Tuned documentation for databricks_instance_profile

nfx · nfx · commit 815496e774bf · 2021-10-14T18:28:20.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,8 @@
 
 * Added initial support for multiple task orchestration in `databricks_job` [#853](https://github.com/databrickslabs/terraform-provider-databricks/pull/853)
 * Fixed provider crash for new terraform states related to bug [#813](https://github.com/hashicorp/terraform-plugin-sdk/issues/813) in Terraform SDK v2.8.0 ([#854](https://github.com/databrickslabs/terraform-provider-databricks/issues/854))
+* Re-added `skip_validation` to `databricks_instance_profile` resource [#762](https://github.com/databrickslabs/terraform-provider-databricks/issues/762)
+* Removed direct dependency on `aws-sdk-go`.
 
 Updated dependency versions:
 
diff --git a/docs/resources/instance_profile.md b/docs/resources/instance_profile.md
@@ -108,16 +108,15 @@ resource "databricks_group_instance_profile" "all" {
 The following arguments are supported:
 
 * `instance_profile_arn` - (Required) `ARN` attribute of `aws_iam_instance_profile` output, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.
-* `is_meta_instance_profile` - (Boolean, Optional) Whether the instance profile is a meta instance profile. Used only in [IAM credential passthrough](https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html).
-* `skip_validation` - (Boolean, Optional, `false` by default) By default, Databricks validates that it has sufficient permissions to launch instances with the instance profile. This validation uses AWS dry-run mode for the RunInstances API. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. “Your requested instance type is not supported in your requested availability zone”), you can pass this flag to skip the validation and forcibly add the instance profile.
+* `is_meta_instance_profile` - (Optional) Whether the instance profile is a meta instance profile. Used only in [IAM credential passthrough](https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html).
+* `skip_validation` - (Optional) **For advanced usage only.** If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. “Your requested instance type is not supported in your requested availability zone”), you can pass this flag to skip the validation and forcibly add the instance profile.
 
 ## Attribute Reference
 
 In addition to all arguments above, the following attributes are exported:
 
 * `id` - ARN for EC2 Instance Profile, that is registered with Databricks.
 
-
 ## Import
 
 The resource instance profile can be imported using the ARN of it
diff --git a/go.mod b/go.mod
@@ -7,7 +7,6 @@ require (
 	github.com/Azure/go-autorest/autorest/adal v0.9.16
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.8
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.3
-	github.com/aws/aws-sdk-go v1.40.54
 	github.com/google/go-querystring v1.1.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-retryablehttp v0.7.0
diff --git a/go.sum b/go.sum
@@ -101,6 +101,7 @@ github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkE
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM=
+github.com/aws/aws-sdk-go v1.25.3 h1:uM16hIw9BotjZKMZlX05SN2EFtaWfi/NonPKIARiBLQ=
 github.com/aws/aws-sdk-go v1.25.3/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.40.54 h1:8zYzK8wI06G2+Bg2hwTUwzIYCCo6/Wd7lfS0G+GwqXU=
 github.com/aws/aws-sdk-go v1.40.54/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
@@ -304,6 +305,7 @@ github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c
 github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE=
 github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74=
 github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
@@ -505,6 +507,7 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420 h1:a8jGStKg0XqKDlKqjLrXn0ioF5MH36pT7Z0BRTqLhbk=
 golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q=
 golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
diff --git a/identity/resource_instance_profile.go b/identity/resource_instance_profile.go
@@ -8,7 +8,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 
 	"github.com/hashicorp/go-cty/cty"
@@ -21,7 +20,7 @@ import (
 type InstanceProfileInfo struct {
 	InstanceProfileArn    string `json:"instance_profile_arn,omitempty"`
 	IsMetaInstanceProfile bool   `json:"is_meta_instance_profile,omitempty"`
-	SkipValidation        bool   `json:"skip_validation,omitempty"`
+	SkipValidation        bool   `json:"skip_validation,omitempty" tf:"computed"`
 }
 
 // InstanceProfileList ...
@@ -179,17 +178,26 @@ func ValidInstanceProfile(v interface{}, c cty.Path) diag.Diagnostics {
 			},
 		}
 	}
-	instanceProfileArn, err := arn.Parse(s)
-	if err != nil {
+	if !strings.HasPrefix(s, "arn:") {
+		return diag.Diagnostics{
+			diag.Diagnostic{
+				AttributePath: c,
+				Summary:       "Invalid ARN",
+				Detail:        "Invalid prefix",
+			},
+		}
+	}
+	arnSections := strings.SplitN(s, ":", 6)
+	if len(arnSections) != 6 {
 		return diag.Diagnostics{
 			diag.Diagnostic{
 				AttributePath: c,
 				Summary:       "Invalid ARN",
-				Detail:        err.Error(),
+				Detail:        "Incorrect number of sections",
 			},
 		}
 	}
-	if !strings.HasPrefix(instanceProfileArn.Resource, "instance-profile") {
+	if !strings.HasPrefix(arnSections[5], "instance-profile") {
 		return diag.Diagnostics{
 			diag.Diagnostic{
 				AttributePath: c,
diff --git a/storage/aws_s3_mount.go b/storage/aws_s3_mount.go
@@ -5,7 +5,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 	"github.com/databrickslabs/terraform-provider-databricks/compute"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
@@ -117,11 +116,12 @@ func preprocessS3Mount(ctx context.Context, d *schema.ResourceData, m interface{
 // GetOrCreateMountingClusterWithInstanceProfile ...
 func GetOrCreateMountingClusterWithInstanceProfile(
 	clustersAPI compute.ClustersAPI, instanceProfile string) (i compute.ClusterInfo, err error) {
-	ia, err := arn.Parse(instanceProfile)
-	if err != nil {
-		return i, err
+	arnSections := strings.SplitN(instanceProfile, ":", 6)
+	if len(arnSections) != 6 {
+		err = fmt.Errorf("invalid arn: %s", instanceProfile)
+		return
 	}
-	instanceProfileParts := strings.Split(ia.Resource, "/")
+	instanceProfileParts := strings.Split(arnSections[5], "/")
 	clusterName := fmt.Sprintf("terraform-mount-%s", strings.Join(instanceProfileParts[1:], "-"))
 	return clustersAPI.GetOrCreateRunningCluster(clusterName, compute.Cluster{
 		NumWorkers:  1,
diff --git a/storage/aws_s3_mount_test.go b/storage/aws_s3_mount_test.go
@@ -84,7 +84,7 @@ func TestResourceAwsS3MountCreate_invalid_arn(t *testing.T) {
 		},
 		Create: true,
 	}.Apply(t)
-	require.EqualError(t, err, "arn: invalid prefix")
+	require.EqualError(t, err, "invalid arn: this_mount")
 }
 
 func TestResourceAwsS3MountRead(t *testing.T) {

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ func TestResourceAwsS3MountCreate_invalid_arn(t *testing.T) {`
`84`	`84`	`},`
`85`	`85`	`Create: true,`
`86`	`86`	`}.Apply(t)`
`87`		`- require.EqualError(t, err, "arn: invalid prefix")`
	`87`	`+ require.EqualError(t, err, "invalid arn: this_mount")`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`func TestResourceAwsS3MountRead(t *testing.T) {`