steve/databricks-cli
steve
/
databricks-cli
mirror of https://github.com/databricks/cli.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixes

This commit is contained in:
Andrew Nester 2024-10-24 13:31:37 +02:00
parent 1ba769c68f
commit acac0289c5
No known key found for this signature in database
GPG Key ID: 12BC628A44B7DA57
4 changed files with 19 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
bundle/config/validate/folder_permissions.go
View File

@ -34,24 +34,15 @@ func (f *folderPermissions) Apply(ctx context.Context, b bundle.ReadOnlyBundle)
rootPath += "/" rootPath += "/"
} }
if !strings.HasPrefix(b.Config().Workspace.ArtifactPath, rootPath) && for _, p := range []string{
!libraries.IsVolumesPath(b.Config().Workspace.ArtifactPath) { b.Config().Workspace.ArtifactPath,
paths = append(paths, b.Config().Workspace.ArtifactPath) b.Config().Workspace.FilePath,
b.Config().Workspace.StatePath,
b.Config().Workspace.ResourcePath,
} {
if !strings.HasPrefix(p, rootPath) && !libraries.IsVolumesPath(p) {
paths = append(paths, p)
} }
if !strings.HasPrefix(b.Config().Workspace.FilePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.FilePath) {
paths = append(paths, b.Config().Workspace.FilePath)
}
if !strings.HasPrefix(b.Config().Workspace.StatePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.StatePath) {
paths = append(paths, b.Config().Workspace.StatePath)
}
if !strings.HasPrefix(b.Config().Workspace.ResourcePath, rootPath) &&
!libraries.IsVolumesPath(b.Config().Workspace.ResourcePath) {
paths = append(paths, b.Config().Workspace.ResourcePath)
} }
var diags diag.Diagnostics var diags diag.Diagnostics

9
bundle/config/validate/folder_permissions_test.go
View File

@ -122,7 +122,7 @@ func TestValidateFolderPermissionsFailsOnMissingBundlePermission(t *testing.T) {
diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions()) diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions())
require.Len(t, diags, 1) require.Len(t, diags, 1)
require.Equal(t, "permissions missing", diags[0].Summary) require.Equal(t, "untracked permissions apply to target workspace path", diags[0].Summary)
require.Equal(t, diag.Warning, diags[0].Severity) require.Equal(t, diag.Warning, diags[0].Severity)
require.Equal(t, "The following permissions apply to the workspace folder at \"/Workspace/Users/foo@bar.com\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n", diags[0].Detail) require.Equal(t, "The following permissions apply to the workspace folder at \"/Workspace/Users/foo@bar.com\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n", diags[0].Detail)
} }
@ -167,12 +167,9 @@ func TestValidateFolderPermissionsFailsOnPermissionMismatch(t *testing.T) {
rb := bundle.ReadOnly(b) rb := bundle.ReadOnly(b)
diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions()) diags := bundle.ApplyReadOnly(context.Background(), rb, ValidateFolderPermissions())
require.Len(t, diags, 2) require.Len(t, diags, 1)
require.Equal(t, "permissions missing", diags[0].Summary) require.Equal(t, "untracked permissions apply to target workspace path", diags[0].Summary)
require.Equal(t, diag.Warning, diags[0].Severity) require.Equal(t, diag.Warning, diags[0].Severity)
require.Equal(t, "permissions missing", diags[1].Summary)
require.Equal(t, diag.Warning, diags[1].Severity)
} }
func TestValidateFolderPermissionsFailsOnNoRootFolder(t *testing.T) { func TestValidateFolderPermissionsFailsOnNoRootFolder(t *testing.T) {

16
bundle/permissions/check.go → bundle/permissions/workspace_path_permissions.go
View File

@ -18,7 +18,7 @@ func ObjectAclToResourcePermissions(path string, acl []workspace.WorkspaceObject
permissions := make([]resources.Permission, 0) permissions := make([]resources.Permission, 0)
for _, a := range acl { for _, a := range acl {
// Skip the admin group because it's added to all resources by default. // Skip the admin group because it's added to all resources by default.
if a.GroupName == "admin" { if a.GroupName == "admins" {
continue continue
} }
@ -38,22 +38,12 @@ func ObjectAclToResourcePermissions(path string, acl []workspace.WorkspaceObject
func (p WorkspacePathPermissions) Compare(perms []resources.Permission) diag.Diagnostics { func (p WorkspacePathPermissions) Compare(perms []resources.Permission) diag.Diagnostics {
var diags diag.Diagnostics var diags diag.Diagnostics
// Check the permissions in the bundle and see if they are all set in the workspace.
ok, missing := containsAll(perms, p.Permissions)
if !ok {
diags = diags.Append(diag.Diagnostic{
Severity: diag.Warning,
Summary: "permissions missing",
Detail: fmt.Sprintf("The following permissions are configured in the bundle but are do not (yet) apply to the workspace folder at %q:\n%s", p.Path, toString(missing)),
})
}
// Check the permissions in the workspace and see if they are all set in the bundle. // Check the permissions in the workspace and see if they are all set in the bundle.
ok, missing = containsAll(p.Permissions, perms) ok, missing := containsAll(p.Permissions, perms)
if !ok { if !ok {
diags = diags.Append(diag.Diagnostic{ diags = diags.Append(diag.Diagnostic{
Severity: diag.Warning, Severity: diag.Warning,
Summary: "permissions missing", Summary: "untracked permissions apply to target workspace path",
Detail: fmt.Sprintf("The following permissions apply to the workspace folder at %q but are not configured in the bundle:\n%s", p.Path, toString(missing)), Detail: fmt.Sprintf("The following permissions apply to the workspace folder at %q but are not configured in the bundle:\n%s", p.Path, toString(missing)),
}) })
} }

19
bundle/permissions/check_test.go → bundle/permissions/workspace_path_permissions_test.go
View File

@ -41,7 +41,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
}, },
}, },
{ {
GroupName: "admin", GroupName: "admins",
AllPermissions: []workspace.WorkspaceObjectPermission{ AllPermissions: []workspace.WorkspaceObjectPermission{
{PermissionLevel: "CAN_MANAGE"}, {PermissionLevel: "CAN_MANAGE"},
}, },
@ -62,13 +62,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
}, },
}, },
}, },
expected: diag.Diagnostics{ expected: nil,
{
Severity: diag.Warning,
Summary: "permissions missing",
Detail: "The following permissions are configured in the bundle but are do not (yet) apply to the workspace folder at \"path\":\n- level: CAN_MANAGE, service_principal_name: sp.com\n",
},
},
}, },
{ {
perms: []resources.Permission{ perms: []resources.Permission{
@ -91,7 +85,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
expected: diag.Diagnostics{ expected: diag.Diagnostics{
{ {
Severity: diag.Warning, Severity: diag.Warning,
Summary: "permissions missing", Summary: "untracked permissions apply to target workspace path",
Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, group_name: foo\n", Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, group_name: foo\n",
}, },
}, },
@ -111,12 +105,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
expected: diag.Diagnostics{ expected: diag.Diagnostics{
{ {
Severity: diag.Warning, Severity: diag.Warning,
Summary: "permissions missing", Summary: "untracked permissions apply to target workspace path",
Detail: "The following permissions are configured in the bundle but are do not (yet) apply to the workspace folder at \"path\":\n- level: CAN_MANAGE, user_name: foo@bar.com\n",
},
{
Severity: diag.Warning,
Summary: "permissions missing",
Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n", Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n",
}, },
}, },