Skip to content

Commit 4709988

Browse files
nfxnfx
authored
Explicitly include SCIM attributes for databricks_group, databricks_user, databricks_user_role, databricks_group_role, databricks_group_member, databricks_group_instance_profile, databricks_user data, databricks_group data, and databricks_entitlement resources (#2200)
Reduce the possibility of platform errors
1 parent e0e641b commit 4709988

28 files changed

+184
-94
lines changed

aws/resource_group_instance_profile.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ func ResourceGroupInstanceProfile() *schema.Resource {
1919
return m
2020
}).BindResource(common.BindResource{
2121
ReadContext: func(ctx context.Context, groupID, roleARN string, c *common.DatabricksClient) error {
22-
group, err := scim.NewGroupsAPI(ctx, c).Read(groupID)
22+
group, err := scim.NewGroupsAPI(ctx, c).Read(groupID, "roles")
2323
hasRole := scim.ComplexValues(group.Roles).HasValue(roleARN)
2424
if err == nil && !hasRole {
2525
return apierr.NotFound("Group has no instance profile")

aws/resource_group_instance_profile_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ func TestResourceGroupInstanceProfileCreate(t *testing.T) {
2626
},
2727
{
2828
Method: "GET",
29-
Resource: "/api/2.0/preview/scim/v2/Groups/abc",
29+
Resource: "/api/2.0/preview/scim/v2/Groups/abc?attributes=roles",
3030
Response: scim.Group{
3131
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:Group"},
3232
DisplayName: "Data Scientists",
@@ -125,7 +125,7 @@ func TestResourceGroupInstanceProfileRead(t *testing.T) {
125125
Fixtures: []qa.HTTPFixture{
126126
{
127127
Method: "GET",
128-
Resource: "/api/2.0/preview/scim/v2/Groups/abc",
128+
Resource: "/api/2.0/preview/scim/v2/Groups/abc?attributes=roles",
129129
Response: scim.Group{
130130
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:Group"},
131131
DisplayName: "Data Scientists",
@@ -151,7 +151,7 @@ func TestResourceGroupInstanceProfileRead_NotFound(t *testing.T) {
151151
Fixtures: []qa.HTTPFixture{
152152
{
153153
Method: "GET",
154-
Resource: "/api/2.0/preview/scim/v2/Groups/abc",
154+
Resource: "/api/2.0/preview/scim/v2/Groups/abc?attributes=roles",
155155
Response: apierr.APIErrorBody{
156156
ErrorCode: "NOT_FOUND",
157157
Message: "Item not found",
@@ -171,7 +171,7 @@ func TestResourceGroupInstanceProfileRead_NotFound_Role(t *testing.T) {
171171
Fixtures: []qa.HTTPFixture{
172172
{
173173
Method: "GET",
174-
Resource: "/api/2.0/preview/scim/v2/Groups/abc",
174+
Resource: "/api/2.0/preview/scim/v2/Groups/abc?attributes=roles",
175175
Response: scim.Group{
176176
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:Group"},
177177
DisplayName: "Data Scientists",
@@ -191,7 +191,7 @@ func TestResourceGroupInstanceProfileRead_Error(t *testing.T) {
191191
Fixtures: []qa.HTTPFixture{
192192
{
193193
Method: "GET",
194-
Resource: "/api/2.0/preview/scim/v2/Groups/abc",
194+
Resource: "/api/2.0/preview/scim/v2/Groups/abc?attributes=roles",
195195
Response: apierr.APIErrorBody{
196196
ErrorCode: "INVALID_REQUEST",
197197
Message: "Internal error happened",

aws/resource_user_instance_profile.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ func ResourceUserInstanceProfile() *schema.Resource {
2222
return scim.NewUsersAPI(ctx, c).Patch(userID, scim.PatchRequest("add", "roles", roleARN))
2323
},
2424
ReadContext: func(ctx context.Context, userID, roleARN string, c *common.DatabricksClient) error {
25-
user, err := scim.NewUsersAPI(ctx, c).Read(userID)
25+
user, err := scim.NewUsersAPI(ctx, c).Read(userID, "roles")
2626
hasRole := scim.ComplexValues(user.Roles).HasValue(roleARN)
2727
if err == nil && !hasRole {
2828
return apierr.NotFound("User has no role")

