From 785de9452e081c265f699304771231246ed62558 Mon Sep 17 00:00:00 2001 From: Gleb Kanterov Date: Tue, 12 Aug 2025 10:07:17 +0200 Subject: [PATCH 1/4] Add enum for volume grant privileges --- bundle/config/resources/volume.go | 17 ++++- bundle/internal/schema/annotations.yml | 7 ++ .../schema/annotations_openapi_overrides.yml | 11 +++ bundle/schema/jsonschema.json | 71 ++++++++++++++++++- 4 files changed, 104 insertions(+), 2 deletions(-) diff --git a/bundle/config/resources/volume.go b/bundle/config/resources/volume.go index c9cea6c5eb..9b212559fb 100644 --- a/bundle/config/resources/volume.go +++ b/bundle/config/resources/volume.go @@ -13,9 +13,24 @@ import ( "github.com/databricks/databricks-sdk-go/service/catalog" ) +type VolumeGrantPrivilege string + +const ( + VolumeGrantPrivilegeAllPrivileges VolumeGrantPrivilege = "ALL_PRIVILEGES" + VolumeGrantPrivilegeManage VolumeGrantPrivilege = "MANAGE" + VolumeGrantPrivilegeReadVolume VolumeGrantPrivilege = "READ_VOLUME" + VolumeGrantPrivilegeWriteVolume VolumeGrantPrivilege = "WRITE_VOLUME" +) + +type VolumeGrant struct { + Privileges []VolumeGrantPrivilege `json:"privileges"` + + Principal string `json:"principal"` +} + type Volume struct { // List of grants to apply on this volume. - Grants []Grant `json:"grants,omitempty"` + Grants []VolumeGrant `json:"grants,omitempty"` // Full name of the volume (catalog_name.schema_name.volume_name). This value is read from // the terraform state after deployment succeeds. diff --git a/bundle/internal/schema/annotations.yml b/bundle/internal/schema/annotations.yml index 396307b3f8..546692c051 100644 --- a/bundle/internal/schema/annotations.yml +++ b/bundle/internal/schema/annotations.yml @@ -598,6 +598,13 @@ github.com/databricks/cli/bundle/config/resources.SqlWarehousePermission: "user_name": "description": |- PLACEHOLDER +github.com/databricks/cli/bundle/config/resources.VolumeGrant: + "principal": + "description": |- + PLACEHOLDER + "privileges": + "description": |- + PLACEHOLDER github.com/databricks/cli/bundle/config/variable.Lookup: "alert": "description": |- diff --git a/bundle/internal/schema/annotations_openapi_overrides.yml b/bundle/internal/schema/annotations_openapi_overrides.yml index 7eb7b637ce..c48472e659 100644 --- a/bundle/internal/schema/annotations_openapi_overrides.yml +++ b/bundle/internal/schema/annotations_openapi_overrides.yml @@ -503,6 +503,17 @@ github.com/databricks/cli/bundle/config/resources.SqlWarehousePermissionLevel: CAN_MONITOR - |- CAN_VIEW +github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege: + "_": + "enum": + - |- + ALL_PRIVILEGES + - |- + MANAGE + - |- + READ_VOLUME + - |- + WRITE_VOLUME github.com/databricks/cli/bundle/config/resources.Volume: "_": "markdown_description": |- diff --git a/bundle/schema/jsonschema.json b/bundle/schema/jsonschema.json index 2607f35549..1a9611c80f 100644 --- a/bundle/schema/jsonschema.json +++ b/bundle/schema/jsonschema.json @@ -1549,7 +1549,7 @@ "$ref": "#/$defs/string" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Grant" + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.VolumeGrant" }, "name": { "description": "The name of the volume", @@ -1581,6 +1581,47 @@ } ] }, + "resources.VolumeGrant": { + "oneOf": [ + { + "type": "object", + "properties": { + "principal": { + "$ref": "#/$defs/string" + }, + "privileges": { + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege" + } + }, + "additionalProperties": false, + "required": [ + "privileges", + "principal" + ] + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, + "resources.VolumeGrantPrivilege": { + "oneOf": [ + { + "type": "string", + "enum": [ + "ALL_PRIVILEGES", + "MANAGE", + "READ_VOLUME", + "WRITE_VOLUME" + ] + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, "variable.Lookup": { "oneOf": [ { @@ -8660,6 +8701,34 @@ "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" } ] + }, + "resources.VolumeGrant": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.VolumeGrant" + } + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] + }, + "resources.VolumeGrantPrivilege": { + "oneOf": [ + { + "type": "array", + "items": { + "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege" + } + }, + { + "type": "string", + "pattern": "\\$\\{(var(\\.