Added permissions support for Lakebase Database projects (#4626)

## Changes
Added permissions support for Lakebase Database projects

## Why
Permissions are supported in TF provider and API hence expanding to DABs

## Tests
Added an acceptance test

<!-- If your PR needs to be included in the release notes for next
release,
add a separate entry in NEXT_CHANGELOG.md as part of your PR. -->

Author: andrewnester

NEXT_CHANGELOG.md

@@ -5,6 +5,7 @@
 ### CLI
 
 ### Bundles
+* Added permissions support for Lakebase Database projects ([#4626](https://github.com/databricks/cli/pull/4626))
 
 ### Dependency updates
 

acceptance/bundle/refschema/out.fields.txt

@@ -2627,6 +2627,12 @@ resources.postgres_projects.*.lifecycle	resources.Lifecycle	INPUT
 resources.postgres_projects.*.lifecycle.prevent_destroy	bool	INPUT
 resources.postgres_projects.*.modified_status	string	INPUT
 resources.postgres_projects.*.name	string	REMOTE
+resources.postgres_projects.*.permissions	[]resources.DatabaseProjectPermission	INPUT
+resources.postgres_projects.*.permissions[*]	resources.DatabaseProjectPermission	INPUT
+resources.postgres_projects.*.permissions[*].group_name	string	INPUT
+resources.postgres_projects.*.permissions[*].level	resources.DatabaseProjectPermissionLevel	INPUT
+resources.postgres_projects.*.permissions[*].service_principal_name	string	INPUT
+resources.postgres_projects.*.permissions[*].user_name	string	INPUT
 resources.postgres_projects.*.pg_version	int	INPUT	STATE
 resources.postgres_projects.*.project_id	string	INPUT	STATE
 resources.postgres_projects.*.spec	*postgres.ProjectSpec	REMOTE
@@ -2667,6 +2673,13 @@ resources.postgres_projects.*.status.synthetic_storage_size_bytes	int64	REMOTE
 resources.postgres_projects.*.uid	string	REMOTE
 resources.postgres_projects.*.update_time	*time.Time	REMOTE
 resources.postgres_projects.*.url	string	INPUT
+resources.postgres_projects.*.permissions.object_id	string	ALL
+resources.postgres_projects.*.permissions.permissions	[]iam.AccessControlRequest	ALL
+resources.postgres_projects.*.permissions.permissions[*]	iam.AccessControlRequest	ALL
+resources.postgres_projects.*.permissions.permissions[*].group_name	string	ALL
+resources.postgres_projects.*.permissions.permissions[*].permission_level	iam.PermissionLevel	ALL
+resources.postgres_projects.*.permissions.permissions[*].service_principal_name	string	ALL
+resources.postgres_projects.*.permissions.permissions[*].user_name	string	ALL
 resources.quality_monitors.*.assets_dir	string	ALL
 resources.quality_monitors.*.baseline_table_name	string	ALL
 resources.quality_monitors.*.custom_metrics	[]catalog.MonitorMetric	ALL

acceptance/bundle/resources/permissions/output.txt

@@ -331,6 +331,25 @@ MATCH pipelines/other_can_manage/out.requests.deploy.direct.json
 EXACT pipelines/other_can_manage/out.requests.destroy.direct.json
 EXACT pipelines/other_is_owner/out.requests.deploy.direct.json
 EXACT pipelines/other_is_owner/out.requests.destroy.direct.json
+MATCH postgres_projects/current_can_manage/out.requests.deploy.direct.json
+DIFF  postgres_projects/current_can_manage/out.requests.destroy.direct.json
+--- postgres_projects/current_can_manage/out.requests.destroy.direct.json
++++ postgres_projects/current_can_manage/out.requests.destroy.terraform.json
+@@ -1 +1,14 @@
+-[]+[
++  {
++    "body": {
++      "access_control_list": [
++        {
++          "permission_level": "CAN_MANAGE",
++          "user_name": "[USERNAME]"
++        }
++      ]
++    },
++    "method": "PUT",
++    "path": "/api/2.0/permissions/database-projects/test-project"
++  }
++]
 MATCH sql_warehouses/current_can_manage/out.requests.deploy.direct.json
 DIFF  sql_warehouses/current_can_manage/out.requests.destroy.direct.json
 --- sql_warehouses/current_can_manage/out.requests.destroy.direct.json