aws/resource_user_instance_profile_test.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@ func TestResourceUserInstanceProfileCreate(t *testing.T) {
2626
},
2727
{
2828
Method: "GET",
29-
Resource: "/api/2.0/preview/scim/v2/Users/abc",
29+
Resource: "/api/2.0/preview/scim/v2/Users/abc?attributes=roles",
3030
Response: scim.User{
3131
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:User"},
3232
DisplayName: "Data Scientists",
@@ -91,7 +91,7 @@ func TestResourceUserInstanceProfileRead(t *testing.T) {
9191
Fixtures: []qa.HTTPFixture{
9292
{
9393
Method: "GET",
94-
Resource: "/api/2.0/preview/scim/v2/Users/abc",
94+
Resource: "/api/2.0/preview/scim/v2/Users/abc?attributes=roles",
9595
Response: scim.User{
9696
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:User"},
9797
DisplayName: "Data Scientists",
@@ -117,7 +117,7 @@ func TestResourceUserInstanceProfileRead_NoRole(t *testing.T) {
117117
Fixtures: []qa.HTTPFixture{
118118
{
119119
Method: "GET",
120-
Resource: "/api/2.0/preview/scim/v2/Users/abc",
120+
Resource: "/api/2.0/preview/scim/v2/Users/abc?attributes=roles",
121121
Response: scim.User{
122122
Schemas: []scim.URN{"urn:ietf:params:scim:schemas:core:2.0:User"},
123123
DisplayName: "Data Scientists",
@@ -137,7 +137,7 @@ func TestResourceUserInstanceProfileRead_NotFound(t *testing.T) {
137137
Fixtures: []qa.HTTPFixture{
138138
{
139139
Method: "GET",
140-
Resource: "/api/2.0/preview/scim/v2/Users/abc",
140+
Resource: "/api/2.0/preview/scim/v2/Users/abc?attributes=roles",
141141
Response: apierr.APIErrorBody{
142142
ErrorCode: "NOT_FOUND",
143143
Message: "Item not found",
@@ -157,7 +157,7 @@ func TestResourceUserInstanceProfileRead_Error(t *testing.T) {
157157
Fixtures: []qa.HTTPFixture{
158158
{
159159
Method: "GET",
160-
Resource: "/api/2.0/preview/scim/v2/Users/abc",
160+
Resource: "/api/2.0/preview/scim/v2/Users/abc?attributes=roles",
161161
Response: apierr.APIErrorBody{
162162
ErrorCode: "INVALID_REQUEST",
163163
Message: "Internal error happened",

aws/resource_user_role.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ func ResourceUserRole() *schema.Resource {
1616
return scim.NewUsersAPI(ctx, c).Patch(userID, scim.PatchRequest("add", "roles", role))
1717
},
1818
ReadContext: func(ctx context.Context, userID, roleARN string, c *common.DatabricksClient) error {
19-
user, err := scim.NewUsersAPI(ctx, c).Read(userID)
19+
user, err := scim.NewUsersAPI(ctx, c).Read(userID, "roles")
2020
hasRole := scim.ComplexValues(user.Roles).HasValue(roleARN)
2121
if err == nil && !hasRole {
2222
return apierr.NotFound("User has no role")

aws/resource_user_role_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ func TestUserRoleCreate_AndGetResourceDrift(t *testing.T) {
2323
},
2424
{
2525
Method: "GET",
26-
Resource: "/api/2.0/preview/scim/v2/Users/a",
26+
Resource: "/api/2.0/preview/scim/v2/Users/a?attributes=roles",
2727
Response: scim.User{},
2828
},
2929
},

