databricks-cli/bundle/permissions/terraform_errors_test.go

package permissions_test

import (
	"context"
	"errors"
	"testing"

	"github.com/databricks/cli/bundle/config/resources"
	"github.com/databricks/cli/bundle/permissions"
	"github.com/databricks/databricks-sdk-go/service/jobs"
	"github.com/stretchr/testify/require"
)

func TestTryExtendTerraformPermissionError1(t *testing.T) {
	ctx := context.Background()
	b := mockBundle([]resources.Permission{
		{Level: "CAN_MANAGE", UserName: "alice@databricks.com"},
	})
	err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+
		"\n"+
		"Error: cannot update permissions: ...\n"+
		"\n"+
		"	with databricks_pipeline.my_project_pipeline,\n"+
		"	on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+
		"	39:       }")).Error()

	expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +
		"For assistance, users or groups with appropriate permissions may include: alice@databricks.com.\n" +
		"They can redeploy the project to apply the latest set of permissions.\n" +
		"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions"

	require.ErrorContains(t, err, expected)
}

func TestTryExtendTerraformPermissionError2(t *testing.T) {
	ctx := context.Background()
	b := mockBundle([]resources.Permission{
		{Level: "CAN_MANAGE", UserName: "alice@databricks.com"},
		{Level: "CAN_MANAGE", UserName: "bob@databricks.com"},
	})
	err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+
		"\n"+
		"Error: cannot read pipeline: User xyz does not have View permissions on pipeline 4521dbb6-42aa-418c-b94d-b5f4859a3454.\n"+
		"\n"+
		"	with databricks_pipeline.my_project_pipeline,\n"+
		"	on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+
		"	39:       }")).Error()

	expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +
		"For assistance, users or groups with appropriate permissions may include: alice@databricks.com, bob@databricks.com.\n" +
		"They can redeploy the project to apply the latest set of permissions.\n" +
		"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."
	require.ErrorContains(t, err, expected)
}

func TestTryExtendTerraformPermissionError3(t *testing.T) {
	ctx := context.Background()
	b := mockBundle([]resources.Permission{
		{Level: "CAN_MANAGE", UserName: "testuser@databricks.com"},
	})
	err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+
		"\n"+
		"Error: cannot read permissions: 1706906c-c0a2-4c25-9f57-3a7aa3cb8b90 does not have Owner permissions on Job with ID: ElasticJobId(28263044278868). Please contact the owner or an administrator for access.\n"+
		"\n"+
		"	with databricks_pipeline.my_project_pipeline,\n"+
		"	on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+
		"	39:       }")).Error()

	expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +
		"For assistance, contact the owners of this project.\n" +
		"They can redeploy the project to apply the latest set of permissions.\n" +
		"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."
	require.ErrorContains(t, err, expected)
}

func TestTryExtendTerraformPermissionErrorNotOwner(t *testing.T) {
	ctx := context.Background()
	b := mockBundle([]resources.Permission{
		{Level: "CAN_MANAGE", GroupName: "data_team@databricks.com"},
	})
	b.Config.RunAs = &jobs.JobRunAs{
		UserName: "testuser@databricks.com",
	}
	err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+
		"\n"+
		"Error: cannot read pipeline: User xyz does not have View permissions on pipeline 4521dbb6-42aa-418c-b94d-b5f4859a3454.\n"+
		"\n"+
		"	with databricks_pipeline.my_project_pipeline,\n"+
		"	on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+
		"	39:       }")).Error()

	expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +
		"For assistance, users or groups with appropriate permissions may include: data_team@databricks.com.\n" +
		"They can redeploy the project to apply the latest set of permissions.\n" +
		"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."
	require.ErrorContains(t, err, expected)
}
Refactor 2024-07-06 19:47:28 +00:00			`package permissions_test`

