databricks-cli/bundle/permissions/permission_report.go

53 lines
2.1 KiB
Go
Raw Permalink Normal View History

package permissions
import (
"context"
"fmt"
"github.com/databricks/cli/bundle"
"github.com/databricks/cli/libs/diag"
"github.com/databricks/cli/libs/iamutil"
"github.com/databricks/cli/libs/log"
)
// ReportPossiblePermissionDenied generates a diagnostic message when a permission denied error is encountered.
//
// Note that since the workspace API doesn't always distinguish between permission denied and path errors,
// we must treat this as a "possible permission error". See acquire.go for more about this.
func ReportPossiblePermissionDenied(ctx context.Context, b *bundle.Bundle, path string) diag.Diagnostics {
log.Errorf(ctx, "Failed to update, encountered possible permission error: %v", path)
me := b.Config.Workspace.CurrentUser.User
userName := me.UserName
if iamutil.IsServicePrincipal(me) {
userName = me.DisplayName
}
canManageBundle, assistance := analyzeBundlePermissions(b)
if !canManageBundle {
return diag.Diagnostics{{
Summary: fmt.Sprintf("unable to deploy to %s as %s.\n"+
"Please make sure the current user or one of their groups is listed under the permissions of this bundle.\n"+
"%s\n"+
"They may need to redeploy the bundle to apply the new permissions.\n"+
"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions.",
path, userName, assistance),
Severity: diag.Error,
ID: diag.PathPermissionDenied,
}}
}
// According databricks.yml, the current user has the right permissions.
// But we're still seeing permission errors. So someone else will need
// to redeploy the bundle with the right set of permissions.
return diag.Diagnostics{{
Summary: fmt.Sprintf("unable to deploy to %s as %s. Cannot apply local deployment permissions.\n"+
"%s\n"+
"They can redeploy the project to apply the latest set of permissions.\n"+
"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions.",
path, userName, assistance),
Severity: diag.Error,
ID: diag.CannotChangePathPermissions,
}}
}