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/databricks.yml

@@ -0,0 +1,17 @@
+bundle:
+  name: test-bundle
+
+resources:
+  postgres_projects:
+    foo:
+      project_id: test-project
+      display_name: Test Postgres Project
+      permissions:
+        - level: CAN_USE
+          user_name: viewer@example.com
+        - level: CAN_MANAGE
+          group_name: data-team
+        - level: CAN_MANAGE
+          service_principal_name: f37d18cd-98a8-4db5-8112-12dd0a6bfe38
+        - level: CAN_MANAGE
+          user_name: tester@databricks.com

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.plan.direct.json

@@ -0,0 +1,47 @@
+{
+  "plan_version": 2,
+  "cli_version": "[DEV_VERSION]",
+  "plan": {
+    "resources.postgres_projects.foo": {
+      "action": "create",
+      "new_state": {
+        "value": {
+          "display_name": "Test Postgres Project",
+          "project_id": "test-project"
+        }
+      }
+    },
+    "resources.postgres_projects.foo.permissions": {
+      "depends_on": [
+        {
+          "node": "resources.postgres_projects.foo",
+          "label": "${resources.postgres_projects.foo.project_id}"
+        }
+      ],
+      "action": "create",
+      "new_state": {
+        "value": {
+          "object_id": "/database-projects/test-project",
+          "permissions": [
+            {
+              "permission_level": "CAN_USE",
+              "user_name": "viewer@example.com"
+            },
+            {
+              "group_name": "data-team",
+              "permission_level": "CAN_MANAGE"
+            },
+            {
+              "permission_level": "CAN_MANAGE",
+              "service_principal_name": "[UUID]"
+            },
+            {
+              "permission_level": "CAN_MANAGE",
+              "user_name": "[USERNAME]"
+            }
+          ]
+        }
+      }
+    }
+  }
+}

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.plan.terraform.json

@@ -0,0 +1,11 @@
+{
+  "cli_version": "[DEV_VERSION]",
+  "plan": {
+    "resources.postgres_projects.foo": {
+      "action": "create"
+    },
+    "resources.postgres_projects.foo.permissions": {
+      "action": "create"
+    }
+  }
+}

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.requests.deploy.direct.json

@@ -0,0 +1,24 @@
+{
+  "method": "PUT",
+  "path": "/api/2.0/permissions/database-projects/test-project",
+  "body": {
+    "access_control_list": [
+      {
+        "permission_level": "CAN_USE",
+        "user_name": "viewer@example.com"
+      },
+      {
+        "group_name": "data-team",
+        "permission_level": "CAN_MANAGE"
+      },
+      {
+        "permission_level": "CAN_MANAGE",
+        "service_principal_name": "[UUID]"
+      },
+      {
+        "permission_level": "CAN_MANAGE",
+        "user_name": "[USERNAME]"
+      }
+    ]
+  }
+}

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.requests.deploy.terraform.json

@@ -0,0 +1,24 @@
+{
+  "method": "PUT",
+  "path": "/api/2.0/permissions/database-projects/test-project",
+  "body": {
+    "access_control_list": [
+      {
+        "permission_level": "CAN_USE",
+        "user_name": "viewer@example.com"
+      },
+      {
+        "permission_level": "CAN_MANAGE",
+        "service_principal_name": "[UUID]"
+      },
+      {
+        "group_name": "data-team",
+        "permission_level": "CAN_MANAGE"
+      },
+      {
+        "permission_level": "CAN_MANAGE",
+        "user_name": "[USERNAME]"
+      }
+    ]
+  }
+}

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.requests.destroy.direct.json

@@ -0,0 +1,12 @@
+{
+  "method": "PUT",
+  "path": "/api/2.0/permissions/database-projects/test-project",
+  "body": {
+    "access_control_list": [
+      {
+        "permission_level": "CAN_MANAGE",
+        "user_name": "[USERNAME]"
+      }
+    ]
+  }
+}