Added databricks_enhanced_security_monitoring_workspace_setting re…

…source for ESC (Enhanced Compliance and Security) settings (databricks#3563)

* Add support for ESC (Enhanced Compliance and Security) settings

Added automatic_cluster_update and enhanced_security_monitoring settings.
Will add compliance_security_profile in a follow up PR.

* fmt

* remove doc

* update

* updates

* updates

* updates:

docs/resources/enhanced_security_monitoring_setting.md

@@ -0,0 +1,36 @@
+---
+subcategory: "Settings"
+---
+
+# databricks_enhanced_security_monitoring_workspace_setting Resource
+
+-> **Note** This resource could be only used with workspace-level provider!
+
+The `databricks_enhanced_security_monitoring_workspace_setting` resource allows you to control whether enhanced security monitoring 
+is enabled for the current workspace. If the compliance security profile is enabled, this is automatically enabled. By default, 
+it is disabled. However, if the compliance security profile is enabled, this is automatically enabled. If the compliance security 
+profile is disabled, you can enable or disable this setting and it is not permanent.
+
+## Example Usage
+
+```hcl
+resource "databricks_enhanced_security_monitoring_workspace_setting" "this" {
+  enhanced_security_monitoring_workspace {
+    is_enabled = true
+  }
+}
+```
+
+## Argument Reference
+
+The resource supports the following arguments:
+
+* `is_enabled` - (Required) Enable the Enhanced Security Monitoring on the workspace
+
+## Import
+
+This resource can be imported by predefined name `global`:
+
+```bash
+terraform import databricks_enhanced_security_monitoring_workspace_setting.this global
+```

settings/all_settings.go

@@ -15,7 +15,8 @@ import (
 //  3. Add a new entry to the AllSettingsResources map below. The final resource name will be "databricks_<SETTING_NAME>_setting".
 func AllSettingsResources() map[string]common.Resource {
 	return map[string]common.Resource{
-		"default_namespace":         makeSettingResource[settings.DefaultNamespaceSetting, *databricks.WorkspaceClient](defaultNamespaceSetting),
-		"restrict_workspace_admins": makeSettingResource[settings.RestrictWorkspaceAdminsSetting, *databricks.WorkspaceClient](restrictWsAdminsSetting),
+		"default_namespace":                      makeSettingResource[settings.DefaultNamespaceSetting, *databricks.WorkspaceClient](defaultNamespaceSetting),
+		"restrict_workspace_admins":              makeSettingResource[settings.RestrictWorkspaceAdminsSetting, *databricks.WorkspaceClient](restrictWsAdminsSetting),
+		"enhanced_security_monitoring_workspace": makeSettingResource[settings.EnhancedSecurityMonitoringSetting, *databricks.WorkspaceClient](enhancedSecurityMonitoringSetting),
 	}
 }

settings/resource_enhanced_security_monitoring_setting.go

@@ -0,0 +1,51 @@
+package settings
+
+import (
+	"context"
+	"strings"
+
+	"github.com/databricks/databricks-sdk-go"
+	"github.com/databricks/databricks-sdk-go/service/settings"
+)
+
+// Enhanced Security Monitoring setting
+var enhancedSecurityMonitoringFieldMask = strings.Join([]string{
+	"enhanced_security_monitoring_workspace.is_enabled",
+}, ",")
+var enhancedSecurityMonitoringSetting = workspaceSetting[settings.EnhancedSecurityMonitoringSetting]{
+	settingStruct: settings.EnhancedSecurityMonitoringSetting{},
+	readFunc: func(ctx context.Context, w *databricks.WorkspaceClient, etag string) (*settings.EnhancedSecurityMonitoringSetting, error) {
+		return w.Settings.EnhancedSecurityMonitoring().Get(ctx, settings.GetEnhancedSecurityMonitoringSettingRequest{
+			Etag: etag,
+		})
+	},
+	updateFunc: func(ctx context.Context, w *databricks.WorkspaceClient, t settings.EnhancedSecurityMonitoringSetting) (string, error) {
+		t.SettingName = "default"
+		res, err := w.Settings.EnhancedSecurityMonitoring().Update(ctx, settings.UpdateEnhancedSecurityMonitoringSettingRequest{
+			AllowMissing: true,
+			Setting:      t,
+			FieldMask:    enhancedSecurityMonitoringFieldMask,
+		})
+		if err != nil {
+			return "", err
+		}
+		return res.Etag, err
+	},
+	deleteFunc: func(ctx context.Context, w *databricks.WorkspaceClient, etag string) (string, error) {
+		res, err := w.Settings.EnhancedSecurityMonitoring().Update(ctx, settings.UpdateEnhancedSecurityMonitoringSettingRequest{
+			AllowMissing: true,
+			Setting: settings.EnhancedSecurityMonitoringSetting{
+				Etag:        etag,
+				SettingName: "default",
+				EnhancedSecurityMonitoringWorkspace: settings.EnhancedSecurityMonitoring{
+					IsEnabled: false,
+				},
+			},
+			FieldMask: enhancedSecurityMonitoringFieldMask,
+		})
+		if err != nil {
+			return "", err
+		}
+		return res.Etag, err
+	},
+}