patch support for workspace to use customer managed key, mws_workspaces resource can now use customer managed key with a "" default, and updated the docs to reflect cmk

Author: stikkireddy

client/service/mws_workspaces.go

@@ -76,7 +76,7 @@ func (a MWSWorkspacesAPI) WaitForWorkspaceRunning(mwsAcctId string, workspaceID
 }
 
 // Patch will relaunch the mws workspace deployment TODO: may need to include customer managed key
-func (a MWSWorkspacesAPI) Patch(mwsAcctId string, workspaceID int64, awsRegion, credentialsID, storageConfigurationID, networkID string, isNoPublicIpEnabled bool) error {
+func (a MWSWorkspacesAPI) Patch(mwsAcctId string, workspaceID int64, awsRegion, credentialsID, storageConfigurationID, networkID, customerManagedKeyID string, isNoPublicIpEnabled bool) error {
 	workspacesAPIPath := fmt.Sprintf("/accounts/%s/workspaces/%d", mwsAcctId, workspaceID)
 
 	mwsWorkspacesRequest := model.MWSWorkspace{
@@ -90,6 +90,10 @@ func (a MWSWorkspacesAPI) Patch(mwsAcctId string, workspaceID int64, awsRegion,
 		mwsWorkspacesRequest.NetworkID = networkID
 	}
 
+	if !reflect.ValueOf(customerManagedKeyID).IsZero() {
+		mwsWorkspacesRequest.CustomerManagedKeyID = customerManagedKeyID
+	}
+
 	_, err := a.Client.performQuery(http.MethodPatch, workspacesAPIPath, "2.0", nil, mwsWorkspacesRequest, nil)
 	return err
 }

databricks/resource_databricks_mws_workspaces.go

@@ -69,6 +69,11 @@ func resourceMWSWorkspaces() *schema.Resource {
 				Type:     schema.TypeBool,
 				Required: true,
 			},
+			"customer_managed_key_id": {
+				Type:     schema.TypeString,
+				Default:  "",
+				Optional: true,
+			},
 			"network_id": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -127,14 +132,15 @@ func resourceMWSWorkspacesCreate(d *schema.ResourceData, m interface{}) error {
 	credentialsID := d.Get("credentials_id").(string)
 	storageConfigurationID := d.Get("storage_configuration_id").(string)
 	networkID := d.Get("network_id").(string)
+	customerManagedKeyId := d.Get("customer_managed_key_id").(string)
 	isNoPublicIpEnabled := d.Get("is_no_public_ip_enabled").(bool)
 	var workspace model.MWSWorkspace
 	var err error
-	workspace, err = client.MWSWorkspaces().Create(mwsAcctId, workspaceName, deploymentName, awsRegion, credentialsID, storageConfigurationID, networkID, "", isNoPublicIpEnabled)
+	workspace, err = client.MWSWorkspaces().Create(mwsAcctId, workspaceName, deploymentName, awsRegion, credentialsID, storageConfigurationID, networkID, customerManagedKeyId, isNoPublicIpEnabled)
 	// Sometimes workspaces api is buggy
 	if err != nil {
 		time.Sleep(15 * time.Second)
-		workspace, err = client.MWSWorkspaces().Create(mwsAcctId, workspaceName, deploymentName, awsRegion, credentialsID, storageConfigurationID, networkID, "", isNoPublicIpEnabled)
+		workspace, err = client.MWSWorkspaces().Create(mwsAcctId, workspaceName, deploymentName, awsRegion, credentialsID, storageConfigurationID, networkID, customerManagedKeyId, isNoPublicIpEnabled)
 		if err != nil {
 			return err
 		}
@@ -214,6 +220,10 @@ func resourceMWSWorkspacesRead(d *schema.ResourceData, m interface{}) error {
 	if err != nil {
 		return err
 	}
+	err = d.Set("customer_managed_key_id", workspace.CustomerManagedKeyID)
+	if err != nil {
+		return err
+	}
 	err = d.Set("account_id", workspace.AccountID)
 	if err != nil {
 		return err
@@ -272,9 +282,10 @@ func resourceMWSWorkspacePatch(d *schema.ResourceData, m interface{}) error {
 	credentialsID := d.Get("credentials_id").(string)
 	storageConfigurationID := d.Get("storage_configuration_id").(string)
 	networkID := d.Get("network_id").(string)
+	customerManagedKeyId := d.Get("customer_managed_key_id").(string)
 	isNoPublicIpEnabled := d.Get("is_no_public_ip_enabled").(bool)
 
-	err = client.MWSWorkspaces().Patch(packagedMwsId.MwsAcctId, idInt64, awsRegion, credentialsID, storageConfigurationID, networkID, isNoPublicIpEnabled)
+	err = client.MWSWorkspaces().Patch(packagedMwsId.MwsAcctId, idInt64, awsRegion, credentialsID, storageConfigurationID, networkID, customerManagedKeyId, isNoPublicIpEnabled)
 	if err != nil {
 		return err
 	}

website/content/Resources/mws_storage_configurations.md

@@ -1,13 +1,13 @@
 +++
-title = "multiworkspace_storage_configurations"
+title = "mws_storage_configurations"
 date = 2020-04-20T23:34:03-04:00
 weight = 15
 chapter = false
 pre = ""
 +++
 
 
-## Resource: `multiworkspace_storage_configurations`
+## Resource: `mws_storage_configurations`
 
 This resource to configure the root bucket for the multiple workspaces api.
 

website/content/Resources/mws_workspaces.md

@@ -11,6 +11,11 @@ pre = ""
 
 This resource to configure the vpc for the multiple workspaces api if the BYOVPC option is chosen.
 
+{{% notice warning %}}
+This provider does not yet support the customer_managed_key resource yet so you will need to manually create that 
+and provide the cmk object guid into the workspace api. You can see it on the argument reference below.  
+{{% /notice %}}
+
 {{% notice warning %}}
 It is important to understand that this will require you to configure your provider separately for the 
 multiple workspaces resources
@@ -95,6 +100,9 @@ The following arguments are supported:
 #### - `network_id`:
 > **(Optional)** The ID of the workspace's network configuration object.
 
+#### - `customer_managed_key_id`:
+> **(Optional)** The ID of the workspace's notebook encryption key configuration object.
+
 #### - `is_no_public_ip_enabled`:
 > **(Optional)** Specifies whether secure cluster connectivity (sometimes called no public IP) is enabled on this workspace.