Prepare release 0.2.6 (#360)

* Updated documentation
* Updated dependency versions

* github.com/Azure/go-autorest/autorest v0.11.6
* github.com/Azure/go-autorest/autorest/adal v0.9.4
* github.com/Azure/go-autorest/autorest/azure/auth v0.5.2
* github.com/Azure/go-autorest/autorest/azure/cli v0.4.1
* github.com/aws/aws-sdk-go v1.35.0
* gopkg.in/ini.v1 v1.61.0

Co-authored-by: Serge Smertin <[email protected]>

Author: nfx

.github/dependabot.yml

@@ -3,4 +3,4 @@ updates:
   - package-ecosystem: "gomod"
     directory: "/" # Location of package manifests
     schedule:
-      interval: "weekly"
+      interval: "monthly"

docs/changelog.md renamed to CHANGELOG.md

@@ -7,9 +7,17 @@
 * Added `databricks_user_instance_profile` resource.
 * Added `databricks_group` data source.
 
+Updated dependency versions:
+
+* github.com/Azure/go-autorest/autorest v0.11.6
+* github.com/Azure/go-autorest/autorest/adal v0.9.4
+* github.com/Azure/go-autorest/autorest/azure/auth v0.5.2
+* github.com/Azure/go-autorest/autorest/azure/cli v0.4.1
+* gopkg.in/ini.v1 v1.61.0
+
 **Deprecations**
-* `databricks_scim_user` is no longer receiving fixes and will be removed in `0.3`, please rewrite using `databricks_user` resource, which has more consistent semantics with `databricks_group` and works better with identity provider SCIM sync.
-* `databricks_scim_group` is no longer receiving fixes and will be removed in `0.3`, please rewrite using `databricks_group` resource.
+* `databricks_scim_user` is no longer receiving fixes and will be removed in `0.3`, please rewrite using the `databricks_user` resource, which has more consistent semantics with `databricks_group` and works better with identity provider SCIM sync.
+* `databricks_scim_group` is no longer receiving fixes and will be removed in `0.3`. Please rewrite using the `databricks_group` resource.
 * `databricks_default_user_roles` is no longer receiving fixes and will be removed in `0.3`, please rewrite using `databricks_user` & `databricks_group` resources.
 
 **Behavior changes**
@@ -55,4 +63,4 @@ Updated dependency versions:
 * `azure_auth` provider block is no longer receiving fixesand will be removed in `0.3`, please use `azure_*` options 
 
 **Behavior changes**
-* Previously, mounts code paths were different functions. This release unifies them to be a single testable codebase with different configuration options & re-use of the critical code paths. For maintainability reasons, there's no longer check performed on container & storage account names, but rather on high-level *mount source uri*.
+* Previously, mounts code paths were different functions. This release unifies them to be a single testable codebase with different configuration options & re-use of the critical code paths. For maintainability reasons, there's no longer check performed on container & storage account names, but rather on high-level *mount source uri*.

CONTRIBUTING.md

@@ -210,5 +210,4 @@ crucial for making sure that the provider behaves as expected on all supported c
 1. `make test-azure` 
 2. `make test-mws` if MWS related code changed given release.
 3. Create release notes.
-4. Perfrom backwards-compatibility checks and make proper notes. 
-5. 
+4. Perfrom backwards-compatibility checks and make proper notes. 

README.md

@@ -2,41 +2,44 @@
 
 [![Build Status](https://travis-ci.org/databrickslabs/terraform-provider-databricks.svg?branch=master)](https://travis-ci.org/databrickslabs/terraform-provider-databricks) [![codecov](https://codecov.io/gh/databrickslabs/terraform-provider-databricks/branch/master/graph/badge.svg)](https://codecov.io/gh/databrickslabs/terraform-provider-databricks)
 
