mirror of https://github.com/databricks/cli.git
48 lines
1.6 KiB
Go
48 lines
1.6 KiB
Go
package permissions
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"regexp"
|
|
"strings"
|
|
|
|
"github.com/databricks/cli/bundle"
|
|
"github.com/databricks/cli/libs/diag"
|
|
"github.com/databricks/cli/libs/log"
|
|
)
|
|
|
|
func TryExtendTerraformPermissionError(ctx context.Context, b *bundle.Bundle, err error) diag.Diagnostics {
|
|
_, assistance := analyzeBundlePermissions(b)
|
|
|
|
// In a best-effort attempt to provide actionable error messages, we match
|
|
// against a few specific error messages that come from the Jobs and Pipelines API.
|
|
// For matching errors we provide a more specific error message that includes
|
|
// details on how to resolve the issue.
|
|
if !strings.Contains(err.Error(), "cannot update permissions") &&
|
|
!strings.Contains(err.Error(), "permissions on pipeline") &&
|
|
!strings.Contains(err.Error(), "cannot read permissions") &&
|
|
!strings.Contains(err.Error(), "cannot set run_as to user") {
|
|
return nil
|
|
}
|
|
|
|
log.Errorf(ctx, "Terraform error during deployment: %v", err.Error())
|
|
|
|
// Best-effort attempt to extract the resource name from the error message.
|
|
re := regexp.MustCompile(`databricks_(\w*)\.(\w*)`)
|
|
match := re.FindStringSubmatch(err.Error())
|
|
resource := "resource"
|
|
if len(match) > 1 {
|
|
resource = match[2]
|
|
}
|
|
|
|
return diag.Diagnostics{{
|
|
Summary: fmt.Sprintf("permission denied creating or updating %s.\n"+
|
|
"%s\n"+
|
|
"They can redeploy the project to apply the latest set of permissions.\n"+
|
|
"Please refer to https://docs.databricks.com/dev-tools/bundles/permissions.html for more on managing permissions.",
|
|
resource, assistance),
|
|
Severity: diag.Error,
|
|
ID: diag.ResourcePermissionDenied,
|
|
}}
|
|
}
|