mirror of https://github.com/databricks/cli.git
Compare commits
No commits in common. "1ba769c68f874ba288c10fe335627e23e6a349be" and "21799b5d8335774fb778c7e31689bf14bb02a4f3" have entirely different histories.
1ba769c68f
...
21799b5d83
|
|
@ -13,6 +13,7 @@ import (
|
||||||
"github.com/databricks/databricks-sdk-go/apierr"
|
"github.com/databricks/databricks-sdk-go/apierr"
|
||||||
"github.com/databricks/databricks-sdk-go/service/workspace"
|
"github.com/databricks/databricks-sdk-go/service/workspace"
|
||||||
"golang.org/x/sync/errgroup"
|
"golang.org/x/sync/errgroup"
|
||||||
|
"golang.org/x/sync/singleflight"
|
||||||
)
|
)
|
||||||
|
|
||||||
type folderPermissions struct {
|
type folderPermissions struct {
|
||||||
|
|
@ -57,10 +58,15 @@ func (f *folderPermissions) Apply(ctx context.Context, b bundle.ReadOnlyBundle)
|
||||||
var diags diag.Diagnostics
|
var diags diag.Diagnostics
|
||||||
g, ctx := errgroup.WithContext(ctx)
|
g, ctx := errgroup.WithContext(ctx)
|
||||||
results := make([]diag.Diagnostics, len(paths))
|
results := make([]diag.Diagnostics, len(paths))
|
||||||
|
syncGroup := new(singleflight.Group)
|
||||||
for i, p := range paths {
|
for i, p := range paths {
|
||||||
g.Go(func() error {
|
g.Go(func() error {
|
||||||
results[i] = checkFolderPermission(ctx, b, p)
|
diags, err, _ := syncGroup.Do(p, func() (any, error) {
|
||||||
return nil
|
diags := checkFolderPermission(ctx, b, p)
|
||||||
|
return diags, nil
|
||||||
|
})
|
||||||
|
results[i] = diags.(diag.Diagnostics)
|
||||||
|
return err
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16,12 +16,12 @@ import (
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestFolderPermissionsInheritedWhenRootPathDoesNotExist(t *testing.T) {
|
func TestValidateFolderPermissions(t *testing.T) {
|
||||||
b := &bundle.Bundle{
|
b := &bundle.Bundle{
|
||||||
Config: config.Root{
|
Config: config.Root{
|
||||||
Workspace: config.Workspace{
|
Workspace: config.Workspace{
|
||||||
RootPath: "/Workspace/Users/foo@bar.com",
|
RootPath: "/Workspace/Users/foo@bar.com",
|
||||||
ArtifactPath: "/Workspace/Users/otherfoo@bar.com/artifacts",
|
ArtifactPath: "/Workspace/Users/foo@bar.com/artifacts",
|
||||||
FilePath: "/Workspace/Users/foo@bar.com/files",
|
FilePath: "/Workspace/Users/foo@bar.com/files",
|
||||||
StatePath: "/Workspace/Users/foo@bar.com/state",
|
StatePath: "/Workspace/Users/foo@bar.com/state",
|
||||||
ResourcePath: "/Workspace/Users/foo@bar.com/resources",
|
ResourcePath: "/Workspace/Users/foo@bar.com/resources",
|
||||||
|
|
@ -33,14 +33,6 @@ func TestFolderPermissionsInheritedWhenRootPathDoesNotExist(t *testing.T) {
|
||||||
}
|
}
|
||||||
m := mocks.NewMockWorkspaceClient(t)
|
m := mocks.NewMockWorkspaceClient(t)
|
||||||
api := m.GetMockWorkspaceAPI()
|
api := m.GetMockWorkspaceAPI()
|
||||||
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/otherfoo@bar.com/artifacts").Return(nil, &apierr.APIError{
|
|
||||||
StatusCode: 404,
|
|
||||||
ErrorCode: "RESOURCE_DOES_NOT_EXIST",
|
|
||||||
})
|
|
||||||
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/otherfoo@bar.com").Return(nil, &apierr.APIError{
|
|
||||||
StatusCode: 404,
|
|
||||||
ErrorCode: "RESOURCE_DOES_NOT_EXIST",
|
|
||||||
})
|
|
||||||
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/foo@bar.com").Return(nil, &apierr.APIError{
|
api.EXPECT().GetStatusByPath(mock.Anything, "/Workspace/Users/foo@bar.com").Return(nil, &apierr.APIError{
|
||||||
StatusCode: 404,
|
StatusCode: 404,
|
||||||
ErrorCode: "RESOURCE_DOES_NOT_EXIST",
|
ErrorCode: "RESOURCE_DOES_NOT_EXIST",
|
||||||
|
|
@ -75,7 +67,7 @@ func TestFolderPermissionsInheritedWhenRootPathDoesNotExist(t *testing.T) {
|
||||||
require.Empty(t, diags)
|
require.Empty(t, diags)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateFolderPermissionsFailsOnMissingBundlePermission(t *testing.T) {
|
func TestValidateFolderPermissionsDifferentCount(t *testing.T) {
|
||||||
b := &bundle.Bundle{
|
b := &bundle.Bundle{
|
||||||
Config: config.Root{
|
Config: config.Root{
|
||||||
Workspace: config.Workspace{
|
Workspace: config.Workspace{
|
||||||
|
|
@ -124,10 +116,10 @@ func TestValidateFolderPermissionsFailsOnMissingBundlePermission(t *testing.T) {
|
||||||
require.Len(t, diags, 1)
|
require.Len(t, diags, 1)
|
||||||
require.Equal(t, "permissions missing", diags[0].Summary)
|
require.Equal(t, "permissions missing", diags[0].Summary)
|
||||||
require.Equal(t, diag.Warning, diags[0].Severity)
|
require.Equal(t, diag.Warning, diags[0].Severity)
|
||||||