-[Authentication](docs/index.md)
+End-to-end workspace creation on [AWS](scripts/awsmt-integration) or [Azure](scripts/azvnet-integration/databricks.tf)
+| [Authentication](docs/index.md)
 | [databricks_aws_s3_mount](docs/resources/aws_s3_mount.md)
+| [databricks_aws_assume_role_policy](docs/data-sources/aws_assume_role_policy.md) data
+| [databricks_aws_bucket_policy](docs/data-sources/aws_bucket_policy.md) data
+| [databricks_aws_crossaccount_policy](docs/data-sources/aws_crossaccount_policy.md) data
 | [databricks_azure_adls_gen1_mount](docs/resources/azure_adls_gen1_mount.md)
 | [databricks_azure_adls_gen2_mount](docs/resources/azure_adls_gen2_mount.md)
 | [databricks_azure_blob_mount](docs/resources/azure_blob_mount.md)
 | [databricks_cluster](docs/resources/cluster.md)
 | [databricks_cluster_policy](docs/resources/cluster_policy.md)
 | [databricks_dbfs_file](docs/resources/dbfs_file.md)
+| [databricks_dbfs_file_paths](docs/data-sources/dbfs_file_paths.md) data
+| [databricks_dbfs_file](docs/data-sources/dbfs_file.md) data
 | [databricks_group](docs/resources/group.md)
+| [databricks_group](docs/data-sources/group.md) data
 | [databricks_group_instance_profile](docs/resources/group_instance_profile.md)
 | [databricks_group_member](docs/resources/group_member.md)
 | [databricks_instance_pool](docs/resources/instance_pool.md)
 | [databricks_instance_profile](docs/resources/instance_profile.md)
 | [databricks_job](docs/resources/job.md)
 | [databricks_mws_credentials](docs/resources/mws_credentials.md)
+| [databricks_mws_customer_managed_keys](docs/resources/mws_customer_managed_keys.md)
 | [databricks_mws_networks](docs/resources/mws_networks.md)
 | [databricks_mws_storage_configurations](docs/resources/mws_storage_configurations.md)
-| [databricks_mws_customer_managed_keys](docs/resources/mws_customer_managed_keys.md)
 | [databricks_mws_workspaces](docs/resources/mws_workspaces.md)
 | [databricks_notebook](docs/resources/notebook.md)
+| [databricks_notebook](docs/data-sources/notebook.md) data
+| [databricks_notebook_paths](docs/data-sources/notebook_paths.md) data
 | [databricks_permissions](docs/resources/permissions.md)
-| [databricks_scim_user](docs/resources/scim_user.md)
 | [databricks_secret](docs/resources/secret.md)
 | [databricks_secret_acl](docs/resources/secret_acl.md)
 | [databricks_secret_scope](docs/resources/secret_scope.md)
 | [databricks_token](docs/resources/token.md)
+| [databricks_user](docs/resources/user.md)
+| [databricks_user_instance_profile](docs/resources/user_instance_profile.md)
 | [Contributing and Development Guidelines](CONTRIBUTING.md)
-
-To quickly install the binary please execute the following curl command in your shell or [install provider from source](CONTRIBUTING.md#installing-from-source).
-
-If you use Terraform 0.12, please execute the following curl command in your shell:
-
-```bash
-curl https://raw.githubusercontent.com/databrickslabs/databricks-terraform/master/godownloader-databricks-provider.sh | bash -s -- -b $HOME/.terraform.d/plugins
-```
+| [Changelog](CHANGELOG.md)
 
 If you use Terraform 0.13, please refer to instructions specified at [registry page](https://registry.terraform.io/providers/databrickslabs/databricks/latest):
 
@@ -45,12 +48,18 @@ terraform {
   required_providers {
     databricks = {
       source = "databrickslabs/databricks"
-      version = "0.2.5"
+      version = ">= 0.2.6"
     }
   }
 }
 ```
 
+If you use Terraform 0.12, please execute the following curl command in your shell:
+
+```bash
+curl https://raw.githubusercontent.com/databrickslabs/databricks-terraform/master/godownloader-databricks-provider.sh | bash -s -- -b $HOME/.terraform.d/plugins
+```
+
 Then create a small sample file, named `main.tf` with approximately following contents. Replace `<your PAT token>` with newly created [PAT Token](https://docs.databricks.com/dev-tools/api/latest/authentication.html). It will create [a simple cluster](https://databrickslabs.github.io/terraform-provider-databricks/resources/cluster/).
 
 ```terraform

access/acceptance/secret_acl_test.go

@@ -1,8 +1,6 @@
 package acceptance
 
 import (
-	"errors"
-	"fmt"
 	"os"
 	"testing"
 
