Added databricks_share resource, databricks_shares data source, and databricks_share data source (#1664)

Author: nkvuong

catalog/acceptance/share_test.go

@@ -0,0 +1,77 @@
+package acceptance
+
+import (
+	"testing"
+
+	"github.com/databricks/terraform-provider-databricks/internal/acceptance"
+	"github.com/databricks/terraform-provider-databricks/qa"
+)
+
+func TestUcAccCreateShare(t *testing.T) {
+	qa.RequireCloudEnv(t, "ucws")
+	acceptance.Test(t, []acceptance.Step{
+		{
+			Template: `
+			resource "databricks_catalog" "sandbox" {
+				name         = "sandbox{var.RANDOM}"
+				comment      = "this catalog is managed by terraform"
+				properties = {
+					purpose = "testing"
+				}
+			}
+			resource "databricks_schema" "things" {
+				catalog_name = databricks_catalog.sandbox.id
+				name         = "things{var.RANDOM}"
+				comment      = "this database is managed by terraform"
+				properties = {
+					kind = "various"
+				}
+			}
+			
+			resource "databricks_table" "mytable" {
+				catalog_name = databricks_catalog.sandbox.id
+				schema_name = databricks_schema.things.name
+				name = "bar"
+				table_type = "MANAGED"
+				data_source_format = "DELTA"
+				
+				column {
+					name      = "id"
+					position  = 0
+					type_name = "INT"
+					type_text = "int"
+					type_json = "{\"name\":\"id\",\"type\":\"integer\",\"nullable\":true,\"metadata\":{}}"
+				}
+			}
+			
+			resource "databricks_share" "myshare" {
+				name = "{var.RANDOM}-terraform-delta-share"
+				object {
+					name = databricks_table.mytable.id
+					comment = "c"
+					data_object_type = "TABLE"
+				}				
+			}
+
+			resource "databricks_recipient" "db2open" {
+			  name = "{var.RANDOM}-terraform-db2open-recipient"
+			  comment = "made by terraform"
+			  authentication_type = "TOKEN"
+			  sharing_code = "{var.RANDOM}"
+			  ip_access_list {
+				// using private ip for acc testing
+				allowed_ip_addresses = ["10.0.0.0/16"]
+			  }
+			}
+
+			resource "databricks_grants" "some" {
+				share = databricks_share.myshare.name
+				grant {
+					principal  = databricks_recipient.db2open.name
+					privileges = ["SELECT"]
+				}
+			}			
+			`,
+		},
+	})
+}

catalog/data_share.go

@@ -0,0 +1,29 @@
+package catalog
+
+import (
+	"context"
+
+	"github.com/databricks/terraform-provider-databricks/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceShare() *schema.Resource {
+	type ShareDetail struct {
+		Name      string             `json:"name,omitempty" tf:"computed"`
+		Objects   []SharedDataObject `json:"objects,omitempty" tf:"computed,slice_set,alias:object"`
+		CreatedAt int64              `json:"created_at,omitempty" tf:"computed"`
+		CreatedBy string             `json:"created_by,omitempty" tf:"computed"`
+	}
+	return common.DataResource(ShareDetail{}, func(ctx context.Context, e any, c *common.DatabricksClient) error {
+		data := e.(*ShareDetail)
+		sharesAPI := NewSharesAPI(ctx, c)
+		share, err := sharesAPI.get(data.Name)
+		if err != nil {
+			return err
+		}
+		data.Objects = share.Objects
+		data.CreatedAt = share.CreatedAt
+		data.CreatedBy = share.CreatedBy
+		return nil
+	})
+}

catalog/data_share_test.go

@@ -0,0 +1,65 @@
+package catalog
+
+import (
+	"testing"
+
+	"github.com/databricks/terraform-provider-databricks/qa"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestShareData(t *testing.T) {
+	d, err := qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/a?include_shared_data=true",
+				Response: ShareInfo{
+					Name: "a",
+					Objects: []SharedDataObject{
+						{
+							Name:           "a",
+							DataObjectType: "TABLE",
+							Comment:        "c",
+							SharedAs:       "",
+							AddedAt:        0,
+							AddedBy:        "",
+						},
+					},
+					CreatedBy: "bob",
+					CreatedAt: 1921321,
+				},
+			},
+		},
+		Resource:    DataSourceShare(),
+		Read:        true,
+		NonWritable: true,
+		ID:          "_",
+		HCL: `
+		name = "a"
+		`,
+	}.Apply(t)
+	assert.NoError(t, err, err)
+	assert.Equal(t, "bob", d.Get("created_by"))
+	assert.Equal(t, 1921321, d.Get("created_at"))
+	assert.Equal(t,
+		map[string]interface{}{
+			"added_at":         0,
+			"added_by":         "",
+			"comment":          "c",
+			"data_object_type": "TABLE",
+			"name":             "a",
+			"shared_as":        "",
+		},
+		d.Get("object").(*schema.Set).List()[0])
+}
+
+func TestShareData_Error(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures:    qa.HTTPFailures,
+		Resource:    DataSourceShare(),
+		Read:        true,
+		NonWritable: true,
+		ID:          "_",
+	}.ExpectError(t, "I'm a teapot")
+}

