package permissions import ( "context" "github.com/databricks/cli/bundle/config/resources" "github.com/databricks/cli/libs/diag" ) func convertPermissions( ctx context.Context, bundlePermissions []resources.Permission, resourcePermissions []resources.Permission, resourceName string, lm map[string]string, ) []resources.Permission { permissions := make([]resources.Permission, 0) for _, p := range bundlePermissions { level, ok := lm[p.Level] // If there is no bundle permission level defined in the map, it means // it's not applicable for the resource, therefore skipping if !ok { continue } if notifyForPermissionOverlap(ctx, p, resourcePermissions, resourceName) { continue } permissions = append(permissions, resources.Permission{ Level: level, UserName: p.UserName, GroupName: p.GroupName, ServicePrincipalName: p.ServicePrincipalName, }) } return permissions } func isPermissionOverlap( permission resources.Permission, resourcePermissions []resources.Permission, resourceName string, ) (bool, diag.Diagnostics) { var diagnostics diag.Diagnostics for _, rp := range resourcePermissions { if rp.GroupName != "" && rp.GroupName == permission.GroupName { diagnostics = diagnostics.Extend( diag.Warningf("'%s' already has permissions set for '%s' group", resourceName, rp.GroupName), ) } if rp.UserName != "" && rp.UserName == permission.UserName { diagnostics = diagnostics.Extend( diag.Warningf("'%s' already has permissions set for '%s' user name", resourceName, rp.UserName), ) } if rp.ServicePrincipalName != "" && rp.ServicePrincipalName == permission.ServicePrincipalName { diagnostics = diagnostics.Extend( diag.Warningf("'%s' already has permissions set for '%s' service principal name", resourceName, rp.ServicePrincipalName), ) } } return len(diagnostics) > 0, diagnostics } func notifyForPermissionOverlap( ctx context.Context, permission resources.Permission, resourcePermissions []resources.Permission, resourceName string, ) bool { isOverlap, _ := isPermissionOverlap(permission, resourcePermissions, resourceName) // TODO: When we start to collect all diagnostics at the top level and visualize jointly, // use diagnostics returned from isPermissionOverlap to display warnings return isOverlap }