databricks-cli/bundle/config/validate/folder_permissions.go

142 lines
3.5 KiB
Go
Raw Normal View History

2024-10-10 13:16:06 +00:00
package validate
import (
"context"
2024-10-14 10:33:47 +00:00
"errors"
2024-10-10 13:16:06 +00:00
"fmt"
2024-10-14 10:33:47 +00:00
"path"
2024-10-10 13:16:06 +00:00
"strings"
"github.com/databricks/cli/bundle"
2024-10-14 10:33:47 +00:00
"github.com/databricks/cli/bundle/libraries"
2024-10-10 13:16:06 +00:00
"github.com/databricks/cli/bundle/permissions"
"github.com/databricks/cli/libs/diag"
2024-10-14 10:33:47 +00:00
"github.com/databricks/databricks-sdk-go/apierr"
2024-10-10 13:16:06 +00:00
"github.com/databricks/databricks-sdk-go/service/workspace"
"golang.org/x/sync/errgroup"
)
type folderPermissions struct {
}
// Apply implements bundle.ReadOnlyMutator.
func (f *folderPermissions) Apply(ctx context.Context, b bundle.ReadOnlyBundle) diag.Diagnostics {
if len(b.Config().Permissions) == 0 {
return nil
}
2024-10-14 10:33:47 +00:00
rootPath := b.Config().Workspace.RootPath
paths := []string{}
if !libraries.IsVolumesPath(rootPath) {
paths = append(paths, rootPath)
}
if !strings.HasSuffix(rootPath, "/") {
rootPath += "/"
}
2024-10-10 13:16:06 +00:00
2024-10-14 10:33:47 +00:00
if !strings.HasPrefix(b.Config().Workspace.ArtifactPath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.ArtifactPath) {
2024-10-10 13:16:06 +00:00
paths = append(paths, b.Config().Workspace.ArtifactPath)
}
2024-10-14 10:33:47 +00:00
if !strings.HasPrefix(b.Config().Workspace.FilePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.FilePath) {
2024-10-10 13:16:06 +00:00
paths = append(paths, b.Config().Workspace.FilePath)
}
2024-10-14 10:33:47 +00:00
if !strings.HasPrefix(b.Config().Workspace.StatePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.StatePath) {
2024-10-10 13:16:06 +00:00
paths = append(paths, b.Config().Workspace.StatePath)
}
2024-10-14 10:33:47 +00:00
if !strings.HasPrefix(b.Config().Workspace.ResourcePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.ResourcePath) {
2024-10-10 13:16:06 +00:00
paths = append(paths, b.Config().Workspace.ResourcePath)
}
var diags diag.Diagnostics
2024-10-14 10:33:47 +00:00
g, ctx := errgroup.WithContext(ctx)
results := make([]diag.Diagnostics, len(paths))
for i, p := range paths {
g.Go(func() error {
results[i] = checkFolderPermission(ctx, b, p)
2024-10-10 13:16:06 +00:00
return nil
})
}
2024-10-14 10:33:47 +00:00
if err := g.Wait(); err != nil {
2024-10-10 13:16:06 +00:00
return diag.FromErr(err)
}
2024-10-14 10:33:47 +00:00
for _, r := range results {
diags = diags.Extend(r)
}
2024-10-10 13:16:06 +00:00
return diags
}
func checkFolderPermission(ctx context.Context, b bundle.ReadOnlyBundle, folderPath string) diag.Diagnostics {
w := b.WorkspaceClient().Workspace
2024-10-14 10:33:47 +00:00
obj, err := getClosestExistingObject(ctx, w, folderPath)
2024-10-10 13:16:06 +00:00
if err != nil {
return diag.FromErr(err)
}
objPermissions, err := w.GetPermissions(ctx, workspace.GetWorkspaceObjectPermissionsRequest{
WorkspaceObjectId: fmt.Sprint(obj.ObjectId),
WorkspaceObjectType: "directories",
})
if err != nil {
return diag.FromErr(err)
}
2024-10-14 10:33:47 +00:00
p := permissions.NewFromWorkspaceObjectAcl(folderPath, objPermissions.AccessControlList)
return p.Compare(b.Config().Permissions)
}
var cache = map[string]*workspace.ObjectInfo{}
func getClosestExistingObject(ctx context.Context, w workspace.WorkspaceInterface, folderPath string) (*workspace.ObjectInfo, error) {
if obj, ok := cache[folderPath]; ok {
return obj, nil
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
for folderPath != "/" {
obj, err := w.GetStatusByPath(ctx, folderPath)
if err == nil {
cache[folderPath] = obj
return obj, nil
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
var aerr *apierr.APIError
if !errors.As(err, &aerr) {
return nil, err
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
if aerr.ErrorCode != "RESOURCE_DOES_NOT_EXIST" {
return nil, err
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
folderPath = path.Dir(folderPath)
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
// Check "/" root folder
obj, err := w.GetStatusByPath(ctx, folderPath)
if err == nil {
cache[folderPath] = obj
return obj, nil
2024-10-10 13:16:06 +00:00
}
2024-10-14 10:33:47 +00:00
return nil, fmt.Errorf("folder %s and its parent folders do not exist", folderPath)
2024-10-10 13:16:06 +00:00
}
// Name implements bundle.ReadOnlyMutator.
func (f *folderPermissions) Name() string {
return "validate:folder_permissions"
}
func ValidateFolderPermissions() bundle.ReadOnlyMutator {
return &folderPermissions{}
}