databricks-cli/libs/iamutil/service_principal.go

package iamutil

import (
	"github.com/databricks/databricks-sdk-go/service/iam"
	"github.com/google/uuid"
)

// Determines whether a given user is a service principal.
// This function uses a heuristic: if the user name is a UUID, then we assume
// it's a service principal. Unfortunately, the service principal listing API is too
// slow for our purposes. And the "users" and "service principals get" APIs
// only allow access by workspace admins.
func IsServicePrincipal(user *iam.User) bool {
	_, err := uuid.Parse(user.UserName)
	return err == nil
}
Move utility functions dealing with IAM to libs/iamutil (#1820) ## Changes The two functions `GetShortUserName` and `IsServicePrincipal` are unrelated to auth or the purpose of the auth package. This change moves them into their own package and updates `IsServicePrincipal` to take an `*iam.User` argument instead of a string username. ## Tests Tests pass. 2024-10-10 13:02:25 +00:00			`package iamutil`
Add a foundation for built-in templates (#685) ## Changes This pull request extends the templating support in preparation of a new, default template (WIP, https://github.com/databricks/cli/pull/686): * builtin templates that can be initialized using e.g. `databricks bundle init default-python` * builtin templates are embedded into the executable using go's `embed` functionality, making sure they're co-versioned with the CLI * new helpers to get the workspace name, current user name, etc. help craft a complete template * (not enabled yet) when the user types `databricks bundle init` they can interactively select the `default-python` template And makes two tangentially related changes: * IsServicePrincipal now uses the "users" API rather than the "principals" API, since the latter is too slow for our purposes. * mode: prod no longer requires the 'target.prod.git' setting. It's hard to set that from a template. (Pieter is planning an overhaul of warnings support; this would be one of the first warnings we show.) The actual `default-python` template is maintained in a separate PR: https://github.com/databricks/cli/pull/686 ## Tests Unit tests, manual testing 2023-08-25 09:03:42 +00:00
			`import (`
Move utility functions dealing with IAM to libs/iamutil (#1820) ## Changes The two functions `GetShortUserName` and `IsServicePrincipal` are unrelated to auth or the purpose of the auth package. This change moves them into their own package and updates `IsServicePrincipal` to take an `*iam.User` argument instead of a string username. ## Tests Tests pass. 2024-10-10 13:02:25 +00:00			`"github.com/databricks/databricks-sdk-go/service/iam"`
Fix IsServicePrincipal() only working for workspace admins (#732) ## Changes The latest rendition of isServicePrincipal no longer worked for non-admin users as it used the "principals get" API. This new version relies on the property that service principals always have a UUID as their userName. This was tested with the eng-jaws principal (8b948b2e-d2b5-4b9e-8274-11b596f3b652). 2023-09-05 11:20:55 +00:00			`"github.com/google/uuid"`
Add a foundation for built-in templates (#685) ## Changes This pull request extends the templating support in preparation of a new, default template (WIP, https://github.com/databricks/cli/pull/686): * builtin templates that can be initialized using e.g. `databricks bundle init default-python` * builtin templates are embedded into the executable using go's `embed` functionality, making sure they're co-versioned with the CLI * new helpers to get the workspace name, current user name, etc. help craft a complete template * (not enabled yet) when the user types `databricks bundle init` they can interactively select the `default-python` template And makes two tangentially related changes: * IsServicePrincipal now uses the "users" API rather than the "principals" API, since the latter is too slow for our purposes. * mode: prod no longer requires the 'target.prod.git' setting. It's hard to set that from a template. (Pieter is planning an overhaul of warnings support; this would be one of the first warnings we show.) The actual `default-python` template is maintained in a separate PR: https://github.com/databricks/cli/pull/686 ## Tests Unit tests, manual testing 2023-08-25 09:03:42 +00:00			`)`

Move utility functions dealing with IAM to libs/iamutil (#1820) ## Changes The two functions `GetShortUserName` and `IsServicePrincipal` are unrelated to auth or the purpose of the auth package. This change moves them into their own package and updates `IsServicePrincipal` to take an `*iam.User` argument instead of a string username. ## Tests Tests pass. 2024-10-10 13:02:25 +00:00			`// Determines whether a given user is a service principal.`
Use UserName field to identify if service principal is used (#1310) ## Changes Use UserName field to identify if service principal is used ## Tests Integration test passed 2024-03-25 11:32:45 +00:00			`// This function uses a heuristic: if the user name is a UUID, then we assume`
Fix IsServicePrincipal() only working for workspace admins (#732) ## Changes The latest rendition of isServicePrincipal no longer worked for non-admin users as it used the "principals get" API. This new version relies on the property that service principals always have a UUID as their userName. This was tested with the eng-jaws principal (8b948b2e-d2b5-4b9e-8274-11b596f3b652). 2023-09-05 11:20:55 +00:00			`// it's a service principal. Unfortunately, the service principal listing API is too`
			`// slow for our purposes. And the "users" and "service principals get" APIs`
			`// only allow access by workspace admins.`
Move utility functions dealing with IAM to libs/iamutil (#1820) ## Changes The two functions `GetShortUserName` and `IsServicePrincipal` are unrelated to auth or the purpose of the auth package. This change moves them into their own package and updates `IsServicePrincipal` to take an `*iam.User` argument instead of a string username. ## Tests Tests pass. 2024-10-10 13:02:25 +00:00			`func IsServicePrincipal(user *iam.User) bool {`
			`_, err := uuid.Parse(user.UserName)`
Fix IsServicePrincipal() only working for workspace admins (#732) ## Changes The latest rendition of isServicePrincipal no longer worked for non-admin users as it used the "principals get" API. This new version relies on the property that service principals always have a UUID as their userName. This was tested with the eng-jaws principal (8b948b2e-d2b5-4b9e-8274-11b596f3b652). 2023-09-05 11:20:55 +00:00			`return err == nil`
Add a foundation for built-in templates (#685) ## Changes This pull request extends the templating support in preparation of a new, default template (WIP, https://github.com/databricks/cli/pull/686): * builtin templates that can be initialized using e.g. `databricks bundle init default-python` * builtin templates are embedded into the executable using go's `embed` functionality, making sure they're co-versioned with the CLI * new helpers to get the workspace name, current user name, etc. help craft a complete template * (not enabled yet) when the user types `databricks bundle init` they can interactively select the `default-python` template And makes two tangentially related changes: * IsServicePrincipal now uses the "users" API rather than the "principals" API, since the latter is too slow for our purposes. * mode: prod no longer requires the 'target.prod.git' setting. It's hard to set that from a template. (Pieter is planning an overhaul of warnings support; this would be one of the first warnings we show.) The actual `default-python` template is maintained in a separate PR: https://github.com/databricks/cli/pull/686 ## Tests Unit tests, manual testing 2023-08-25 09:03:42 +00:00			`}`