Exporter: Add support for databricks_mws_permission_assignment resource (#3562)

This resource could be exported only on account level

Author: alexott

docs/guides/experimental-exporter.md

@@ -62,7 +62,7 @@ Services are just logical groups of resources used for filtering and organizatio
 -> **Note**
   Please note that for services not marked with **listing**, we'll export resources only if they are referenced from other resources.
 
-* `access` - [databricks_permissions](../resources/permissions.md), [databricks_instance_profile](../resources/instance_profile.md) and [databricks_ip_access_list](../resources/ip_access_list.md).
+* `access` - [databricks_permissions](../resources/permissions.md), [databricks_instance_profile](../resources/instance_profile.md), [databricks_ip_access_list](../resources/ip_access_list.md), [databricks_mws_permission_assignment](../resources/mws_permission_assignment.md) and [databricks_access_control_rule_set](../resources/access_control_rule_set.md).
 * `compute` - **listing** [databricks_cluster](../resources/cluster.md).
 * `directories` - **listing** [databricks_directory](../resources/directory.md).
 * `dlt` - **listing** [databricks_pipeline](../resources/pipeline.md).
@@ -143,6 +143,7 @@ Exporter aims to generate HCL code for most of the resources within the Databric
 | [databricks_mlflow_model](../resources/mlflow_model.md) | No | No | No | No |
 | [databricks_mlflow_webhook](../resources/mlflow_webhook.md) | Yes | Yes | Yes | No |
 | [databricks_model_serving](../resources/model_serving) | Yes | Yes | Yes | No |
+| [databricks_mws_permission_assignment](../resources/mws_permission_assignment.md) | Yes | No | No | Yes |
 | [databricks_notebook](../resources/notebook.md) | Yes | Yes | Yes | No |
 | [databricks_obo_token](../resources/obo_token.md) | Not Applicable | No | No | No |
 | [databricks_permissions](../resources/permissions.md) | Yes | No | Yes | No |

exporter/importables.go

@@ -27,6 +27,7 @@ import (
 	"github.com/databricks/terraform-provider-databricks/clusters"
 	"github.com/databricks/terraform-provider-databricks/common"
 	"github.com/databricks/terraform-provider-databricks/jobs"
+	"github.com/databricks/terraform-provider-databricks/mws"
 	"github.com/databricks/terraform-provider-databricks/permissions"
 	"github.com/databricks/terraform-provider-databricks/pipelines"
 	"github.com/databricks/terraform-provider-databricks/repos"
@@ -2985,4 +2986,69 @@ var resourcesMap map[string]importable = map[string]importable{
 			{Path: "path", Resource: "databricks_volume", Match: "volume_path", MatchType: MatchLongestPrefix},
 		},
 	},
+	"databricks_mws_permission_assignment": {
+		AccountLevel: true,
+		Service:      "access",
+		List: func(ic *importContext) error {
+			workspaces, err := ic.accountClient.Workspaces.List(ic.Context)
+			if err != nil {
+				return err
+			}
+			for _, ws := range workspaces {
+				pas, err := ic.accountClient.WorkspaceAssignment.ListByWorkspaceId(ic.Context, ws.WorkspaceId)
+				if err != nil {
+					log.Printf("[ERROR] listing workspace permission assignments for workspace %d: %s", ws.WorkspaceId, err.Error())
+					continue
+				}
+				log.Printf("[DEBUG] Emitting permission assignments for workspace %d", ws.WorkspaceId)
+				for _, pa := range pas.PermissionAssignments {
+					perm := "unknown"
+					if len(pa.Permissions) > 0 {
+						perm = pa.Permissions[0].String()
+					}
+					nm := fmt.Sprintf("mws_pa_%d_%s_%s_%d", ws.WorkspaceId, pa.Principal.DisplayName,
+						perm, pa.Principal.PrincipalId)
+					// We  generate Data directly to avoid calling APIs
+					data := mws.ResourceMwsPermissionAssignment().ToResource().TestResourceData()
+					scm := ic.Resources["databricks_mws_permission_assignment"].Schema
+					data.MarkNewResource()
+					paId := fmt.Sprintf("%d|%d", ws.WorkspaceId, pa.Principal.PrincipalId)
+					data.SetId(paId)
+					common.StructToData(pa, scm, data)
+					data.Set("workspace_id", ws.WorkspaceId)
+					data.Set("principal_id", pa.Principal.PrincipalId)
+					ic.Emit(&resource{
+						Resource: "databricks_mws_permission_assignment",
+						ID:       paId,
+						Name:     nameNormalizationRegex.ReplaceAllString(nm, "_"),
+						Data:     data,
+					})
+					// Emit principals
+					strPrincipalId := fmt.Sprintf("%d", pa.Principal.PrincipalId)
+					if pa.Principal.ServicePrincipalName != "" {
+						ic.Emit(&resource{
+							Resource: "databricks_service_principal",
+							ID:       strPrincipalId,
+						})
+					} else if pa.Principal.UserName != "" {
+						ic.Emit(&resource{
+							Resource: "databricks_user",
+							ID:       strPrincipalId,
+						})
+					} else if pa.Principal.GroupName != "" {
+						ic.Emit(&resource{
+							Resource: "databricks_group",
+							ID:       strPrincipalId,
+						})
+					}
+				}
+			}
+			return nil
+		},
+		Depends: []reference{
+			{Resource: "databricks_service_principal", Path: "principal_id"},
+			{Resource: "databricks_user", Path: "principal_id"},
+			{Resource: "databricks_group", Path: "principal_id"},
+		},
+	},
 }