mirror of https://github.com/databricks/cli.git
371 lines
11 KiB
Go
Executable File
371 lines
11 KiB
Go
Executable File
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
|
|
|
|
package permissions
|
|
|
|
import (
|
|
"github.com/databricks/cli/cmd/root"
|
|
"github.com/databricks/cli/libs/cmdio"
|
|
"github.com/databricks/cli/libs/flags"
|
|
"github.com/databricks/databricks-sdk-go/service/iam"
|
|
"github.com/spf13/cobra"
|
|
)
|
|
|
|
// Slice with functions to override default command behavior.
|
|
// Functions can be added from the `init()` function in manually curated files in this directory.
|
|
var cmdOverrides []func(*cobra.Command)
|
|
|
|
func New() *cobra.Command {
|
|
cmd := &cobra.Command{
|
|
Use: "permissions",
|
|
Short: `Permissions API are used to create read, write, edit, update and manage access for various users on different objects and endpoints.`,
|
|
Long: `Permissions API are used to create read, write, edit, update and manage access
|
|
for various users on different objects and endpoints.
|
|
|
|
* **[Apps permissions](:service:apps)** — Manage which users can manage or
|
|
use apps.
|
|
|
|
* **[Cluster permissions](:service:clusters)** — Manage which users can
|
|
manage, restart, or attach to clusters.
|
|
|
|
* **[Cluster policy permissions](:service:clusterpolicies)** — Manage which
|
|
users can use cluster policies.
|
|
|
|
* **[Delta Live Tables pipeline permissions](:service:pipelines)** — Manage
|
|
which users can view, manage, run, cancel, or own a Delta Live Tables
|
|
pipeline.
|
|
|
|
* **[Job permissions](:service:jobs)** — Manage which users can view,
|
|
manage, trigger, cancel, or own a job.
|
|
|
|
* **[MLflow experiment permissions](:service:experiments)** — Manage which
|
|
users can read, edit, or manage MLflow experiments.
|
|
|
|
* **[MLflow registered model permissions](:service:modelregistry)** — Manage
|
|
which users can read, edit, or manage MLflow registered models.
|
|
|
|
* **[Password permissions](:service:users)** — Manage which users can use
|
|
password login when SSO is enabled.
|
|
|
|
* **[Instance Pool permissions](:service:instancepools)** — Manage which
|
|
users can manage or attach to pools.
|
|
|
|
* **[Repo permissions](repos)** — Manage which users can read, run, edit, or
|
|
manage a repo.
|
|
|
|
* **[Serving endpoint permissions](:service:servingendpoints)** — Manage
|
|
which users can view, query, or manage a serving endpoint.
|
|
|
|
* **[SQL warehouse permissions](:service:warehouses)** — Manage which users
|
|
can use or manage SQL warehouses.
|
|
|
|
* **[Token permissions](:service:tokenmanagement)** — Manage which users can
|
|
create or use tokens.
|
|
|
|
* **[Workspace object permissions](:service:workspace)** — Manage which
|
|
users can read, run, edit, or manage alerts, dbsql-dashboards, directories,
|
|
files, notebooks and queries.
|
|
|
|
For the mapping of the required permissions for specific actions or abilities
|
|
and other important information, see [Access Control].
|
|
|
|
Note that to manage access control on service principals, use **[Account
|
|
Access Control Proxy](:service:accountaccesscontrolproxy)**.
|
|
|
|
[Access Control]: https://docs.databricks.com/security/auth-authz/access-control/index.html`,
|
|
GroupID: "iam",
|
|
Annotations: map[string]string{
|
|
"package": "iam",
|
|
},
|
|
}
|
|
|
|
// Add methods
|
|
cmd.AddCommand(newGet())
|
|
cmd.AddCommand(newGetPermissionLevels())
|
|
cmd.AddCommand(newSet())
|
|
cmd.AddCommand(newUpdate())
|
|
|
|
// Apply optional overrides to this command.
|
|
for _, fn := range cmdOverrides {
|
|
fn(cmd)
|
|
}
|
|
|
|
return cmd
|
|
}
|
|
|
|
// start get command
|
|
|
|
// Slice with functions to override default command behavior.
