[Feature] Add support partitions in policy data sources

[ashenm]

Changes

• Resolves https://github.com/databricks/terraform-provider-databricks/issues/4054
• Resolves https://github.com/databricks/terraform-provider-databricks/issues/4152
• Add optional argument aws_partition to all aws policy data sources to allow usage in all aws partitions

Tests

• [x] make test run locally
• [x] relevant change in docs/ folder
• [x] covered with integration tests in internal/acceptance
• [x] relevant acceptance tests are passing
• [ ] using Go SDK

[ashenm]

@hectorcast-db please take a stab at this

[ashenm]

@alexott

https://github.com/databricks/terraform-provider-databricks/blob/main/aws/data_aws_assume_role_policy.go isn't modified, especially, we need to double-check this one: https://github.com/databricks/terraform-provider-databricks/blob/main/aws/data_aws_assume_role_policy.go#L54 - the log delivery role is hardcoded

Yah nice cath! Updated all log delivery, unity catalogue, account id references https://github.com/databricks/terraform-provider-databricks/compare/5ec45228a6784ff4b1e1402b6d6ab4d2938a8a84..dc244d4375e309f9d14963be4785619c90ff0df1

for aws bucket policy, first, databricks_account_id isn't documented at all, and we need to put a comment there saying that it should be changed for non-aws partition

Yep not just bucket policy assume role policy too don't have databricks_account_id listed as a parameter; added depreciation message on both and to resolev account id depending on partition being selected when not provided

[ashenm]

@alexott any other codeowners apart from @nkvuong?

[ashenm]

Thanks @nkvuong but looks like yours and @alexott's approvals aint enough 😬

[ashenm]

Not sure about the branch protection rules maybe @mgyucht @tammyma-db @nfx @hectorcast-db maybe one of y'all can additionally approve? (judging by past commits on these files :P)

[ashenm]

Thanks @alexott one more help how to trigger the integration tests? It seems it's awaiting its succession

[alexott]

it will be merged when tests finished. don't worry...

[ashenm]

@alexott yeah but the test trigger has been skipped https://github.com/databricks/terraform-provider-databricks/actions/runs/11736462058/job/32699657127

[github-actions[bot]]

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger: go/deco-tests-run/terraform

Inputs:

• PR number: 4181
• Commit SHA: 96a4029b27fe3fe6f7a6db03a9021025c360dbf8

Checks will be approved automatically on success.

[ashenm]

@alexott thanks for triggering those worflows; https://go/deco-tests-run/terraform must be also triggered manually I beilieve since my user don't have access to org secrets like _DECO_WORKFLOW_TRIGGER_APPID?

(Cus once again test triggers are skipped https://github.com/databricks/terraform-provider-databricks/actions/runs/11746695258/job/32770584952?pr=4181 :/)

[eng-dev-ecosystem-bot]

Test Details: go/deco-tests/11777381229

[ashenm]

@alexott any chance to see what's failing on the integration tests?

[ashenm]

Nvmd; bucket policy integrations have a overriding test bucket (in place of standard databricks aws account) fill allow override

[alexott]

it's not a relevant test, we just need to fix the environment. don't worry - PR will be merged when environment is repaired