refactor databricks_mws_credentials to Go SDK (#2962)

* refactor `databricks_mws_credentials` to Go SDK * bottom left -> top right * feedback * clean up tests * nit
databricks · Dec 7, 2023 · d05db39 · d05db39
1 parent f3c8cf7
commit d05db39
Show file tree

Hide file tree

Showing 17 changed files with 172 additions and 135 deletions.
diff --git a/docs/data-sources/aws_assume_role_policy.md b/docs/data-sources/aws_assume_role_policy.md
@@ -12,7 +12,7 @@ End-to-end example of provisioning Cross-account IAM role with [databricks_mws_c
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 data "databricks_aws_crossaccount_policy" "this" {}
@@ -48,7 +48,7 @@ resource "databricks_mws_credentials" "this" {
 
 ## Argument Reference
 
-* `external_id` (Required) Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/).
+* `external_id` (Required) Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/).
 * `for_log_delivery` (Optional) Either or not this assume role policy should be created for usage log delivery. Defaults to false.
 
 ## Attribute Reference

diff --git a/docs/guides/aws-e2-firewall-hub-and-spoke.md b/docs/guides/aws-e2-firewall-hub-and-spoke.md
@@ -10,7 +10,7 @@ You can provision multiple Databricks workspaces with Terraform, and where many
 
 ## Provider initialization for E2 workspaces
 
-This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the bottom left corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup. If you use AWS Firewall to block most traffic but allow the URLs to which Databricks needs to connect, please update the configuration based on your region. You can get the configuration details for your region from [Firewall Appliance](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#firewall-appliance-infrastructure) document.
+This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the top right corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup. If you use AWS Firewall to block most traffic but allow the URLs to which Databricks needs to connect, please update the configuration based on your region. You can get the configuration details for your region from [Firewall Appliance](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#firewall-appliance-infrastructure) document.
 
 ```hcl
 variable "client_id" {}

diff --git a/docs/guides/aws-e2-firewall-workspace.md b/docs/guides/aws-e2-firewall-workspace.md
@@ -12,7 +12,7 @@ For more information, please visit [Data Exfiltration Protection With Databricks
 
 ## Provider initialization for E2 workspaces
 
-This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the bottom left corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup. If you are using AWS Firewall to block most traffic but allow the URLs that Databricks needs to connect to, please update the configuration based on your region. You can get the configuration details for your region from [Firewall Appliance](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#firewall-appliance-infrastructure) document.
+This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the top right corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup. If you are using AWS Firewall to block most traffic but allow the URLs that Databricks needs to connect to, please update the configuration based on your region. You can get the configuration details for your region from [Firewall Appliance](https://docs.databricks.com/administration-guide/cloud-configurations/aws/customer-managed-vpc.html#firewall-appliance-infrastructure) document.
 
 ```hcl
 variable "client_id" {}

diff --git a/docs/guides/aws-private-link-workspace.md b/docs/guides/aws-private-link-workspace.md
@@ -12,7 +12,7 @@ This guide uses the following variables in configurations:
 
 - `client_id`: `application_id` of the service principal, see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)
 - `client_secret`: the secret of the service principal.
-- `databricks_account_id`: The numeric ID for your Databricks account. When logged in, it appears in the bottom left corner of the page.
+- `databricks_account_id`: The numeric ID for your Databricks account. When logged in, it appears in the top right corner of the page.
 - `vpc_id` - The ID for the AWS VPC.
 - `region` - AWS region.
 - `security_group_id` - Security groups set up for the existing VPC.

diff --git a/docs/guides/aws-workspace.md b/docs/guides/aws-workspace.md
@@ -10,7 +10,7 @@ You can provision multiple Databricks workspaces with Terraform.
 