|
|
// Functions can be added from the `init()` function in manually curated files in this directory.
|
|
var getOverrides []func(
|
|
*cobra.Command,
|
|
*iam.GetPermissionRequest,
|
|
)
|
|
|
|
func newGet() *cobra.Command {
|
|
cmd := &cobra.Command{}
|
|
|
|
var getReq iam.GetPermissionRequest
|
|
|
|
// TODO: short flags
|
|
|
|
cmd.Use = "get REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
|
|
cmd.Short = `Get object permissions.`
|
|
cmd.Long = `Get object permissions.
|
|
|
|
Gets the permissions of an object. Objects can inherit permissions from their
|
|
parent objects or root object.
|
|
|
|
Arguments:
|
|
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
|
|
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
|
|
directories, experiments, files, instance-pools, jobs, notebooks,
|
|
pipelines, queries, registered-models, repos, serving-endpoints, or
|
|
warehouses.
|
|
REQUEST_OBJECT_ID: The id of the request object.`
|
|
|
|
cmd.Annotations = make(map[string]string)
|
|
|
|
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
|
check := root.ExactArgs(2)
|
|
return check(cmd, args)
|
|
}
|
|
|
|
cmd.PreRunE = root.MustWorkspaceClient
|
|
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
w := root.WorkspaceClient(ctx)
|
|
|
|
getReq.RequestObjectType = args[0]
|
|
getReq.RequestObjectId = args[1]
|
|
|
|
response, err := w.Permissions.Get(ctx, getReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
}
|
|
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
|
|
|
// Apply optional overrides to this command.
|
|
for _, fn := range getOverrides {
|
|
fn(cmd, &getReq)
|
|
}
|
|
|
|
return cmd
|
|
}
|
|
|
|
// start get-permission-levels command
|
|
|
|
// Slice with functions to override default command behavior.
|
|
// Functions can be added from the `init()` function in manually curated files in this directory.
|
|
var getPermissionLevelsOverrides []func(
|
|
*cobra.Command,
|
|
*iam.GetPermissionLevelsRequest,
|
|
)
|
|
|
|
func newGetPermissionLevels() *cobra.Command {
|
|
cmd := &cobra.Command{}
|
|
|
|
var getPermissionLevelsReq iam.GetPermissionLevelsRequest
|
|
|
|
// TODO: short flags
|
|
|
|
cmd.Use = "get-permission-levels REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
|
|
cmd.Short = `Get object permission levels.`
|
|
cmd.Long = `Get object permission levels.
|
|
|
|
Gets the permission levels that a user can have on an object.
|
|
|
|
Arguments:
|
|
REQUEST_OBJECT_TYPE: <needs content>
|
|
REQUEST_OBJECT_ID: <needs content>`
|
|
|
|
cmd.Annotations = make(map[string]string)
|
|
|
|
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
|
check := root.ExactArgs(2)
|
|
return check(cmd, args)
|
|
}
|
|
|
|
cmd.PreRunE = root.MustWorkspaceClient
|
|
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
w := root.WorkspaceClient(ctx)
|
|
|
|
getPermissionLevelsReq.RequestObjectType = args[0]
|
|
getPermissionLevelsReq.RequestObjectId = args[1]
|
|
|
|
response, err := w.Permissions.GetPermissionLevels(ctx, getPermissionLevelsReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
}
|
|
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
|
|
|
// Apply optional overrides to this command.
|
|
for _, fn := range getPermissionLevelsOverrides {
|
|
fn(cmd, &getPermissionLevelsReq)
|
|
}
|
|
|
|
return cmd
|
|
}
|
|
|
|
// start set command
|
|
|
|
// Slice with functions to override default command behavior.
|
|
// Functions can be added from the `init()` function in manually curated files in this directory.
|
|
var setOverrides []func(
|
|
*cobra.Command,
|
|
*iam.PermissionsRequest,
|
|
)
|
|
|
|
func newSet() *cobra.Command {
|
|
cmd := &cobra.Command{}
|
|
|
|
var setReq iam.PermissionsRequest
|
|
var setJson flags.JsonFlag
|
|
|
|
// TODO: short flags
|
|
cmd.Flags().Var(&setJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
// TODO: array: access_control_list
|
|
|
|
cmd.Use = "set REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
|
|
cmd.Short = `Set object permissions.`
|
|
cmd.Long = `Set object permissions.