exporter/exporter_test.go

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -357,7 +357,7 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
357357
},
358358
{
359359
Method: "GET",
360-
Resource: "/api/2.0/preview/scim/v2/Groups/a",
360+
Resource: "/api/2.0/preview/scim/v2/Groups/a?attributes=members",
361361
Response: scim.Group{ID: "a", DisplayName: "admins",
362362
Members: []scim.ComplexValue{
363363
{Display: "[email protected]", Value: "123", Ref: "Users/123"},
@@ -369,12 +369,24 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
369369
},
370370
{
371371
Method: "GET",
372-
Resource: "/api/2.0/preview/scim/v2/Groups/b",
372+
Resource: "/api/2.0/preview/scim/v2/Groups/a?attributes=displayName,externalId,entitlements",
373+
Response: scim.Group{ID: "a", DisplayName: "admins",
374+
Members: []scim.ComplexValue{
375+
{Display: "[email protected]", Value: "123", Ref: "Users/123"},
376+
{Display: "Test group", Value: "f", Ref: "Groups/f"},
377+
{Display: "spn", Value: "spn", Ref: "ServicePrincipals/spn"},
378+
},
379+
},
380+
ReuseRequest: true,
381+
},
382+
{
383+
Method: "GET",
384+
Resource: "/api/2.0/preview/scim/v2/Groups/b?attributes=displayName,externalId,entitlements",
373385
Response: scim.Group{ID: "b", DisplayName: "users"},
374386
},
375387
{
376388
Method: "GET",
377-
Resource: "/api/2.0/preview/scim/v2/Groups/c",
389+
Resource: "/api/2.0/preview/scim/v2/Groups/c?attributes=displayName,externalId,entitlements",
378390
Response: scim.Group{ID: "c", DisplayName: "test",
379391
Groups: []scim.ComplexValue{
380392
{Display: "admins", Value: "a", Ref: "Groups/a", Type: "direct"},
@@ -383,13 +395,13 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
383395
},
384396
{
385397
Method: "GET",
386-
Resource: "/api/2.0/preview/scim/v2/Groups/f",
398+
Resource: "/api/2.0/preview/scim/v2/Groups/f?attributes=displayName,externalId,entitlements",
387399
Response: scim.Group{ID: "f", DisplayName: "nested"},
388400
},
389401
// TODO: add groups to the output
390402
{
391403
Method: "GET",
392-
Resource: "/api/2.0/preview/scim/v2/Users/123",
404+
Resource: "/api/2.0/preview/scim/v2/Users/123?attributes=userName,displayName,active,externalID,entitlements",
393405
Response: scim.User{ID: "123", DisplayName: "[email protected]", UserName: "[email protected]"},
394406
},
395407
{
@@ -1614,7 +1626,7 @@ func TestImportingDLTPipelines(t *testing.T) {
16141626
},
16151627
{
16161628
Method: "GET",
1617-
Resource: "/api/2.0/preview/scim/v2/Users/123",
1629+
Resource: "/api/2.0/preview/scim/v2/Users/123?attributes=userName,displayName,active,externalID,entitlements",
16181630
Response: scim.User{ID: "123", DisplayName: "[email protected]", UserName: "[email protected]"},
16191631
},
16201632
{

internal/acceptance/data_user_test.go

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
package acceptance
2+
3+
import (
4+
"testing"
5+
6+
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
7+
"github.com/stretchr/testify/assert"
8+
"github.com/stretchr/testify/require"
9+
)
10+
11+
const userDataSourceTemplate = `
12+
resource "databricks_user" "this" {
13+
user_name = "tf-{var.RANDOM}@example.com"
14+
}
15+
data "databricks_user" "this" {
16+
user_name = databricks_user.this.user_name
17+
}`
18+
19+
func checkUserDataSourcePopulated(t *testing.T) func(s *terraform.State) error {
20+
return func(s *terraform.State) error {
21+
r, ok := s.Modules[0].Resources["data.databricks_user.this"]
22+
require.True(t, ok, "data.databricks_user.this has to be there")
23+
assert.Equal(t, s.Modules[0].Resources["databricks_user.this"].Primary.ID, r.Primary.ID)
24+
return nil
25+
}
26+
}
27+
28+
func TestMwsAccUserData(t *testing.T) {
29+
accountLevel(t, step{
30+
Template: userDataSourceTemplate,
31+
Check: checkUserDataSourcePopulated(t),
32+
})
33+
}
34+
35+
func TestAccUserData(t *testing.T) {
36+
workspaceLevel(t, step{
37+
Template: userDataSourceTemplate,
38+
Check: checkUserDataSourcePopulated(t),
39+
})
40+
}

internal/acceptance/group_member_test.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,7 +32,7 @@ func TestMwsAccGroupMemberResource(t *testing.T) {
3232
accountLevel(t, step{
3333
Template: groupMemberTest,
3434
Callback: func(ctx context.Context, client *common.DatabricksClient, id string) error {
35-
g, err := scim.NewGroupsAPI(ctx, client).Read(id)
35+
g, err := scim.NewGroupsAPI(ctx, client).Read(id, "members")
3636
if err != nil {
3737
return err
3838
}
@@ -46,7 +46,7 @@ func TestAccGroupMemberResource(t *testing.T) {
4646
workspaceLevel(t, step{
4747
Template: groupMemberTest,
4848
Callback: func(ctx context.Context, client *common.DatabricksClient, id string) error {
49-
g, err := scim.NewGroupsAPI(ctx, client).Read(id)
49+
g, err := scim.NewGroupsAPI(ctx, client).Read(id, "members")
5050
if err != nil {
5151
return err
5252
}

internal/acceptance/group_role_test.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
package acceptance
2+
3+
import (
4+
"testing"
5+
)
6+
7+
func TestAccGroupRole(t *testing.T) {
8+
workspaceLevel(t, step{
9+
Template: `
10+
resource "databricks_group" "this" {
11+
display_name = "tf-{var.RANDOM}"
12+
}
13+
resource "databricks_group_role" "this" {
14+
group_id = databricks_group.this.id
15+
role = "arn:aws:iam::999999999999:role/foo"
16+
}`,
17+
})
18+
}

0 commit comments

Comments
 (0)