Skip to content

Commit

Permalink
azurerm_databricks_workspace: Fix disabling default firewall (#26339)
Browse files Browse the repository at this point in the history
  • Loading branch information
favoretti authored Jun 14, 2024
1 parent bd0d5e0 commit b9a5a6b
Show file tree
Hide file tree
Showing 2 changed files with 123 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -633,6 +633,10 @@ func resourceDatabricksWorkspaceCreateUpdate(d *pluginsdk.ResourceData, meta int
workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled
}

if !d.IsNewResource() && d.HasChange("default_storage_firewall_enabled") {
workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled
}

if requireNsgRules != "" {
requiredNsgRulesConst := workspaces.RequiredNsgRules(requireNsgRules)
workspace.Properties.RequiredNsgRules = &requiredNsgRulesConst
Expand Down Expand Up @@ -734,7 +738,9 @@ func resourceDatabricksWorkspaceRead(d *pluginsdk.ResourceData, meta interface{}

if defaultStorageFirewall := model.Properties.DefaultStorageFirewall; defaultStorageFirewall != nil {
d.Set("default_storage_firewall_enabled", *defaultStorageFirewall != workspaces.DefaultStorageFirewallDisabled)
d.Set("access_connector_id", model.Properties.AccessConnector.Id)
if model.Properties.AccessConnector != nil {
d.Set("access_connector_id", model.Properties.AccessConnector.Id)
}
}

publicNetworkAccess := model.Properties.PublicNetworkAccess
Expand Down
117 changes: 116 additions & 1 deletion internal/services/databricks/databricks_workspace_resource_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,13 @@ func TestAccDatabricksWorkspace_defaultStorageFirewall(t *testing.T) {
),
},
data.ImportStep("custom_parameters.0.public_subnet_network_security_group_association_id", "custom_parameters.0.private_subnet_network_security_group_association_id"),
{
Config: r.defaultStorageFirewallUpdateToDisabled(data, "premium"),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep("custom_parameters.0.public_subnet_network_security_group_association_id", "custom_parameters.0.private_subnet_network_security_group_association_id", "access_connector_id"),
})
}

Expand Down Expand Up @@ -533,7 +540,6 @@ resource "azurerm_subnet_network_security_group_association" "private" {
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_databricks_access_connector" "test" {
name = "acctestDBWACC%[1]d"
resource_group_name = azurerm_resource_group.test.name
Expand Down Expand Up @@ -567,6 +573,115 @@ resource "azurerm_databricks_workspace" "test" {
`, data.RandomInteger, data.Locations.Primary, sku)
}

func (DatabricksWorkspaceResource) defaultStorageFirewallUpdateToDisabled(data acceptance.TestData, sku string) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-databricks-%[1]d"
location = "%[2]s"
}
resource "azurerm_virtual_network" "test" {
name = "acctest-vnet-%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "public" {
name = "acctest-sn-public-%[1]d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.0.1.0/24"]
delegation {
name = "acctest"
service_delegation {
name = "Microsoft.Databricks/workspaces"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
]
}
}
}
resource "azurerm_subnet" "private" {
name = "acctest-sn-private-%[1]d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.0.2.0/24"]
delegation {
name = "acctest"
service_delegation {
name = "Microsoft.Databricks/workspaces"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
"Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",
"Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action",
]
}
}
}
resource "azurerm_network_security_group" "nsg" {
name = "acctest-nsg-private-%[1]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet_network_security_group_association" "public" {
subnet_id = azurerm_subnet.public.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_subnet_network_security_group_association" "private" {
subnet_id = azurerm_subnet.private.id
network_security_group_id = azurerm_network_security_group.nsg.id
}
resource "azurerm_databricks_access_connector" "test" {
name = "acctestDBWACC%[1]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
identity {
type = "SystemAssigned"
}
}
resource "azurerm_databricks_workspace" "test" {
name = "acctestDBW-%[1]d"
resource_group_name = azurerm_resource_group.test.name
location = azurerm_resource_group.test.location
sku = "%[3]s"
custom_parameters {
no_public_ip = false
public_subnet_name = azurerm_subnet.public.name
private_subnet_name = azurerm_subnet.private.name
virtual_network_id = azurerm_virtual_network.test.id
public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.public.id
private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.private.id
}
access_connector_id = azurerm_databricks_access_connector.test.id
default_storage_firewall_enabled = false
}
`, data.RandomInteger, data.Locations.Primary, sku)
}

func (DatabricksWorkspaceResource) sameName(data acceptance.TestData, sku string) string {
return fmt.Sprintf(`
provider "azurerm" {
Expand Down

0 comments on commit b9a5a6b

Please sign in to comment.