 ## Provider initialization for E2 workspaces
 
-This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the bottom left corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup.
+This guide assumes you have the `client_id`, which is the `application_id` of the [Service Principal](resources/service_principal.md), `client_secret`, which is its secret, and `databricks_account_id`, which can be found in the top right corner of the [Account Console](https://accounts.cloud.databricks.com). (see [instruction](https://docs.databricks.com/dev-tools/authentication-oauth.html#step-2-create-an-oauth-secret-for-a-service-principal)). This guide is provided as is and assumes you will use it as the basis for your setup.
 
 ```hcl
 variable "client_id" {}

diff --git a/docs/guides/unity-catalog.md b/docs/guides/unity-catalog.md
@@ -18,7 +18,7 @@ This guide uses the following variables in configurations:
 
 - `databricks_client_id`: The `client_id` is the `application_id` of a [Service Principal](../resources/service_principal.md) that has account-level admin permission on [https://accounts.cloud.databricks.com](https://accounts.cloud.databricks.com).
 - `databricks_client_secret`: The secret of the above service principal.
-- `databricks_account_id`: The numeric ID for your Databricks account. When you are logged in, it appears in the bottom left corner of the [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net).
+- `databricks_account_id`: The numeric ID for your Databricks account. When you are logged in, it appears in the top right corner of the [Databricks Account Console](https://accounts.cloud.databricks.com/) or [Azure Databricks Account Console](https://accounts.azuredatabricks.net).
 - `databricks_workspace_url`: Value of `workspace_url` attribute from [databricks_mws_workspaces](../resources/mws_workspaces.md#attribute-reference) resource.
 
 This guide is provided as-is and you can use this guide as the basis for your custom Terraform module.

diff --git a/docs/index.md b/docs/index.md
@@ -205,7 +205,7 @@ Alternatively, you can provide this value as an environment variable `DATABRICKS
 * `config_file` - (optional) Location of the Databricks CLI credentials file created by `databricks configure --token` command (~/.databrickscfg by default). Check [Databricks CLI documentation](https://docs.databricks.com/dev-tools/cli/index.html#set-up-authentication) for more details. The provider uses configuration file credentials when you don't specify host/token/username/password/azure attributes. Alternatively, you can provide this value as an environment variable `DATABRICKS_CONFIG_FILE`. This field defaults to `~/.databrickscfg`.
 * `profile` - (optional) Connection profile specified within ~/.databrickscfg. Please check [connection profiles section](https://docs.databricks.com/dev-tools/cli/index.html#connection-profiles) for more details. This field defaults to
 `DEFAULT`.
-* `account_id` - (optional) Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/). Alternatively, you can provide this value as an environment variable `DATABRICKS_ACCOUNT_ID`. Only has effect when `host = "https://accounts.cloud.databricks.com/"`, and is currently used to provision account admins via [databricks_user](resources/user.md). In the future releases of the provider this property will also be used specify account for `databricks_mws_*` resources as well.
+* `account_id` - (optional) Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/). Alternatively, you can provide this value as an environment variable `DATABRICKS_ACCOUNT_ID`. Only has effect when `host = "https://accounts.cloud.databricks.com/"`, and is currently used to provision account admins via [databricks_user](resources/user.md). In the future releases of the provider this property will also be used specify account for `databricks_mws_*` resources as well.
 * `auth_type` - (optional) enforce specific auth type to be used in very rare cases, where a single Terraform state manages Databricks workspaces on more than one cloud and `more than one authorization method configured` error is a false positive. Valid values are `pat`, `basic`, `oauth-m2m`, `azure-client-secret`, `azure-msi`, `azure-cli`, `google-credentials`, and `google-id`.
 
 ## Special configurations for AWS

diff --git a/docs/resources/mws_credentials.md b/docs/resources/mws_credentials.md
@@ -13,7 +13,7 @@ Please follow this [complete runnable example](../guides/aws-workspace.md) with
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 data "databricks_aws_assume_role_policy" "this" {
@@ -47,7 +47,7 @@ resource "databricks_mws_credentials" "this" {
 
 The following arguments are required:
 
-* `account_id` - (Required) Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/)
+* `account_id` - (Optional) Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
 * `credentials_name` - (Required) name of credentials to register
 * `role_arn` - (Required) ARN of cross-account role
 
@@ -61,7 +61,11 @@ In addition to all arguments above, the following attributes are exported:
 
 ## Import
 
--> **Note** Importing this resource is not currently supported.
+This resource can be imported by the combination of its identifier and the account id:
+
+```bash
+terraform import databricks_mws_credentials.this <account_id>/<credentials_id>
