Moved Secrets API resources to a dedicated package

Author: nfx

catalog/resource_metastore_data_access_test.go

@@ -30,8 +30,8 @@ func TestCreateDac(t *testing.T) {
 			{
 				Method:   "PATCH",
 				Resource: "/api/2.0/unity-catalog/metastores/abc",
-				ExpectedRequest: map[string]interface {}{
-					"default_data_access_config_id":"efg",
+				ExpectedRequest: map[string]interface{}{
+					"default_data_access_config_id": "efg",
 				},
 			},
 			{
@@ -47,7 +47,7 @@ func TestCreateDac(t *testing.T) {
 			{
 				Method:   "GET",
 				Resource: "/api/2.0/unity-catalog/metastores/abc",
-				Response: MetastoreInfo {
+				Response: MetastoreInfo{
 					DefaultDacID: "efg",
 				},
 			},

clusters/acceptance/clusters_api_test.go

@@ -26,11 +26,11 @@ func TestAccListClustersIntegration(t *testing.T) {
 	randomName := qa.RandomName()
 
 	cluster := clusters.Cluster{
-		NumWorkers:             1,
-		ClusterName:            "Terraform Integration Test " + randomName,
-		SparkVersion:           clustersAPI.LatestSparkVersionOrDefault(
+		NumWorkers:  1,
+		ClusterName: "Terraform Integration Test " + randomName,
+		SparkVersion: clustersAPI.LatestSparkVersionOrDefault(
 			clusters.SparkVersionRequest{
-				Latest: true, 
+				Latest:          true,
 				LongTermSupport: true,
 			}),
 		InstancePoolID:         compute.CommonInstancePoolID(),

exporter/exporter_test.go

@@ -9,7 +9,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/databrickslabs/terraform-provider-databricks/access"
 	"github.com/databrickslabs/terraform-provider-databricks/clusters"
 	"github.com/databrickslabs/terraform-provider-databricks/commands"
 	"github.com/databrickslabs/terraform-provider-databricks/common"
@@ -18,6 +17,7 @@ import (
 	"github.com/databrickslabs/terraform-provider-databricks/libraries"
 	"github.com/databrickslabs/terraform-provider-databricks/policies"
 	"github.com/databrickslabs/terraform-provider-databricks/qa"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 	"github.com/databrickslabs/terraform-provider-databricks/workspace"
 	"github.com/hashicorp/hcl/v2/hclwrite"
 
@@ -302,8 +302,8 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
 				Method:       "GET",
 				Resource:     "/api/2.0/secrets/scopes/list",
 				ReuseRequest: true,
-				Response: access.SecretScopeList{
-					Scopes: []access.SecretScope{
+				Response: secrets.SecretScopeList{
+					Scopes: []secrets.SecretScope{
 						{Name: "a"},
 					},
 				},
@@ -312,17 +312,17 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
 				Method:       "GET",
 				Resource:     "/api/2.0/secrets/list?scope=a",
 				ReuseRequest: true,
-				Response: access.SecretsList{
-					Secrets: []access.SecretMetadata{
+				Response: secrets.SecretsList{
+					Secrets: []secrets.SecretMetadata{
 						{Key: "b"},
 					},
 				},
 			},
 			{
 				Method:   "GET",
 				Resource: "/api/2.0/secrets/acls/list?scope=a",
-				Response: access.SecretScopeACL{
-					Items: []access.ACLItem{
+				Response: secrets.SecretScopeACL{
+					Items: []secrets.ACLItem{
 						{Permission: "MANAGE", Principal: "test"},
 						{Permission: "READ", Principal: "users"},
 					},
@@ -331,8 +331,8 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
 			{
 				Method:   "GET",
 				Resource: "/api/2.0/secrets/acls/list?scope=a",
-				Response: access.SecretScopeACL{
-					Items: []access.ACLItem{
+				Response: secrets.SecretScopeACL{
+					Items: []secrets.ACLItem{
 						{Permission: "MANAGE", Principal: "test"},
 						{Permission: "READ", Principal: "users"},
 					},
@@ -341,12 +341,12 @@ func TestImportingUsersGroupsSecretScopes(t *testing.T) {
 			{
 				Method:   "GET",
 				Resource: "/api/2.0/secrets/acls/get?principal=test&scope=a",
-				Response: access.ACLItem{Permission: "MANAGE", Principal: "test"},
+				Response: secrets.ACLItem{Permission: "MANAGE", Principal: "test"},
 			},
 			{
 				Method:   "GET",
 				Resource: "/api/2.0/secrets/acls/get?principal=users&scope=a",
-				Response: access.ACLItem{Permission: "READ", Principal: "users"},
+				Response: secrets.ACLItem{Permission: "READ", Principal: "users"},
 			},
 		}, func(ctx context.Context, client *common.DatabricksClient) {
 			tmpDir := fmt.Sprintf("/tmp/tf-%s", qa.RandomName())
@@ -395,8 +395,8 @@ func TestImportingNoResourcesError(t *testing.T) {
 				Method:       "GET",
 				Resource:     "/api/2.0/secrets/scopes/list",
 				ReuseRequest: true,
-				Response: access.SecretScopeList{
-					Scopes: []access.SecretScope{},
+				Response: secrets.SecretScopeList{
+					Scopes: []secrets.SecretScope{},
 				},
 			},
 		}, func(ctx context.Context, client *common.DatabricksClient) {

