databricks
diff --git a/‎docs/resources/service_principal.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/resources/service_principal.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎docs/resources/user.md‎
Lines changed: 2 additions & 0 deletions b/‎docs/resources/user.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎internal/acceptance/service_principal_test.go‎
Lines changed: 78 additions & 0 deletions b/‎internal/acceptance/service_principal_test.go‎
Lines changed: 78 additions & 0 deletions
diff --git a/‎internal/acceptance/user_test.go‎
Lines changed: 62 additions & 0 deletions b/‎internal/acceptance/user_test.go‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎scim/resource_service_principal.go‎
Lines changed: 31 additions & 1 deletion b/‎scim/resource_service_principal.go‎
Lines changed: 31 additions & 1 deletion
@@ -96,6 +96,8 @@ The following arguments are available:
 * `workspace_access` - (Optional) This is a field to allow the group to have access to Databricks Workspace.
 * `active` - (Optional) Either service principal is active or not. True by default, but can be set to false in case of service principal deactivation with preserving service principal assets.
 * `force` - (Optional) Ignore `cannot create service principal: Service principal with application ID X already exists` errors and implicitly import the specified service principal into Terraform state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+* `force_delete_repos` - (Optional) This flag determines whether the service principal's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default.
+* `force_delete_home_dir` - (Optional) This flag determines whether the service principal's home directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default. 
 
 ## Attribute Reference
 
 
@@ -93,6 +93,8 @@ The following arguments are available:
 * `databricks_sql_access` - (Optional) This is a field to allow the group to have access to [Databricks SQL](https://databricks.com/product/databricks-sql) feature in User Interface and through [databricks_sql_endpoint](sql_endpoint.md).
 * `active` - (Optional) Either user is active or not. True by default, but can be set to false in case of user deactivation with preserving user assets.
 * `force` - (Optional) Ignore `cannot create user: User with username X already exists` errors and implicitly import the specific user into Terraform state, enforcing entitlements defined in the instance of resource. _This functionality is experimental_ and is designed to simplify corner cases, like Azure Active Directory synchronisation.
+* `force_delete_repos` - (Optional) This flag determines whether the user's repo directory is deleted when the user is deleted. It will have no impact when in the accounts SCIM API. False by default. 
+* `force_delete_home_dir` - (Optional) This flag determines whether the user's home directory is deleted when the user is deleted. It will have not impact when in the accounts SCIM API. False by default. 
 
 ## Attribute Reference
 
 
@@ -1,7 +1,14 @@
 package acceptance
 
 import (
+	"context"
+	"fmt"
+	"os"
 	"testing"
+
+	"github.com/databricks/databricks-sdk-go"
+	"github.com/databricks/databricks-sdk-go/apierr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 )
 
 const azureSpn = `resource "databricks_service_principal" "this" {
@@ -14,6 +21,77 @@ const awsSpn = `resource "databricks_service_principal" "this" {
 	display_name = "SPN {var.RANDOM}"
 }`
 
+func TestAccServicePrincipalHomeDeleteSuccess(t *testing.T) {
+	GetEnvOrSkipTest(t, "ARM_CLIENT_ID")
+	workspaceLevel(t, step{
+		Template: `
+			resource "databricks_service_principal" "a" {
+				application_id = "{var.RANDOM_UUID}"
+				force_delete_home_dir = true
+			}`,
+		Check: func(s *terraform.State) error {
+			appId := s.RootModule().Resources["databricks_service_principal.a"].Primary.Attributes["application_id"]
+			os.Setenv("application_id_a", appId)
+			return nil
+		},
+	}, step{
+		Template: `
+			resource "databricks_service_principal" "b" {
+				application_id = "{var.RANDOM_UUID}"
+			}
+			`,
+		Check: func(s *terraform.State) error {
+			w, err := databricks.NewWorkspaceClient()
+			if err != nil {
+				return err
+			}
+			ctx := context.Background()
+			_, err = w.Workspace.GetStatusByPath(ctx, fmt.Sprintf("/Users/%v", os.Getenv("application_id_a")))
+			os.Remove("application_id_a")
+			if err != nil {
+				if apierr.IsMissing(err) {
+					return nil
+				}
+				return err
+			}
+			return nil
+		},
+	})
+}
+
+func TestAccServicePrinicpalHomeDeleteNotDeleted(t *testing.T) {
+	GetEnvOrSkipTest(t, "ARM_CLIENT_ID")
+	workspaceLevel(t, step{
+		Template: `
+			resource "databricks_service_principal" "a" {
+				application_id = "{var.RANDOM_UUID}"
+				force_delete_home_dir = false 
+			}`,
+		Check: func(s *terraform.State) error {
+			appId := s.RootModule().Resources["databricks_service_principal.a"].Primary.Attributes["application_id"]
+			os.Setenv("application_id_a", appId)
+			return nil
+		},
+	}, step{
+		Template: `
+			resource "databricks_service_principal" "b" {
+				application_id = "{var.RANDOM_UUID}"
+			}
+			`,
+		Check: func(s *terraform.State) error {
+			w, err := databricks.NewWorkspaceClient()
+			if err != nil {
+				return err
+			}
+			ctx := context.Background()
+			appId := os.Getenv("application_id_a")
+			_, err = w.Workspace.GetStatusByPath(ctx, fmt.Sprintf("/Users/%v", appId))
+			os.Remove("application_id_a")
+			return err
+		},
+	})
+}
+
 func TestMwsAccServicePrincipalResourceOnAzure(t *testing.T) {
 	GetEnvOrSkipTest(t, "ARM_CLIENT_ID")
 	accountLevel(t, step{
 
