// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT. package credentials import ( "fmt" "github.com/databricks/cli/cmd/root" "github.com/databricks/cli/libs/cmdio" "github.com/databricks/cli/libs/flags" "github.com/databricks/databricks-sdk-go/service/catalog" "github.com/spf13/cobra" ) // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var cmdOverrides []func(*cobra.Command) func New() *cobra.Command { cmd := &cobra.Command{ Use: "credentials", Short: `A credential represents an authentication and authorization mechanism for accessing services on your cloud tenant.`, Long: `A credential represents an authentication and authorization mechanism for accessing services on your cloud tenant. Each credential is subject to Unity Catalog access-control policies that control which users and groups can access the credential. To create credentials, you must be a Databricks account admin or have the CREATE SERVICE CREDENTIAL privilege. The user who creates the credential can delegate ownership to another user or group to manage permissions on it`, GroupID: "catalog", Annotations: map[string]string{ "package": "catalog", }, } // Add methods cmd.AddCommand(newCreateCredential()) cmd.AddCommand(newDeleteCredential()) cmd.AddCommand(newGenerateTemporaryServiceCredential()) cmd.AddCommand(newGetCredential()) cmd.AddCommand(newListCredentials()) cmd.AddCommand(newUpdateCredential()) cmd.AddCommand(newValidateCredential()) // Apply optional overrides to this command. for _, fn := range cmdOverrides { fn(cmd) } return cmd } // start create-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var createCredentialOverrides []func( *cobra.Command, *catalog.CreateCredentialRequest, ) func newCreateCredential() *cobra.Command { cmd := &cobra.Command{} var createCredentialReq catalog.CreateCredentialRequest var createCredentialJson flags.JsonFlag // TODO: short flags cmd.Flags().Var(&createCredentialJson, "json", `either inline JSON string or @path/to/file.json with request body`) // TODO: complex arg: aws_iam_role // TODO: complex arg: azure_managed_identity // TODO: complex arg: azure_service_principal cmd.Flags().StringVar(&createCredentialReq.Comment, "comment", createCredentialReq.Comment, `Comment associated with the credential.`) // TODO: complex arg: gcp_service_account_key cmd.Flags().Var(&createCredentialReq.Purpose, "purpose", `Indicates the purpose of the credential. Supported values: [SERVICE, STORAGE]`) cmd.Flags().BoolVar(&createCredentialReq.ReadOnly, "read-only", createCredentialReq.ReadOnly, `Whether the credential is usable only for read operations.`) cmd.Flags().BoolVar(&createCredentialReq.SkipValidation, "skip-validation", createCredentialReq.SkipValidation, `Optional.`) cmd.Use = "create-credential NAME" cmd.Short = `Create a credential.` cmd.Long = `Create a credential. Creates a new credential. The type of credential to be created is determined by the **purpose** field, which should be either **SERVICE** or **STORAGE**. The caller must be a metastore admin or have the metastore privilege **CREATE_STORAGE_CREDENTIAL** for storage credentials, or **CREATE_SERVICE_CREDENTIAL** for service credentials. Arguments: NAME: The credential name. The name must be unique among storage and service credentials within the metastore.` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("json") { err := root.ExactArgs(0)(cmd, args) if err != nil { return fmt.Errorf("when --json flag is specified, no positional arguments are required. Provide 'name' in your JSON input") } return nil } check := root.ExactArgs(1) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) if cmd.Flags().Changed("json") { diags := createCredentialJson.Unmarshal(&createCredentialReq) if diags.HasError() { return diags.Error() } if len(diags) > 0 { err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags) if err != nil { return err } } } if !cmd.Flags().Changed("json") { createCredentialReq.Name = args[0] } response, err := w.Credentials.CreateCredential(ctx, createCredentialReq) if err != nil { return err } return cmdio.Render(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range createCredentialOverrides { fn(cmd, &createCredentialReq) } return cmd } // start delete-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var deleteCredentialOverrides []func( *cobra.Command, *catalog.DeleteCredentialRequest, ) func newDeleteCredential() *cobra.Command { cmd := &cobra.Command{} var deleteCredentialReq catalog.DeleteCredentialRequest // TODO: short flags cmd.Flags().BoolVar(&deleteCredentialReq.Force, "force", deleteCredentialReq.Force, `Force an update even if there are dependent services (when purpose is **SERVICE**) or dependent external locations and external tables (when purpose is **STORAGE**).`) cmd.Use = "delete-credential NAME_ARG" cmd.Short = `Delete a credential.` cmd.Long = `Delete a credential. Deletes a service or storage credential from the metastore. The caller must be an owner of the credential. Arguments: NAME_ARG: Name of the credential.` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { check := root.ExactArgs(1) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) deleteCredentialReq.NameArg = args[0] err = w.Credentials.DeleteCredential(ctx, deleteCredentialReq) if err != nil { return err } return nil } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range deleteCredentialOverrides { fn(cmd, &deleteCredentialReq) } return cmd } // start generate-temporary-service-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var generateTemporaryServiceCredentialOverrides []func( *cobra.Command, *catalog.GenerateTemporaryServiceCredentialRequest, ) func newGenerateTemporaryServiceCredential() *cobra.Command { cmd := &cobra.Command{} var generateTemporaryServiceCredentialReq catalog.GenerateTemporaryServiceCredentialRequest var generateTemporaryServiceCredentialJson flags.JsonFlag // TODO: short flags cmd.Flags().Var(&generateTemporaryServiceCredentialJson, "json", `either inline JSON string or @path/to/file.json with request body`) // TODO: complex arg: azure_options cmd.Use = "generate-temporary-service-credential CREDENTIAL_NAME" cmd.Short = `Generate a temporary service credential.` cmd.Long = `Generate a temporary service credential. Returns a set of temporary credentials generated using the specified service credential. The caller must be a metastore admin or have the metastore privilege **ACCESS** on the service credential. Arguments: CREDENTIAL_NAME: The name of the service credential used to generate a temporary credential` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("json") { err := root.ExactArgs(0)(cmd, args) if err != nil { return fmt.Errorf("when --json flag is specified, no positional arguments are required. Provide 'credential_name' in your JSON input") } return nil } check := root.ExactArgs(1) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) if cmd.Flags().Changed("json") { diags := generateTemporaryServiceCredentialJson.Unmarshal(&generateTemporaryServiceCredentialReq) if diags.HasError() { return diags.Error() } if len(diags) > 0 { err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags) if err != nil { return err } } } if !cmd.Flags().Changed("json") { generateTemporaryServiceCredentialReq.CredentialName = args[0] } response, err := w.Credentials.GenerateTemporaryServiceCredential(ctx, generateTemporaryServiceCredentialReq) if err != nil { return err } return cmdio.Render(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range generateTemporaryServiceCredentialOverrides { fn(cmd, &generateTemporaryServiceCredentialReq) } return cmd } // start get-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var getCredentialOverrides []func( *cobra.Command, *catalog.GetCredentialRequest, ) func newGetCredential() *cobra.Command { cmd := &cobra.Command{} var getCredentialReq catalog.GetCredentialRequest // TODO: short flags cmd.Use = "get-credential NAME_ARG" cmd.Short = `Get a credential.` cmd.Long = `Get a credential. Gets a service or storage credential from the metastore. The caller must be a metastore admin, the owner of the credential, or have any permission on the credential. Arguments: NAME_ARG: Name of the credential.` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { check := root.ExactArgs(1) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) getCredentialReq.NameArg = args[0] response, err := w.Credentials.GetCredential(ctx, getCredentialReq) if err != nil { return err } return cmdio.Render(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range getCredentialOverrides { fn(cmd, &getCredentialReq) } return cmd } // start list-credentials command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var listCredentialsOverrides []func( *cobra.Command, *catalog.ListCredentialsRequest, ) func newListCredentials() *cobra.Command { cmd := &cobra.Command{} var listCredentialsReq catalog.ListCredentialsRequest // TODO: short flags cmd.Flags().IntVar(&listCredentialsReq.MaxResults, "max-results", listCredentialsReq.MaxResults, `Maximum number of credentials to return.`) cmd.Flags().StringVar(&listCredentialsReq.PageToken, "page-token", listCredentialsReq.PageToken, `Opaque token to retrieve the next page of results.`) cmd.Flags().Var(&listCredentialsReq.Purpose, "purpose", `Return only credentials for the specified purpose. Supported values: [SERVICE, STORAGE]`) cmd.Use = "list-credentials" cmd.Short = `List credentials.` cmd.Long = `List credentials. Gets an array of credentials (as __CredentialInfo__ objects). The array is limited to only the credentials that the caller has permission to access. If the caller is a metastore admin, retrieval of credentials is unrestricted. There is no guarantee of a specific ordering of the elements in the array.` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { check := root.ExactArgs(0) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) response := w.Credentials.ListCredentials(ctx, listCredentialsReq) return cmdio.RenderIterator(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range listCredentialsOverrides { fn(cmd, &listCredentialsReq) } return cmd } // start update-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var updateCredentialOverrides []func( *cobra.Command, *catalog.UpdateCredentialRequest, ) func newUpdateCredential() *cobra.Command { cmd := &cobra.Command{} var updateCredentialReq catalog.UpdateCredentialRequest var updateCredentialJson flags.JsonFlag // TODO: short flags cmd.Flags().Var(&updateCredentialJson, "json", `either inline JSON string or @path/to/file.json with request body`) // TODO: complex arg: aws_iam_role // TODO: complex arg: azure_managed_identity // TODO: complex arg: azure_service_principal cmd.Flags().StringVar(&updateCredentialReq.Comment, "comment", updateCredentialReq.Comment, `Comment associated with the credential.