@@ -11,198 +9,85 @@ import (
 
 	"github.com/databrickslabs/databricks-terraform/common"
 	"github.com/databrickslabs/databricks-terraform/internal/acceptance"
-	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/acctest"
+	"github.com/databrickslabs/databricks-terraform/internal/qa"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestAccSecretAclResource(t *testing.T) {
-	// TODO: refactor for common instance pool & AZ CLI
 	if _, ok := os.LookupEnv("CLOUD_ENV"); !ok {
 		t.Skip("Acceptance tests skipped unless env 'CLOUD_ENV' is set")
 	}
-	//var secretScope Secre
-	var secretACL ACLItem
-	scope := fmt.Sprintf("tf-scope-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
-	principal := "users"
-	permission := "READ"
-	client := common.CommonEnvironmentClient()
-	me, _ := identity.NewUsersAPI(client).Me()
-	userName := me.UserName
-
 	acceptance.AccTest(t, resource.TestCase{
-		CheckDestroy: testSecretACLResourceDestroy,
 		Steps: []resource.TestStep{
 			{
-				// use a dynamic configuration with the random name from above
-				Config: testSecretACLResource(scope, principal, permission),
-				// compose a basic test, checking both remote and local values
-				Check: resource.ComposeTestCheckFunc(
-					// test scope permissions - it should be current user
-					testSecretScopeHasPrincipal(t, scope, userName, "MANAGE"),
-					// query the API to retrieve the tokenInfo object
-					testSecretACLResourceExists("databricks_secret_acl.my_secret_acl", &secretACL, t),
-					// verify remote values
-					testSecretACLValues(t, &secretACL, permission, principal),
-					// verify local values
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "scope", scope),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "principal", principal),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "permission", permission),
-				),
-			},
-			{
-				PreConfig: func() {
+				Config: qa.EnvironmentTemplate(t, `
+					resource "databricks_group" "ds" {
+						display_name = "data-scientists-{var.RANDOM}"
+					}
+					resource "databricks_secret_scope" "app" {
+						name = "app-{var.RANDOM}"
+					}
+					resource "databricks_secret_acl" "ds_can_read_app" {
+						principal = databricks_group.ds.display_name
+						permission = "READ"
+						scope = databricks_secret_scope.app.name
+					}`),
+				Check: func(s *terraform.State) error {
 					client := common.CommonEnvironmentClient()
-					err := NewSecretAclsAPI(client).Delete(scope, principal)
-					assert.NoError(t, err, err)
+
+					usersAPI := identity.NewUsersAPI(client)
+					me, err := usersAPI.Me()
+					require.NoError(t, err)
+
+					secretACLAPI := NewSecretAclsAPI(client)
+					scope := s.RootModule().Resources["databricks_secret_scope.app"].Primary.ID
+					acls, err := secretACLAPI.List(scope)
+					require.NoError(t, err)
+					assert.Equal(t, 2, len(acls))
+					m := map[string]string{}
+					for _, acl := range acls {
+						m[acl.Principal] = string(acl.Permission)
+					}
+
+					group := s.RootModule().Resources["databricks_group.ds"].Primary.Attributes["display_name"]
+					require.Contains(t, m, group)
+					assert.Equal(t, "READ", m[group])
+					assert.Equal(t, "MANAGE", m[me.UserName])
+					return nil
 				},
-				// use a dynamic configuration with the random name from above
-				Config: testSecretACLResource(scope, principal, permission),
-				// compose a basic test, checking both remote and local values
-				Check: resource.ComposeTestCheckFunc(
-					// query the API to retrieve the tokenInfo object
-					testSecretACLResourceExists("databricks_secret_acl.my_secret_acl", &secretACL, t),
-					// verify remote values
-					testSecretACLValues(t, &secretACL, permission, principal),
-					// verify local values
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "scope", scope),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "principal", principal),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "permission", permission),
-				),
 			},
 		},
 	})
 }
 