require.Equal(t, "The following permissions apply to the workspace folder at \"/Workspace/Users/foo@bar.com\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n", diags[0].Detail)
|
require.Equal(t, "Following permissions set for the workspace folder but not set for bundle /Workspace/Users/foo@bar.com:\n- level: CAN_MANAGE\n user_name: foo2@bar.com\n", diags[0].Detail)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateFolderPermissionsFailsOnPermissionMismatch(t *testing.T) {
|
func TestValidateFolderPermissionsDifferentPermission(t *testing.T) {
|
||||||
b := &bundle.Bundle{
|
b := &bundle.Bundle{
|
||||||
Config: config.Root{
|
Config: config.Root{
|
||||||
Workspace: config.Workspace{
|
Workspace: config.Workspace{
|
||||||
|
|
@ -175,7 +167,7 @@ func TestValidateFolderPermissionsFailsOnPermissionMismatch(t *testing.T) {
|
||||||
require.Equal(t, diag.Warning, diags[1].Severity)
|
require.Equal(t, diag.Warning, diags[1].Severity)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestValidateFolderPermissionsFailsOnNoRootFolder(t *testing.T) {
|
func TestNoRootFolder(t *testing.T) {
|
||||||
b := &bundle.Bundle{
|
b := &bundle.Bundle{
|
||||||
Config: config.Root{
|
Config: config.Root{
|
||||||
Workspace: config.Workspace{
|
Workspace: config.Workspace{
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,20 @@ func convertWorkspaceObjectPermissionLevel(level workspace.WorkspaceObjectPermis
|
||||||
func toString(p []resources.Permission) string {
|
func toString(p []resources.Permission) string {
|
||||||
var sb strings.Builder
|
var sb strings.Builder
|
||||||
for _, perm := range p {
|
for _, perm := range p {
|
||||||
sb.WriteString(fmt.Sprintf("- %s\n", perm.String()))
|
if perm.ServicePrincipalName != "" {
|
||||||
|
sb.WriteString(fmt.Sprintf("- level: %s\n service_principal_name: %s\n", perm.Level, perm.ServicePrincipalName))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if perm.GroupName != "" {
|
||||||
|
sb.WriteString(fmt.Sprintf("- level: %s\n group_name: %s\n", perm.Level, perm.GroupName))
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
if perm.UserName != "" {
|
||||||
|
sb.WriteString(fmt.Sprintf("- level: %s\n user_name: %s\n", perm.Level, perm.UserName))
|
||||||
|
continue
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return sb.String()
|
return sb.String()
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
|
||||||
{
|
{
|
||||||
Severity: diag.Warning,
|
Severity: diag.Warning,
|
||||||
Summary: "permissions missing",
|
Summary: "permissions missing",
|
||||||
Detail: "The following permissions are configured in the bundle but are do not (yet) apply to the workspace folder at \"path\":\n- level: CAN_MANAGE, service_principal_name: sp.com\n",
|
Detail: "Following permissions set in the bundle but not set for workspace folder path:\n- level: CAN_MANAGE\n service_principal_name: sp.com\n",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -92,7 +92,7 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
|
||||||
{
|
{
|
||||||
Severity: diag.Warning,
|
Severity: diag.Warning,
|
||||||
Summary: "permissions missing",
|
Summary: "permissions missing",
|
||||||
Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, group_name: foo\n",
|
Detail: "Following permissions set for the workspace folder but not set for bundle path:\n- level: CAN_MANAGE\n group_name: foo\n",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -112,12 +112,12 @@ func TestWorkspacePathPermissionsCompare(t *testing.T) {
|
||||||
{
|
{
|
||||||
Severity: diag.Warning,
|
Severity: diag.Warning,
|
||||||
Summary: "permissions missing",
|
Summary: "permissions missing",
|
||||||
Detail: "The following permissions are configured in the bundle but are do not (yet) apply to the workspace folder at \"path\":\n- level: CAN_MANAGE, user_name: foo@bar.com\n",
|
Detail: "Following permissions set in the bundle but not set for workspace folder path:\n- level: CAN_MANAGE\n user_name: foo@bar.com\n",
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Severity: diag.Warning,
|
Severity: diag.Warning,
|
||||||
Summary: "permissions missing",
|
Summary: "permissions missing",
|
||||||
Detail: "The following permissions apply to the workspace folder at \"path\" but are not configured in the bundle:\n- level: CAN_MANAGE, user_name: foo2@bar.com\n",
|
Detail: "Following permissions set for the workspace folder but not set for bundle path:\n- level: CAN_MANAGE\n user_name: foo2@bar.com\n",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue