Added GCP support for databricks_mws_private_access_settings resource (#2088)

jessiedu-db · web-flow · commit 862b08938f17 · 2023-03-10T15:25:31.000Z
diff --git a/docs/resources/mws_private_access_settings.md b/docs/resources/mws_private_access_settings.md
@@ -7,9 +7,9 @@ subcategory: "Deployment"
 
 -> **Note** This resource has an evolving API, which will change in the upcoming versions of the provider in order to simplify user experience.
 
-Allows you to create a [Private Access Setting](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html#step-5-create-a-private-access-settings-configuration-using-the-databricks-account-api) that can be used as part of a [databricks_mws_workspaces](mws_workspaces.md) resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html).
+Allows you to create a [Private Access Setting]that can be used as part of a [databricks_mws_workspaces](mws_workspaces.md) resource to create a [Databricks Workspace that leverages AWS PrivateLink](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) or [GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html)
 
-It is strongly recommended that customers read the [Enable Private Link](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) documentation before trying to leverage this resource.
+It is strongly recommended that customers read the [Enable AWS Private Link](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html) [Enable GCP Private Service Connect](https://docs.gcp.databricks.com/administration-guide/cloud-configurations/gcp/private-service-connect.html) documentation before trying to leverage this resource.
 
 ## Example Usage
 
@@ -40,15 +40,37 @@ resource "databricks_mws_workspaces" "this" {
   depends_on                 = [databricks_mws_networks.this]
 }
 ```
+or 
+```hcl
+resource "databricks_mws_workspaces" "this" {
+  provider                   = databricks.mws
+  account_id                 = var.databricks_account_id
+  workspace_name             = "gcp-workspace"
+  location                   = var.subnet_region
+  cloud_resource_container {
+    gcp {
+      project_id = var.google_project
+    }
+  }
+  gke_config {
+    connectivity_type = "PRIVATE_NODE_PUBLIC_MASTER"
+    master_ip_range   = "10.3.0.0/28"
+  }
+  network_id                 = databricks_mws_networks.this.network_id
+  private_access_settings_id = databricks_mws_private_access_settings.pas.private_access_settings_id
+  pricing_tier               = "PREMIUM"
+  depends_on                 = [databricks_mws_networks.this]
+}
+```
 
 ## Argument Reference
 
 The following arguments are available:
 
-* `account_id` - Account Id that could be found in the bottom left corner of [Accounts Console](https://accounts.cloud.databricks.com/)
+* `account_id` - Account Id that could be found in the Accounts Console for [AWS](https://accounts.cloud.databricks.com/) or [GCP](https://accounts.gcp.databricks.com/)
 * `private_access_settings_name` - Name of Private Access Settings in Databricks Account
-* `public_access_enabled` (Boolean, Optional, `false` by default) - If `true`, the [databricks_mws_workspaces](mws_workspaces.md) can be accessed over the [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) as well as over the public network. In such a case, you could also configure an [databricks_ip_access_list](ip_access_list.md) for the workspace, to restrict the source networks that could be used to access it over the public network. If `false` (default), the workspace can be accessed only over VPC endpoints, and not over the public network.
-* `region` - Region of AWS VPC
+* `public_access_enabled` (Boolean, Optional, `false` by default on AWS, `true` by default on GCP) - If `true`, the [databricks_mws_workspaces](mws_workspaces.md) can be accessed over the [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) as well as over the public network. In such a case, you could also configure an [databricks_ip_access_list](ip_access_list.md) for the workspace, to restrict the source networks that could be used to access it over the public network. If `false`, the workspace can be accessed only over VPC endpoints, and not over the public network.
+* `region` - Region of AWS VPC or the Google Cloud VPC network
 * `private_access_level` - (Optional) The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. `ACCOUNT` level access _(default)_ lets only [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) that are registered in your Databricks account connect to your [databricks_mws_workspaces](mws_workspaces.md). `ENDPOINT` level access lets only specified [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) connect to your workspace. Please see the `allowed_vpc_endpoint_ids` documentation for more details.
 * `allowed_vpc_endpoint_ids` - (Optional) An array of [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md#vpc_endpoint_id) `vpc_endpoint_id` (not `id`). Only used when `private_access_level` is set to `ENDPOINT`. This is an allow list of [databricks_mws_vpc_endpoint](mws_vpc_endpoint.md) that in your account that can connect to your [databricks_mws_workspaces](mws_workspaces.md) over AWS PrivateLink. If hybrid access to your workspace is enabled by setting `public_access_enabled` to true, then this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see the article for [databricks_ip_access_list](ip_access_list.md).
 
@@ -57,7 +79,7 @@ The following arguments are available:
 In addition to all arguments above, the following attributes are exported:
 
 * `private_access_settings_id` - Canonical unique identifier of Private Access Settings in Databricks Account
-* `status` - Status of Private Access Settings
+* `status` - (AWS only) Status of Private Access Settings
 
 ## Import
 
diff --git a/internal/acceptance/mws_private_access_settings_test.go b/internal/acceptance/mws_private_access_settings_test.go
@@ -16,3 +16,16 @@ func TestMwsAccPrivateAccessSettings(t *testing.T) {
 		}`,
 	})
 }
+
+func TestMwsGcpAccPrivateAccessSettings(t *testing.T) {
+	accountLevel(t, step{
+		Template: `
+		resource "databricks_mws_private_access_settings" "this" {
+			account_id = "{env.DATABRICKS_ACCOUNT_ID}"
+			private_access_settings_name = "tf-{var.RANDOM}"
+			region = "{env.GOOGLE_REGION}"
+			public_access_enabled = true
+			private_access_level = "ACCOUNT"
+		}`,
+	})
+}
