Added DBFS test case...

internal/features/four_point_oh.go

@@ -3,7 +3,7 @@
 
 package features
 
-import "os"
+// import "os"
 
 // nolint gocritic
 // DeprecatedInFourPointOh returns the deprecation message if the provider
@@ -28,9 +28,9 @@ func DeprecatedInFourPointOh(deprecationMessage string) string {
 func FourPointOh() bool {
 	// WodansSon: Added for testing 4.0 functionality,
 	// will comment out in final check-in...
-	return !(os.Getenv("TF_FOUR_POINT_OH_BETA") == "")
+	// return !(os.Getenv("TF_FOUR_POINT_OH_BETA") == "")
 
-	// return false
+	return false
 }
 
 // FourPointOhBeta returns whether this provider is running in 4.0 mode

internal/services/databricks/databricks_root_dbfs_customer_managed_key_resource_test.go

@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
+	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
 	"github.com/hashicorp/terraform-provider-azurerm/utils"
 )
@@ -105,6 +106,34 @@ func TestAccDatabricksWorkspaceRootDbfsCustomerManagedKey_noIp(t *testing.T) {
 	})
 }
 
+// TODO: Add v4.0 version of the ThreePointOh test...
+func TestAccDatabricksWorkspaceRootDbfsCustomerManagedKey_altRootDbfsSubscriptionComplete_ThreePointOh(t *testing.T) {
+	if features.FourPointOhBeta() {
+		t.Skip("Skipping: Test is only valid for v3.x providers")
+	}
+
+	altSubscription := altSubscriptionCheck()
+
+	if altSubscription == nil {
+		t.Skip("Skipping: Test requires `ARM_SUBSCRIPTION_ID_ALT` and `ARM_TENANT_ID` environment variables to be specified")
+	}
+
+	data := acceptance.BuildTestData(t, "azurerm_databricks_workspace_root_dbfs_customer_managed_key", "test")
+	parent := acceptance.BuildTestData(t, "azurerm_databricks_workspace", "test")
+	r := DatabricksWorkspaceRootDbfsCustomerManagedKeyResource{}
+	cmkAltTemplate := r.cmkAltTemplate()
+
+	data.ResourceTest(t, r, []acceptance.TestStep{
+		{
+			Config: r.altRootDbfsSubscriptionComplete(data, cmkAltTemplate, altSubscription),
+			Check: acceptance.ComposeTestCheckFunc(
+				check.That(parent.ResourceName).ExistsInAzure(r),
+			),
+		},
+		parent.ImportStep(),
+	})
+}
+
 func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
 	id, err := workspaces.ParseWorkspaceID(state.ID)
 	if err != nil {
@@ -212,6 +241,18 @@ resource "azurerm_databricks_workspace_root_dbfs_customer_managed_key" "test" {
 `
 }
 