[a-zA-Z]+([-_]?[a-zA-Z0-9]+)*(\\[[0-9]+\\])*)+)\\}" + } + ] } }, "config.ArtifactFile": { From 2c5efbbcd1f39359aa713a331c1461c9a0cab0c0 Mon Sep 17 00:00:00 2001 From: Gleb Kanterov Date: Tue, 12 Aug 2025 10:14:45 +0200 Subject: [PATCH 2/4] Fix build --- .../deploy/terraform/tfdyn/convert_volume_test.go | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/bundle/deploy/terraform/tfdyn/convert_volume_test.go b/bundle/deploy/terraform/tfdyn/convert_volume_test.go index 176596f1df..92c64212b9 100644 --- a/bundle/deploy/terraform/tfdyn/convert_volume_test.go +++ b/bundle/deploy/terraform/tfdyn/convert_volume_test.go @@ -23,14 +23,18 @@ func TestConvertVolume(t *testing.T) { StorageLocation: "s3://bucket/path", VolumeType: "EXTERNAL", }, - Grants: []resources.Grant{ + Grants: []resources.VolumeGrant{ { - Privileges: []string{"READ_VOLUME"}, - Principal: "jack@gmail.com", + Privileges: []resources.VolumeGrantPrivilege{ + resources.VolumeGrantPrivilegeReadVolume, + }, + Principal: "jack@gmail.com", }, { - Privileges: []string{"WRITE_VOLUME"}, - Principal: "jane@gmail.com", + Privileges: []resources.VolumeGrantPrivilege{ + resources.VolumeGrantPrivilegeWriteVolume, + }, + Principal: "jane@gmail.com", }, }, } From 33ed073d1d4c90c07a0a9a9cbf65add09f4eb623 Mon Sep 17 00:00:00 2001 From: Gleb Kanterov Date: Wed, 13 Aug 2025 08:23:04 +0200 Subject: [PATCH 3/4] Clarify JSON schema --- NEXT_CHANGELOG.md | 1 + bundle/config/resources/volume.go | 1 + bundle/internal/schema/annotations_openapi_overrides.yml | 2 ++ bundle/schema/jsonschema.json | 1 + 4 files changed, 5 insertions(+) diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index 970583a83a..1430e6c59c 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -9,5 +9,6 @@ ### CLI ### Bundles +* Add supported enum values to JSON schema for volume grant privileges ([#3395](https://github.com/databricks/cli/pull/3395)) ### API Changes diff --git a/bundle/config/resources/volume.go b/bundle/config/resources/volume.go index 9b212559fb..ee520f3f4a 100644 --- a/bundle/config/resources/volume.go +++ b/bundle/config/resources/volume.go @@ -17,6 +17,7 @@ type VolumeGrantPrivilege string const ( VolumeGrantPrivilegeAllPrivileges VolumeGrantPrivilege = "ALL_PRIVILEGES" + VolumeGrantPrivilegeApplyTag VolumeGrantPrivilege = "APPLY_TAG" VolumeGrantPrivilegeManage VolumeGrantPrivilege = "MANAGE" VolumeGrantPrivilegeReadVolume VolumeGrantPrivilege = "READ_VOLUME" VolumeGrantPrivilegeWriteVolume VolumeGrantPrivilege = "WRITE_VOLUME" diff --git a/bundle/internal/schema/annotations_openapi_overrides.yml b/bundle/internal/schema/annotations_openapi_overrides.yml index c48472e659..662cabb32f 100644 --- a/bundle/internal/schema/annotations_openapi_overrides.yml +++ b/bundle/internal/schema/annotations_openapi_overrides.yml @@ -508,6 +508,8 @@ github.com/databricks/cli/bundle/config/resources.VolumeGrantPrivilege: "enum": - |- ALL_PRIVILEGES + - |- + APPLY_TAG - |- MANAGE - |- diff --git a/bundle/schema/jsonschema.json b/bundle/schema/jsonschema.json index 1a9611c80f..a0f1919417 100644 --- a/bundle/schema/jsonschema.json +++ b/bundle/schema/jsonschema.json @@ -1611,6 +1611,7 @@ "type": "string", "enum": [ "ALL_PRIVILEGES", + "APPLY_TAG", "MANAGE", "READ_VOLUME", "WRITE_VOLUME" From a909b3d982f0eda8d234a828f44f946a0227f23b Mon Sep 17 00:00:00 2001 From: Gleb Kanterov Date: Thu, 14 Aug 2025 09:26:09 +0200 Subject: [PATCH 4/4] Add Values() --- bundle/config/resources/volume.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/bundle/config/resources/volume.go b/bundle/config/resources/volume.go index ee520f3f4a..4c0a09bda5 100644 --- a/bundle/config/resources/volume.go +++ b/bundle/config/resources/volume.go @@ -23,6 +23,17 @@ const ( VolumeGrantPrivilegeWriteVolume VolumeGrantPrivilege = "WRITE_VOLUME" ) +// Values returns all valid VolumeGrantPrivilege values +func (VolumeGrantPrivilege) Values() []VolumeGrantPrivilege { + return []VolumeGrantPrivilege{ + VolumeGrantPrivilegeAllPrivileges, + VolumeGrantPrivilegeApplyTag, + VolumeGrantPrivilegeManage, + VolumeGrantPrivilegeReadVolume, + VolumeGrantPrivilegeWriteVolume, + } +} + type VolumeGrant struct { Privileges []VolumeGrantPrivilege `json:"privileges"`