mirror of https://github.com/databricks/cli.git
446 lines
14 KiB
Go
Executable File
446 lines
14 KiB
Go
Executable File
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
|
||
|
||
package service_principal_federation_policy
|
||
|
||
import (
|
||
"fmt"
|
||
|
||
"github.com/databricks/cli/cmd/root"
|
||
"github.com/databricks/cli/libs/cmdio"
|
||
"github.com/databricks/cli/libs/flags"
|
||
"github.com/databricks/databricks-sdk-go/service/oauth2"
|
||
"github.com/spf13/cobra"
|
||
)
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var cmdOverrides []func(*cobra.Command)
|
||
|
||
func New() *cobra.Command {
|
||
cmd := &cobra.Command{
|
||
Use: "service-principal-federation-policy",
|
||
Short: `These APIs manage service principal federation policies.`,
|
||
Long: `These APIs manage service principal federation policies.
|
||
|
||
Service principal federation, also known as Workload Identity Federation,
|
||
allows your automated workloads running outside of Databricks to securely
|
||
access Databricks APIs without the need for Databricks secrets. With Workload
|
||
Identity Federation, your application (or workload) authenticates to
|
||
Databricks as a Databricks service principal, using tokens provided by the
|
||
workload runtime.
|
||
|
||
Databricks strongly recommends using Workload Identity Federation to
|
||
authenticate to Databricks from automated workloads, over alternatives such as
|
||
OAuth client secrets or Personal Access Tokens, whenever possible. Workload
|
||
Identity Federation is supported by many popular services, including Github
|
||
Actions, Azure DevOps, GitLab, Terraform Cloud, and Kubernetes clusters, among
|
||
others.
|
||
|
||
Workload identity federation is configured in your Databricks account using a
|
||
service principal federation policy. A service principal federation policy
|
||
specifies: * which IdP, or issuer, the service principal is allowed to
|
||
authenticate from * which workload identity, or subject, is allowed to
|
||
authenticate as the Databricks service principal
|
||
|
||
To configure a federation policy, you provide the following: * The required
|
||
token __issuer__, as specified in the “iss” claim of workload identity
|
||
tokens. The issuer is an https URL that identifies the workload identity
|
||
provider. * The required token __subject__, as specified in the “sub”
|
||
claim of workload identity tokens. The subject uniquely identifies the
|
||
workload in the workload runtime environment. * The allowed token
|
||
__audiences__, as specified in the “aud” claim of workload identity
|
||
tokens. The audience is intended to represent the recipient of the token. As
|
||
long as the audience in the token matches at least one audience in the policy,
|
||
the token is considered a match. If unspecified, the default value is your
|
||
Databricks account id. * Optionally, the public keys used to validate the
|
||
signature of the workload identity tokens, in JWKS format. If unspecified
|
||
(recommended), Databricks automatically fetches the public keys from the
|
||
issuer’s well known endpoint. Databricks strongly recommends relying on the
|
||
issuer’s well known endpoint for discovering public keys.
|
||
|
||
An example service principal federation policy, for a Github Actions workload,
|
||
is: issuer: "https://token.actions.githubusercontent.com" audiences:
|
||
["https://github.com/my-github-org"] subject:
|
||
"repo:my-github-org/my-repo:environment:prod"
|
||
|
||
An example JWT token body that matches this policy and could be used to
|
||
authenticate to Databricks is: { "iss":
|
||
"https://token.actions.githubusercontent.com", "aud":
|
||
"https://github.com/my-github-org", "sub":
|
||
"repo:my-github-org/my-repo:environment:prod" }
|
||
|
||
You may also need to configure the workload runtime to generate tokens for
|
||
your workloads.
|
||
|
||
You do not need to configure an OAuth application in Databricks to use token
|
||
federation.`,
|
||
GroupID: "oauth2",
|
||
Annotations: map[string]string{
|
||
"package": "oauth2",
|
||
},
|
||
|
||
// This service is being previewed; hide from help output.
