Add experimental resources (#1008)

```hcl
resource "databricks_storage_credential" "this" {
  name = "abc"
  aws_iam_role {
    role_arn = aws_iam_role.this.arn
  }
  comment = "Managed by TF"
}
```

Co-authored-by: Serge Smertin <[email protected]>

Author: stikkireddy

CHANGELOG.md

@@ -1,5 +1,12 @@
 # Version changelog
 
+## 0.4.3
+
+* Improved documentation with regards to public subnets in AWS quick start ([#1005](https://github.com/databrickslabs/terraform-provider-databricks/pull/1005)).
+* Added `databricks_mount` code genration for [exporter](https://registry.terraform.io/providers/databrickslabs/databricks/latest/docs/guides/experimental-exporter) tooling ([#1006](https://github.com/databrickslabs/terraform-provider-databricks/pull/1006)).
+* Increase dependency check frequency ([#1007](https://github.com/databrickslabs/terraform-provider-databricks/pull/1007)).
+* Added experimental resources.
+
 ## 0.4.2
 
 * Added optional `auth_type` provider conf to enforce specific auth type to be used in very rare cases, where a single Terraform state manages Databricks workspaces on more than one cloud and `More than one authorization method configured` error is a false positive. Valid values are `pat`, `basic`, `azure-client-secret`, `azure-msi`, `azure-cli`, and `databricks-cli` ([#1000](https://github.com/databrickslabs/terraform-provider-databricks/pull/1000)).

catalog/resource_storage_credentials.go

@@ -0,0 +1,84 @@
+package catalog
+
+import (
+	"context"
+
+	"github.com/databrickslabs/terraform-provider-databricks/common"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+type StorageCredentialsAPI struct {
+	client  *common.DatabricksClient
+	context context.Context
+}
+
+func NewStorageCredentialsAPI(ctx context.Context, m interface{}) StorageCredentialsAPI {
+	return StorageCredentialsAPI{m.(*common.DatabricksClient), ctx}
+}
+
+type StorageCredentialInfo struct {
+	Name        string                 `json:"name" tf:"force_new"`
+	Comment     string                 `json:"comment,omitempty" tf:"force_new"`
+	Aws         *AwsIamRole            `json:"aws_iam_role,omitempty" tf:"group:access"`
+	Azure       *AzureServicePrincipal `json:"azure_service_principal,omitempty" tf:"group:access"`
+	MetastoreID string                 `json:"metastore_id,omitempty" tf:"computed"`
+}
+
+func (a StorageCredentialsAPI) create(sci *StorageCredentialInfo) error {
+	return a.client.Post(a.context, "/unity-catalog/storage-credentials", sci, &sci)
+}
+
+func (a StorageCredentialsAPI) get(id string) (sci StorageCredentialInfo, err error) {
+	err = a.client.Get(a.context, "/unity-catalog/storage-credentials/"+id, nil, &sci)
+	return
+}
+
+func (a StorageCredentialsAPI) update(name string, sci StorageCredentialInfo) error {
+	return a.client.Patch(a.context, "/unity-catalog/storage-credentials/"+name, sci)
+}
+
+func (a StorageCredentialsAPI) delete(id string) error {
+	return a.client.Delete(a.context, "/unity-catalog/storage-credentials/"+id, nil)
+}
+
+func ResourceStorageCredential() *schema.Resource {
+	s := common.StructToSchema(StorageCredentialInfo{},
+		func(m map[string]*schema.Schema) map[string]*schema.Schema {
+			alof := []string{"aws_iam_role", "azure_service_principal"}
+			m["aws_iam_role"].AtLeastOneOf = alof
+			m["azure_service_principal"].AtLeastOneOf = alof
+			return m
+		})
+	return common.Resource{
+		Schema: s,
+		Create: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
+			var sci StorageCredentialInfo
+			common.DataToStructPointer(d, s, &sci)
+			err := NewStorageCredentialsAPI(ctx, c).create(&sci)
+			if err != nil {
+				return err
+			}
+			d.SetId(sci.Name)
+			return nil
+		},
+		Read: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
+			sci, err := NewStorageCredentialsAPI(ctx, c).get(d.Id())
+			if err != nil {
+				return err
+			}
+			return common.StructToData(sci, s, d)
+		},
+		Update: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
+			var sci StorageCredentialInfo
+			common.DataToStructPointer(d, s, &sci)
+			return NewStorageCredentialsAPI(ctx, c).update(d.Id(), StorageCredentialInfo{
+				Name:  d.Id(),
+				Aws:   sci.Aws,
+				Azure: sci.Azure,
+			})
+		},
+		Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
+			return NewStorageCredentialsAPI(ctx, c).delete(d.Id())
+		},
+	}.ToResource()
+}