|
|
|
|
Sets permissions on an object. Objects can inherit permissions from their
|
|
parent objects or root object.
|
|
|
|
Arguments:
|
|
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
|
|
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
|
|
directories, experiments, files, instance-pools, jobs, notebooks,
|
|
pipelines, queries, registered-models, repos, serving-endpoints, or
|
|
warehouses.
|
|
REQUEST_OBJECT_ID: The id of the request object.`
|
|
|
|
cmd.Annotations = make(map[string]string)
|
|
|
|
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
|
check := root.ExactArgs(2)
|
|
return check(cmd, args)
|
|
}
|
|
|
|
cmd.PreRunE = root.MustWorkspaceClient
|
|
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
w := root.WorkspaceClient(ctx)
|
|
|
|
if cmd.Flags().Changed("json") {
|
|
err = setJson.Unmarshal(&setReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
setReq.RequestObjectType = args[0]
|
|
setReq.RequestObjectId = args[1]
|
|
|
|
response, err := w.Permissions.Set(ctx, setReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
}
|
|
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
|
|
|
// Apply optional overrides to this command.
|
|
for _, fn := range setOverrides {
|
|
fn(cmd, &setReq)
|
|
}
|
|
|
|
return cmd
|
|
}
|
|
|
|
// start update command
|
|
|
|
// Slice with functions to override default command behavior.
|
|
// Functions can be added from the `init()` function in manually curated files in this directory.
|
|
var updateOverrides []func(
|
|
*cobra.Command,
|
|
*iam.PermissionsRequest,
|
|
)
|
|
|
|
func newUpdate() *cobra.Command {
|
|
cmd := &cobra.Command{}
|
|
|
|
var updateReq iam.PermissionsRequest
|
|
var updateJson flags.JsonFlag
|
|
|
|
// TODO: short flags
|
|
cmd.Flags().Var(&updateJson, "json", `either inline JSON string or @path/to/file.json with request body`)
|
|
|
|
// TODO: array: access_control_list
|
|
|
|
cmd.Use = "update REQUEST_OBJECT_TYPE REQUEST_OBJECT_ID"
|
|
cmd.Short = `Update object permissions.`
|
|
cmd.Long = `Update object permissions.
|
|
|
|
Updates the permissions on an object. Objects can inherit permissions from
|
|
their parent objects or root object.
|
|
|
|
Arguments:
|
|
REQUEST_OBJECT_TYPE: The type of the request object. Can be one of the following: alerts,
|
|
authorization, clusters, cluster-policies, dashboards, dbsql-dashboards,
|
|
directories, experiments, files, instance-pools, jobs, notebooks,
|
|
pipelines, queries, registered-models, repos, serving-endpoints, or
|
|
warehouses.
|
|
REQUEST_OBJECT_ID: The id of the request object.`
|
|
|
|
cmd.Annotations = make(map[string]string)
|
|
|
|
cmd.Args = func(cmd *cobra.Command, args []string) error {
|
|
check := root.ExactArgs(2)
|
|
return check(cmd, args)
|
|
}
|
|
|
|
cmd.PreRunE = root.MustWorkspaceClient
|
|
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
|
|
ctx := cmd.Context()
|
|
w := root.WorkspaceClient(ctx)
|
|
|
|
if cmd.Flags().Changed("json") {
|
|
err = updateJson.Unmarshal(&updateReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
updateReq.RequestObjectType = args[0]
|
|
updateReq.RequestObjectId = args[1]
|
|
|
|
response, err := w.Permissions.Update(ctx, updateReq)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return cmdio.Render(ctx, response)
|
|
}
|
|
|
|
// Disable completions since they are not applicable.
|
|
// Can be overridden by manual implementation in `override.go`.
|
|
cmd.ValidArgsFunction = cobra.NoFileCompletions
|
|
|
|
// Apply optional overrides to this command.
|
|
for _, fn := range updateOverrides {
|
|
fn(cmd, &updateReq)
|
|
}
|
|
|
|
return cmd
|
|
}
|
|
|
|
// end service Permissions
|