Removed check for creation of Azure Key Vault-based databricks_secret_scope using Service Principals (#1965)

* With Service Principals was never possible to create a Secret Scope in Databricks. It seems MSFT now fixed this issue. This commit removes the control that checks if the principal calling this is a Service Principal and throws an error.

* Removed unused function kvDiffFunc

Author: mattiazenidb

secrets/resource_secret_scope.go

@@ -66,10 +66,6 @@ func (a SecretScopesAPI) Create(s SecretScope) error {
 			//lint:ignore ST1005 Azure is a valid capitalized string
 			return fmt.Errorf("Azure KeyVault is not available")
 		}
-		if a.client.IsAzureClientSecretSet() {
-			//lint:ignore ST1005 Azure is a valid capitalized string
-			return fmt.Errorf("Azure KeyVault cannot yet be configured for Service Principal authorization")
-		}
 		req.BackendType = "AZURE_KEYVAULT"
 		req.BackendAzureKeyvault = s.KeyvaultMetadata
 	}
@@ -114,21 +110,6 @@ var validScope = validation.StringMatch(regexp.MustCompile(`^[\w\.@_/-]{1,128}$`
 	"Must consist of alphanumeric characters, dashes, underscores, and periods, "+
 		"and may not exceed 128 characters.")
 
-func kvDiffFunc(ctx context.Context, diff *schema.ResourceDiff, v any) error {
-	if diff == nil {
-		return nil
-	}
-	kvLst := diff.Get("keyvault_metadata").([]any)
-	if len(kvLst) == 0 {
-		return nil
-	}
-	client := v.(*common.DatabricksClient)
-	if client.IsAzure() && client.IsAzureClientSecretSet() {
-		return fmt.Errorf("you can't set up Azure KeyVault-based secret scope via Service Principal")
-	}
-	return nil
-}
-
 // ResourceSecretScope manages secret scopes
 func ResourceSecretScope() *schema.Resource {
 	s := common.StructToSchema(SecretScope{}, func(s map[string]*schema.Schema) map[string]*schema.Schema {
@@ -161,6 +142,5 @@ func ResourceSecretScope() *schema.Resource {
 		Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
 			return NewSecretScopesAPI(ctx, c).Delete(d.Id())
 		},
-		CustomizeDiff: kvDiffFunc,
 	}.ToResource()
 }

secrets/resource_secret_scope_test.go

@@ -1,7 +1,6 @@
 package secrets
 
 import (
-	"context"
 	"net/http"
 	"testing"
 
@@ -302,37 +301,3 @@ func TestResourceSecretScopeDelete_Error(t *testing.T) {
 	qa.AssertErrorStartsWith(t, err, "Internal error happened")
 	assert.Equal(t, "abc", d.Id())
 }
-
-func TestKVDiffFuncNil(t *testing.T) {
-	err := kvDiffFunc(context.Background(), nil, common.DatabricksClient{Host: ""})
-	assert.Nil(t, err)
-}
-
-func TestKVDiffFuncSPN(t *testing.T) {
-	qa.ResourceFixture{
-		Fixtures: []qa.HTTPFixture{
-			{
-				Method:   "POST",
-				Resource: "/api/2.0/secrets/scopes/create",
-				ExpectedRequest: secretScopeRequest{
-					Scope:       "Boom",
-					BackendType: "AZURE_KEYVAULT",
-					BackendAzureKeyvault: &KeyvaultMetadata{
-						ResourceID: "bcd",
-						DNSName:    "def",
-					},
-				},
-			},
-		},
-		Resource: ResourceSecretScope(),
-		HCL: `
-			name = "Boom"
-			keyvault_metadata {
-				resource_id = "bcd"
-				dns_name = "def"
-			}`,
-		Azure:    true,
-		AzureSPN: true,
-		Create:   true,
-	}.ExpectError(t, "you can't set up Azure KeyVault-based secret scope via Service Principal")
-}