package permissions import ( "context" "fmt" "github.com/databricks/cli/bundle" "github.com/databricks/cli/libs/diag" "github.com/databricks/databricks-sdk-go/service/workspace" ) type workspaceRootPermissions struct { } func ApplyWorkspaceRootPermissions() bundle.Mutator { return &workspaceRootPermissions{} } // Apply implements bundle.Mutator. func (*workspaceRootPermissions) Apply(ctx context.Context, b *bundle.Bundle) diag.Diagnostics { err := giveAccessForWorkspaceRoot(ctx, b) if err != nil { return diag.FromErr(err) } return nil } func (*workspaceRootPermissions) Name() string { return "ApplyWorkspaceRootPermissions" } func giveAccessForWorkspaceRoot(ctx context.Context, b *bundle.Bundle) error { permissions := make([]workspace.WorkspaceObjectAccessControlRequest, 0) for _, p := range b.Config.Permissions { level, err := getWorkspaceObjectPermissionLevel(p.Level) if err != nil { return err } permissions = append(permissions, workspace.WorkspaceObjectAccessControlRequest{ GroupName: p.GroupName, UserName: p.UserName, ServicePrincipalName: p.ServicePrincipalName, PermissionLevel: level, }) } if len(permissions) == 0 { return nil } w := b.WorkspaceClient().Workspace obj, err := w.GetStatusByPath(ctx, b.Config.Workspace.RootPath) if err != nil { return err } _, err = w.UpdatePermissions(ctx, workspace.WorkspaceObjectPermissionsRequest{ WorkspaceObjectId: fmt.Sprint(obj.ObjectId), WorkspaceObjectType: "directories", AccessControlList: permissions, }) return err } func getWorkspaceObjectPermissionLevel(bundlePermission string) (workspace.WorkspaceObjectPermissionLevel, error) { switch bundlePermission { case CAN_MANAGE: return workspace.WorkspaceObjectPermissionLevelCanManage, nil case CAN_RUN: return workspace.WorkspaceObjectPermissionLevelCanRun, nil case CAN_VIEW: return workspace.WorkspaceObjectPermissionLevelCanRead, nil default: return "", fmt.Errorf("unsupported bundle permission level %s", bundlePermission) } }