Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection #4474

Merged
merged 7 commits into from
Feb 11, 2025
Merged

[Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection #4474

merged 7 commits into from
Feb 11, 2025

Conversation

840
Copy link
Contributor

@840 840 commented Feb 5, 2025
edited
Loading

Suppress options.pem_private_key_expiration_epoch_sec attribute from API to prevent drift when creating a Snowflake connection using pem_private_key.

Resolves #4471

Changes

Add suppressPemPrivateKeyExpiration function. When options.pem_private_key_expiration_epoch_sec exists, we suppress for options.pem_private_key_expiration_epoch_sec.

Tests

Tested in my local environment.

First run:

> terraform apply

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # databricks_connection.this will be created
  + resource "databricks_connection" "this" {
      + connection_type = "SNOWFLAKE"
      + id              = (known after apply)
      + metastore_id    = (known after apply)
      + name            = "<REDACTED>"
      + options         = (sensitive value)
      + owner           = (known after apply)
      + read_only       = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

databricks_connection.this: Creating...
databricks_connection.this: Creation complete after 1s [id=<REDACTED>|<REDACTED>]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Subsequent run:

> terraform apply

databricks_connection.this: Refreshing state... [id=<REDACTED>|<REDACTED>]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so
no changes are needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Changing another variable within options inside Terraform code:

> terraform apply

databricks_connection.this: Refreshing state... [id=<REDACTED>|<REDACTED>]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # databricks_connection.this will be updated in-place
  ~ resource "databricks_connection" "this" {
        id              = "<REDACTED>|<REDACTED>"
        name            = "<REDACTED>"
      ~ options         = (sensitive value)
        # (4 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

databricks_connection.this: Modifying... [id=<REDACTED>|<REDACTED>]
databricks_connection.this: Modifications complete after 1s [id=<REDACTED>|<REDACTED>]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
  • make test run locally
  • relevant change in docs/ folder
  • covered with integration tests in internal/acceptance
  • using Go SDK
  • using TF Plugin Framework

@840 840 requested review from a team as code owners February 5, 2025 20:11
@840 840 requested review from hectorcast-db and removed request for a team February 5, 2025 20:11
@840 840 temporarily deployed to test-trigger-is February 5, 2025 20:12 — with GitHub Actions Inactive
@840 840 temporarily deployed to test-trigger-is February 5, 2025 20:19 — with GitHub Actions Inactive
@840 840 changed the title [Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection [Draft][Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection Feb 5, 2025
@840 840 marked this pull request as draft February 5, 2025 20:35
nkvuong
nkvuong reviewed Feb 6, 2025
View reviewed changes
catalog/resource_connection.go Outdated
Comment on lines 39 to 46
func suppressPemPrivateKeyExpiration(key, old, new string, d *schema.ResourceData) bool {
k := "options.pem_private_key_expiration_epoch_sec"
if _, ok := d.GetOk(k); ok && !d.HasChange(k) {
return true
}
return false
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

would it work if we set this field to optional+computed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried this initially, but it seems that because pem_private_key_expiration_epoch_sec is not defined in the Schema directly. I cannot call something like:

common.MustSchemaPath(m, "options", "pem_private_key_expiration_epoch_sec").Optional = true
common.MustSchemaPath(m, "options", "pem_private_key_expiration_epoch_sec").Computed = true

Error:

Stack trace from the terraform-provider-databricks plugin:

