databricks-cli/cmd/workspace/secrets/secrets.go

511 lines
14 KiB
Go
Executable File

// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
package secrets
import (
"fmt"
"github.com/databricks/cli/cmd/root"
"github.com/databricks/cli/libs/cmdio"
"github.com/databricks/cli/libs/flags"
"github.com/databricks/databricks-sdk-go/service/workspace"
"github.com/spf13/cobra"
)
var Cmd = &cobra.Command{
Use: "secrets",
Short: `The Secrets API allows you to manage secrets, secret scopes, and access permissions.`,
Long: `The Secrets API allows you to manage secrets, secret scopes, and access
permissions.
Sometimes accessing data requires that you authenticate to external data
sources through JDBC. Instead of directly entering your credentials into a
notebook, use Databricks secrets to store your credentials and reference them
in notebooks and jobs.
Administrators, secret creators, and users granted permission can read
Databricks secrets. While Databricks makes an effort to redact secret values
that might be displayed in notebooks, it is not possible to prevent such users
from reading secrets.`,
Annotations: map[string]string{
"package": "workspace",
},
}
// start create-scope command
var createScopeReq workspace.CreateScope
var createScopeJson flags.JsonFlag
func init() {
Cmd.AddCommand(createScopeCmd)
// TODO: short flags
createScopeCmd.Flags().Var(&createScopeJson, "json", `either inline JSON string or @path/to/file.json with request body`)
// TODO: complex arg: backend_azure_keyvault
createScopeCmd.Flags().StringVar(&createScopeReq.InitialManagePrincipal, "initial-manage-principal", createScopeReq.InitialManagePrincipal, `The principal that is initially granted MANAGE permission to the created scope.`)
createScopeCmd.Flags().Var(&createScopeReq.ScopeBackendType, "scope-backend-type", `The backend type the scope will be created with.`)
}
var createScopeCmd = &cobra.Command{
Use: "create-scope SCOPE",
Short: `Create a new secret scope.`,
Long: `Create a new secret scope.
The scope name must consist of alphanumeric characters, dashes, underscores,
and periods, and may not exceed 128 characters. The maximum number of scopes
in a workspace is 100.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(1)
if cmd.Flags().Changed("json") {
check = cobra.ExactArgs(0)
}
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = createScopeJson.Unmarshal(&createScopeReq)
if err != nil {
return err
}
} else {
createScopeReq.Scope = args[0]
}
err = w.Secrets.CreateScope(ctx, createScopeReq)
if err != nil {
return err
}
return nil
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start delete-acl command
var deleteAclReq workspace.DeleteAcl
var deleteAclJson flags.JsonFlag
func init() {
Cmd.AddCommand(deleteAclCmd)
// TODO: short flags
deleteAclCmd.Flags().Var(&deleteAclJson, "json", `either inline JSON string or @path/to/file.json with request body`)
}
var deleteAclCmd = &cobra.Command{
Use: "delete-acl SCOPE PRINCIPAL",
Short: `Delete an ACL.`,
Long: `Delete an ACL.
Deletes the given ACL on the given scope.
Users must have the MANAGE permission to invoke this API. Throws
RESOURCE_DOES_NOT_EXIST if no such secret scope, principal, or ACL exists.
Throws PERMISSION_DENIED if the user does not have permission to make this
API call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(2)
if cmd.Flags().Changed("json") {
check = cobra.ExactArgs(0)
}
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = deleteAclJson.Unmarshal(&deleteAclReq)
if err != nil {
return err
}
} else {
deleteAclReq.Scope = args[0]
deleteAclReq.Principal = args[1]
}
err = w.Secrets.DeleteAcl(ctx, deleteAclReq)
if err != nil {
return err
}
return nil
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start delete-scope command
var deleteScopeReq workspace.DeleteScope
var deleteScopeJson flags.JsonFlag
func init() {
Cmd.AddCommand(deleteScopeCmd)
// TODO: short flags
deleteScopeCmd.Flags().Var(&deleteScopeJson, "json", `either inline JSON string or @path/to/file.json with request body`)
}
var deleteScopeCmd = &cobra.Command{
Use: "delete-scope SCOPE",
Short: `Delete a secret scope.`,
Long: `Delete a secret scope.
Deletes a secret scope.
Throws RESOURCE_DOES_NOT_EXIST if the scope does not exist. Throws
PERMISSION_DENIED if the user does not have permission to make this API
call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(1)
if cmd.Flags().Changed("json") {
check = cobra.ExactArgs(0)
}
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = deleteScopeJson.Unmarshal(&deleteScopeReq)
if err != nil {
return err
}
} else {
deleteScopeReq.Scope = args[0]
}
err = w.Secrets.DeleteScope(ctx, deleteScopeReq)
if err != nil {
return err
}
return nil
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start delete-secret command
var deleteSecretReq workspace.DeleteSecret
var deleteSecretJson flags.JsonFlag
func init() {
Cmd.AddCommand(deleteSecretCmd)
// TODO: short flags
deleteSecretCmd.Flags().Var(&deleteSecretJson, "json", `either inline JSON string or @path/to/file.json with request body`)
}
var deleteSecretCmd = &cobra.Command{
Use: "delete-secret SCOPE KEY",
Short: `Delete a secret.`,
Long: `Delete a secret.
Deletes the secret stored in this secret scope. You must have WRITE or
MANAGE permission on the secret scope.
Throws RESOURCE_DOES_NOT_EXIST if no such secret scope or secret exists.
