package permissions import ( "testing" "github.com/databricks/cli/bundle/config/resources" "github.com/databricks/cli/libs/diag" "github.com/databricks/databricks-sdk-go/service/workspace" "github.com/stretchr/testify/require" ) func TestWorkspacePathPermissionsCompare(t *testing.T) { testCases := []struct { perms []resources.Permission acl []workspace.WorkspaceObjectAccessControlResponse expected diag.Diagnostics }{ { perms: []resources.Permission{ {Level: CAN_MANAGE, UserName: "foo@bar.com"}, }, acl: []workspace.WorkspaceObjectAccessControlResponse{ { UserName: "foo@bar.com", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, }, expected: nil, }, { perms: []resources.Permission{ {Level: CAN_MANAGE, UserName: "foo@bar.com"}, }, acl: []workspace.WorkspaceObjectAccessControlResponse{ { UserName: "foo@bar.com", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, { GroupName: "admin", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, }, expected: nil, }, { perms: []resources.Permission{ {Level: CAN_VIEW, UserName: "foo@bar.com"}, {Level: CAN_MANAGE, ServicePrincipalName: "sp.com"}, }, acl: []workspace.WorkspaceObjectAccessControlResponse{ { UserName: "foo@bar.com", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_READ"}, }, }, }, expected: diag.Diagnostics{ { Severity: diag.Warning, Summary: "permissions missing", Detail: "Following permissions set in the bundle but not set for workspace folder path:\n- level: CAN_MANAGE\n service_principal_name: sp.com\n", }, }, }, { perms: []resources.Permission{ {Level: CAN_MANAGE, UserName: "foo@bar.com"}, }, acl: []workspace.WorkspaceObjectAccessControlResponse{ { UserName: "foo@bar.com", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, { GroupName: "foo", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, }, expected: diag.Diagnostics{ { Severity: diag.Warning, Summary: "permissions missing", Detail: "Following permissions set for the workspace folder but not set for bundle path:\n- level: CAN_MANAGE\n group_name: foo\n", }, }, }, { perms: []resources.Permission{ {Level: CAN_MANAGE, UserName: "foo@bar.com"}, }, acl: []workspace.WorkspaceObjectAccessControlResponse{ { UserName: "foo2@bar.com", AllPermissions: []workspace.WorkspaceObjectPermission{ {PermissionLevel: "CAN_MANAGE"}, }, }, }, expected: diag.Diagnostics{ { Severity: diag.Warning, Summary: "permissions missing", Detail: "Following permissions set in the bundle but not set for workspace folder path:\n- level: CAN_MANAGE\n user_name: foo@bar.com\n", }, { Severity: diag.Warning, Summary: "permissions missing", Detail: "Following permissions set for the workspace folder but not set for bundle path:\n- level: CAN_MANAGE\n user_name: foo2@bar.com\n", }, }, }, } for _, tc := range testCases { wp := ObjectAclToResourcePermissions("path", tc.acl) diags := wp.Compare(tc.perms) require.Equal(t, tc.expected, diags) } }