From e8c4b2fcca344b6c32ebcab6a0ef03a6e3b683fd Mon Sep 17 00:00:00 2001 From: Vladimir Lazarenko Date: Fri, 14 Jun 2024 13:49:27 +0200 Subject: [PATCH 1/2] `azurerm_databrocks_workspace`: Fix disabling default firewall Fixes #26213 --- internal/services/databricks/databricks_workspace_resource.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/services/databricks/databricks_workspace_resource.go b/internal/services/databricks/databricks_workspace_resource.go index a415d413e451..a93f30512d30 100644 --- a/internal/services/databricks/databricks_workspace_resource.go +++ b/internal/services/databricks/databricks_workspace_resource.go @@ -630,9 +630,10 @@ func resourceDatabricksWorkspaceCreateUpdate(d *pluginsdk.ResourceData, meta int } workspace.Properties.AccessConnector = &accessConnectorProperties - workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled } + workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled + if requireNsgRules != "" { requiredNsgRulesConst := workspaces.RequiredNsgRules(requireNsgRules) workspace.Properties.RequiredNsgRules = &requiredNsgRulesConst From bcd819142f7286799c3eb95676fa3e64e4e1acad Mon Sep 17 00:00:00 2001 From: Vladimir Lazarenko Date: Fri, 14 Jun 2024 16:29:27 +0200 Subject: [PATCH 2/2] Fix the fix --- .../databricks_workspace_resource.go | 9 +- .../databricks_workspace_resource_test.go | 117 +++++++++++++++++- 2 files changed, 123 insertions(+), 3 deletions(-) diff --git a/internal/services/databricks/databricks_workspace_resource.go b/internal/services/databricks/databricks_workspace_resource.go index a93f30512d30..18db85ef962d 100644 --- a/internal/services/databricks/databricks_workspace_resource.go +++ b/internal/services/databricks/databricks_workspace_resource.go @@ -630,9 +630,12 @@ func resourceDatabricksWorkspaceCreateUpdate(d *pluginsdk.ResourceData, meta int } workspace.Properties.AccessConnector = &accessConnectorProperties + workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled } - workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled + if !d.IsNewResource() && d.HasChange("default_storage_firewall_enabled") { + workspace.Properties.DefaultStorageFirewall = &defaultStorageFirewallEnabled + } if requireNsgRules != "" { requiredNsgRulesConst := workspaces.RequiredNsgRules(requireNsgRules) @@ -735,7 +738,9 @@ func resourceDatabricksWorkspaceRead(d *pluginsdk.ResourceData, meta interface{} if defaultStorageFirewall := model.Properties.DefaultStorageFirewall; defaultStorageFirewall != nil { d.Set("default_storage_firewall_enabled", *defaultStorageFirewall != workspaces.DefaultStorageFirewallDisabled) - d.Set("access_connector_id", model.Properties.AccessConnector.Id) + if model.Properties.AccessConnector != nil { + d.Set("access_connector_id", model.Properties.AccessConnector.Id) + } } publicNetworkAccess := model.Properties.PublicNetworkAccess diff --git a/internal/services/databricks/databricks_workspace_resource_test.go b/internal/services/databricks/databricks_workspace_resource_test.go index 60c01362b9c2..ae026ff97d0c 100644 --- a/internal/services/databricks/databricks_workspace_resource_test.go +++ b/internal/services/databricks/databricks_workspace_resource_test.go @@ -52,6 +52,13 @@ func TestAccDatabricksWorkspace_defaultStorageFirewall(t *testing.T) { ), }, data.ImportStep("custom_parameters.0.public_subnet_network_security_group_association_id", "custom_parameters.0.private_subnet_network_security_group_association_id"), + { + Config: r.defaultStorageFirewallUpdateToDisabled(data, "premium"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep("custom_parameters.0.public_subnet_network_security_group_association_id", "custom_parameters.0.private_subnet_network_security_group_association_id", "access_connector_id"), }) } @@ -533,7 +540,6 @@ resource "azurerm_subnet_network_security_group_association" "private" { network_security_group_id = azurerm_network_security_group.nsg.id } - resource "azurerm_databricks_access_connector" "test" { name = "acctestDBWACC%[1]d" resource_group_name = azurerm_resource_group.test.name @@ -567,6 +573,115 @@ resource "azurerm_databricks_workspace" "test" { `, data.RandomInteger, data.Locations.Primary, sku) } +func (DatabricksWorkspaceResource) defaultStorageFirewallUpdateToDisabled(data acceptance.TestData, sku string) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-databricks-%[1]d" + location = "%[2]s" +} + +resource "azurerm_virtual_network" "test" { + name = "acctest-vnet-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + address_space = ["10.0.0.0/16"] +} + +resource "azurerm_subnet" "public" { + name = "acctest-sn-public-%[1]d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.1.0/24"] + + delegation { + name = "acctest" + + service_delegation { + name = "Microsoft.Databricks/workspaces" + + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", + "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action", + ] + } + } +} + +resource "azurerm_subnet" "private" { + name = "acctest-sn-private-%[1]d" + resource_group_name = azurerm_resource_group.test.name + virtual_network_name = azurerm_virtual_network.test.name + address_prefixes = ["10.0.2.0/24"] + + delegation { + name = "acctest" + + service_delegation { + name = "Microsoft.Databricks/workspaces" + + actions = [ + "Microsoft.Network/virtualNetworks/subnets/join/action", + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action", + "Microsoft.Network/virtualNetworks/subnets/unprepareNetworkPolicies/action", + ] + } + } +} + +resource "azurerm_network_security_group" "nsg" { + name = "acctest-nsg-private-%[1]d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name +} + +resource "azurerm_subnet_network_security_group_association" "public" { + subnet_id = azurerm_subnet.public.id + network_security_group_id = azurerm_network_security_group.nsg.id +} + +resource "azurerm_subnet_network_security_group_association" "private" { + subnet_id = azurerm_subnet.private.id + network_security_group_id = azurerm_network_security_group.nsg.id +} + +resource "azurerm_databricks_access_connector" "test" { + name = "acctestDBWACC%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + + identity { + type = "SystemAssigned" + } +} + +resource "azurerm_databricks_workspace" "test" { + name = "acctestDBW-%[1]d" + resource_group_name = azurerm_resource_group.test.name + location = azurerm_resource_group.test.location + sku = "%[3]s" + + custom_parameters { + no_public_ip = false + public_subnet_name = azurerm_subnet.public.name + private_subnet_name = azurerm_subnet.private.name + virtual_network_id = azurerm_virtual_network.test.id + + public_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.public.id + private_subnet_network_security_group_association_id = azurerm_subnet_network_security_group_association.private.id + } + + access_connector_id = azurerm_databricks_access_connector.test.id + default_storage_firewall_enabled = false + +} +`, data.RandomInteger, data.Locations.Primary, sku) +} + func (DatabricksWorkspaceResource) sameName(data acceptance.TestData, sku string) string { return fmt.Sprintf(` provider "azurerm" {