|
||
Hidden: true,
|
||
}
|
||
|
||
// Add methods
|
||
cmd.AddCommand(newCreate())
|
||
cmd.AddCommand(newDelete())
|
||
cmd.AddCommand(newGet())
|
||
cmd.AddCommand(newList())
|
||
cmd.AddCommand(newUpdate())
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range cmdOverrides {
|
||
fn(cmd)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start create command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var createOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.CreateServicePrincipalFederationPolicyRequest,
|
||
)
|
||
|
||
func newCreate() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var createReq oauth2.CreateServicePrincipalFederationPolicyRequest
|
||
createReq.Policy = &oauth2.FederationPolicy{}
|
||
var createJson flags.JsonFlag
|
||
|
||
// TODO: short flags
|
||
cmd.Flags().Var(&createJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
||
|
||
cmd.Flags().StringVar(&createReq.Policy.Description, "description", createReq.Policy.Description, `Description of the federation policy.`)
|
||
cmd.Flags().StringVar(&createReq.Policy.Name, "name", createReq.Policy.Name, `Name of the federation policy.`)
|
||
// TODO: complex arg: oidc_policy
|
||
|
||
cmd.Use = "create SERVICE_PRINCIPAL_ID"
|
||
cmd.Short = `Create service principal federation policy.`
|
||
cmd.Long = `Create service principal federation policy.
|
||
|
||
Arguments:
|
||
SERVICE_PRINCIPAL_ID: The service principal id for the federation policy.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(1)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
if cmd.Flags().Changed("json") {
|
||
diags := createJson.Unmarshal(&createReq.Policy)
|
||
if diags.HasError() {
|
||
return diags.Error()
|
||
}
|
||
if len(diags) > 0 {
|
||
err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
}
|
||
}
|
||
_, err = fmt.Sscan(args[0], &createReq.ServicePrincipalId)
|
||
if err != nil {
|
||
return fmt.Errorf("invalid SERVICE_PRINCIPAL_ID: %s", args[0])
|
||
}
|
||
|
||
response, err := a.ServicePrincipalFederationPolicy.Create(ctx, createReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range createOverrides {
|
||
fn(cmd, &createReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start delete command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var deleteOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.DeleteServicePrincipalFederationPolicyRequest,
|
||
)
|
||
|
||
func newDelete() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var deleteReq oauth2.DeleteServicePrincipalFederationPolicyRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Use = "delete SERVICE_PRINCIPAL_ID POLICY_ID"
|
||
cmd.Short = `Delete service principal federation policy.`
|
||
cmd.Long = `Delete service principal federation policy.
|
||
|
||
Arguments:
|
||
SERVICE_PRINCIPAL_ID: The service principal id for the federation policy.
|
||
POLICY_ID: `
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(2)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
_, err = fmt.Sscan(args[0], &deleteReq.ServicePrincipalId)
|
||
if err != nil {
|
||
return fmt.Errorf("invalid SERVICE_PRINCIPAL_ID: %s", args[0])
|
||
}
|
||
deleteReq.PolicyId = args[1]
|
||
|
||
err = a.ServicePrincipalFederationPolicy.Delete(ctx, deleteReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return nil
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range deleteOverrides {
|
||
fn(cmd, &deleteReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start get command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var getOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.GetServicePrincipalFederationPolicyRequest,
|
||
)
|
||
|
||
func newGet() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var getReq oauth2.GetServicePrincipalFederationPolicyRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Use = "get SERVICE_PRINCIPAL_ID POLICY_ID"
|
||
cmd.Short = `Get service principal federation policy.`
|
||
cmd.Long = `Get service principal federation policy.
|
||
|
||
Arguments:
|
||
SERVICE_PRINCIPAL_ID: The service principal id for the federation policy.
|
||
POLICY_ID: `
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(2)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
_, err = fmt.Sscan(args[0], &getReq.ServicePrincipalId)
|
||
if err != nil {
|
||
return fmt.Errorf("invalid SERVICE_PRINCIPAL_ID: %s", args[0])
|
||
}
|
||
getReq.PolicyId = args[1]
|
||
|
||
response, err := a.ServicePrincipalFederationPolicy.Get(ctx, getReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range getOverrides {
|
||
fn(cmd, &getReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start list command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var listOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.ListServicePrincipalFederationPoliciesRequest,
|
||
)
|
||
|
||
func newList() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var listReq oauth2.ListServicePrincipalFederationPoliciesRequest
|
||
|
||
// TODO: short flags
|
||
|
||
cmd.Flags().IntVar(&listReq.PageSize, "page-size", listReq.PageSize, ``)
|
||
cmd.Flags().StringVar(&listReq.PageToken, "page-token", listReq.PageToken, ``)
|
||
|
||
cmd.Use = "list SERVICE_PRINCIPAL_ID"
|
||
cmd.Short = `List service principal federation policies.`
|
||
cmd.Long = `List service principal federation policies.