			`import (`
			`"context"`
			`"errors"`
			`"testing"`

			`"github.com/databricks/cli/bundle/config/resources"`
			`"github.com/databricks/cli/bundle/permissions"`
			`"github.com/databricks/databricks-sdk-go/service/jobs"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func TestTryExtendTerraformPermissionError1(t *testing.T) {`
			`ctx := context.Background()`
			`b := mockBundle([]resources.Permission{`
			`{Level: "CAN_MANAGE", UserName: "alice@databricks.com"},`
			`})`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+`
			`"\n"+`
			`"Error: cannot update permissions: ...\n"+`
			`"\n"+`
			`" with databricks_pipeline.my_project_pipeline,\n"+`
			`" on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+`
			`" 39: }")).Error()`
Refactor 2024-07-06 19:47:28 +00:00
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +`
			`"For assistance, users or groups with appropriate permissions may include: alice@databricks.com.\n" +`
			`"They can redeploy the project to apply the latest set of permissions.\n" +`
			`"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions"`
Refactor 2024-07-06 19:47:28 +00:00
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`require.ErrorContains(t, err, expected)`
Refactor 2024-07-06 19:47:28 +00:00			`}`

			`func TestTryExtendTerraformPermissionError2(t *testing.T) {`
			`ctx := context.Background()`
			`b := mockBundle([]resources.Permission{`
			`{Level: "CAN_MANAGE", UserName: "alice@databricks.com"},`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`{Level: "CAN_MANAGE", UserName: "bob@databricks.com"},`
Refactor 2024-07-06 19:47:28 +00:00			`})`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+`
			`"\n"+`
			`"Error: cannot read pipeline: User xyz does not have View permissions on pipeline 4521dbb6-42aa-418c-b94d-b5f4859a3454.\n"+`
			`"\n"+`
			`" with databricks_pipeline.my_project_pipeline,\n"+`
			`" on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+`
			`" 39: }")).Error()`
Refactor 2024-07-06 19:47:28 +00:00
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +`
			`"For assistance, users or groups with appropriate permissions may include: alice@databricks.com, bob@databricks.com.\n" +`
			`"They can redeploy the project to apply the latest set of permissions.\n" +`
			`"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."`
			`require.ErrorContains(t, err, expected)`
Refactor 2024-07-06 19:47:28 +00:00			`}`

			`func TestTryExtendTerraformPermissionError3(t *testing.T) {`
			`ctx := context.Background()`
			`b := mockBundle([]resources.Permission{`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`{Level: "CAN_MANAGE", UserName: "testuser@databricks.com"},`
Refactor 2024-07-06 19:47:28 +00:00			`})`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+`
			`"\n"+`
			`"Error: cannot read permissions: 1706906c-c0a2-4c25-9f57-3a7aa3cb8b90 does not have Owner permissions on Job with ID: ElasticJobId(28263044278868). Please contact the owner or an administrator for access.\n"+`
			`"\n"+`
			`" with databricks_pipeline.my_project_pipeline,\n"+`
			`" on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+`
			`" 39: }")).Error()`
Refactor 2024-07-06 19:47:28 +00:00
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +`
			`"For assistance, contact the owners of this project.\n" +`
			`"They can redeploy the project to apply the latest set of permissions.\n" +`
			`"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."`
			`require.ErrorContains(t, err, expected)`
Refactor 2024-07-06 19:47:28 +00:00			`}`

			`func TestTryExtendTerraformPermissionErrorNotOwner(t *testing.T) {`
			`ctx := context.Background()`
			`b := mockBundle([]resources.Permission{`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`{Level: "CAN_MANAGE", GroupName: "data_team@databricks.com"},`
Refactor 2024-07-06 19:47:28 +00:00			`})`
			`b.Config.RunAs = &jobs.JobRunAs{`
			`UserName: "testuser@databricks.com",`
			`}`
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`err := permissions.TryExtendTerraformPermissionError(ctx, b, errors.New("Error: terraform apply: exit status 1\n"+`
			`"\n"+`
			`"Error: cannot read pipeline: User xyz does not have View permissions on pipeline 4521dbb6-42aa-418c-b94d-b5f4859a3454.\n"+`
			`"\n"+`
			`" with databricks_pipeline.my_project_pipeline,\n"+`
			`" on bundle.tf.json line 39, in resource.databricks_pipeline.my_project_pipeline:\n"+`
			`" 39: }")).Error()`
Refactor 2024-07-06 19:47:28 +00:00
Harden code with deeper tests 2024-08-22 19:34:09 +00:00			`expected := "EPERM2: permission denied creating or updating my_project_pipeline.\n" +`
			`"For assistance, users or groups with appropriate permissions may include: data_team@databricks.com.\n" +`
			`"They can redeploy the project to apply the latest set of permissions.\n" +`
			`"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions."`
			`require.ErrorContains(t, err, expected)`
Refactor 2024-07-06 19:47:28 +00:00			`}`