diff --git a/internal/features/four_point_oh.go b/internal/features/four_point_oh.go index f6e7927451ad..4387a9c18f48 100644 --- a/internal/features/four_point_oh.go +++ b/internal/features/four_point_oh.go @@ -3,7 +3,7 @@ package features -import "os" +// import "os" // nolint gocritic // DeprecatedInFourPointOh returns the deprecation message if the provider @@ -28,9 +28,9 @@ func DeprecatedInFourPointOh(deprecationMessage string) string { func FourPointOh() bool { // WodansSon: Added for testing 4.0 functionality, // will comment out in final check-in... - return !(os.Getenv("TF_FOUR_POINT_OH_BETA") == "") + // return !(os.Getenv("TF_FOUR_POINT_OH_BETA") == "") - // return false + return false } // FourPointOhBeta returns whether this provider is running in 4.0 mode diff --git a/internal/services/databricks/databricks_root_dbfs_customer_managed_key_resource_test.go b/internal/services/databricks/databricks_root_dbfs_customer_managed_key_resource_test.go index cfb0f91cf64a..af6a9fde3207 100644 --- a/internal/services/databricks/databricks_root_dbfs_customer_managed_key_resource_test.go +++ b/internal/services/databricks/databricks_root_dbfs_customer_managed_key_resource_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -105,6 +106,34 @@ func TestAccDatabricksWorkspaceRootDbfsCustomerManagedKey_noIp(t *testing.T) { }) } +// TODO: Add v4.0 version of the ThreePointOh test... +func TestAccDatabricksWorkspaceRootDbfsCustomerManagedKey_altRootDbfsSubscriptionComplete_ThreePointOh(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping: Test is only valid for v3.x providers") + } + + altSubscription := altSubscriptionCheck() + + if altSubscription == nil { + t.Skip("Skipping: Test requires `ARM_SUBSCRIPTION_ID_ALT` and `ARM_TENANT_ID` environment variables to be specified") + } + + data := acceptance.BuildTestData(t, "azurerm_databricks_workspace_root_dbfs_customer_managed_key", "test") + parent := acceptance.BuildTestData(t, "azurerm_databricks_workspace", "test") + r := DatabricksWorkspaceRootDbfsCustomerManagedKeyResource{} + cmkAltTemplate := r.cmkAltTemplate() + + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.altRootDbfsSubscriptionComplete(data, cmkAltTemplate, altSubscription), + Check: acceptance.ComposeTestCheckFunc( + check.That(parent.ResourceName).ExistsInAzure(r), + ), + }, + parent.ImportStep(), + }) +} + func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) Exists(ctx context.Context, clients *clients.Client, state *pluginsdk.InstanceState) (*bool, error) { id, err := workspaces.ParseWorkspaceID(state.ID) if err != nil { @@ -212,6 +241,18 @@ resource "azurerm_databricks_workspace_root_dbfs_customer_managed_key" "test" { ` } +func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) cmkAltTemplate() string { + return ` +resource "azurerm_databricks_workspace_root_dbfs_customer_managed_key" "test" { + depends_on = [azurerm_key_vault_access_policy.databricks] + + workspace_id = azurerm_databricks_workspace.test.id + key_vault_key_id = azurerm_key_vault_key.test.id + key_vault_id = azurerm_key_vault.test.id +} +` +} + func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) keyVaultTemplate(data acceptance.TestData) string { return fmt.Sprintf(` resource "azurerm_key_vault" "test" { @@ -283,3 +324,125 @@ resource "azurerm_key_vault_access_policy" "databricks" { } `, data.RandomInteger, data.Locations.Primary, data.RandomString) } + +func (DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) keyVaultAltSubscriptionTemplate(data acceptance.TestData) string { + return fmt.Sprintf(` +resource "azurerm_key_vault" "test" { + provider = azurerm-alt + + name = "kv-altsub-%[3]s" + location = azurerm_resource_group.keyVault.location + resource_group_name = azurerm_resource_group.keyVault.name + tenant_id = data.azurerm_client_config.current.tenant_id + sku_name = "premium" + + soft_delete_retention_days = 7 +} + +resource "azurerm_key_vault_key" "test" { + depends_on = [azurerm_key_vault_access_policy.terraform] + provider = azurerm-alt + + name = "acctest-key-%[1]d" + key_vault_id = azurerm_key_vault.test.id + key_type = "RSA" + key_size = 2048 + + key_opts = [ + "decrypt", + "encrypt", + "sign", + "unwrapKey", + "verify", + "wrapKey", + ] +} + +resource "azurerm_key_vault_access_policy" "terraform" { + provider = azurerm-alt + + key_vault_id = azurerm_key_vault.test.id + tenant_id = azurerm_key_vault.test.tenant_id + object_id = data.azurerm_client_config.current.object_id + + key_permissions = [ + "Get", + "List", + "Create", + "Decrypt", + "Encrypt", + "GetRotationPolicy", + "Sign", + "UnwrapKey", + "Verify", + "WrapKey", + "Delete", + "Restore", + "Recover", + "Update", + "Purge", + ] +} + +resource "azurerm_key_vault_access_policy" "databricks" { + depends_on = [azurerm_databricks_workspace.test] + provider = azurerm-alt + + key_vault_id = azurerm_key_vault.test.id + tenant_id = azurerm_databricks_workspace.test.storage_account_identity.0.tenant_id + object_id = azurerm_databricks_workspace.test.storage_account_identity.0.principal_id + + key_permissions = [ + "Get", + "GetRotationPolicy", + "UnwrapKey", + "WrapKey", + "Delete", + ] +} +`, data.RandomInteger, data.Locations.Primary, data.RandomString) +} + +func (r DatabricksWorkspaceRootDbfsCustomerManagedKeyResource) altRootDbfsSubscriptionComplete(data acceptance.TestData, cmkAlt string, alt *DatabricksWorkspaceAlternateSubscription) string { + keyVault := r.keyVaultAltSubscriptionTemplate(data) + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +provider "azurerm-alt" { + features {} + + tenant_id = "%[5]s" + subscription_id = "%[6]s" +} + +data "azurerm_client_config" "current" {} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-databricks-dbfs-%[1]d" + location = "%[2]s" +} + +resource "azurerm_resource_group" "keyVault" { + provider = azurerm-alt + + name = "acctestRG-databricks-dbfs-alt-sub-%[1]d" + location = "%[2]s" +} + +%[3]s + +resource "azurerm_databricks_workspace" "test" { + name = "acctestDBW-%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + sku = "premium" + + customer_managed_key_enabled = true + infrastructure_encryption_enabled = true +} + +%[4]s +`, data.RandomInteger, "eastus2", keyVault, cmkAlt, alt.tenant_id, alt.subscription_id) +} diff --git a/internal/services/databricks/databricks_workspace_resource.go b/internal/services/databricks/databricks_workspace_resource.go index 6f8009827b88..675ce86d3160 100644 --- a/internal/services/databricks/databricks_workspace_resource.go +++ b/internal/services/databricks/databricks_workspace_resource.go @@ -369,7 +369,6 @@ func resourceDatabricksWorkspace() *pluginsdk.Resource { Deprecated: "`managed_disk_cmk_key_vault_key_id` will be removed in favour of the property `managed_disk_cmk_key_vault_key_resource_id` in version 4.0 of the AzureRM Provider.", } - // Old Reference... resource.Schema["managed_disk_cmk_rotation_to_latest_version_enabled"] = &pluginsdk.Schema{ Type: pluginsdk.TypeBool, Optional: true, @@ -389,7 +388,6 @@ func resourceDatabricksWorkspace() *pluginsdk.Resource { ValidateFunc: validation.Any(commonids.ValidateKeyVaultKeyID, commonids.ValidateKeyVaultKeyVersionID), } - // TODO: Make sure I updated this reference in the code below, see // Old Reference above... resource.Schema["managed_disk_cmk_rotation_to_latest_version_enabled"] = &pluginsdk.Schema{ Type: pluginsdk.TypeBool, Optional: true, diff --git a/internal/services/databricks/databricks_workspace_resource_test.go b/internal/services/databricks/databricks_workspace_resource_test.go index 333e2856f049..4caafb51c4db 100644 --- a/internal/services/databricks/databricks_workspace_resource_test.go +++ b/internal/services/databricks/databricks_workspace_resource_test.go @@ -298,6 +298,7 @@ func TestAccDatabricksWorkspace_managedServicesRootDbfsCMKAndPrivateLink(t *test }) } +// TODO: Add FourPointOh versions of the below ThreePointOh tests... func TestAccDatabricksWorkspace_altSubscriptionCmkComplete_ThreePointOh(t *testing.T) { if features.FourPointOhBeta() { t.Skip("Skipping: Test is only valid for v3.x providers")