Add compliance security profile setting

settings/all_settings.go

@@ -17,5 +17,6 @@ func AllSettingsResources() map[string]common.Resource {
 	return map[string]common.Resource{
 		"default_namespace":         makeSettingResource[settings.DefaultNamespaceSetting, *databricks.WorkspaceClient](defaultNamespaceSetting),
 		"restrict_workspace_admins": makeSettingResource[settings.RestrictWorkspaceAdminsSetting, *databricks.WorkspaceClient](restrictWsAdminsSetting),
+		"compliance_security_profile_workspace": makeSettingResource[settings.ComplianceSecurityProfileSetting, *databricks.WorkspaceClient](complianceSecurityProfileSetting),
 	}
 }

settings/resource_compliance_security_profile_setting.go

@@ -0,0 +1,35 @@
+package settings
+
+import (
+	"context"
+	"strings"
+
+	"github.com/databricks/databricks-sdk-go"
+	"github.com/databricks/databricks-sdk-go/service/settings"
+)
+
+// Enhanced Security Monitoring setting
+var complianceSecurityProfileFieldMask = strings.Join([]string{
+	"compliance_security_profile_workspace.is_enabled",
+	"compliance_security_profile_workspace.compliance_standards",
+}, ",")
+var complianceSecurityProfileSetting = workspaceSetting[settings.ComplianceSecurityProfileSetting]{
+	settingStruct: settings.ComplianceSecurityProfileSetting{},
+	readFunc: func(ctx context.Context, w *databricks.WorkspaceClient, etag string) (*settings.ComplianceSecurityProfileSetting, error) {
+		return w.Settings.ComplianceSecurityProfile().Get(ctx, settings.GetComplianceSecurityProfileSettingRequest{
+			Etag: etag,
+		})
+	},
+	updateFunc: func(ctx context.Context, w *databricks.WorkspaceClient, t settings.ComplianceSecurityProfileSetting) (string, error) {
+		t.SettingName = "default"
+		res, err := w.Settings.ComplianceSecurityProfile().Update(ctx, settings.UpdateComplianceSecurityProfileSettingRequest{
+			AllowMissing: true,
+			Setting:      t,
+			FieldMask:    complianceSecurityProfileFieldMask,
+		})
+		if err != nil {
+			return "", err
+		}
+		return res.Etag, err
+	},
+}

settings/resource_compliance_security_profile_setting_test.go

@@ -0,0 +1,87 @@
+package settings
+
+import (
+	"testing"
+
+	"github.com/databricks/databricks-sdk-go/apierr"
+	"github.com/databricks/databricks-sdk-go/experimental/mocks"
+	"github.com/databricks/databricks-sdk-go/service/settings"
+	"github.com/databricks/terraform-provider-databricks/qa"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
+)
+
+var testComplianceSecurityProfileSetting = AllSettingsResources()["compliance_security_profile_workspace"]
+
+func TestQueryCreateComplianceSecurityProfileSettingWithNoneStandard(t *testing.T) {
+	d, err := qa.ResourceFixture{
+		MockWorkspaceClientFunc: func(w *mocks.MockWorkspaceClient) {
+			e := w.GetMockComplianceSecurityProfileAPI().EXPECT()
+			e.Update(mock.Anything, settings.UpdateComplianceSecurityProfileSettingRequest{
+				AllowMissing: true,
+				FieldMask:    complianceSecurityProfileFieldMask,
+				Setting: settings.ComplianceSecurityProfileSetting{
+					Etag: "",
+					ComplianceSecurityProfileWorkspace: settings.ComplianceSecurityProfile{
+						IsEnabled: true,
+						ComplianceStandards: []settings.ComplianceStandard{"NONE"},
+					},
+					SettingName: "default",
+				},
+			}).Return(nil, &apierr.APIError{
+				ErrorCode:  "NOT_FOUND",
+				StatusCode: 404,
+				Message:    "SomeMessage",
+				Details: []apierr.ErrorDetail{{
+					Type: "type.googleapis.com/google.rpc.ErrorInfo",
+					Metadata: map[string]string{
+						etagAttrName: "etag1",
+					},
+				}},
+			})
+			e.Update(mock.Anything, settings.UpdateComplianceSecurityProfileSettingRequest{
+				AllowMissing: true,
+				FieldMask:    complianceSecurityProfileFieldMask,
+				Setting: settings.ComplianceSecurityProfileSetting{
+					Etag: "etag1",
+					ComplianceSecurityProfileWorkspace: settings.ComplianceSecurityProfile{
+						IsEnabled: true,
+						ComplianceStandards: []settings.ComplianceStandard{"NONE"},
+					},
+					SettingName: "default",
+				},
+			}).Return(&settings.ComplianceSecurityProfileSetting{
+				Etag: "etag2",
+				ComplianceSecurityProfileWorkspace: settings.ComplianceSecurityProfile{
+					IsEnabled: true,
+					ComplianceStandards: []settings.ComplianceStandard{"NONE"},
+				},
+				SettingName: "default",
+			}, nil)
+			e.Get(mock.Anything, settings.GetComplianceSecurityProfileSettingRequest{
+				Etag: "etag2",
+			}).Return(&settings.ComplianceSecurityProfileSetting{
+				Etag: "etag2",
+				ComplianceSecurityProfileWorkspace: settings.ComplianceSecurityProfile{
+					IsEnabled: true,
+					ComplianceStandards: []settings.ComplianceStandard{"NONE"},
+				},
+				SettingName: "default",
+			}, nil)
+		},
+		Resource: testComplianceSecurityProfileSetting,
+		Create:   true,
+		HCL: `
+			compliance_security_profile_workspace {
+				is_enabled = true
+				compliance_standards = ["NONE"]
+			}
+		`,
+	}.Apply(t)
+
+	assert.NoError(t, err)
+
+	assert.Equal(t, defaultSettingId, d.Id())
+	assert.Equal(t, "etag2", d.Get(etagAttrName).(string))
+	assert.Equal(t, true, d.Get("compliance_security_profile_workspace.0.is_enabled"))
+}