databricks · alexott · Oct 9, 2025
@@ -19,3 +19,5 @@
 ### Exporter
 
 ### Internal Changes
+
+* Deprecate `instance_profiles` attribute, and replace it with `roles` in `databricks_group` data source ([#5086](https://github.com/databricks/terraform-provider-databricks/pull/5086))
@@ -3,7 +3,7 @@ subcategory: "Security"
 ---
 # databricks_group Data Source
 
-Retrieves information about [databricks_group](../resources/group.md) members, entitlements and instance profiles.
+Retrieves information about [databricks_group](../resources/group.md) members, entitlements and roles.
 
 -> This data source can be used with an account or workspace-level provider.
 
@@ -43,7 +43,8 @@ Data source exposes the following attributes:
 * `service_principals` - Set of [databricks_service_principal](../resources/service_principal.md) identifiers, that can be modified with [databricks_group_member](../resources/group_member.md) resource.
 * `child_groups` - Set of [databricks_group](../resources/group.md) identifiers, that can be modified with [databricks_group_member](../resources/group_member.md) resource.
 * `groups` - Set of [group](../resources/group.md) identifiers, that can be modified with [databricks_group_member](../resources/group_member.md) resource.
-* `instance_profiles` - Set of [instance profile](../resources/instance_profile.md) ARNs, that can be modified by [databricks_group_instance_profile](../resources/group_instance_profile.md) resource.
+* `roles` - Set of role ARNs (e.g., [instance profile](../resources/instance_profile.md) ARNs), that can be modified by [databricks_group_instance_profile](../resources/group_instance_profile.md) or [databricks_group_role](../resources/group_role.md) resources.
+* `instance_profiles` - (Deprecated) Set of [instance profile](../resources/instance_profile.md) ARNs, that can be modified by [databricks_group_instance_profile](../resources/group_instance_profile.md) resource. Use `roles` instead.
 * `allow_cluster_create` - True if group members can create [clusters](../resources/cluster.md)
 * `allow_instance_pool_create` - True if group members can create [instance pools](../resources/instance_pool.md)
 * `acl_principal_id` - identifier for use in [databricks_access_control_rule_set](../resources/access_control_rule_set.md), e.g. `groups/Some Group`.

@@ -21,6 +21,7 @@ func DataSourceGroup() common.Resource {
 		ServicePrincipals []string `json:"service_principals,omitempty" tf:"slice_set,computed"`
 		ChildGroups       []string `json:"child_groups,omitempty" tf:"slice_set,computed"`
 		Groups            []string `json:"groups,omitempty" tf:"slice_set,computed"`
+		Roles             []string `json:"roles,omitempty" tf:"slice_set,computed"`
 		InstanceProfiles  []string `json:"instance_profiles,omitempty" tf:"slice_set,computed"`
 		ExternalID        string   `json:"external_id,omitempty" tf:"computed"`
 		AclPrincipalID    string   `json:"acl_principal_id,omitempty" tf:"computed"`
@@ -32,6 +33,7 @@ func DataSourceGroup() common.Resource {
 		s["display_name"].ValidateFunc = validation.StringIsNotEmpty
 		s["recursive"].Default = true
 		s["members"].Deprecated = "Please use `users`, `service_principals`, and `child_groups` instead"
+		s["instance_profiles"].Deprecated = "Please use `roles` instead"
 		addEntitlementsToSchema(s)
 		return s
 	})
@@ -77,6 +79,7 @@ func DataSourceGroup() common.Resource {
 					}
 				}
 				for _, x := range current.Roles {
+					this.Roles = append(this.Roles, x.Value)
 					this.InstanceProfiles = append(this.InstanceProfiles, x.Value)
 				}
 				current.Entitlements.readIntoData(d)
@@ -98,6 +101,7 @@ func DataSourceGroup() common.Resource {
 			sort.Strings(this.Users)
 			sort.Strings(this.ChildGroups)
 			sort.Strings(this.ServicePrincipals)
+			sort.Strings(this.Roles)
 			sort.Strings(this.InstanceProfiles)
 			err = common.StructToData(this, s, d)
 			if err != nil {

@@ -83,6 +83,7 @@ func TestDataSourceGroup(t *testing.T) {
 		},
 	}.ApplyAndExpectData(t, map[string]any{
 		"acl_principal_id":           "groups/ds",
+		"roles":                      []string{"a", "b"},
 		"instance_profiles":          []string{"a", "b"},
 		"members":                    []string{"1112", "1113", "1114"},
 		"groups":                     []string{"abc"},
Original file line number	Diff line number	Diff line change
Expand Up		@@ -19,3 +19,5 @@
		### Exporter

		### Internal Changes

		* Deprecate `instance_profiles` attribute, and replace it with `roles` in `databricks_group` data source ([#5086](https://github.com/databricks/terraform-provider-databricks/pull/5086))