mirror of https://github.com/databricks/cli.git
403 lines
12 KiB
Go
Executable File
403 lines
12 KiB
Go
Executable File
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
|
||
|
||
package federation_policy
|
||
|
||
import (
|
||
"github.com/databricks/cli/cmd/root"
|
||
"github.com/databricks/cli/libs/cmdio"
|
||
"github.com/databricks/cli/libs/flags"
|
||
"github.com/databricks/databricks-sdk-go/service/oauth2"
|
||
"github.com/spf13/cobra"
|
||
)
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var cmdOverrides []func(*cobra.Command)
|
||
|
||
func New() *cobra.Command {
|
||
cmd := &cobra.Command{
|
||
Use: "federation-policy",
|
||
Short: `These APIs manage account federation policies.`,
|
||
Long: `These APIs manage account federation policies.
|
||
|
||
Account federation policies allow users and service principals in your
|
||
Databricks account to securely access Databricks APIs using tokens from your
|
||
trusted identity providers (IdPs).
|
||
|
||
With token federation, your users and service principals can exchange tokens
|
||
from your IdP for Databricks OAuth tokens, which can be used to access
|
||
Databricks APIs. Token federation eliminates the need to manage Databricks
|
||
secrets, and allows you to centralize management of token issuance policies in
|
||
your IdP. Databricks token federation is typically used in combination with
|
||
[SCIM], so users in your IdP are synchronized into your Databricks account.
|
||
|
||
Token federation is configured in your Databricks account using an account
|
||
federation policy. An account federation policy specifies: * which IdP, or
|
||
issuer, your Databricks account should accept tokens from * how to determine
|
||
which Databricks user, or subject, a token is issued for
|
||
|
||
To configure a federation policy, you provide the following: * The required
|
||
token __issuer__, as specified in the “iss” claim of your tokens. The
|
||
issuer is an https URL that identifies your IdP. * The allowed token
|
||
__audiences__, as specified in the “aud” claim of your tokens. This
|
||
identifier is intended to represent the recipient of the token. As long as the
|
||
audience in the token matches at least one audience in the policy, the token
|
||
is considered a match. If unspecified, the default value is your Databricks
|
||
account id. * The __subject claim__, which indicates which token claim
|
||
contains the Databricks username of the user the token was issued for. If
|
||
unspecified, the default value is “sub”. * Optionally, the public keys
|
||
used to validate the signature of your tokens, in JWKS format. If unspecified
|
||
(recommended), Databricks automatically fetches the public keys from your
|
||
issuer’s well known endpoint. Databricks strongly recommends relying on your
|
||
issuer’s well known endpoint for discovering public keys.
|
||
|
||
An example federation policy is: issuer: "https://idp.mycompany.com/oidc"
|
||
audiences: ["databricks"] subject_claim: "sub"
|
||
|
||
An example JWT token body that matches this policy and could be used to
|
||
authenticate to Databricks as user username@mycompany.com is: { "iss":
|
||
"https://idp.mycompany.com/oidc", "aud": "databricks", "sub":
|
||
"username@mycompany.com" }
|
||
|
||
You may also need to configure your IdP to generate tokens for your users to
|
||
exchange with Databricks, if your users do not already have the ability to
|
||
generate tokens that are compatible with your federation policy.
|
||
|
||
You do not need to configure an OAuth application in Databricks to use token
|
||
federation.
|
||
|
||
[SCIM]: https://docs.databricks.com/admin/users-groups/scim/index.html`,
|
||
GroupID: "oauth2",
|
||
Annotations: map[string]string{
|
||
"package": "oauth2",
|
||
},
|
||
|
||
// This service is being previewed; hide from help output.