exporter/importables.go

@@ -12,11 +12,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/databrickslabs/terraform-provider-databricks/access"
 	"github.com/databrickslabs/terraform-provider-databricks/clusters"
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 	"github.com/databrickslabs/terraform-provider-databricks/jobs"
 	"github.com/databrickslabs/terraform-provider-databricks/permissions"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 	"github.com/databrickslabs/terraform-provider-databricks/workspace"
 
 	"github.com/databrickslabs/terraform-provider-databricks/storage"
@@ -549,7 +549,7 @@ var resourcesMap map[string]importable = map[string]importable{
 			return d.Get("name").(string)
 		},
 		List: func(ic *importContext) error {
-			ssAPI := access.NewSecretScopesAPI(ic.Context, ic.Client)
+			ssAPI := secrets.NewSecretScopesAPI(ic.Context, ic.Client)
 			if scopes, err := ssAPI.List(); err == nil {
 				for i, scope := range scopes {
 					if !ic.MatchesName(scope.Name) {
@@ -569,7 +569,7 @@ var resourcesMap map[string]importable = map[string]importable{
 		Import: func(ic *importContext, r *resource) error {
 			backendType, _ := r.Data.GetOk("backend_type")
 			if backendType != "AZURE_KEYVAULT" {
-				if l, err := access.NewSecretsAPI(ic.Context, ic.Client).List(r.ID); err == nil {
+				if l, err := secrets.NewSecretsAPI(ic.Context, ic.Client).List(r.ID); err == nil {
 					for _, secret := range l {
 						ic.Emit(&resource{
 							Resource: "databricks_secret",
@@ -578,7 +578,7 @@ var resourcesMap map[string]importable = map[string]importable{
 					}
 				}
 			}
-			if l, err := access.NewSecretAclsAPI(ic.Context, ic.Client).List(r.ID); err == nil {
+			if l, err := secrets.NewSecretAclsAPI(ic.Context, ic.Client).List(r.ID); err == nil {
 				for _, acl := range l {
 					ic.Emit(&resource{
 						Resource: "databricks_secret_acl",

exporter/importables_test.go

@@ -4,13 +4,13 @@ import (
 	"encoding/json"
 	"testing"
 
-	"github.com/databrickslabs/terraform-provider-databricks/access"
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 	"github.com/databrickslabs/terraform-provider-databricks/identity"
 	"github.com/databrickslabs/terraform-provider-databricks/permissions"
 	"github.com/databrickslabs/terraform-provider-databricks/policies"
 	"github.com/databrickslabs/terraform-provider-databricks/pools"
 	"github.com/databrickslabs/terraform-provider-databricks/provider"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -150,7 +150,7 @@ func TestPermissions(t *testing.T) {
 }
 
 func TestSecretScope(t *testing.T) {
-	d := access.ResourceSecretScope().TestResourceData()
+	d := secrets.ResourceSecretScope().TestResourceData()
 	d.Set("name", "abc")
 	ic := importContextForTest()
 	name := ic.Importables["databricks_secret_scope"].Name(d)

internal/azureit/azureit_test.go

@@ -29,7 +29,7 @@ func TestStart(t *testing.T) {
 		os.Setenv("ACI_CONTAINER_GROUP", "")
 		triggerStart(responseWriter, nil)
 		assert.Equal(t, "400 Bad Request", responseWriter.Result().Status)
-		
+
 		responseWriter = httptest.NewRecorder()
 		os.Setenv("ACI_CONTAINER_GROUP", "/abc")
 		triggerStart(responseWriter, nil)

