From 3bda70176f32db006641fe6e56c3b2c1bc77313a Mon Sep 17 00:00:00 2001
From: Allison Doami <adoami@chanzuckerberg.com>
Date: Thu, 26 Sep 2024 16:08:58 -0700
Subject: [PATCH] list of volumes

---
 .../grants.tf                                 | 21 ++++++++++++-------
 .../variables.tf                              | 20 ++++++------------
 2 files changed, 19 insertions(+), 22 deletions(-)

diff --git a/databricks-s3-volume-existing-catalog/grants.tf b/databricks-s3-volume-existing-catalog/grants.tf
index 4d334b44..b0e8e448 100644
--- a/databricks-s3-volume-existing-catalog/grants.tf
+++ b/databricks-s3-volume-existing-catalog/grants.tf
@@ -1,14 +1,19 @@
-# volume
 resource "databricks_grant" "volume_r" {
-  for_each   = toset(var.volume_r_grant_principals)
-  volume     = databricks_volume.volume.id
-  principal  = each.value
+  for_each = {
+    for bucket in var.volume_buckets : "${bucket.bucket_name}_${bucket.volume_r_grant_principals}" => bucket
+    if length(bucket.volume_r_grant_principals) > 0
+  }
+  volume    = each.value.bucket_name
+  principal = each.value.volume_r_grant_principals[count.index]
   privileges = ["READ_VOLUME"]
 }
 
 resource "databricks_grant" "volume_rw" {
-  for_each   = toset(var.volume_rw_grant_principals)
-  volume     = databricks_volume.volume.id
-  principal  = each.value
+  for_each = {
+    for bucket in var.volume_buckets : "${bucket.bucket_name}_${bucket.volume_rw_grant_principals}" => bucket
+    if length(bucket.volume_rw_grant_principals) > 0
+  }
+  volume    = each.value.bucket_name
+  principal = each.value.volume_rw_grant_principals[count.index]
   privileges = ["READ_VOLUME", "WRITE_VOLUME"]
-}
\ No newline at end of file
+}
diff --git a/databricks-s3-volume-existing-catalog/variables.tf b/databricks-s3-volume-existing-catalog/variables.tf
index a7850ff6..5933f695 100644
--- a/databricks-s3-volume-existing-catalog/variables.tf
+++ b/databricks-s3-volume-existing-catalog/variables.tf
@@ -14,20 +14,12 @@ variable "schema_name" {
 }
 
 variable "volume_buckets" {
-  description = "Name of the S3 bucket to use for the volume"
-  type        = list(string)
-}
-
-variable "volume_r_grant_principals" {
-  description = "(Optional) Databricks groups to grant read-only permissions to on the volume"
-  type        = list(string)
-  default     = []
-}
-
-variable "volume_rw_grant_principals" {
-  description = "(Optional) Databricks groups to grant read/write permissions to on the volume"
-  type        = list(string)
-  default     = []
+  description = "List of external buckets and their corresponding groups that should have r/rw access to it"
+  type        = list(object({
+    bucket_name : string
+    volume_r_grant_principals: optional(list(string), [])
+    volume_rw_grant_principals: optional(list(string), [])
+  }))
 }
 
 variable "tags" {