mirror of https://github.com/databricks/cli.git
185 lines
5.3 KiB
Go
185 lines
5.3 KiB
Go
package mutator
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"path"
|
|
"strings"
|
|
|
|
"github.com/databricks/cli/bundle"
|
|
"github.com/databricks/cli/bundle/config"
|
|
"github.com/databricks/databricks-sdk-go/service/iam"
|
|
"github.com/databricks/databricks-sdk-go/service/jobs"
|
|
"github.com/databricks/databricks-sdk-go/service/ml"
|
|
)
|
|
|
|
type processEnvironmentMode struct{}
|
|
|
|
const developmentConcurrentRuns = 4
|
|
|
|
func ProcessEnvironmentMode() bundle.Mutator {
|
|
return &processEnvironmentMode{}
|
|
}
|
|
|
|
func (m *processEnvironmentMode) Name() string {
|
|
return "ProcessEnvironmentMode"
|
|
}
|
|
|
|
// Mark all resources as being for 'development' purposes, i.e.
|
|
// changing their their name, adding tags, and (in the future)
|
|
// marking them as 'hidden' in the UI.
|
|
func transformDevelopmentMode(b *bundle.Bundle) error {
|
|
r := b.Config.Resources
|
|
|
|
prefix := "[dev " + b.Config.Workspace.CurrentUser.ShortName + "] "
|
|
|
|
for i := range r.Jobs {
|
|
r.Jobs[i].Name = prefix + r.Jobs[i].Name
|
|
if r.Jobs[i].Tags == nil {
|
|
r.Jobs[i].Tags = make(map[string]string)
|
|
}
|
|
r.Jobs[i].Tags["dev"] = b.Config.Workspace.CurrentUser.DisplayName
|
|
if r.Jobs[i].MaxConcurrentRuns == 0 {
|
|
r.Jobs[i].MaxConcurrentRuns = developmentConcurrentRuns
|
|
}
|
|
if r.Jobs[i].Schedule != nil {
|
|
r.Jobs[i].Schedule.PauseStatus = jobs.PauseStatusPaused
|
|
}
|
|
if r.Jobs[i].Continuous != nil {
|
|
r.Jobs[i].Continuous.PauseStatus = jobs.PauseStatusPaused
|
|
}
|
|
if r.Jobs[i].Trigger != nil {
|
|
r.Jobs[i].Trigger.PauseStatus = jobs.PauseStatusPaused
|
|
}
|
|
}
|
|
|
|
for i := range r.Pipelines {
|
|
r.Pipelines[i].Name = prefix + r.Pipelines[i].Name
|
|
r.Pipelines[i].Development = true
|
|
// (pipelines don't yet support tags)
|
|
}
|
|
|
|
for i := range r.Models {
|
|
r.Models[i].Name = prefix + r.Models[i].Name
|
|
r.Models[i].Tags = append(r.Models[i].Tags, ml.ModelTag{Key: "dev", Value: ""})
|
|
}
|
|
|
|
for i := range r.Experiments {
|
|
filepath := r.Experiments[i].Name
|
|
dir := path.Dir(filepath)
|
|
base := path.Base(filepath)
|
|
if dir == "." {
|
|
r.Experiments[i].Name = prefix + base
|
|
} else {
|
|
r.Experiments[i].Name = dir + "/" + prefix + base
|
|
}
|
|
r.Experiments[i].Tags = append(r.Experiments[i].Tags, ml.ExperimentTag{Key: "dev", Value: b.Config.Workspace.CurrentUser.DisplayName})
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func validateDevelopmentMode(b *bundle.Bundle) error {
|
|
if path := findIncorrectPath(b, config.Development); path != "" {
|
|
return fmt.Errorf("%s must start with '~/' or contain the current username when using 'mode: development'", path)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func findIncorrectPath(b *bundle.Bundle, mode config.Mode) string {
|
|
username := b.Config.Workspace.CurrentUser.UserName
|
|
containsExpected := true
|
|
if mode == config.Production {
|
|
containsExpected = false
|
|
}
|
|
|
|
if strings.Contains(b.Config.Workspace.RootPath, username) != containsExpected && b.Config.Workspace.RootPath != "" {
|
|
return "root_path"
|
|
}
|
|
if strings.Contains(b.Config.Workspace.StatePath, username) != containsExpected {
|
|
return "state_path"
|
|
}
|
|
if strings.Contains(b.Config.Workspace.FilesPath, username) != containsExpected {
|
|
return "files_path"
|
|
}
|
|
if strings.Contains(b.Config.Workspace.ArtifactsPath, username) != containsExpected {
|
|
return "artifacts_path"
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func validateProductionMode(ctx context.Context, b *bundle.Bundle, isPrincipalUsed bool) error {
|
|
r := b.Config.Resources
|
|
for i := range r.Pipelines {
|
|
if r.Pipelines[i].Development {
|
|
return fmt.Errorf("environment with 'mode: production' cannot specify a pipeline with 'development: true'")
|
|
}
|
|
}
|
|
|
|
if !isPrincipalUsed {
|
|
if path := findIncorrectPath(b, config.Production); path != "" {
|
|
message := "%s must not contain the current username when using 'mode: production'"
|
|
if path == "root_path" {
|
|
return fmt.Errorf(message+"\n tip: set workspace.root_path to a shared path such as /Shared/.bundle/${bundle.name}/${bundle.environment}", path)
|
|
} else {
|
|
return fmt.Errorf(message, path)
|
|
}
|
|
}
|
|
|
|
if !isRunAsSet(r) {
|
|
return fmt.Errorf("'run_as' must be set for all jobs when using 'mode: production'")
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Determines whether a service principal identity is used to run the CLI.
|
|
func isServicePrincipalUsed(ctx context.Context, b *bundle.Bundle) (bool, error) {
|
|
ws := b.WorkspaceClient()
|
|
|
|
// Check if a principal with the current user's ID exists.
|
|
// We need to use the ListAll method since Get is only usable by admins.
|
|
matches, err := ws.ServicePrincipals.ListAll(ctx, iam.ListServicePrincipalsRequest{
|
|
Filter: "id eq " + b.Config.Workspace.CurrentUser.Id,
|
|
})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return len(matches) > 0, nil
|
|
}
|
|
|
|
// Determines whether run_as is explicitly set for all resources.
|
|
// We do this in a best-effort fashion rather than check the top-level
|
|
// 'run_as' field because the latter is not required to be set.
|
|
func isRunAsSet(r config.Resources) bool {
|
|
for i := range r.Jobs {
|
|
if r.Jobs[i].RunAs == nil {
|
|
return false
|
|
}
|
|
}
|
|
return true
|
|
}
|
|
|
|
func (m *processEnvironmentMode) Apply(ctx context.Context, b *bundle.Bundle) error {
|
|
switch b.Config.Bundle.Mode {
|
|
case config.Development:
|
|
err := validateDevelopmentMode(b)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return transformDevelopmentMode(b)
|
|
case config.Production:
|
|
isPrincipal, err := isServicePrincipalUsed(ctx, b)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return validateProductionMode(ctx, b, isPrincipal)
|
|
case "":
|
|
// No action
|
|
default:
|
|
return fmt.Errorf("unsupported value specified for 'mode': %s", b.Config.Bundle.Mode)
|
|
}
|
|
|
|
return nil
|
|
}
|