catalog/data_shares.go

@@ -0,0 +1,26 @@
+package catalog
+
+import (
+	"context"
+
+	"github.com/databricks/terraform-provider-databricks/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DataSourceShares() *schema.Resource {
+	type sharesData struct {
+		Shares []string `json:"shares,omitempty" tf:"computed,slice_set"`
+	}
+	return common.DataResource(sharesData{}, func(ctx context.Context, e any, c *common.DatabricksClient) error {
+		data := e.(*sharesData)
+		sharesAPI := NewSharesAPI(ctx, c)
+		shares, err := sharesAPI.list()
+		if err != nil {
+			return err
+		}
+		for _, share := range shares.Shares {
+			data.Shares = append(data.Shares, share.Name)
+		}
+		return nil
+	})
+}

catalog/data_shares_test.go

@@ -0,0 +1,48 @@
+package catalog
+
+import (
+	"testing"
+
+	"github.com/databricks/terraform-provider-databricks/qa"
+)
+
+func TestSharesData(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares",
+				Response: Shares{
+					Shares: []ShareInfo{
+						{
+							Name: "a",
+							Objects: []SharedDataObject{
+								{
+									Name:           "a",
+									DataObjectType: "TABLE",
+									Comment:        "c",
+								},
+							},
+							CreatedAt: 0,
+							CreatedBy: "",
+						},
+					},
+				},
+			},
+		},
+		Resource:    DataSourceShares(),
+		Read:        true,
+		NonWritable: true,
+		ID:          "_",
+	}.ApplyNoError(t)
+}
+
+func TestSharesData_Error(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures:    qa.HTTPFailures,
+		Resource:    DataSourceShares(),
+		Read:        true,
+		NonWritable: true,
+		ID:          "_",
+	}.ExpectError(t, "I'm a teapot")
+}

catalog/resource_grants.go

@@ -97,13 +97,20 @@ func NewPermissionsAPI(ctx context.Context, m any) PermissionsAPI {
 	return PermissionsAPI{m.(*common.DatabricksClient), context.WithValue(ctx, common.Api, common.API_2_1)}
 }
 
+func getPermissionEndpoint(securable, name string) string {
+	if securable == "share" {
+		return fmt.Sprintf("/unity-catalog/shares/%s/permissions", name)
+	}
+	return fmt.Sprintf("/unity-catalog/permissions/%s/%s", securable, name)
+}
+
 func (a PermissionsAPI) getPermissions(securable, name string) (list PermissionsList, err error) {
-	err = a.client.Get(a.context, fmt.Sprintf("/unity-catalog/permissions/%s/%s", securable, name), nil, &list)
+	err = a.client.Get(a.context, getPermissionEndpoint(securable, name), nil, &list)
 	return
 }
 
 func (a PermissionsAPI) updatePermissions(securable, name string, diff permissionsDiff) error {
-	return a.client.Patch(a.context, fmt.Sprintf("/unity-catalog/permissions/%s/%s", securable, name), diff)
+	return a.client.Patch(a.context, getPermissionEndpoint(securable, name), diff)
 }
 
 // replacePermissions merges removal diff of existing permissions on the platform
@@ -237,6 +244,9 @@ var mapping = securableMapping{
 		"SELECT":         true,
 		"REFRESH":        true,
 	},
+	"share": {
+		"SELECT": true,
+	},
 }
 
 func setToStrings(set *schema.Set) (ss []string) {

catalog/resource_grants_test.go

@@ -240,3 +240,110 @@ func TestPermissionsList_Diff_LocalRemoteDiff(t *testing.T) {
 	assert.Equal(t, "a", diff.Changes[0].Add[0])
 	assert.Equal(t, "c", diff.Changes[0].Remove[0])
 }
+
+func TestShareGrantCreate(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{},
+				},
+			},
+			{
+				Method:   "PATCH",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				ExpectedRequest: permissionsDiff{
+					Changes: []permissionsChange{
+						{
+							Principal: "me",
+							Add:       []string{"SELECT"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"SELECT"},
+						},
+					},
+				},
+			},
+		},
+		Resource: ResourceGrants(),
+		Create:   true,
+		HCL: `
+		share = "myshare"
+
+		grant {
+			principal = "me"
+			privileges = ["SELECT"]
+		}`,
+	}.ApplyNoError(t)
+}
+
+func TestShareGrantUpdate(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "me",
+							Privileges: []string{"SELECT"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "PATCH",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				ExpectedRequest: permissionsDiff{
+					Changes: []permissionsChange{
+						{
+							Principal: "me",
+							Remove:    []string{"SELECT"},
+						},
+						{
+							Principal: "you",
+							Add:       []string{"SELECT"},
+						},
+					},
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.1/unity-catalog/shares/myshare/permissions",
+				Response: PermissionsList{
+					Assignments: []PrivilegeAssignment{
+						{
+							Principal:  "you",
+							Privileges: []string{"SELECT"},
+						},
+					},
+				},
+			},
+		},
+		Resource: ResourceGrants(),
+		Update:   true,
+		ID:       "share/myshare",
+		InstanceState: map[string]string{
+			"share": "myshare",
+		},
+		HCL: `
+		share = "myshare"
+
+		grant {
+			principal = "you"
+			privileges = ["SELECT"]
+		}`,
+	}.ApplyNoError(t)
+}