Merge branch 'main' into feature-sp-secret-lifetime

Author: alexott

.github/workflows/release.yml

@@ -38,11 +38,27 @@ jobs:
           GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
           PASSPHRASE: ${{ secrets.PASSPHRASE }}
 
+      - name: Set GoReleaser args
+        run: |
+          if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
+            RELEASE_NOTES_DIR=$(mktemp -d)
+            RELEASE_NOTES_FILE="$RELEASE_NOTES_DIR/release-notes.md"
+            git for-each-ref --format='%(body)' ${{ github.ref }} > "$RELEASE_NOTES_FILE"
+            echo "Release notes contents:"
+            cat "$RELEASE_NOTES_FILE"
+            GORELEASER_ARGS="--release-notes $RELEASE_NOTES_FILE"
+            echo "GORELEASER_ARGS=$GORELEASER_ARGS" >> $GITHUB_ENV
+          else
+            echo "Not a release tag, skipping release notes"
+            GORELEASER_ARGS="--snapshot"
+            echo "GORELEASER_ARGS=$GORELEASER_ARGS" >> $GITHUB_ENV
+          fi
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v6
         with:
           version: ~> v2
-          args: release --clean ${{ !startsWith(github.ref, 'refs/tags/v') && '--snapshot' || '' }} --release-notes <(git for-each-ref --format='%(body)' ${{ github.ref }})
+          args: release --clean $GORELEASER_ARGS
         env:
           # use GITHUB_TOKEN that is already available in secrets.GITHUB_TOKEN
           # https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token

.release_metadata.json

@@ -1,3 +1,3 @@
 {
-    "timestamp": "2025-04-10 13:36:07+0000"
+    "timestamp": "2025-04-07 14:32:14+0000"
 }

CHANGELOG.md

@@ -1,29 +1,5 @@
 # Version changelog
 
-## Release v1.73.0
-
-### New Features and Improvements
-
- * Add a new settings resource `databricks_disable_legacy_dbfs_setting` ([#4605](https://github.com/databricks/terraform-provider-databricks/pull/4605))
-
-### Bug Fixes
-
- * Increase the default HTTP timeout to 65 seconds.
-
-### Documentation
-
- * Document `user_api_scopes` in `databricks_app` resource and data sources ([#4614](https://github.com/databricks/terraform-provider-databricks/pull/4614))
- * Document new fields in `databricks_model_serving` resource ([#4615](https://github.com/databricks/terraform-provider-databricks/pull/4615))
-
-### Exporter
-
- * Add export of `databricks_mws_network_connectivity_config` and `databricks_mws_ncc_private_endpoint_rule` ([#4613](https://github.com/databricks/terraform-provider-databricks/pull/4613))
-
-### Internal Changes
-
-* Add `TestMwsAccGcpWorkspaces` and `TestMwsAccGcpByovpcWorkspaces` to flaky test ([#4624](https://github.com/databricks/terraform-provider-databricks/pull/4624)).
-
-
 ## Release v1.72.0
 
 ### New Features and Improvements

NEXT_CHANGELOG.md

@@ -1,15 +1,26 @@
 # NEXT CHANGELOG
 
-## Release v1.74.0
+## Release v1.73.0
 
 ### New Features and Improvements
 
 * Support for `lifetime` attribute in `databricks_service_principal_secret` resource ([#4633](https://github.com/databricks/terraform-provider-databricks/pull/4633)).
+ * Add a new settings resource `databricks_disable_legacy_dbfs_setting` ([#4605](https://github.com/databricks/terraform-provider-databricks/pull/4605))
 
 ### Bug Fixes
 
+ * Increase the default HTTP timeout to 65 seconds.
+
 ### Documentation
 
+ * Document `user_api_scopes` in `databricks_app` resource and data sources ([#4614](https://github.com/databricks/terraform-provider-databricks/pull/4614))
+ * Document new fields in `databricks_model_serving` resource ([#4615](https://github.com/databricks/terraform-provider-databricks/pull/4615))
+
 ### Exporter
 
