Allow to skip instance profile validation (#857)

Author: fabio-paiva-sp

docs/resources/instance_profile.md

@@ -107,8 +107,9 @@ resource "databricks_group_instance_profile" "all" {
 
 The following arguments are supported:
 
-* `instance_profile_arn` - (Required) `ARN` attribute of `aws_iam_instance_profile` output, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation and it's not possible to skip validation.
-* `is_meta_instance_profile` - (Optional) Whether the instance profile is a meta instance profile. Used only in [IAM credential passthrough](https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html).
+* `instance_profile_arn` - (Required) `ARN` attribute of `aws_iam_instance_profile` output, the EC2 instance profile association to AWS IAM role. This ARN would be validated upon resource creation.
+* `is_meta_instance_profile` - (Boolean, Optional) Whether the instance profile is a meta instance profile. Used only in [IAM credential passthrough](https://docs.databricks.com/security/credential-passthrough/iam-passthrough.html).
+* `skip_validation` - (Boolean, Optional, `false` by default) By default, Databricks validates that it has sufficient permissions to launch instances with the instance profile. This validation uses AWS dry-run mode for the RunInstances API. If validation fails with an error message that does not indicate an IAM related permission issue, (e.g. “Your requested instance type is not supported in your requested availability zone”), you can pass this flag to skip the validation and forcibly add the instance profile.
 
 ## Attribute Reference
 

identity/resource_instance_profile.go

@@ -21,6 +21,7 @@ import (
 type InstanceProfileInfo struct {
 	InstanceProfileArn    string `json:"instance_profile_arn,omitempty"`
 	IsMetaInstanceProfile bool   `json:"is_meta_instance_profile,omitempty"`
+	SkipValidation        bool   `json:"skip_validation,omitempty"`
 }
 
 // InstanceProfileList ...

identity/resource_instance_profile_test.go

@@ -203,3 +203,28 @@ func TestAwsAccInstanceProfiles(t *testing.T) {
 		return true
 	})
 }
+
+func TestAwsAccInstanceProfilesSkippingValidation(t *testing.T) {
+	arn := qa.GetEnvOrSkipTest(t, "TEST_EC2_INSTANCE_PROFILE")
+	client := common.NewClientFromEnvironment()
+	ctx := context.WithValue(context.Background(), common.Current, t.Name())
+	instanceProfilesAPI := NewInstanceProfilesAPI(ctx, client)
+	instanceProfilesAPI.Synchronized(arn, func() bool {
+		err := instanceProfilesAPI.Create(InstanceProfileInfo{
+			InstanceProfileArn: arn,
+			SkipValidation:     true,
+		})
+		if err != nil {
+			return false
+		}
+		defer func() {
+			err := instanceProfilesAPI.Delete(arn)
+			assert.NoError(t, err, err)
+		}()
+
+		arnSearch, err := instanceProfilesAPI.Read(arn)
+		assert.NoError(t, err, err)
+		assert.True(t, len(arnSearch.InstanceProfileArn) > 0)
+		return true
+	})
+}