permissions/acceptance/api_test.go

@@ -108,7 +108,7 @@ func TestAccPermissionsClusterPolicy(t *testing.T) {
 func TestAccPermissionsInstancePool(t *testing.T) {
 	permissionsTestHelper(t, func(permissionsAPI permissions.PermissionsAPI, user, group string,
 		ef func(string) permissions.PermissionsEntity) {
-			client := common.NewClientFromEnvironment()
+		client := common.NewClientFromEnvironment()
 		poolsAPI := pools.NewInstancePoolsAPI(context.Background(), client)
 		ctx := context.Background()
 		ips, err := poolsAPI.Create(pools.InstancePool{
@@ -258,7 +258,7 @@ func TestAccPermissionsJobs(t *testing.T) {
 func TestAccPermissionsNotebooks(t *testing.T) {
 	permissionsTestHelper(t, func(permissionsAPI permissions.PermissionsAPI, user, group string,
 		ef func(string) permissions.PermissionsEntity) {
-			client := common.NewClientFromEnvironment()
+		client := common.NewClientFromEnvironment()
 		workspaceAPI := workspace.NewNotebooksAPI(context.Background(), client)
 
 		notebookDir := fmt.Sprintf("/Testing/%s/something", group)

provider/provider.go

@@ -23,6 +23,7 @@ import (
 	"github.com/databrickslabs/terraform-provider-databricks/pipelines"
 	"github.com/databrickslabs/terraform-provider-databricks/policies"
 	"github.com/databrickslabs/terraform-provider-databricks/pools"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 	"github.com/databrickslabs/terraform-provider-databricks/sqlanalytics"
 	"github.com/databrickslabs/terraform-provider-databricks/storage"
 	"github.com/databrickslabs/terraform-provider-databricks/workspace"
@@ -84,9 +85,9 @@ func DatabricksProvider() *schema.Provider {
 			"databricks_pipeline":                    pipelines.ResourcePipeline(),
 			"databricks_repo":                        workspace.ResourceRepo(),
 			"databricks_schema":                      catalog.ResourceSchema(),
-			"databricks_secret":                      access.ResourceSecret(),
-			"databricks_secret_scope":                access.ResourceSecretScope(),
-			"databricks_secret_acl":                  access.ResourceSecretACL(),
+			"databricks_secret":                      secrets.ResourceSecret(),
+			"databricks_secret_scope":                secrets.ResourceSecretScope(),
+			"databricks_secret_acl":                  secrets.ResourceSecretACL(),
 			"databricks_service_principal":           identity.ResourceServicePrincipal(),
 			"databricks_sql_dashboard":               sqlanalytics.ResourceDashboard(),
 			"databricks_sql_endpoint":                sqlanalytics.ResourceSQLEndpoint(),

access/acceptance/secret_acl_test.go renamed to secrets/acceptance/secret_acl_test.go

@@ -5,8 +5,8 @@ import (
 	"os"
 	"testing"
 
-	. "github.com/databrickslabs/terraform-provider-databricks/access"
 	"github.com/databrickslabs/terraform-provider-databricks/identity"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 	"github.com/databrickslabs/terraform-provider-databricks/internal/acceptance"
@@ -44,7 +44,7 @@ func TestAccSecretAclResource(t *testing.T) {
 					me, err := usersAPI.Me()
 					require.NoError(t, err)
 
-					secretACLAPI := NewSecretAclsAPI(ctx, client)
+					secretACLAPI := secrets.NewSecretAclsAPI(ctx, client)
 					scope := s.RootModule().Resources["databricks_secret_scope.app"].Primary.ID
 					acls, err := secretACLAPI.List(scope)
 					require.NoError(t, err)
@@ -81,7 +81,7 @@ func TestAccSecretAclResourceDefaultPrincipal(t *testing.T) {
 					}`),
 				Check: acceptance.ResourceCheck("databricks_secret_scope.app",
 					func(ctx context.Context, client *common.DatabricksClient, id string) error {
-						secretACLAPI := NewSecretAclsAPI(ctx, client)
+						secretACLAPI := secrets.NewSecretAclsAPI(ctx, client)
 						acls, err := secretACLAPI.List(id)
 						require.NoError(t, err)
 						assert.Equal(t, 1, len(acls))

access/acceptance/secret_scope_test.go renamed to secrets/acceptance/secret_scope_test.go

@@ -6,9 +6,9 @@ import (
 	"os"
 	"testing"
 
-	. "github.com/databrickslabs/terraform-provider-databricks/access"
 	"github.com/databrickslabs/terraform-provider-databricks/identity"
 	"github.com/databrickslabs/terraform-provider-databricks/qa"
+	"github.com/databrickslabs/terraform-provider-databricks/secrets"
 
