-
Notifications
You must be signed in to change notification settings - Fork 77
/
Copy pathaccess-control.go
executable file
·242 lines (187 loc) · 7.07 KB
/
access-control.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
package access_control
import (
"fmt"
"github.com/databricks/cli/cmd/root"
"github.com/databricks/cli/libs/cmdio"
"github.com/databricks/cli/libs/command"
"github.com/databricks/cli/libs/flags"
"github.com/databricks/databricks-sdk-go/service/iam"
"github.com/spf13/cobra"
)
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var cmdOverrides []func(*cobra.Command)
func New() *cobra.Command {
cmd := &cobra.Command{
Use: "access-control",
Short: `These APIs manage access rules on resources in an account.`,
Long: `These APIs manage access rules on resources in an account. Currently, only
grant rules are supported. A grant rule specifies a role assigned to a set of
principals. A list of rules attached to a resource is called a rule set.`,
GroupID: "iam",
Annotations: map[string]string{
"package": "iam",
},
}
// Add methods
cmd.AddCommand(newGetAssignableRolesForResource())
cmd.AddCommand(newGetRuleSet())
cmd.AddCommand(newUpdateRuleSet())
// Apply optional overrides to this command.
for _, fn := range cmdOverrides {
fn(cmd)
}
return cmd
}
// start get-assignable-roles-for-resource command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var getAssignableRolesForResourceOverrides []func(
*cobra.Command,
*iam.GetAssignableRolesForResourceRequest,
)
func newGetAssignableRolesForResource() *cobra.Command {
cmd := &cobra.Command{}
var getAssignableRolesForResourceReq iam.GetAssignableRolesForResourceRequest
// TODO: short flags
cmd.Use = "get-assignable-roles-for-resource RESOURCE"
cmd.Short = `Get assignable roles for a resource.`
cmd.Long = `Get assignable roles for a resource.
Gets all the roles that can be granted on an account level resource. A role is
grantable if the rule set on the resource can contain an access rule of the
role.
Arguments:
RESOURCE: The resource name for which assignable roles will be listed.`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(1)
return check(cmd, args)
}
cmd.PreRunE = root.MustAccountClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
a := command.AccountClient(ctx)
getAssignableRolesForResourceReq.Resource = args[0]
response, err := a.AccessControl.GetAssignableRolesForResource(ctx, getAssignableRolesForResourceReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range getAssignableRolesForResourceOverrides {
fn(cmd, &getAssignableRolesForResourceReq)
}
return cmd
}
// start get-rule-set command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var getRuleSetOverrides []func(
*cobra.Command,
*iam.GetRuleSetRequest,
)
func newGetRuleSet() *cobra.Command {
cmd := &cobra.Command{}
var getRuleSetReq iam.GetRuleSetRequest
// TODO: short flags
cmd.Use = "get-rule-set NAME ETAG"
cmd.Short = `Get a rule set.`
cmd.Long = `Get a rule set.
Get a rule set by its name. A rule set is always attached to a resource and
contains a list of access rules on the said resource. Currently only a default
rule set for each resource is supported.
Arguments:
NAME: The ruleset name associated with the request.
ETAG: Etag used for versioning. The response is at least as fresh as the eTag
provided. Etag is used for optimistic concurrency control as a way to help
prevent simultaneous updates of a rule set from overwriting each other. It
is strongly suggested that systems make use of the etag in the read ->
modify -> write pattern to perform rule set updates in order to avoid race
conditions that is get an etag from a GET rule set request, and pass it
with the PUT update request to identify the rule set version you are
updating.`
cmd.Annotations = make(map[string]string)
cmd.Args = func(cmd *cobra.Command, args []string) error {
check := root.ExactArgs(2)
return check(cmd, args)
}
cmd.PreRunE = root.MustAccountClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
a := command.AccountClient(ctx)
getRuleSetReq.Name = args[0]
getRuleSetReq.Etag = args[1]
response, err := a.AccessControl.GetRuleSet(ctx, getRuleSetReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range getRuleSetOverrides {
fn(cmd, &getRuleSetReq)
}
return cmd
}
// start update-rule-set command
// Slice with functions to override default command behavior.
// Functions can be added from the `init()` function in manually curated files in this directory.
var updateRuleSetOverrides []func(
*cobra.Command,
*iam.UpdateRuleSetRequest,
)
func newUpdateRuleSet() *cobra.Command {
cmd := &cobra.Command{}
var updateRuleSetReq iam.UpdateRuleSetRequest
var updateRuleSetJson flags.JsonFlag
// TODO: short flags
cmd.Flags().Var(&updateRuleSetJson, "json", `either inline JSON string or @path/to/file.json with request body`)
cmd.Use = "update-rule-set"
cmd.Short = `Update a rule set.`
cmd.Long = `Update a rule set.
Replace the rules of a rule set. First, use get to read the current version of
the rule set before modifying it. This pattern helps prevent conflicts between
concurrent updates.`
cmd.Annotations = make(map[string]string)
cmd.PreRunE = root.MustAccountClient
cmd.RunE = func(cmd *cobra.Command, args []string) (err error) {
ctx := cmd.Context()
a := command.AccountClient(ctx)
if cmd.Flags().Changed("json") {
diags := updateRuleSetJson.Unmarshal(&updateRuleSetReq)
if diags.HasError() {
return diags.Error()
}
if len(diags) > 0 {
err := cmdio.RenderDiagnosticsToErrorOut(ctx, diags)
if err != nil {
return err
}
}
} else {
return fmt.Errorf("please provide command input in JSON format by specifying the --json flag")
}
response, err := a.AccessControl.UpdateRuleSet(ctx, updateRuleSetReq)
if err != nil {
return err
}
return cmdio.Render(ctx, response)
}
// Disable completions since they are not applicable.
// Can be overridden by manual implementation in `override.go`.
cmd.ValidArgsFunction = cobra.NoFileCompletions
// Apply optional overrides to this command.
for _, fn := range updateRuleSetOverrides {
fn(cmd, &updateRuleSetReq)
}
return cmd
}
// end service AccountAccessControl