volume_buckets : "${bucket.bucket_name}_${bucket.volume_rw_grant_principals}" => bucket
+    if length(bucket.volume_rw_grant_principals) > 0
+  }
+  volume    = each.value.bucket_name
+  principal = each.value.volume_rw_grant_principals[count.index]
   privileges = ["READ_VOLUME", "WRITE_VOLUME"]
-}
+}

databricks-s3-volume-existing-catalog/variables.tf

@@ -14,20 +14,12 @@ variable "schema_name" {
 }
 
 variable "volume_buckets" {
-  description = "Name of the S3 bucket to use for the volume"
-  type        = list(string)
-}
-
-variable "volume_r_grant_principals" {
-  description = "(Optional) Databricks groups to grant read-only permissions to on the volume"
-  type        = list(string)
-  default     = []
-}
-
-variable "volume_rw_grant_principals" {
-  description = "(Optional) Databricks groups to grant read/write permissions to on the volume"
-  type        = list(string)
-  default     = []
+  description = "List of external buckets and their corresponding groups that should have r/rw access to it"
+  type        = list(object({
+    bucket_name : string
+    volume_r_grant_principals: optional(list(string), [])
+    volume_rw_grant_principals: optional(list(string), [])
+  }))
 }
 
 variable "tags" {