Throws PERMISSION_DENIED if the user does not have permission to make this
API call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(2)
if cmd.Flags().Changed("json") {
check = cobra.ExactArgs(0)
}
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = deleteSecretJson.Unmarshal(&deleteSecretReq)
if err != nil {
return err
}
} else {
deleteSecretReq.Scope = args[0]
deleteSecretReq.Key = args[1]
}
err = w.Secrets.DeleteSecret(ctx, deleteSecretReq)
if err != nil {
return err
}
return nil
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start get-acl command
var getAclReq workspace.GetAclRequest
func init() {
Cmd.AddCommand(getAclCmd)
// TODO: short flags
}
var getAclCmd = &cobra.Command{
Use: "get-acl SCOPE PRINCIPAL",
Short: `Get secret ACL details.`,
Long: `Get secret ACL details.
Gets the details about the given ACL, such as the group and permission. Users
must have the MANAGE permission to invoke this API.
Throws RESOURCE_DOES_NOT_EXIST if no such secret scope exists. Throws
PERMISSION_DENIED if the user does not have permission to make this API
call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(2)
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
getAclReq.Scope = args[0]
getAclReq.Principal = args[1]
response, err := w.Secrets.GetAcl(ctx, getAclReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start list-acls command
var listAclsReq workspace.ListAclsRequest
func init() {
Cmd.AddCommand(listAclsCmd)
// TODO: short flags
}
var listAclsCmd = &cobra.Command{
Use: "list-acls SCOPE",
Short: `Lists ACLs.`,
Long: `Lists ACLs.
List the ACLs for a given secret scope. Users must have the MANAGE
permission to invoke this API.
Throws RESOURCE_DOES_NOT_EXIST if no such secret scope exists. Throws
PERMISSION_DENIED if the user does not have permission to make this API
call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(1)
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
listAclsReq.Scope = args[0]
response, err := w.Secrets.ListAclsAll(ctx, listAclsReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start list-scopes command
func init() {
Cmd.AddCommand(listScopesCmd)
}
var listScopesCmd = &cobra.Command{
Use: "list-scopes",
Short: `List all scopes.`,
Long: `List all scopes.
Lists all secret scopes available in the workspace.
Throws PERMISSION_DENIED if the user does not have permission to make this
API call.`,
Annotations: map[string]string{},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
response, err := w.Secrets.ListScopesAll(ctx)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start list-secrets command
var listSecretsReq workspace.ListSecretsRequest
func init() {
Cmd.AddCommand(listSecretsCmd)
// TODO: short flags
}
var listSecretsCmd = &cobra.Command{
Use: "list-secrets SCOPE",
Short: `List secret keys.`,
Long: `List secret keys.
Lists the secret keys that are stored at this scope. This is a metadata-only
operation; secret data cannot be retrieved using this API. Users need the READ
permission to make this call.
The lastUpdatedTimestamp returned is in milliseconds since epoch. Throws
RESOURCE_DOES_NOT_EXIST if no such secret scope exists. Throws
PERMISSION_DENIED if the user does not have permission to make this API
call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(1)
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
listSecretsReq.Scope = args[0]
response, err := w.Secrets.ListSecretsAll(ctx, listSecretsReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// start put-acl command
var putAclReq workspace.PutAcl
var putAclJson flags.JsonFlag
func init() {
Cmd.AddCommand(putAclCmd)
// TODO: short flags
putAclCmd.Flags().Var(&putAclJson, "json", `either inline JSON string or @path/to/file.json with request body`)
}
var putAclCmd = &cobra.Command{
Use: "put-acl SCOPE PRINCIPAL PERMISSION",
Short: `Create/update an ACL.`,
Long: `Create/update an ACL.
Creates or overwrites the Access Control List (ACL) associated with the given
principal (user or group) on the specified scope point.
In general, a user or group will use the most powerful permission available to
them, and permissions are ordered as follows:
* MANAGE - Allowed to change ACLs, and read and write to this secret scope.
* WRITE - Allowed to read and write to this secret scope. * READ - Allowed
to read this secret scope and list what secrets are available.
Note that in general, secret values can only be read from within a command on
a cluster (for example, through a notebook). There is no API to read the
actual secret value material outside of a cluster. However, the user's
permission will be applied based on who is executing the command, and they
must have at least READ permission.
Users must have the MANAGE permission to invoke this API.
The principal is a user or group name corresponding to an existing Databricks
principal to be granted or revoked access.
Throws RESOURCE_DOES_NOT_EXIST if no such secret scope exists. Throws
RESOURCE_ALREADY_EXISTS if a permission for the principal already exists.
Throws INVALID_PARAMETER_VALUE if the permission or principal is invalid.
Throws PERMISSION_DENIED if the user does not have permission to make this
API call.`,
Annotations: map[string]string{},
Args: func(cmd *cobra.Command, args []string) error {
check := cobra.ExactArgs(3)
if cmd.Flags().Changed("json") {
check = cobra.ExactArgs(0)
}
return check(cmd, args)
},
PreRunE: root.MustWorkspaceClient,
RunE: func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
w := root.WorkspaceClient(ctx)
if cmd.Flags().Changed("json") {
err = putAclJson.Unmarshal(&putAclReq)
if err != nil {
return err
}
} else {
putAclReq.Scope = args[0]
putAclReq.Principal = args[1]
_, err = fmt.Sscan(args[2], &putAclReq.Permission)
if err != nil {
return fmt.Errorf("invalid PERMISSION: %s", args[2])
}
}
err = w.Secrets.PutAcl(ctx, putAclReq)
if err != nil {
return err
}
return nil
},
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
ValidArgsFunction: cobra.NoFileCompletions,
}
// end service Secrets