diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index 970583a83a..1430e6c59c 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -9,5 +9,6 @@ ### CLI ### Bundles +* Add supported enum values to JSON schema for volume grant privileges ([#3395](https://github.com/databricks/cli/pull/3395)) ### API Changes diff --git a/bundle/config/resources/volume.go b/bundle/config/resources/volume.go index c9cea6c5eb..4c0a09bda5 100644 --- a/bundle/config/resources/volume.go +++ b/bundle/config/resources/volume.go @@ -13,9 +13,36 @@ import ( "github.com/databricks/databricks-sdk-go/service/catalog" ) +type VolumeGrantPrivilege string + +const ( + VolumeGrantPrivilegeAllPrivileges VolumeGrantPrivilege = "ALL_PRIVILEGES" + VolumeGrantPrivilegeApplyTag VolumeGrantPrivilege = "APPLY_TAG" + VolumeGrantPrivilegeManage VolumeGrantPrivilege = "MANAGE" + VolumeGrantPrivilegeReadVolume VolumeGrantPrivilege = "READ_VOLUME" + VolumeGrantPrivilegeWriteVolume VolumeGrantPrivilege = "WRITE_VOLUME" +) + +// Values returns all valid VolumeGrantPrivilege values +func (VolumeGrantPrivilege) Values() []VolumeGrantPrivilege { + return []VolumeGrantPrivilege{ + VolumeGrantPrivilegeAllPrivileges, + VolumeGrantPrivilegeApplyTag, + VolumeGrantPrivilegeManage, + VolumeGrantPrivilegeReadVolume, + VolumeGrantPrivilegeWriteVolume, + } +} + +type VolumeGrant struct { + Privileges []VolumeGrantPrivilege `json:"privileges"` + + Principal string `json:"principal"` +} + type Volume struct { // List of grants to apply on this volume. - Grants []Grant `json:"grants,omitempty"` + Grants []VolumeGrant `json:"grants,omitempty"` // Full name of the volume (catalog_name.schema_name.volume_name). This value is read from // the terraform state after deployment succeeds. diff --git a/bundle/deploy/terraform/tfdyn/convert_volume_test.go b/bundle/deploy/terraform/tfdyn/convert_volume_test.go index 176596f1df..92c64212b9 100644 --- a/bundle/deploy/terraform/tfdyn/convert_volume_test.go +++ b/bundle/deploy/terraform/tfdyn/convert_volume_test.go @@ -23,14 +23,18 @@ func TestConvertVolume(t *testing.T) { StorageLocation: "s3://bucket/path", VolumeType: "EXTERNAL", }, - Grants: []resources.Grant{ + Grants: []resources.VolumeGrant{ { - Privileges: []string{"READ_VOLUME"}, - Principal: "jack@gmail.com", + Privileges: []resources.VolumeGrantPrivilege{ + resources.VolumeGrantPrivilegeReadVolume, + }, + Principal: "jack@gmail.com", }, { - Privileges: []string{"WRITE_VOLUME"}, - Principal: "jane@gmail.com", + Privileges: []resources.VolumeGrantPrivilege{ + resources.VolumeGrantPrivilegeWriteVolume, + }, + Principal: "jane@gmail.com", }, }, } diff --git a/bundle/internal/schema/annotations.yml b/bundle/internal/schema/annotations.yml index 396307b3f8..546692c051 100644 --- a/bundle/internal/schema/annotations.yml +++ b/bundle/internal/schema/annotations.yml @@ -598,6 +598,13 @@ github.com/databricks/cli/bundle/config/resources.SqlWarehousePermission: "user_name": "description": |- PLACEHOLDER +github.com/databricks/cli/bundle/config/resources.VolumeGrant: + "principal": + "description": |- + PLACEHOLDER + "privileges": + "description": |- + PLACEHOLDER github.com/databricks/cli/bundle/config/variable.Lookup: "alert": "description": |- diff --git a/bundle/internal/schema/annotations_openapi_overrides.yml b/bundle/internal/schema/annotations_openapi_overrides.yml index 7eb7b637ce..662cabb32f 100644 --- a/bundle/internal/schema/annotations_openapi_overrides.yml +++ b/bundle/internal/schema/annotations_openapi_overrides.yml @@ -503,6 +503,19 @@ github.com/databricks/cli/bundle/config/resources.SqlWarehousePermissionLevel: CAN_MONITOR - |- CAN_VIEW +github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege: + "_": + "enum": + - |- + ALL_PRIVILEGES + - |- + APPLY_TAG + - |- + MANAGE + - |- + READ_VOLUME + - |- + WRITE_VOLUME github.com/databricks/cli/bundle/config/resources.Volume: "_": "markdown_description": |- diff --git a/bundle/schema/jsonschema.json b/bundle/schema/jsonschema.json index 2607f35549..a0f1919417 100644 --- a/bundle/schema/jsonschema.json +++ b/bundle/schema/jsonschema.json @@ -1549,7 +1549,7 @@ "$ref": "#/$defs/string" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Grant" + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.VolumeGrant" }, "name": { "description": "The name of the volume", @@ -1581,6 +1581,48 @@ } ] }, + "resources.VolumeGrant": { + "oneOf": [ + { + "type": "object", + "properties": { + "principal": { + "$ref": "#/$defs/string" + }, + "privileges": { + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege" + } + }, + "additionalProperties": false, + "required": [ + "privileges", + "principal" + ] + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, + "resources.VolumeGrantPrivilege": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ALL_PRIVILEGES", + "APPLY_TAG", + "MANAGE", + "READ_VOLUME", + "WRITE_VOLUME" + ] + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, "variable.Lookup": { "oneOf": [ { @@ -8660,6 +8702,34 @@ "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" } ] + }, + "resources.VolumeGrant": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.VolumeGrant" + } + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, + "resources.VolumeGrantPrivilege": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege" + } + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] } }, "config.ArtifactFile": {