 	"github.com/databrickslabs/terraform-provider-databricks/common"
 	"github.com/databrickslabs/terraform-provider-databricks/internal/acceptance"
@@ -24,7 +24,7 @@ func TestAccRemoveScopes(t *testing.T) {
 		t.Skip("Cleaning up tests only from IDE")
 	}
 	client := common.CommonEnvironmentClient()
-	scopesAPI := NewSecretScopesAPI(context.Background(), client)
+	scopesAPI := secrets.NewSecretScopesAPI(context.Background(), client)
 	scopeList, err := scopesAPI.List()
 	require.NoError(t, err)
 	for _, scope := range scopeList {
@@ -40,12 +40,12 @@ func TestAzureAccKeyVaultSimple(t *testing.T) {
 	if client.IsAzureClientSecretSet() {
 		t.Skip("AKV scopes don't work for SP auth yet")
 	}
-	scopesAPI := NewSecretScopesAPI(context.Background(), client)
+	scopesAPI := secrets.NewSecretScopesAPI(context.Background(), client)
 	name := qa.RandomName("tf-scope-")
 
-	err := scopesAPI.Create(SecretScope{
+	err := scopesAPI.Create(secrets.SecretScope{
 		Name: name,
-		KeyvaultMetadata: &KeyvaultMetadata{
+		KeyvaultMetadata: &secrets.KeyvaultMetadata{
 			ResourceID: resourceID,
 			DNSName:    DNSName,
 		},
@@ -68,16 +68,16 @@ func TestAccInitialManagePrincipals(t *testing.T) {
 	}
 	ctx := context.Background()
 	client := common.CommonEnvironmentClient()
-	scopesAPI := NewSecretScopesAPI(context.Background(), client)
+	scopesAPI := secrets.NewSecretScopesAPI(context.Background(), client)
 
 	scope := fmt.Sprintf("tf-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
-	err := scopesAPI.Create(SecretScope{Name: scope})
+	err := scopesAPI.Create(secrets.SecretScope{Name: scope})
 	require.NoError(t, err)
 	defer func() {
 		assert.NoError(t, scopesAPI.Delete(scope))
 	}()
 
-	secretACLAPI := NewSecretAclsAPI(ctx, client)
+	secretACLAPI := secrets.NewSecretAclsAPI(ctx, client)
 	acls, err := secretACLAPI.List(scope)
 	require.NoError(t, err)
 
@@ -94,10 +94,10 @@ func TestAccInitialManagePrincipalsGroup(t *testing.T) {
 	}
 	client := common.CommonEnvironmentClient()
 	ctx := context.Background()
-	scopesAPI := NewSecretScopesAPI(ctx, client)
+	scopesAPI := secrets.NewSecretScopesAPI(ctx, client)
 
 	scope := fmt.Sprintf("tf-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
-	err := scopesAPI.Create(SecretScope{
+	err := scopesAPI.Create(secrets.SecretScope{
 		Name:                   scope,
 		InitialManagePrincipal: "users",
 	})
@@ -106,7 +106,7 @@ func TestAccInitialManagePrincipalsGroup(t *testing.T) {
 		assert.NoError(t, scopesAPI.Delete(scope))
 	}()
 
-	secretACLAPI := NewSecretAclsAPI(ctx, client)
+	secretACLAPI := secrets.NewSecretAclsAPI(ctx, client)
 	acls, err := secretACLAPI.List(scope)
 	require.NoError(t, err)
 	assert.Equal(t, 1, len(acls))
@@ -131,7 +131,7 @@ func TestAccSecretScopeResource(t *testing.T) {
 					resource.TestCheckResourceAttr("databricks_secret_scope.my_scope", "backend_type", "DATABRICKS"),
 					acceptance.ResourceCheck("databricks_secret_scope.my_scope",
 						func(ctx context.Context, client *common.DatabricksClient, id string) error {
-							secretACLAPI := NewSecretAclsAPI(ctx, client)
+							secretACLAPI := secrets.NewSecretAclsAPI(ctx, client)
 							acls, err := secretACLAPI.List(id)
 							require.NoError(t, err)
 
@@ -147,7 +147,7 @@ func TestAccSecretScopeResource(t *testing.T) {
 			{
 				PreConfig: func() {
 					client := common.CommonEnvironmentClient()
-					err := NewSecretScopesAPI(context.Background(), client).Delete(scope)
+					err := secrets.NewSecretScopesAPI(context.Background(), client).Delete(scope)
 					assert.NoError(t, err, err)
 				},
 				Config: fmt.Sprintf(`