-// this test checks that any user has access when initial principal is set to 'users'
 func TestAccSecretAclResourceDefaultPrincipal(t *testing.T) {
-	// TODO: refactor for common instance pool & AZ CLI
-	if _, ok := os.LookupEnv("CLOUD_ENV"); !ok {
-		t.Skip("Acceptance tests skipped unless env 'CLOUD_ENV' is set")
-	}
-	scope := fmt.Sprintf("tf-scope-%s", acctest.RandStringFromCharSet(10, acctest.CharSetAlphaNum))
-	client := common.CommonEnvironmentClient()
-	me, _ := identity.NewUsersAPI(client).Me()
-	userName := me.UserName
-	userPermission := "READ"
-	initialPrincipal := "users"
-	initialPermission := "MANAGE"
-	var secretACL ACLItem
-
 	acceptance.AccTest(t, resource.TestCase{
-		CheckDestroy: testSecretACLResourceDestroy,
 		Steps: []resource.TestStep{
 			{
-				// use a dynamic configuration with the random name from above
-				Config: testSecretACLResourceWithDefaultPrincipal(scope, initialPrincipal, userName, userPermission),
-				// compose a basic test, checking both remote and local values
-				Check: resource.ComposeTestCheckFunc(
-					// test scope permissions - it should be users
-					testSecretScopeHasPrincipal(t, scope, initialPrincipal, initialPermission),
-					// query the API to retrieve the tokenInfo object
-					testSecretACLResourceExists("databricks_secret_acl.my_secret_acl", &secretACL, t),
-					// verify remote values
-					testSecretACLValues(t, &secretACL, userPermission, userName),
-					// verify local values
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "scope", scope),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "principal", userName),
-					resource.TestCheckResourceAttr("databricks_secret_acl.my_secret_acl", "permission", userPermission),
-				),
+				Config: qa.EnvironmentTemplate(t, `
+					resource "databricks_secret_scope" "app" {
+						name = "app-{var.RANDOM}"
+						initial_manage_principal = "users"
+					}
+					resource "databricks_secret_acl" "ds_can_read_app" {
+						principal = "users"
+						permission = "READ"
+						scope = databricks_secret_scope.app.name
+					}`),
+				Check: acceptance.ResourceCheck("databricks_secret_scope.app",
+					func(client *common.DatabricksClient, id string) error {
+						secretACLAPI := NewSecretAclsAPI(client)
+						acls, err := secretACLAPI.List(id)
+						require.NoError(t, err)
+						assert.Equal(t, 1, len(acls))
+						assert.Equal(t, "users", acls[0].Principal)
+						assert.Equal(t, "READ", string(acls[0].Permission))
+						return nil
+					}),
 			},
 		},
 	})
 }
-
-func testSecretACLResourceDestroy(s *terraform.State) error {
-	client := common.CommonEnvironmentClient()
-	for _, rs := range s.RootModule().Resources {
-		if rs.Type != "databricks_secret" && rs.Type != "databricks_secret_scope" {
-			continue
-		}
-		_, err := NewSecretAclsAPI(client).Read(rs.Primary.Attributes["scope"], rs.Primary.Attributes["principal"])
-		if err == nil {
-			return errors.New("resource secret acl is not cleaned up")
-		}
-		_, err = NewSecretScopesAPI(client).Read(rs.Primary.Attributes["scope"])
-		if err == nil {
-			return errors.New("resource secret is not cleaned up")
-		}
-	}
-	return nil
-}
-
-func testSecretACLValues(t *testing.T, acl *ACLItem, permission, principal string) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		assert.EqualValues(t, permission, acl.Permission)
-		assert.EqualValues(t, principal, acl.Principal)
-		return nil
-	}
-}
-
-func testSecretScopeHasPrincipal(t *testing.T, scope, principal, permission string) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		var acl ACLItem
-		err := getSecretACLResourceExistsForScopeAndPrincipal(scope, principal, &acl)
-		if err != nil {
-			return err
-		}
-		assert.EqualValues(t, permission, acl.Permission)
-		assert.EqualValues(t, principal, acl.Principal)
-		return nil
-	}
-}
-
-func getSecretACLResourceExistsForScopeAndPrincipal(scope, principal string, aclItem *ACLItem) error {
-	// retrieve the configured client from the test setup
-	conn := common.CommonEnvironmentClient()
-	resp, err := NewSecretAclsAPI(conn).Read(scope, principal)
-	if err != nil {
-		return err
-	}
-	// If no error, assign the response Widget attribute to the widget pointer
-	*aclItem = resp
-	return nil
-}
-
-// testAccCheckTokenResourceExists queries the API and retrieves the matching Widget.
-func testSecretACLResourceExists(n string, aclItem *ACLItem, t *testing.T) resource.TestCheckFunc {
-	return func(s *terraform.State) error {
-		// find the corresponding state object
-		rs, ok := s.RootModule().Resources[n]
-		if !ok {
-			return fmt.Errorf("Not found: %s", n)
-		}
-		return getSecretACLResourceExistsForScopeAndPrincipal(rs.Primary.Attributes["scope"],
-			rs.Primary.Attributes["principal"], aclItem)
-	}
-}
-
-// testAccTokenResource returns an configuration for an Example Widget with the provided name
-func testSecretACLResource(scopeName, principal, permission string) string {
-	return fmt.Sprintf(`
-        resource "databricks_secret_scope" "my_scope" {
-            name = "%s"
-        }
-        resource "databricks_secret_acl" "my_secret_acl" {
-            principal = "%s"
-            permission = "%s"
-            scope = databricks_secret_scope.my_scope.name
-        }
-        `, scopeName, principal, permission)
-}
-
-// testAccTokenResource returns an configuration for an Example Widget with the provided name
-func testSecretACLResourceWithDefaultPrincipal(scopeName, defaultPrincipal, principal, permission string) string {
-	return fmt.Sprintf(`
-        resource "databricks_secret_scope" "my_scope" {
-            name = "%s"
-            initial_manage_principal = "%s"
-        }
-        resource "databricks_secret_acl" "my_secret_acl" {
-            principal = "%s"
-            permission = "%s"
-            scope = databricks_secret_scope.my_scope.name
-        }
-        `, scopeName, defaultPrincipal, principal, permission)
-}