Added new feature (#2015)

* 1. Add support for gcp cmk
2. Add details to gcp guide for authentication with service account (SA-1)

* Rename test name as suggested in the PR review

* Update internal/acceptance/mws_customer_managed_keys_test.go to remove provider

Co-authored-by: Serge Smertin <[email protected]>

---------

Co-authored-by: Serge Smertin <[email protected]>

Author: rohankabra-db

docs/guides/gcp-workspace.md

@@ -90,7 +90,7 @@ After you’ve added Service Account to Databricks Accounts Console, please copy
 
 Databricks account-level APIs can only be called by account owners and account admins, and can only be authenticated using Google-issued OIDC tokens. The simplest way to do this would be via [Google Cloud CLI](https://cloud.google.com/sdk/gcloud). The `gcloud` command is available after installing the SDK. Then run the following commands
 
-* `gcloud auth application-default login` to authorise your user with Google Cloud Platform.
+* `gcloud auth application-default login` to authorise your user with Google Cloud Platform. (If you want to use your [service account's credentials instead](https://cloud.google.com/docs/authentication/provide-credentials-adc#local-key), set the environment variable `GOOGLE_APPLICATION_CREDENTIALS` to the path of the JSON file that contains your service account key)
 * `terraform init` to load Google and Databricks Terraform providers.
 * `terraform apply` to apply the configuration changes. Terraform will use your credential to impersonate the service account specified in `databricks_google_service_account` to call the Databricks account-level API.
 

internal/acceptance/mws_customer_managed_keys_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 )
 
-func TestMwsAccCustomerManagedKeys(t *testing.T) {
+func TestMwsAccAwsCustomerManagedKeys(t *testing.T) {
 	accountLevel(t, step{
 		Template: `resource "databricks_mws_customer_managed_keys" "this" {
 			account_id   = "{env.DATABRICKS_ACCOUNT_ID}"
@@ -16,3 +16,15 @@ func TestMwsAccCustomerManagedKeys(t *testing.T) {
 		}`,
 	})
 }
+
+func TestMwsAccGcpCustomerManagedKeysForStorage(t *testing.T) {
+	accountLevel(t, step{
+		Template: `resource "databricks_mws_customer_managed_keys" "this" {
+				account_id   = "{env.DATABRICKS_ACCOUNT_ID}"
+				gcp_key_info {
+					kms_key_id   = "{env.TEST_GCP_KMS_KEY_ID}"
+				}
+				use_cases = ["STORAGE"]
+			}`,
+	})
+}

mws/resource_mws_customer_managed_keys.go

@@ -17,10 +17,17 @@ type AwsKeyInfo struct {
 	KeyRegion string `json:"key_region,omitempty" tf:"computed"`
 }
 
+// GcpKeyInfo has information about the KMS key for BYOK
+type GcpKeyInfo struct {
+	KmsKeyId string `json:"kms_key_id"`
+}
+
 // CustomerManagedKey contains key information and metadata for BYOK for E2
+// You must specify either AwsKeyInfo for AWS or GcpKeyInfo for GCP, but not both
 type CustomerManagedKey struct {
 	CustomerManagedKeyID string      `json:"customer_managed_key_id,omitempty" tf:"computed"`
-	AwsKeyInfo           *AwsKeyInfo `json:"aws_key_info" tf:"force_new"`
+	AwsKeyInfo           *AwsKeyInfo `json:"aws_key_info,omitempty" tf:"force_new,conflicts:gcp_key_info"`
+	GcpKeyInfo           *GcpKeyInfo `json:"gcp_key_info,omitempty" tf:"force_new,conflicts:aws_key_info"`
 	AccountID            string      `json:"account_id" tf:"force_new"`
 	CreationTime         int64       `json:"creation_time,omitempty" tf:"computed"`
 	UseCases             []string    `json:"use_cases"`