-
Notifications
You must be signed in to change notification settings - Fork 386
/
resource_mws_credentials.go
114 lines (105 loc) · 3.95 KB
/
resource_mws_credentials.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package mws
import (
"context"
"fmt"
"github.com/databricks/databricks-sdk-go/service/provisioning"
"github.com/databricks/terraform-provider-databricks/common"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
)
// NewCredentialsAPI creates MWSCredentialsAPI instance from provider meta
func NewCredentialsAPI(ctx context.Context, m any) CredentialsAPI {
return CredentialsAPI{m.(*common.DatabricksClient), ctx}
}
// CredentialsAPI exposes the mws credentials API
type CredentialsAPI struct {
client *common.DatabricksClient
context context.Context
}
// List lists all the available credentials object in the mws account
func (a CredentialsAPI) List(mwsAcctID string) ([]Credentials, error) {
var mwsCredsList []Credentials
credentialsAPIPath := fmt.Sprintf("/accounts/%s/credentials", mwsAcctID)
err := a.client.Get(a.context, credentialsAPIPath, nil, &mwsCredsList)
return mwsCredsList, err
}
type CredentialInfo struct {
// The account id - this is for backwards compatiblity
AccountId string `json:"account_id,omitempty" tf:"force_new,suppress_diff"`
// The human-readable name of the credential configuration object.
CredentialsName string `json:"credentials_name" tf:"force_new"`
// The Amazon Resource Name (ARN) of the cross account role.
RoleArn string `json:"role_arn" tf:"force_new"`
// Time in epoch milliseconds when the credential was created.
CreationTime int64 `json:"creation_time,omitempty" tf:"computed"`
// Databricks credential configuration ID.
CredentialsId string `json:"credentials_id,omitempty" tf:"computed"`
// The external ID that needs to be trusted by the cross-account role. This
// is always your Databricks account ID.
ExternalId string `json:"external_id,omitempty" tf:"computed"`
}
func ResourceMwsCredentials() common.Resource {
p := common.NewPairSeparatedID("account_id", "credentials_id", "/")
return common.Resource{
Create: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
acc, err := c.AccountClientWithAccountIdFromConfig(d)
if err != nil {
return err
}
roleArn := d.Get("role_arn").(string)
credentialsName := d.Get("credentials_name").(string)
credentials, err := acc.Credentials.Create(ctx, provisioning.CreateCredentialRequest{
CredentialsName: credentialsName,
AwsCredentials: provisioning.CreateCredentialAwsCredentials{
StsRole: &provisioning.CreateCredentialStsRole{
RoleArn: roleArn,
},
},
})
if err != nil {
return err
}
d.Set("credentials_id", credentials.CredentialsId)
d.Set("account_id", c.Config.AccountID)
p.Pack(d)
return nil
},
Read: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
acc, err := c.AccountClient()
if err != nil {
return err
}
_, credsId, err := p.Unpack(d)
if err != nil {
return err
}
credentials, err := acc.Credentials.GetByCredentialsId(ctx, credsId)
if err != nil {
return err
}
d.Set("credentials_name", credentials.CredentialsName)
d.Set("role_arn", credentials.AwsCredentials.StsRole.RoleArn)
d.Set("creation_time", credentials.CreationTime)
return d.Set("external_id", credentials.AwsCredentials.StsRole.ExternalId)
},
// this resource cannot be updated, add this to prevent "doesn't support update" error from TF
Update: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
return nil
},
Delete: func(ctx context.Context, d *schema.ResourceData, c *common.DatabricksClient) error {
acc, err := c.AccountClient()
if err != nil {
return err
}
_, credsId, err := p.Unpack(d)
if err != nil {
return err
}
return acc.Credentials.DeleteByCredentialsId(ctx, credsId)
},
Schema: common.StructToSchema(CredentialInfo{}, func(s map[string]*schema.Schema) map[string]*schema.Schema {
// nolint
s["account_id"].Deprecated = "`account_id` should be set as part of the Databricks Config, not in the resource."
return s
}),
}
}