catalog/resource_storage_credentials_test.go

@@ -0,0 +1,94 @@
+package catalog
+
+import (
+	"testing"
+
+	"github.com/databrickslabs/terraform-provider-databricks/qa"
+)
+
+func TestStorageCredentialsCornerCases(t *testing.T) {
+	qa.ResourceCornerCases(t, ResourceStorageCredential())
+}
+
+func TestCreateStorageCredentials(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "POST",
+				Resource: "/api/2.0/unity-catalog/storage-credentials",
+				ExpectedRequest: StorageCredentialInfo{
+					Name: "a",
+					Aws: &AwsIamRole{
+						RoleARN: "def",
+					},
+					Comment: "c",
+				},
+				Response: StorageCredentialInfo{
+					Name: "a",
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.0/unity-catalog/storage-credentials/a",
+				Response: StorageCredentialInfo{
+					Name: "a",
+					Aws: &AwsIamRole{
+						RoleARN: "def",
+					},
+					MetastoreID: "d",
+				},
+			},
+		},
+		Resource: ResourceStorageCredential(),
+		Create:   true,
+		HCL: `
+		name = "a"
+		aws_iam_role {
+			role_arn = "def"
+		}
+		comment = "c"
+		`,
+	}.ApplyNoError(t)
+}
+
+func TestUpdateStorageCredentials(t *testing.T) {
+	qa.ResourceFixture{
+		Fixtures: []qa.HTTPFixture{
+			{
+				Method:   "PATCH",
+				Resource: "/api/2.0/unity-catalog/storage-credentials/a",
+				ExpectedRequest: StorageCredentialInfo{
+					Name: "a",
+					Aws: &AwsIamRole{
+						RoleARN: "CHANGED",
+					},
+				},
+			},
+			{
+				Method:   "GET",
+				Resource: "/api/2.0/unity-catalog/storage-credentials/a",
+				Response: StorageCredentialInfo{
+					Name: "a",
+					Aws: &AwsIamRole{
+						RoleARN: "CHANGED",
+					},
+					MetastoreID: "d",
+				},
+			},
+		},
+		Resource: ResourceStorageCredential(),
+		Update:   true,
+		ID:       "a",
+		InstanceState: map[string]string{
+			"name":    "a",
+			"comment": "c",
+		},
+		HCL: `
+		name = "a"
+		aws_iam_role {
+			role_arn = "CHANGED"
+		}
+		comment = "c"
+		`,
+	}.ApplyNoError(t)
+}

provider/provider.go

@@ -101,6 +101,7 @@ func DatabricksProvider() *schema.Provider {
 			"databricks_sql_query":                   sqlanalytics.ResourceQuery(),
 			"databricks_sql_visualization":           sqlanalytics.ResourceVisualization(),
 			"databricks_sql_widget":                  sqlanalytics.ResourceWidget(),
+			"databricks_storage_credential":          catalog.ResourceStorageCredential(),
 			"databricks_token":                       tokens.ResourceToken(),
 			"databricks_user":                        scim.ResourceUser(),
 			"databricks_user_instance_profile":       aws.ResourceUserInstanceProfile(),