+ * Add export of `databricks_mws_network_connectivity_config` and `databricks_mws_ncc_private_endpoint_rule` ([#4613](https://github.com/databricks/terraform-provider-databricks/pull/4613))
+
 ### Internal Changes
+
+* Refactor `databricks_mws_workspaces` resource and datasource, as well as `databricks_mws_ncc_binding`, to use the Go SDK ([#4633](https://github.com/databricks/terraform-provider-databricks/pull/4633)).
+* Add `TestMwsAccGcpWorkspaces` and `TestMwsAccGcpByovpcWorkspaces` to flaky test ([#4624](https://github.com/databricks/terraform-provider-databricks/pull/4624)).

common/client.go

@@ -2,16 +2,21 @@ package common
 
 import (
 	"context"
+	"fmt"
 	"log"
 	"net/http"
 	"path/filepath"
 	"strings"
 	"testing"
 
+	"github.com/databricks/databricks-sdk-go"
 	"github.com/databricks/databricks-sdk-go/client"
 	"github.com/databricks/databricks-sdk-go/config"
+	"github.com/databricks/databricks-sdk-go/experimental/mocks"
 	"github.com/databricks/databricks-sdk-go/service/iam"
+	"github.com/databricks/databricks-sdk-go/service/provisioning"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/mock"
 	"github.com/stretchr/testify/require"
 )
 
@@ -335,3 +340,96 @@ func TestCachedMe_Me_MakesSingleRequest(t *testing.T) {
 	cm.Me(context.Background())
 	assert.Equal(t, 1, mock.count)
 }
+
+func TestWorkspaceClientForWorkspace_WorkspaceDoesNotExist(t *testing.T) {
+	mockAcc := mocks.NewMockAccountClient(t)
+	mockWorkspacesAPI := mockAcc.GetMockWorkspacesAPI()
+
+	// Setup the mock to return an error for non-existent workspace
+	mockWorkspacesAPI.EXPECT().Get(mock.Anything, provisioning.GetWorkspaceRequest{
+		WorkspaceId: 12345,
+	}).Return(nil, fmt.Errorf("workspace not found"))
+
+	// Create a DatabricksClient with the mock account client
+	dc := &DatabricksClient{
+		DatabricksClient: &client.DatabricksClient{
+			Config: &config.Config{},
+		},
+	}
+	dc.SetAccountClient(mockAcc.AccountClient)
+
+	// Call the method with a non-existent workspace ID
+	_, err := dc.WorkspaceClientForWorkspace(context.Background(), 12345)
+
+	// Verify the error
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "workspace not found")
+}
+
+func TestWorkspaceClientForWorkspace_WorkspaceExistsNotInCache(t *testing.T) {
+	mockAcc := mocks.NewMockAccountClient(t)
+	mockAcc.AccountClient.Config = &config.Config{
+		Token: "dapi123", // Instantiating WorkspaceClient attempts authentication, this allows Configure() to complete quickly.
+	}
+	mockWorkspacesAPI := mockAcc.GetMockWorkspacesAPI()
+
+	// Create a mock workspace
+	mockWorkspace := &provisioning.Workspace{
+		WorkspaceId:    12345,
+		WorkspaceName:  "test-workspace",
+		DeploymentName: "test-deployment",
+	}
+
+	// Setup the mock to return the workspace
+	mockWorkspacesAPI.EXPECT().Get(mock.Anything, provisioning.GetWorkspaceRequest{
+		WorkspaceId: 12345,
+	}).Return(mockWorkspace, nil)
+
+	// Create a DatabricksClient with the mock account client
+	dc := &DatabricksClient{
+		DatabricksClient: &client.DatabricksClient{
+			Config: &config.Config{},
+		},
+	}
+	dc.SetAccountClient(mockAcc.AccountClient)
+
+	// Call the method with the workspace ID
+	workspaceClient, err := dc.WorkspaceClientForWorkspace(context.Background(), 12345)
+
+	// Verify no error and client is returned
+	assert.NoError(t, err)
+	assert.NotNil(t, workspaceClient)
+
+	// Verify the workspace client is configured correctly
+	assert.Equal(t, fmt.Sprintf("https://%s.cloud.databricks.com", mockWorkspace.DeploymentName), workspaceClient.Config.Host)
+
+	// Verify the client is cached
+	dc.mu.Lock()
+	cachedClient, exists := dc.cachedWorkspaceClients[12345]
+	dc.mu.Unlock()
+
+	assert.True(t, exists)
+	assert.Equal(t, workspaceClient, cachedClient)
+}
+
+func TestWorkspaceClientForWorkspace_WorkspaceExistsInCache(t *testing.T) {
+	// Create a mock workspace client
+	mockWorkspaceClient := &databricks.WorkspaceClient{}
+
+	// Create a DatabricksClient with the mock workspace client in cache
+	dc := &DatabricksClient{
+		DatabricksClient: &client.DatabricksClient{
+			Config: &config.Config{},
+		},
+	}
+
+	// Set the workspace client in cache
+	dc.SetWorkspaceClientForWorkspace(12345, mockWorkspaceClient)
+
+	// Call the method with the workspace ID
+	workspaceClient, err := dc.WorkspaceClientForWorkspace(context.Background(), 12345)
+
+	// Verify no error and the cached client is returned
+	assert.NoError(t, err)
+	assert.Equal(t, mockWorkspaceClient, workspaceClient)
+}