+func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) cmkAltTemplate() string {
+	return `
+resource "azurerm_databricks_workspace_root_dbfs_customer_managed_key" "test" {
+  depends_on = [azurerm_key_vault_access_policy.databricks]
+
+  workspace_id     = azurerm_databricks_workspace.test.id
+  key_vault_key_id = azurerm_key_vault_key.test.id
+  key_vault_id     = azurerm_key_vault.test.id
+}
+`
+}
+
 func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) keyVaultTemplate(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 resource "azurerm_key_vault" "test" {
@@ -283,3 +324,125 @@ resource "azurerm_key_vault_access_policy" "databricks" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomString)
 }
+
+func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) keyVaultAltSubscriptionTemplate(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+resource "azurerm_key_vault" "test" {
+  provider = azurerm-alt
+
+  name                = "kv-altsub-%[3]s"
+  location            = azurerm_resource_group.keyVault.location
+  resource_group_name = azurerm_resource_group.keyVault.name
+  tenant_id           = data.azurerm_client_config.current.tenant_id
+  sku_name            = "premium"
+
+  soft_delete_retention_days = 7
+}
+
+resource "azurerm_key_vault_key" "test" {
+  depends_on = [azurerm_key_vault_access_policy.terraform]
+  provider   = azurerm-alt
+
+  name         = "acctest-key-%[1]d"
+  key_vault_id = azurerm_key_vault.test.id
+  key_type     = "RSA"
+  key_size     = 2048
+
+  key_opts = [
+    "decrypt",
+    "encrypt",
+    "sign",
+    "unwrapKey",
+    "verify",
+    "wrapKey",
+  ]
+}
+
+resource "azurerm_key_vault_access_policy" "terraform" {
+  provider = azurerm-alt
+
+  key_vault_id = azurerm_key_vault.test.id
+  tenant_id    = azurerm_key_vault.test.tenant_id
+  object_id    = data.azurerm_client_config.current.object_id
+
+  key_permissions = [
+    "Get",
+    "List",
+    "Create",
+    "Decrypt",
+    "Encrypt",
+    "GetRotationPolicy",
+    "Sign",
+    "UnwrapKey",
+    "Verify",
+    "WrapKey",
+    "Delete",
+    "Restore",
+    "Recover",
+    "Update",
+    "Purge",
+  ]
+}
+
+resource "azurerm_key_vault_access_policy" "databricks" {
+  depends_on = [azurerm_databricks_workspace.test]
+  provider   = azurerm-alt
+
+  key_vault_id = azurerm_key_vault.test.id
+  tenant_id    = azurerm_databricks_workspace.test.storage_account_identity.0.tenant_id
+  object_id    = azurerm_databricks_workspace.test.storage_account_identity.0.principal_id
+
+  key_permissions = [
+    "Get",
+    "GetRotationPolicy",
+    "UnwrapKey",
+    "WrapKey",
+    "Delete",
+  ]
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomString)
+}
+
+func (r DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) altRootDbfsSubscriptionComplete(data acceptance.TestData, cmkAlt string, alt *DatabricksWorkspaceAlternateSubscription) string {
+	keyVault := r.keyVaultAltSubscriptionTemplate(data)
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+provider "azurerm-alt" {
+  features {}
+
+  tenant_id       = "%[5]s"
+  subscription_id = "%[6]s"
+}
+
+data "azurerm_client_config" "current" {}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-databricks-dbfs-%[1]d"
+  location = "%[2]s"
+}
+
+resource "azurerm_resource_group" "keyVault" {
+  provider = azurerm-alt
+
+  name     = "acctestRG-databricks-dbfs-alt-sub-%[1]d"
+  location = "%[2]s"
+}
+
+%[3]s
+
+resource "azurerm_databricks_workspace" "test" {
+  name                = "acctestDBW-%[1]d"
+  resource_group_name = azurerm_resource_group.test.name
+  location            = azurerm_resource_group.test.location
+  sku                 = "premium"
+
+  customer_managed_key_enabled      = true
+  infrastructure_encryption_enabled = true
+}
+
+%[4]s
+`, data.RandomInteger, "eastus2", keyVault, cmkAlt, alt.tenant_id, alt.subscription_id)
+}

internal/services/databricks/databricks_workspace_resource.go

@@ -369,7 +369,6 @@ func resourceDatabricksWorkspace() *pluginsdk.Resource {
 			Deprecated:   "`managed_disk_cmk_key_vault_key_id` will be removed in favour of the property `managed_disk_cmk_key_vault_key_resource_id` in version 4.0 of the AzureRM Provider.",
 		}
 
-		// Old Reference...
 		resource.Schema["managed_disk_cmk_rotation_to_latest_version_enabled"] = &pluginsdk.Schema{
 			Type:         pluginsdk.TypeBool,
 			Optional:     true,
@@ -389,7 +388,6 @@ func resourceDatabricksWorkspace() *pluginsdk.Resource {
 			ValidateFunc: validation.Any(commonids.ValidateKeyVaultKeyID, commonids.ValidateKeyVaultKeyVersionID),
 		}
 
-		// TODO: Make sure I updated this reference in the code below, see // Old Reference above...
 		resource.Schema["managed_disk_cmk_rotation_to_latest_version_enabled"] = &pluginsdk.Schema{
 			Type:         pluginsdk.TypeBool,
 			Optional:     true,

internal/services/databricks/databricks_workspace_resource_test.go

@@ -298,6 +298,7 @@ func TestAccDatabricksWorkspace_managedServicesRootDbfsCMKAndPrivateLink(t *test
 	})
 }
 
+// TODO: Add FourPointOh versions of the below ThreePointOh tests...
 func TestAccDatabricksWorkspace_altSubscriptionCmkComplete_ThreePointOh(t *testing.T) {
 	if features.FourPointOhBeta() {
 		t.Skip("Skipping: Test is only valid for v3.x providers")