mirror of https://github.com/databricks/cli.git
253 lines
8.0 KiB
Go
Executable File
253 lines
8.0 KiB
Go
Executable File
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
|
|
|
|
package encryption_keys
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/databricks/cli/cmd/root"
|
|
"github.com/databricks/cli/libs/cmdio"
|
|
"github.com/databricks/cli/libs/flags"
|
|
"github.com/databricks/databricks-sdk-go/service/provisioning"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
var Cmd = &cobra.Command{
|
|
Use: "encryption-keys",
|
|
Short: `These APIs manage encryption key configurations for this workspace (optional).`,
|
|
Long: `These APIs manage encryption key configurations for this workspace (optional).
|
|
A key configuration encapsulates the AWS KMS key information and some
|
|
information about how the key configuration can be used. There are two
|
|
possible uses for key configurations:
|
|
|
|
* Managed services: A key configuration can be used to encrypt a workspace's
|
|
notebook and secret data in the control plane, as well as Databricks SQL
|
|
queries and query history. * Storage: A key configuration can be used to
|
|
encrypt a workspace's DBFS and EBS data in the data plane.
|
|
|
|
In both of these cases, the key configuration's ID is used when creating a new
|
|
workspace. This Preview feature is available if your account is on the E2
|
|
version of the platform. Updating a running workspace with workspace storage
|
|
encryption requires that the workspace is on the E2 version of the platform.
|
|
If you have an older workspace, it might not be on the E2 version of the
|
|
platform. If you are not sure, contact your Databricks representative.`,
|
|
Annotations: map[string]string{
|
|
"package": "provisioning",
|
|
},
|
|
}
|
|
|
|
// start create command
|
|
|
|
var createReq provisioning.CreateCustomerManagedKeyRequest
|
|
var createJson flags.JsonFlag
|
|
|
|
func init() {
|
|
Cmd.AddCommand(createCmd)
|
|
// TODO: short flags
|
|
createCmd.Flags().Var(&createJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
// TODO: complex arg: aws_key_info
|
|
// TODO: complex arg: gcp_key_info
|
|
|
|
}
|
|
|
|
var createCmd = &cobra.Command{
|
|
Use: "create",
|
|
Short: `Create encryption key configuration.`,
|
|
Long: `Create encryption key configuration.
|
|
|
|
Creates a customer-managed key configuration object for an account, specified
|
|
by ID. This operation uploads a reference to a customer-managed key to
|
|
Databricks. If the key is assigned as a workspace's customer-managed key for
|
|
managed services, Databricks uses the key to encrypt the workspaces notebooks
|
|
and secrets in the control plane, in addition to Databricks SQL queries and
|
|
query history. If it is specified as a workspace's customer-managed key for
|
|
workspace storage, the key encrypts the workspace's root S3 bucket (which
|
|
contains the workspace's root DBFS and system data) and, optionally, cluster
|
|
EBS volume data.
|
|
|
|
**Important**: Customer-managed keys are supported only for some deployment
|
|
types, subscription types, and AWS regions that currently support creation of
|
|
Databricks workspaces.
|
|
|
|
This operation is available only if your account is on the E2 version of the
|
|
platform or on a select custom plan that allows multiple workspaces per
|
|
account.`,
|
|
|
|
Annotations: map[string]string{},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
if cmd.Flags().Changed("json") {
|
|
err = createJson.Unmarshal(&createReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
_, err = fmt.Sscan(args[0], &createReq.UseCases)
|
|
if err != nil {
|
|
return fmt.Errorf("invalid USE_CASES: %s", args[0])
|
|
}
|
|
}
|
|
|
|
response, err := a.EncryptionKeys.Create(ctx, createReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
}
|
|
|
|
// start delete command
|
|
|
|
var deleteReq provisioning.DeleteEncryptionKeyRequest
|
|
var deleteJson flags.JsonFlag
|
|
|
|
func init() {
|
|
Cmd.AddCommand(deleteCmd)
|
|
// TODO: short flags
|
|
deleteCmd.Flags().Var(&deleteJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
}
|
|
|
|
var deleteCmd = &cobra.Command{
|
|
Use: "delete CUSTOMER_MANAGED_KEY_ID",
|
|
Short: `Delete encryption key configuration.`,
|
|
Long: `Delete encryption key configuration.