common/client_test.go

@@ -0,0 +1,28 @@
+package common
+
+import "context"
+
+var (
+	// ResourceName is resource name without databricks_ prefix
+	ResourceName contextKey = 1
+	// Provider is the current instance of provider
+	Provider contextKey = 2
+	// Current is the current name of integration test
+	Current contextKey = 3
+	// If current resource is data
+	IsData contextKey = 4
+	// apiVersion
+	Api contextKey = 5
+	// SDK used
+	Sdk contextKey = 6
+)
+
+type contextKey int
+
+func (k contextKey) GetOrUnknown(ctx context.Context) string {
+	rn, ok := ctx.Value(k).(string)
+	if !ok {
+		return "unknown"
+	}
+	return rn
+}

common/constants.go

@@ -1,32 +1,6 @@
 package common
 
-import "context"
-
-var (
-	version = "1.73.0"
-	// ResourceName is resource name without databricks_ prefix
-	ResourceName contextKey = 1
-	// Provider is the current instance of provider
-	Provider contextKey = 2
-	// Current is the current name of integration test
-	Current contextKey = 3
-	// If current resource is data
-	IsData contextKey = 4
-	// apiVersion
-	Api contextKey = 5
-	// SDK used
-	Sdk contextKey = 6
-)
-
-type contextKey int
-
-func (k contextKey) GetOrUnknown(ctx context.Context) string {
-	rn, ok := ctx.Value(k).(string)
-	if !ok {
-		return "unknown"
-	}
-	return rn
-}
+var version = "1.72.0"
 
 // Version returns version of provider
 func Version() string {

common/version.go

@@ -9,6 +9,7 @@ subcategory: "Security"
 This resource allows you to manage access rules on Databricks account level resources. For convenience we allow accessing this resource through the Databricks account and workspace.
 
 -> Currently, we only support managing access rules on specific object resources (service principal, group, budget policies and account) through `databricks_access_control_rule_set`.
+
 !> `databricks_access_control_rule_set` cannot be used to manage access rules for resources supported by [databricks_permissions](permissions.md). Refer to its documentation for more information.
 
 ~> This resource is _authoritative_ for permissions on objects. Configuring this resource for an object will **OVERWRITE** any existing permissions of the same type unless imported, and changes made outside of Terraform will be reset.