Fix databricks_mws_private_access_settings creation (#3439)

nkvuong · web-flow · commit 0b183af4e622 · 2024-04-15T08:59:13.000Z
* fix creation of `databricks_mws_private_access_settings`

* more fix

* doc

* remove dup
diff --git a/docs/resources/mws_private_access_settings.md b/docs/resources/mws_private_access_settings.md
@@ -29,7 +29,6 @@ The `databricks_mws_private_access_settings.pas.private_access_settings_id` can
 ```hcl
 resource "databricks_mws_workspaces" "this" {
   provider                   = databricks.mws
-  account_id                 = var.databricks_account_id
   aws_region                 = var.region
   workspace_name             = local.prefix
   credentials_id             = databricks_mws_credentials.this.credentials_id
@@ -48,7 +47,6 @@ resource "databricks_mws_workspaces" "this" {
 ```hcl
 resource "databricks_mws_workspaces" "this" {
   provider       = databricks.mws
-  account_id     = var.databricks_account_id
   workspace_name = "gcp-workspace"
   location       = var.subnet_region
   cloud_resource_container {
@@ -71,7 +69,6 @@ resource "databricks_mws_workspaces" "this" {
 
 The following arguments are available:
 
-* `account_id` - Account Id that could be found in the Accounts Console for [AWS](https://accounts.cloud.databricks.com/) or [GCP](https://accounts.gcp.databricks.com/)
 * `private_access_settings_name` - Name of Private Access Settings in Databricks Account
 * `public_access_enabled` (Boolean, Optional, `false` by default on AWS, `true` by default on GCP) - If `true`, the [databricks_mws_workspaces](mws_workspaces.md) can be accessed over the [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) as well as over the public network. In such a case, you could also configure an [databricks_ip_access_list](ip_access_list.md) for the workspace, to restrict the source networks that could be used to access it over the public network. If `false`, the workspace can be accessed only over VPC endpoints, and not over the public network. Once explicitly set, this field becomes mandatory.
 * `region` - Region of AWS VPC or the Google Cloud VPC network
diff --git a/mws/resource_mws_private_access_settings.go b/mws/resource_mws_private_access_settings.go
@@ -12,36 +12,37 @@ import (
 )
 
 func ResourceMwsPrivateAccessSettings() common.Resource {
-	s := common.StructToSchema(provisioning.PrivateAccessSettings{}, func(s map[string]*schema.Schema) map[string]*schema.Schema {
-		// nolint
-		s["private_access_settings_name"].ValidateFunc = validation.StringLenBetween(4, 256)
-		common.SetRequired(s["private_access_settings_name"])
-		common.SetRequired(s["region"])
+	pasSchema := common.StructToSchema(provisioning.PrivateAccessSettings{}, func(m map[string]*schema.Schema) map[string]*schema.Schema {
+		common.CustomizeSchemaPath(m, "private_access_settings_name").SetValidateFunc(validation.StringLenBetween(4, 256))
+		common.CustomizeSchemaPath(m, "private_access_settings_name").SetRequired()
 
-		s["private_access_level"].ValidateFunc = validation.StringInSlice([]string{"ACCOUNT", "ENDPOINT"}, true)
-		common.SetDefault(s["private_access_level"], "ACCOUNT")
+		common.CustomizeSchemaPath(m, "region").SetRequired()
 
-		s["private_access_settings_id"].Computed = true
+		common.CustomizeSchemaPath(m, "private_access_settings_id").SetComputed()
 