|
|
|
|
Deletes a customer-managed key configuration object for an account. You cannot
|
|
delete a configuration that is associated with a running workspace.`,
|
|
|
|
Annotations: map[string]string{},
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
check := cobra.ExactArgs(1)
|
|
if cmd.Flags().Changed("json") {
|
|
check = cobra.ExactArgs(0)
|
|
}
|
|
return check(cmd, args)
|
|
},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
if cmd.Flags().Changed("json") {
|
|
err = deleteJson.Unmarshal(&deleteReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
deleteReq.CustomerManagedKeyId = args[0]
|
|
}
|
|
|
|
err = a.EncryptionKeys.Delete(ctx, deleteReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
},
|
|
}
|
|
|
|
// start get command
|
|
|
|
var getReq provisioning.GetEncryptionKeyRequest
|
|
var getJson flags.JsonFlag
|
|
|
|
func init() {
|
|
Cmd.AddCommand(getCmd)
|
|
// TODO: short flags
|
|
getCmd.Flags().Var(&getJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
}
|
|
|
|
var getCmd = &cobra.Command{
|
|
Use: "get CUSTOMER_MANAGED_KEY_ID",
|
|
Short: `Get encryption key configuration.`,
|
|
Long: `Get encryption key configuration.
|
|
|
|
Gets a customer-managed key configuration object for an account, specified by
|
|
ID. This operation uploads a reference to a customer-managed key to
|
|
Databricks. If assigned as a workspace's customer-managed key for managed
|
|
services, Databricks uses the key to encrypt the workspaces notebooks and
|
|
secrets in the control plane, in addition to Databricks SQL queries and query
|
|
history. If it is specified as a workspace's customer-managed key for storage,
|
|
the key encrypts the workspace's root S3 bucket (which contains the
|
|
workspace's root DBFS and system data) and, optionally, cluster EBS volume
|
|
data.
|
|
|
|
**Important**: Customer-managed keys are supported only for some deployment
|
|
types, subscription types, and AWS regions.
|
|
|
|
This operation is available only if your account is on the E2 version of the
|
|
platform.",`,
|
|
|
|
Annotations: map[string]string{},
|
|
Args: func(cmd *cobra.Command, args []string) error {
|
|
check := cobra.ExactArgs(1)
|
|
if cmd.Flags().Changed("json") {
|
|
check = cobra.ExactArgs(0)
|
|
}
|
|
return check(cmd, args)
|
|
},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
if cmd.Flags().Changed("json") {
|
|
err = getJson.Unmarshal(&getReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
} else {
|
|
getReq.CustomerManagedKeyId = args[0]
|
|
}
|
|
|
|
response, err := a.EncryptionKeys.Get(ctx, getReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
}
|
|
|
|
// start list command
|
|
|
|
func init() {
|
|
Cmd.AddCommand(listCmd)
|
|
|
|
}
|
|
|
|
var listCmd = &cobra.Command{
|
|
Use: "list",
|
|
Short: `Get all encryption key configurations.`,
|
|
Long: `Get all encryption key configurations.
|
|
|
|
Gets all customer-managed key configuration objects for an account. If the key
|
|
is specified as a workspace's managed services customer-managed key,
|
|
Databricks uses the key to encrypt the workspace's notebooks and secrets in
|
|
the control plane, in addition to Databricks SQL queries and query history. If
|
|
the key is specified as a workspace's storage customer-managed key, the key is
|
|
used to encrypt the workspace's root S3 bucket and optionally can encrypt
|
|
cluster EBS volumes data in the data plane.
|
|
|
|
**Important**: Customer-managed keys are supported only for some deployment
|
|
types, subscription types, and AWS regions.
|
|
|
|
This operation is available only if your account is on the E2 version of the
|
|
platform.`,
|
|
|
|
Annotations: map[string]string{},
|
|
PreRunE: root.MustAccountClient,
|
|
RunE: func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
a := root.AccountClient(ctx)
|
|
response, err := a.EncryptionKeys.List(ctx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
},
|
|
}
|
|
|
|
// end service EncryptionKeys
|