|
||
Hidden: true,
|
||
}
|
||
|
||
// Add methods
|
||
cmd.AddCommand(newCreate())
|
||
cmd.AddCommand(newDelete())
|
||
cmd.AddCommand(newGet())
|
||
cmd.AddCommand(newList())
|
||
cmd.AddCommand(newUpdate())
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range cmdOverrides {
|
||
fn(cmd)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start create command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var createOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.CreateAccountFederationPolicyRequest,
|
||
)
|
||
|
||
func newCreate() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var createReq oauth2.CreateAccountFederationPolicyRequest
|
||
createReq.Policy = &oauth2.FederationPolicy{}
|
||
var createJson flags.JsonFlag
|
||
|
||
// TODO: short flags
|
||
cmd.Flags().Var(&createJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
||
|
||
cmd.Flags().StringVar(&createReq.Policy.Description, "description", createReq.Policy.Description, `Description of the federation policy.`)
|
||
cmd.Flags().StringVar(&createReq.Policy.Name, "name", createReq.Policy.Name, `Name of the federation policy.`)
|
||
// TODO: complex arg: oidc_policy
|
||
|
||
cmd.Use = "create"
|
||
cmd.Short = `Create account federation policy.`
|
||
cmd.Long = `Create account federation policy.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(0)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
if cmd.Flags().Changed("json") {
|
||
diags := createJson.Unmarshal(&createReq.Policy)
|
||
if diags.HasError() {
|
||
return diags.Error()
|
||
}
|
||
if len(diags) > 0 {
|
||
err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
}
|
||
}
|
||
|
||
response, err := a.FederationPolicy.Create(ctx, createReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range createOverrides {
|
||
fn(cmd, &createReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start delete command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var deleteOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.DeleteAccountFederationPolicyRequest,
|
||
)
|
||
|
||
func newDelete() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var deleteReq oauth2.DeleteAccountFederationPolicyRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Use = "delete POLICY_ID"
|
||
cmd.Short = `Delete account federation policy.`
|
||
cmd.Long = `Delete account federation policy.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(1)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
deleteReq.PolicyId = args[0]
|
||
|
||
err = a.FederationPolicy.Delete(ctx, deleteReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return nil
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range deleteOverrides {
|
||
fn(cmd, &deleteReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start get command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var getOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.GetAccountFederationPolicyRequest,
|
||
)
|
||
|
||
func newGet() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var getReq oauth2.GetAccountFederationPolicyRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Use = "get POLICY_ID"
|
||
cmd.Short = `Get account federation policy.`
|
||
cmd.Long = `Get account federation policy.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(1)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
getReq.PolicyId = args[0]
|
||
|
||
response, err := a.FederationPolicy.Get(ctx, getReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range getOverrides {
|
||
fn(cmd, &getReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start list command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var listOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.ListAccountFederationPoliciesRequest,
|
||
)
|
||
|
||
func newList() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var listReq oauth2.ListAccountFederationPoliciesRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Flags().IntVar(&listReq.PageSize, "page-size", listReq.PageSize, ``)
|
||
cmd.Flags().StringVar(&listReq.PageToken, "page-token", listReq.PageToken, ``)
|
||
|
||
cmd.Use = "list"
|
||
cmd.Short = `List account federation policies.`
|
||
cmd.Long = `List account federation policies.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(0)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
response := a.FederationPolicy.List(ctx, listReq)
|
||
return cmdio.RenderIterator(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range listOverrides {
|
||
fn(cmd, &listReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start update command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var updateOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.UpdateAccountFederationPolicyRequest,
|
||
)
|
||
|
||
func newUpdate() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var updateReq oauth2.UpdateAccountFederationPolicyRequest
|
||
updateReq.Policy = &oauth2.FederationPolicy{}
|
||
var updateJson flags.JsonFlag
|
||
|
||
// TODO: short flags
|
||
cmd.Flags().Var(&updateJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
||
|
||
cmd.Flags().StringVar(&updateReq.Policy.Description, "description", updateReq.Policy.Description, `Description of the federation policy.`)
|
||
cmd.Flags().StringVar(&updateReq.Policy.Name, "name", updateReq.Policy.Name, `Name of the federation policy.`)
|
||
// TODO: complex arg: oidc_policy
|
||
|
||
cmd.Use = "update POLICY_ID UPDATE_MASK"
|
||
cmd.Short = `Update account federation policy.`
|
||
cmd.Long = `Update account federation policy.
|
||
|
||
Arguments:
|
||
POLICY_ID:
|
||
UPDATE_MASK: Field mask is required to be passed into the PATCH request. Field mask
|
||
specifies which fields of the setting payload will be updated. The field
|
||
mask needs to be supplied as single string. To specify multiple fields in
|
||
the field mask, use comma as the separator (no space).`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(2)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
if cmd.Flags().Changed("json") {
|
||
diags := updateJson.Unmarshal(&updateReq.Policy)
|
||
if diags.HasError() {
|
||
return diags.Error()
|
||
}
|
||
if len(diags) > 0 {
|
||
err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
}
|
||
}
|
||
updateReq.PolicyId = args[0]
|
||
updateReq.UpdateMask = args[1]
|
||
|
||
response, err := a.FederationPolicy.Update(ctx, updateReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range updateOverrides {
|
||
fn(cmd, &updateReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// end service AccountFederationPolicy
|