databricks-cli/cmd/workspace/permissions/permissions.go

371 lines
11 KiB
Go
Executable File

// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
package permissions
import (
"github.com/databricks/cli/cmd/root"
"github.com/databricks/cli/libs/cmdio"
"github.com/databricks/cli/libs/flags"
"github.com/databricks/databricks-sdk-go/service/iam"
"github.com/spf13/cobra"
)
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var cmdOverrides []func(*cobra.Command)
func New() *cobra.Command {
cmd := &cobra.Command{
Use: "permissions",
Short: `Permissions API are used to create read, write, edit, update and manage access for various users on different objects and endpoints.`,
Long: `Permissions API are used to create read, write, edit, update and manage access
for various users on different objects and endpoints.
* **[Apps permissions](:service:apps)** — Manage which users can manage or
use apps.
* **[Cluster permissions](:service:clusters)** — Manage which users can
manage, restart, or attach to clusters.
* **[Cluster policy permissions](:service:clusterpolicies)** — Manage which
users can use cluster policies.
* **[Delta Live Tables pipeline permissions](:service:pipelines)** — Manage
which users can view, manage, run, cancel, or own a Delta Live Tables
pipeline.
* **[Job permissions](:service:jobs)** — Manage which users can view,
manage, trigger, cancel, or own a job.
* **[MLflow experiment permissions](:service:experiments)** — Manage which
users can read, edit, or manage MLflow experiments.
* **[MLflow registered model permissions](:service:modelregistry)** — Manage
which users can read, edit, or manage MLflow registered models.
* **[Password permissions](:service:users)** — Manage which users can use
password login when SSO is enabled.
* **[Instance Pool permissions](:service:instancepools)** — Manage which
users can manage or attach to pools.
* **[Repo permissions](repos)** — Manage which users can read, run, edit, or
manage a repo.
* **[Serving endpoint permissions](:service:servingendpoints)** — Manage
which users can view, query, or manage a serving endpoint.
* **[SQL warehouse permissions](:service:warehouses)** — Manage which users
can use or manage SQL warehouses.
* **[Token permissions](:service:tokenmanagement)** — Manage which users can
create or use tokens.
* **[Workspace object permissions](:service:workspace)** — Manage which
users can read, run, edit, or manage alerts, dbsql-dashboards, directories,
files, notebooks and queries.
For the mapping of the required permissions for specific actions or abilities
and other important information, see [Access Control].
Note that to manage access control on service principals, use **[Account
Access Control Proxy](:service:accountaccesscontrolproxy)**.
[Access Control]: https://docs.databricks.com/security/auth-authz/access-control/index.html`,
GroupID: "iam",
Annotations: map[string]string{
"package": "iam",
},
}
// Add methods
cmd.AddCommand(newGet())
cmd.AddCommand(newGetPermissionLevels())
cmd.AddCommand(newSet())
cmd.AddCommand(newUpdate())
// Apply optional overrides to this command.
for _, fn := range cmdOverrides {
fn(cmd)
}
return cmd
}
// start get command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var getOverrides []func(
*cobra.Command,
*iam.GetPermissionRequest,
)
func newGet() *cobra.Command {
cmd := &cobra.Command{}
var getReq iam.GetPermissionRequest
// TODO: short flags
cmd.Use = "get REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
cmd.Short = `Get object permissions.`
cmd.Long = `Get object permissions.
Gets the permissions of an object. Objects can inherit permissions from their
parent objects or root object.
Arguments:
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
directories, experiments, files, instance-pools, jobs, notebooks,
pipelines, queries, registered-models, repos, serving-endpoints, or
warehouses.
REQUEST_OBJECT_ID: The id of the request object.`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(2)
return check(cmd, args)
}
cmd.PreRunE = root.MustWorkspaceClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
getReq.RequestObjectType = args[0]
getReq.RequestObjectId = args[1]
response, err := w.Permissions.Get(ctx, getReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range getOverrides {
fn(cmd, &getReq)
}
return cmd
}
// start get-permission-levels command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var getPermissionLevelsOverrides []func(
*cobra.Command,
*iam.GetPermissionLevelsRequest,
)
func newGetPermissionLevels() *cobra.Command {
cmd := &cobra.Command{}
var getPermissionLevelsReq iam.GetPermissionLevelsRequest
// TODO: short flags
cmd.Use = "get-permission-levels REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
cmd.Short = `Get object permission levels.`
cmd.Long = `Get object permission levels.
Gets the permission levels that a user can have on an object.
Arguments:
REQUEST_OBJECT_TYPE: <needs content>
REQUEST_OBJECT_ID: <needs content>`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(2)
return check(cmd, args)
}
cmd.PreRunE = root.MustWorkspaceClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
getPermissionLevelsReq.RequestObjectType = args[0]
getPermissionLevelsReq.RequestObjectId = args[1]
response, err := w.Permissions.GetPermissionLevels(ctx, getPermissionLevelsReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range getPermissionLevelsOverrides {
fn(cmd, &getPermissionLevelsReq)
}
return cmd
}
// start set command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var setOverrides []func(
*cobra.Command,
*iam.PermissionsRequest,
)
func newSet() *cobra.Command {
cmd := &cobra.Command{}
var setReq iam.PermissionsRequest
var setJson flags.JsonFlag
// TODO: short flags
cmd.Flags().Var(&setJson, "json", `either inline JSON string or @path/to/file.json with request body`)
// TODO: array: access_control_list
cmd.Use = "set REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
cmd.Short = `Set object permissions.`
cmd.Long = `Set object permissions.
Sets permissions on an object. Objects can inherit permissions from their
parent objects or root object.
Arguments:
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
directories, experiments, files, instance-pools, jobs, notebooks,
pipelines, queries, registered-models, repos, serving-endpoints, or
warehouses.
REQUEST_OBJECT_ID: The id of the request object.`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(2)
return check(cmd, args)
}
cmd.PreRunE = root.MustWorkspaceClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = setJson.Unmarshal(&setReq)
if err != nil {
return err
}
}
setReq.RequestObjectType = args[0]
setReq.RequestObjectId = args[1]
response, err := w.Permissions.Set(ctx, setReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range setOverrides {
fn(cmd, &setReq)
}
return cmd
}
// start update command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var updateOverrides []func(
*cobra.Command,
*iam.PermissionsRequest,
)
func newUpdate() *cobra.Command {
cmd := &cobra.Command{}
var updateReq iam.PermissionsRequest
var updateJson flags.JsonFlag
// TODO: short flags
cmd.Flags().Var(&updateJson, "json", `either inline JSON string or @path/to/file.json with request body`)
// TODO: array: access_control_list
cmd.Use = "update REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
cmd.Short = `Update object permissions.`
cmd.Long = `Update object permissions.
Updates the permissions on an object. Objects can inherit permissions from
their parent objects or root object.
Arguments:
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
directories, experiments, files, instance-pools, jobs, notebooks,
pipelines, queries, registered-models, repos, serving-endpoints, or
warehouses.
REQUEST_OBJECT_ID: The id of the request object.`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(2)
return check(cmd, args)
}
cmd.PreRunE = root.MustWorkspaceClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = updateJson.Unmarshal(&updateReq)
if err != nil {
return err
}
}
updateReq.RequestObjectType = args[0]
updateReq.RequestObjectId = args[1]
response, err := w.Permissions.Update(ctx, updateReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range updateOverrides {
fn(cmd, &updateReq)
}
return cmd
}
// end service Permissions