+```
 
 ## Related Resources
 

diff --git a/docs/resources/mws_customer_managed_keys.md b/docs/resources/mws_customer_managed_keys.md
@@ -24,7 +24,7 @@ You must configure this during workspace creation
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 data "aws_caller_identity" "current" {}
@@ -80,7 +80,7 @@ resource "databricks_mws_customer_managed_keys" "managed_services" {
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.gcp.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.gcp.databricks.com/"
 }
 
 variable "cmek_resource_id" {
@@ -103,7 +103,7 @@ resource "databricks_mws_customer_managed_keys" "managed_services" {
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 variable "databricks_cross_account_role" {
@@ -203,7 +203,7 @@ resource "databricks_mws_customer_managed_keys" "storage" {
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.gcp.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.gcp.databricks.com/"
 }
 
 variable "cmek_resource_id" {
@@ -226,7 +226,7 @@ The following arguments are required:
 
 * `aws_key_info` - This field is a block and is documented below. This conflicts with `gcp_key_info`
 * `gcp_key_info` - This field is a block and is documented below. This conflicts with `aws_key_info`
-* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/)
+* `account_id` - Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
 * `use_cases` - *(since v0.3.4)* List of use cases for which this key will be used. *If you've used the resource before, please add `use_cases = ["MANAGED_SERVICES"]` to keep the previous behaviour.* Possible values are:
   * `MANAGED_SERVICES` - for encryption of the workspace objects (notebooks, secrets) that are stored in the control plane
   * `STORAGE` - for encryption of the DBFS Storage & Cluster EBS Volumes

diff --git a/docs/resources/mws_log_delivery.md b/docs/resources/mws_log_delivery.md
@@ -15,7 +15,7 @@ End-to-end example of usage and audit log delivery:
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 resource "aws_s3_bucket" "logdelivery" {
@@ -130,7 +130,7 @@ resource "databricks_mws_log_delivery" "audit_logs" {
 
 ## Argument reference
 
-* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/).
+* `account_id` - Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/).
 * `config_name` - The optional human-readable name of the log delivery configuration. Defaults to empty.
 * `log_type` - The type of log delivery. `BILLABLE_USAGE` and `AUDIT_LOGS` are supported.
 * `output_format` - The file type of log delivery. Currently `CSV` (for `BILLABLE_USAGE`) and `JSON` (for `AUDIT_LOGS`) are supported.

diff --git a/docs/resources/mws_networks.md b/docs/resources/mws_networks.md
@@ -39,7 +39,7 @@ Please follow this [complete runnable example](../guides/gcp-workspace.md) with
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 data "aws_availability_zones" "available" {}
@@ -104,7 +104,7 @@ resource "databricks_mws_networks" "this" {
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 resource "google_compute_network" "dbx_private_vpc" {
@@ -190,7 +190,7 @@ Due to specifics of platform APIs, changing any attribute of network configurati
 
 The following arguments are available:
 
-* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/)
+* `account_id` - Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
 * `network_name` - name under which this network is registered
 * `vpc_id` - (AWS only) [aws_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc) id
 * `subnet_ids` - (AWS only) ids of [aws_subnet](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet)

diff --git a/docs/resources/mws_permission_assignment.md b/docs/resources/mws_permission_assignment.md
@@ -3,7 +3,7 @@ subcategory: "Security"
 ---
 # databricks_mws_permission_assignment Resource
 
-These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have `account_id` attribute configured. Account Id that could be found in the bottom left corner of Accounts Console
+These resources are invoked in the account context. Permission Assignment Account API endpoints are restricted to account admins. Provider must have `account_id` attribute configured. Account Id that could be found in the top right corner of Accounts Console
 
 ## Example Usage
 

diff --git a/docs/resources/mws_storage_configurations.md b/docs/resources/mws_storage_configurations.md
@@ -15,7 +15,7 @@ Please follow this [complete runnable example](../guides/aws-workspace.md) with
 
 ```hcl
 variable "databricks_account_id" {
-  description = "Account Id that could be found in the bottom left corner of https://accounts.cloud.databricks.com/"
+  description = "Account Id that could be found in the top right corner of https://accounts.cloud.databricks.com/"
 }
 
 resource "aws_s3_bucket" "root_storage_bucket" {
@@ -43,7 +43,7 @@ resource "databricks_mws_storage_configurations" "this" {
 The following arguments are required:
 
 * `bucket_name` - name of AWS S3 bucket
-* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/)
+* `account_id` - Account Id that could be found in the top right corner of [Accounts Console](https://accounts.cloud.databricks.com/)
 * `storage_configuration_name` - name under which this storage configuration is stored
 
 ## Attribute Reference