|
||
|
||
Arguments:
|
||
SERVICE_PRINCIPAL_ID: The service principal id for the federation policy.`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(1)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
_, err = fmt.Sscan(args[0], &listReq.ServicePrincipalId)
|
||
if err != nil {
|
||
return fmt.Errorf("invalid SERVICE_PRINCIPAL_ID: %s", args[0])
|
||
}
|
||
|
||
response := a.ServicePrincipalFederationPolicy.List(ctx, listReq)
|
||
return cmdio.RenderIterator(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range listOverrides {
|
||
fn(cmd, &listReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// start update command
|
||
|
||
// Slice with functions to override default command behavior.
|
||
// Functions can be added from the `init()` function in manually curated files in this directory.
|
||
var updateOverrides []func(
|
||
*cobra.Command,
|
||
*oauth2.UpdateServicePrincipalFederationPolicyRequest,
|
||
)
|
||
|
||
func newUpdate() *cobra.Command {
|
||
cmd := &cobra.Command{}
|
||
|
||
var updateReq oauth2.UpdateServicePrincipalFederationPolicyRequest
|
||
updateReq.Policy = &oauth2.FederationPolicy{}
|
||
var updateJson flags.JsonFlag
|
||
|
||
// TODO: short flags
|
||
cmd.Flags().Var(&updateJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
||
|
||
cmd.Flags().StringVar(&updateReq.Policy.Description, "description", updateReq.Policy.Description, `Description of the federation policy.`)
|
||
cmd.Flags().StringVar(&updateReq.Policy.Name, "name", updateReq.Policy.Name, `Name of the federation policy.`)
|
||
// TODO: complex arg: oidc_policy
|
||
|
||
cmd.Use = "update SERVICE_PRINCIPAL_ID POLICY_ID UPDATE_MASK"
|
||
cmd.Short = `Update service principal federation policy.`
|
||
cmd.Long = `Update service principal federation policy.
|
||
|
||
Arguments:
|
||
SERVICE_PRINCIPAL_ID: The service principal id for the federation policy.
|
||
POLICY_ID:
|
||
UPDATE_MASK: Field mask is required to be passed into the PATCH request. Field mask
|
||
specifies which fields of the setting payload will be updated. The field
|
||
mask needs to be supplied as single string. To specify multiple fields in
|
||
the field mask, use comma as the separator (no space).`
|
||
|
||
cmd.Annotations = make(map[string]string)
|
||
|
||
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
||
check := root.ExactArgs(3)
|
||
return check(cmd, args)
|
||
}
|
||
|
||
cmd.PreRunE = root.MustAccountClient
|
||
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
||
ctx := cmd.Context()
|
||
a := root.AccountClient(ctx)
|
||
|
||
if cmd.Flags().Changed("json") {
|
||
diags := updateJson.Unmarshal(&updateReq.Policy)
|
||
if diags.HasError() {
|
||
return diags.Error()
|
||
}
|
||
if len(diags) > 0 {
|
||
err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
}
|
||
}
|
||
_, err = fmt.Sscan(args[0], &updateReq.ServicePrincipalId)
|
||
if err != nil {
|
||
return fmt.Errorf("invalid SERVICE_PRINCIPAL_ID: %s", args[0])
|
||
}
|
||
updateReq.PolicyId = args[1]
|
||
updateReq.UpdateMask = args[2]
|
||
|
||
response, err := a.ServicePrincipalFederationPolicy.Update(ctx, updateReq)
|
||
if err != nil {
|
||
return err
|
||
}
|
||
return cmdio.Render(ctx, response)
|
||
}
|
||
|
||
// Disable completions since they are not applicable.
|
||
// Can be overridden by manual implementation in `override.go`.
|
||
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
||
|
||
// Apply optional overrides to this command.
|
||
for _, fn := range updateOverrides {
|
||
fn(cmd, &updateReq)
|
||
}
|
||
|
||
return cmd
|
||
}
|
||
|
||
// end service ServicePrincipalFederationPolicy
|