panic: options is not nested resource

goroutine 1 [running]:
github.com/databricks/terraform-provider-databricks/common.MustSchemaPath(...)
        /terraform-provider-databricks/common/reflect_resource.go:232
github.com/databricks/terraform-provider-databricks/catalog.ResourceConnection.func1(0x140003abce0)
        /terraform-provider-databricks/catalog/resource_connection.go:61 +0x14c
github.com/databricks/terraform-provider-databricks/common.StructToSchema({0x105685920?, 0x1400033fb80?}, 0x105720028)
        /terraform-provider-databricks/common/reflect_resource.go:257 +0x1d4
github.com/databricks/terraform-provider-databricks/catalog.ResourceConnection()
        /terraform-provider-databricks/catalog/resource_connection.go:58 +0x80
github.com/databricks/terraform-provider-databricks/internal/providers/sdkv2.DatabricksProvider({0x0, 0x0, 0x0})
        /terraform-provider-databricks/internal/providers/sdkv2/sdkv2.go:146 +0x5180
github.com/databricks/terraform-provider-databricks/internal/providers.GetProviderServer({0x105736400, 0x106239440}, {0x0, 0x0, 0x14000131ed8?})
        /terraform-provider-databricks/internal/providers/providers.go:78 +0xa4
main.main()
        /terraform-provider-databricks/main.go:41 +0x268

Need to tinker a bit more

@840 840 temporarily deployed to test-trigger-is February 6, 2025 12:39 — with GitHub Actions Inactive
@840 840 temporarily deployed to test-trigger-is February 6, 2025 12:40 — with GitHub Actions Inactive
@840 840 changed the title [Draft][Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection [Fix] Suppress options.pem_private_key_expiration_epoch_sec attribute for databricks_connection Feb 6, 2025
@840 840 marked this pull request as ready for review February 6, 2025 12:41
@840 840 temporarily deployed to test-trigger-is February 6, 2025 12:42 — with GitHub Actions Inactive
@840 840 requested a review from nkvuong February 6, 2025 13:08
@840 840 temporarily deployed to test-trigger-is February 6, 2025 14:15 — with GitHub Actions Inactive
alexott
alexott approved these changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@alexott alexott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we have any environment to test it?

@840 840 temporarily deployed to test-trigger-is February 10, 2025 12:49 — with GitHub Actions Inactive
@github-actions GitHub Actions
Copy link

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/terraform

Inputs:

  • PR number: 4474
  • Commit SHA: 1485d4212e8ebb1041dace0870939165e191371d

Checks will be approved automatically on success.

@alexott alexott requested a review from mgyucht February 11, 2025 14:08
@840 840 added this pull request to the merge queue Feb 11, 2025
Merged via the queue into databricks:main with commit 501e14d Feb 11, 2025
13 checks passed
@840 840 deleted the issue-4471 branch February 11, 2025 15:58
deco-sdk-tagging bot added a commit that referenced this pull request Feb 13, 2025
@deco-sdk-tagging
[Release] Release v1.66.0
8fbedbe 
## Release v1.66.0

### New Features and Improvements

 * Add multipart permissions to `databricks_aws_unity_catalog_policy` data source ([#4440](#4440)).

### Bug Fixes
 * Fixed an issue where reordering objects in a (pluginfw) Share wouldn’t update properly unless other changes were made ([#4481](#4481)).

 * Suppress `options.pem_private_key_expiration_epoch_sec` attribute for databricks_connection ([#4474](#4474)).

### Documentation

 * Add an example for Databricks Apps permissions ([#4475](#4475)).
 * Add explanation of timeouts to the troubleshooting guide ([#4482](#4482)).
 * Clarify that `databricks_token` and `databricks_obo_token` could be used only with workspace-level provider ([#4480](#4480)).

### Exporter

 * Refactor UC, SQL and SCIM objects into separate files ([#4477](#4477)).

### Internal Changes

 * Remove incorrectly working integration test `TestAccLibraryUpdateTransitionFromPluginFw` ([#4487](#4487)).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexott alexott alexott approved these changes

@mgyucht mgyucht mgyucht approved these changes

@hectorcast-db hectorcast-db Awaiting requested review from hectorcast-db hectorcast-db is a code owner automatically assigned from databricks/eng-plat-auto-exp-reviewers

@nkvuong nkvuong Awaiting requested review from nkvuong

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ISSUE] Issue with databricks_connection resource
4 participants
@840 @alexott @mgyucht @nkvuong