Fix databricks_mws_private_access_settings defaults (#1567)

Support for `ANY` value for `private_access_level` in `databricks_mws_private_access_settings` resource was removed by engineering. `ACCOUNT` is the new default now
databricks · Aug 29, 2022 · a0af466 · a0af466
1 parent 8c7b015
commit a0af466
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/docs/resources/mws_private_access_settings.md b/docs/resources/mws_private_access_settings.md
@@ -49,7 +49,7 @@ The following arguments are available:
 * `private_access_settings_name` - Name of Private Access Settings in Databricks Account
 * `public_access_enabled` (Boolean, Optional, `false` by default) - If `true`, the [databricks_mws_workspaces](mws_workspaces.md) can be accessed over the [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) as well as over the public network. In such a case, you could also configure an [databricks_ip_access_list](ip_access_list.md) for the workspace, to restrict the source networks that could be used to access it over the public network. If `false` (default), the workspace can be accessed only over VPC endpoints, and not over the public network.
 * `region` - Region of AWS VPC
-* `private_access_level` - (Optional) The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ANY` level access _(default)_ lets any [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) connect to your [databricks_mws_workspaces](mws_workspaces.md). `ACCOUNT` level access lets only [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) that are registered in your Databricks account connect to your [databricks_mws_workspaces](mws_workspaces.md). `ENDPOINT` level access lets only specified [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) connect to your workspace. Please see the `allowed_vpc_endpoint_ids` documentation for more details.
+* `private_access_level` - (Optional) The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access _(default)_ lets only [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) that are registered in your Databricks account connect to your [databricks_mws_workspaces](mws_workspaces.md). `ENDPOINT` level access lets only specified [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) connect to your workspace. Please see the `allowed_vpc_endpoint_ids` documentation for more details.
 * `allowed_vpc_endpoint_ids` - (Optional) An array of [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md#vpc_endpoint_id) `vpc_endpoint_id` (not `id`). Only used when `private_access_level` is set to `ENDPOINT`. This is an allow list of [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) that in your account that can connect to your [databricks_mws_workspaces](mws_workspaces.md) over AWS PrivateLink. If hybrid access to your workspace is enabled by setting `public_access_enabled` to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for [databricks_ip_access_list](ip_access_list.md).
 
 ## Attribute Reference

diff --git a/mws/mws.go b/mws/mws.go
@@ -82,6 +82,6 @@ type PrivateAccessSettings struct {
 	Region                string   `json:"region"`
 	Status                string   `json:"status,omitempty" tf:"computed"`
 	PublicAccessEnabled   bool     `json:"public_access_enabled,omitempty"`
-	PrivateAccessLevel    string   `json:"private_access_level,omitempty" tf:"default:ANY"`
+	PrivateAccessLevel    string   `json:"private_access_level,omitempty" tf:"default:ACCOUNT"`
 	AllowedVpcEndpointIDS []string `json:"allowed_vpc_endpoint_ids,omitempty"`
 }
diff --git a/mws/resource_mws_private_access_settings.go b/mws/resource_mws_private_access_settings.go
@@ -61,6 +61,7 @@ func ResourceMwsPrivateAccessSettings() *schema.Resource {
 	s := common.StructToSchema(PrivateAccessSettings{}, func(s map[string]*schema.Schema) map[string]*schema.Schema {
 		// nolint
 		s["private_access_settings_name"].ValidateFunc = validation.StringLenBetween(4, 256)
+		s["private_access_level"].ValidateFunc = validation.StringInSlice([]string{"ACCOUNT", "ENDPOINT"}, true)
 		return s
 	})
 	p := common.NewPairSeparatedID("account_id", "private_access_settings_id", "/")

diff --git a/mws/resource_mws_private_access_settings_test.go b/mws/resource_mws_private_access_settings_test.go
@@ -50,7 +50,7 @@ func TestResourcePASCreate(t *testing.T) {
 					AccountID:          "abc",
 					Region:             "ar",
 					PasName:            "pas_name",
-					PrivateAccessLevel: "ANY",
+					PrivateAccessLevel: "ACCOUNT",
 				},
 				Response: PrivateAccessSettings{
 					PasID: "pas_id",