`) cmd.Flags().BoolVar(&updateCredentialReq.Force, "force", updateCredentialReq.Force, `Force an update even if there are dependent services (when purpose is **SERVICE**) or dependent external locations and external tables (when purpose is **STORAGE**).`) cmd.Flags().Var(&updateCredentialReq.IsolationMode, "isolation-mode", `Whether the current securable is accessible from all workspaces or a specific set of workspaces. Supported values: [ISOLATION_MODE_ISOLATED, ISOLATION_MODE_OPEN]`) cmd.Flags().StringVar(&updateCredentialReq.NewName, "new-name", updateCredentialReq.NewName, `New name of credential.`) cmd.Flags().StringVar(&updateCredentialReq.Owner, "owner", updateCredentialReq.Owner, `Username of current owner of credential.`) cmd.Flags().BoolVar(&updateCredentialReq.ReadOnly, "read-only", updateCredentialReq.ReadOnly, `Whether the credential is usable only for read operations.`) cmd.Flags().BoolVar(&updateCredentialReq.SkipValidation, "skip-validation", updateCredentialReq.SkipValidation, `Supply true to this argument to skip validation of the updated credential.`) cmd.Use = "update-credential NAME_ARG" cmd.Short = `Update a credential.` cmd.Long = `Update a credential. Updates a service or storage credential on the metastore. The caller must be the owner of the credential or a metastore admin or have the MANAGE permission. If the caller is a metastore admin, only the __owner__ field can be changed. Arguments: NAME_ARG: Name of the credential.` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { check := root.ExactArgs(1) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) if cmd.Flags().Changed("json") { diags := updateCredentialJson.Unmarshal(&updateCredentialReq) if diags.HasError() { return diags.Error() } if len(diags) > 0 { err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags) if err != nil { return err } } } updateCredentialReq.NameArg = args[0] response, err := w.Credentials.UpdateCredential(ctx, updateCredentialReq) if err != nil { return err } return cmdio.Render(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range updateCredentialOverrides { fn(cmd, &updateCredentialReq) } return cmd } // start validate-credential command // Slice with functions to override default command behavior. // Functions can be added from the `init()` function in manually curated files in this directory. var validateCredentialOverrides []func( *cobra.Command, *catalog.ValidateCredentialRequest, ) func newValidateCredential() *cobra.Command { cmd := &cobra.Command{} var validateCredentialReq catalog.ValidateCredentialRequest var validateCredentialJson flags.JsonFlag // TODO: short flags cmd.Flags().Var(&validateCredentialJson, "json", `either inline JSON string or @path/to/file.json with request body`) // TODO: complex arg: aws_iam_role // TODO: complex arg: azure_managed_identity cmd.Flags().StringVar(&validateCredentialReq.CredentialName, "credential-name", validateCredentialReq.CredentialName, `Required.`) cmd.Flags().StringVar(&validateCredentialReq.ExternalLocationName, "external-location-name", validateCredentialReq.ExternalLocationName, `The name of an existing external location to validate.`) cmd.Flags().Var(&validateCredentialReq.Purpose, "purpose", `The purpose of the credential. Supported values: [SERVICE, STORAGE]`) cmd.Flags().BoolVar(&validateCredentialReq.ReadOnly, "read-only", validateCredentialReq.ReadOnly, `Whether the credential is only usable for read operations.`) cmd.Flags().StringVar(&validateCredentialReq.Url, "url", validateCredentialReq.Url, `The external location url to validate.`) cmd.Use = "validate-credential" cmd.Short = `Validate a credential.` cmd.Long = `Validate a credential. Validates a credential. For service credentials (purpose is **SERVICE**), either the __credential_name__ or the cloud-specific credential must be provided. For storage credentials (purpose is **STORAGE**), at least one of __external_location_name__ and __url__ need to be provided. If only one of them is provided, it will be used for validation. And if both are provided, the __url__ will be used for validation, and __external_location_name__ will be ignored when checking overlapping urls. Either the __credential_name__ or the cloud-specific credential must be provided. The caller must be a metastore admin or the credential owner or have the required permission on the metastore and the credential (e.g., **CREATE_EXTERNAL_LOCATION** when purpose is **STORAGE**).` cmd.Annotations = make(map[string]string) cmd.Args = func(cmd *cobra.Command, args []string) error { check := root.ExactArgs(0) return check(cmd, args) } cmd.PreRunE = root.MustWorkspaceClient cmd.RunE = func(cmd *cobra.Command, args []string) (err error) { ctx := cmd.Context() w := root.WorkspaceClient(ctx) if cmd.Flags().Changed("json") { diags := validateCredentialJson.Unmarshal(&validateCredentialReq) if diags.HasError() { return diags.Error() } if len(diags) > 0 { err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags) if err != nil { return err } } } response, err := w.Credentials.ValidateCredential(ctx, validateCredentialReq) if err != nil { return err } return cmdio.Render(ctx, response) } // Disable completions since they are not applicable. // Can be overridden by manual implementation in `override.go`. cmd.ValidArgsFunction = cobra.NoFileCompletions // Apply optional overrides to this command. for _, fn := range validateCredentialOverrides { fn(cmd, &validateCredentialReq) } return cmd } // end service Credentials