databricks-cli/bundle/permissions/utils.go

82 lines
2.3 KiB
Go
Raw Permalink Normal View History

package permissions
import (
"context"
"github.com/databricks/cli/bundle/config/resources"
"github.com/databricks/cli/libs/diag"
)
func convert(
ctx context.Context,
bundlePermissions []resources.Permission,
resourcePermissions []resources.Permission,
resourceName string,
lm map[string]string,
) []resources.Permission {
permissions := make([]resources.Permission, 0)
for _, p := range bundlePermissions {
level, ok := lm[p.Level]
// If there is no bundle permission level defined in the map, it means
// it's not applicable for the resource, therefore skipping
if !ok {
continue
}
if notifyForPermissionOverlap(ctx, p, resourcePermissions, resourceName) {
continue
}
permissions = append(permissions, resources.Permission{
Level: level,
UserName: p.UserName,
GroupName: p.GroupName,
ServicePrincipalName: p.ServicePrincipalName,
})
}
return permissions
}
func isPermissionOverlap(
permission resources.Permission,
resourcePermissions []resources.Permission,
resourceName string,
) (bool, diag.Diagnostics) {
var diagnostics diag.Diagnostics
for _, rp := range resourcePermissions {
if rp.GroupName != "" && rp.GroupName == permission.GroupName {
diagnostics = diagnostics.Extend(
diag.Warningf("'%s' already has permissions set for '%s' group", resourceName, rp.GroupName),
)
}
if rp.UserName != "" && rp.UserName == permission.UserName {
diagnostics = diagnostics.Extend(
diag.Warningf("'%s' already has permissions set for '%s' user name", resourceName, rp.UserName),
)
}
if rp.ServicePrincipalName != "" && rp.ServicePrincipalName == permission.ServicePrincipalName {
diagnostics = diagnostics.Extend(
diag.Warningf("'%s' already has permissions set for '%s' service principal name", resourceName, rp.ServicePrincipalName),
)
}
}
return len(diagnostics) > 0, diagnostics
}
func notifyForPermissionOverlap(
ctx context.Context,
permission resources.Permission,
resourcePermissions []resources.Permission,
resourceName string,
) bool {
isOverlap, _ := isPermissionOverlap(permission, resourcePermissions, resourceName)
// TODO: When we start to collect all diagnostics at the top level and visualize jointly,
// use diagnostics returned from isPermissionOverlap to display warnings
return isOverlap
}