@@ -2,6 +2,8 @@ package acceptance
 
 import (
 	"context"
+	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/databricks/databricks-sdk-go"
@@ -44,6 +46,66 @@ func TestAccForceUserImport(t *testing.T) {
 	})
 }
 
+func TestAccUserHomeDelete(t *testing.T) {
+	username := qa.RandomEmail()
+	workspaceLevel(t, step{
+		Template: `
+		resource "databricks_user" "first" {
+			user_name = "` + username + `"
+			force_delete_home_dir = true
+		}`,
+		Check: func(s *terraform.State) error {
+			return nil
+		},
+	}, step{
+		Template: `
+		resource "databricks_user" "second" {
+			user_name = "{var.RANDOM}@example.com"
+		}`,
+		Check: func(s *terraform.State) error {
+			w, err := databricks.NewWorkspaceClient()
+			if err != nil {
+				return err
+			}
+			ctx := context.Background()
+			_, err = w.Workspace.GetStatusByPath(ctx, fmt.Sprintf("/Users/%v", username))
+			if err != nil {
+				targetErr := fmt.Sprintf("Path (/Users/%v) doesn't exist", username)
+				if strings.Contains(err.Error(), targetErr) {
+					return nil
+				}
+				return err
+			}
+			return nil
+		},
+	})
+}
+func TestAccUserHomeDeleteNotDeleted(t *testing.T) {
+	username := qa.RandomEmail()
+	workspaceLevel(t, step{
+		Template: `
+			resource "databricks_user" "a" {
+				user_name = "` + username + `"
+			}`,
+		Check: func(s *terraform.State) error {
+			return nil
+		},
+	}, step{
+		Template: `
+			resource "databricks_user" "b" {
+				user_name = "{var.RANDOM}@example.com"
+			}`,
+		Check: func(s *terraform.State) error {
+			w, err := databricks.NewWorkspaceClient()
+			if err != nil {
+				return err
+			}
+			ctx := context.Background()
+			_, err = w.Workspace.GetStatusByPath(ctx, fmt.Sprintf("/Users/%v", username))
+			return err
+		},
+	})
+}
 func TestAccUserResource(t *testing.T) {
 	differentUsers := `
 	resource "databricks_user" "first" {
 
@@ -9,6 +9,7 @@ import (
 	"github.com/databricks/terraform-provider-databricks/common"
 	"golang.org/x/exp/slices"
 
+	"github.com/databricks/terraform-provider-databricks/workspace"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 )
 
@@ -109,6 +110,14 @@ func ResourceServicePrincipal() *schema.Resource {
 				Optional: true,
 				Computed: true,
 			}
+			m["force_delete_repos"] = &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+			}
+			m["force_delete_home_dir"] = &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+			}
 			return m
 		})
 	spFromData := func(d *schema.ResourceData) User {
@@ -161,7 +170,28 @@ func ResourceServicePrincipal() *schema.Resource {
 			})
 		},
 		Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
-			return NewServicePrincipalsAPI(ctx, c).Delete(d.Id())
+			spAPI := NewServicePrincipalsAPI(ctx, c)
+			appId := d.Get("application_id").(string)
+			err := spAPI.Delete(d.Id())
+			if err != nil {
+				return err
+			}
+			if c.Config.IsAccountClient() && c.Config.AccountID != "" {
+				return nil
+			}
+			if d.Get("force_delete_repos").(bool) {
+				err = workspace.NewNotebooksAPI(ctx, c).Delete(fmt.Sprintf("/Repos/%v", appId), true)
+				if err != nil {
+					return fmt.Errorf("force_delete_repos: %w", err)
+				}
+			}
+			if d.Get("force_delete_home_dir").(bool) {
+				err = workspace.NewNotebooksAPI(ctx, c).Delete(fmt.Sprintf("/Users/%v", appId), true)
+				if err != nil {
+					return fmt.Errorf("force_delete_home_dir: %w", err)
+				}
+			}
+			return nil
 		},
 	}.ToResource()
 }