-		common.AddAccountIdField(s)
-		return s
+		common.CustomizeSchemaPath(m, "private_access_level").SetValidateFunc(validation.StringInSlice([]string{"ACCOUNT", "ENDPOINT"}, true))
+		common.CustomizeSchemaPath(m, "private_access_level").SetDefault("ACCOUNT")
+
+		common.AddAccountIdField(m)
+		return m
 	})
 	p := common.NewPairSeparatedID("account_id", "private_access_settings_id", "/")
 	return common.Resource{
-		Schema: s,
+		Schema: pasSchema,
 		Create: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
 			a, err := c.AccountClientWithAccountIdFromConfig(d)
 			if err != nil {
 				return err
 			}
 			var pas provisioning.UpsertPrivateAccessSettingsRequest
-			common.DataToStructPointer(d, s, &pas)
+			common.DataToStructPointer(d, pasSchema, &pas)
 			common.SetForceSendFields(&pas, d, []string{"public_access_enabled"})
 			res, err := a.PrivateAccess.Create(ctx, pas)
 			if err != nil {
 				return err
 			}
 			d.Set("private_access_settings_id", res.PrivateAccessSettingsId)
+			d.Set("account_id", res.AccountId)
 			p.Pack(d)
 			return nil
 		},
@@ -54,15 +55,15 @@ func ResourceMwsPrivateAccessSettings() common.Resource {
 			if err != nil {
 				return err
 			}
-			return common.StructToData(pas, s, d)
+			return common.StructToData(pas, pasSchema, d)
 		},
 		Update: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
 			a, pasID, err := c.AccountClientWithAccountIdFromPair(d, p)
 			if err != nil {
 				return err
 			}
 			var pas provisioning.UpsertPrivateAccessSettingsRequest
-			common.DataToStructPointer(d, s, &pas)
+			common.DataToStructPointer(d, pasSchema, &pas)
 			common.SetForceSendFields(&pas, d, []string{"public_access_enabled"})
 			pas.PrivateAccessSettingsId = pasID
 			return a.PrivateAccess.Replace(ctx, pas)
diff --git a/mws/resource_mws_private_access_settings_test.go b/mws/resource_mws_private_access_settings_test.go
@@ -24,6 +24,7 @@ func TestResourcePASCreate(t *testing.T) {
 				PrivateAccessLevel:        "ACCOUNT",
 			}).Return(&provisioning.PrivateAccessSettings{
 				PrivateAccessSettingsId: "pas_id",
+				AccountId:               "abc",
 			}, nil)
 			e.GetByPrivateAccessSettingsId(mock.Anything, "pas_id").Return(&provisioning.PrivateAccessSettings{
 				PrivateAccessSettingsId:   "pas_id",
@@ -43,6 +44,36 @@ func TestResourcePASCreate(t *testing.T) {
 	assert.Equal(t, "abc/pas_id", d.Id())
 }
 
+func TestResourcePASCreateWithoutAccountId(t *testing.T) {
+	d, err := qa.ResourceFixture{
+		MockAccountClientFunc: func(a *mocks.MockAccountClient) {
+			e := a.GetMockPrivateAccessAPI().EXPECT()
+			e.Create(mock.Anything, provisioning.UpsertPrivateAccessSettingsRequest{
+				Region:                    "ar",
+				PrivateAccessSettingsName: "pas_name",
+				PrivateAccessLevel:        "ACCOUNT",
+			}).Return(&provisioning.PrivateAccessSettings{
+				PrivateAccessSettingsId: "pas_id",
+				AccountId:               "abc",
+			}, nil)
+			e.GetByPrivateAccessSettingsId(mock.Anything, "pas_id").Return(&provisioning.PrivateAccessSettings{
+				PrivateAccessSettingsId:   "pas_id",
+				Region:                    "ar",
+				PrivateAccessSettingsName: "pas_name",
+			}, nil)
+		},
+		Resource:  ResourceMwsPrivateAccessSettings(),
+		AccountID: "abc",
+		HCL: `
+		private_access_settings_name = "pas_name"
+		region = "ar"
+		`,
+		Create: true,
+	}.Apply(t)
+	assert.NoError(t, err)
+	assert.Equal(t, "abc/pas_id", d.Id())
+}
+
 func TestResourcePASCreate_PublicAccessDisabled(t *testing.T) {
 	d, err := qa.ResourceFixture{
 		MockAccountClientFunc: func(a *mocks.MockAccountClient) {
@@ -55,6 +86,7 @@ func TestResourcePASCreate_PublicAccessDisabled(t *testing.T) {
 				ForceSendFields:           []string{"PublicAccessEnabled"},
 			}).Return(&provisioning.PrivateAccessSettings{
 				PrivateAccessSettingsId: "pas_id",
+				AccountId:               "abc",
 			}, nil)
 			e.GetByPrivateAccessSettingsId(mock.Anything, "pas_id").Return(&provisioning.PrivateAccessSettings{
 				PrivateAccessSettingsId:   "pas_id",
@@ -63,7 +95,8 @@ func TestResourcePASCreate_PublicAccessDisabled(t *testing.T) {
 				ForceSendFields:           []string{"PublicAccessEnabled"},
 			}, nil)
 		},
-		Resource: ResourceMwsPrivateAccessSettings(),
+		Resource:  ResourceMwsPrivateAccessSettings(),
+		AccountID: "abc",
 		HCL: `
 		account_id = "abc"
 		private_access_settings_name = "pas_name"
