From 2cd2121214d1209516b2aa5cb54f31aedcb2cf6b Mon Sep 17 00:00:00 2001 From: Hector Castejon Diaz Date: Tue, 17 Dec 2024 11:19:11 +0100 Subject: [PATCH] [Release] Release v0.54.0 ### API Changes: * Added [a.AccountFederationPolicy](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/oauth2#AccountFederationPolicyAPI) account-level service and [a.ServicePrincipalFederationPolicy](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/oauth2#ServicePrincipalFederationPolicyAPI) account-level service. * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterAttributes](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterAttributes). * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterDetails](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterDetails). * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterSpec](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterSpec). * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.CreateCluster](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#CreateCluster). * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.EditCluster](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#EditCluster). * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.UpdateClusterResource](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#UpdateClusterResource). * Added `UpdateParameterSyntax` field for [dashboards.MigrateDashboardRequest](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/dashboards#MigrateDashboardRequest). * Added `CleanRoomsNotebookTask` field for [jobs.RunTask](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#RunTask). * Added `CleanRoomsNotebookTask` field for [jobs.SubmitTask](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#SubmitTask). * Added `CleanRoomsNotebookTask` field for [jobs.Task](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#Task). * Changed `DaysOfWeek` field for [pipelines.RestartWindow](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/pipelines#RestartWindow) to type [pipelines.RestartWindowDaysOfWeekList](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/pipelines#RestartWindowDaysOfWeekList). OpenAPI SHA: a6a317df8327c9b1e5cb59a03a42ffa2aabeef6d, Date: 2024-12-16 --- .codegen/_openapi_sha | 2 +- CHANGELOG.md | 19 + account_client.go | 166 +++++- experimental/mocks/mock_account_client.go | 70 ++- ...ock_account_federation_policy_interface.go | 477 ++++++++++++++++ ...e_principal_federation_policy_interface.go | 538 ++++++++++++++++++ service/catalog/model.go | 16 +- service/compute/model.go | 263 ++++++++- service/dashboards/model.go | 4 + service/jobs/model.go | 72 ++- service/oauth2/api.go | 302 +++++++++- service/oauth2/impl.go | 104 ++++ service/oauth2/interface.go | 144 +++++ service/oauth2/model.go | 206 +++++++ service/pipelines/model.go | 2 +- service/pkg.go | 12 +- version/version.go | 2 +- 17 files changed, 2289 insertions(+), 110 deletions(-) create mode 100644 experimental/mocks/service/oauth2/mock_account_federation_policy_interface.go create mode 100644 experimental/mocks/service/oauth2/mock_service_principal_federation_policy_interface.go diff --git a/.codegen/_openapi_sha b/.codegen/_openapi_sha index 68cd2f4be..8622b29ca 100644 --- a/.codegen/_openapi_sha +++ b/.codegen/_openapi_sha @@ -1 +1 @@ -7016dcbf2e011459416cf408ce21143bcc4b3a25 \ No newline at end of file +a6a317df8327c9b1e5cb59a03a42ffa2aabeef6d \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 3cb725ee3..ca019db9a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Version changelog +## [Release] Release v0.54.0 + +### API Changes: + + * Added [a.AccountFederationPolicy](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/oauth2#AccountFederationPolicyAPI) account-level service and [a.ServicePrincipalFederationPolicy](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/oauth2#ServicePrincipalFederationPolicyAPI) account-level service. + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterAttributes](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterAttributes). + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterDetails](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterDetails). + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.ClusterSpec](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#ClusterSpec). + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.CreateCluster](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#CreateCluster). + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.EditCluster](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#EditCluster). + * Added `IsSingleNode`, `Kind` and `UseMlRuntime` fields for [compute.UpdateClusterResource](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/compute#UpdateClusterResource). + * Added `UpdateParameterSyntax` field for [dashboards.MigrateDashboardRequest](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/dashboards#MigrateDashboardRequest). + * Added `CleanRoomsNotebookTask` field for [jobs.RunTask](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#RunTask). + * Added `CleanRoomsNotebookTask` field for [jobs.SubmitTask](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#SubmitTask). + * Added `CleanRoomsNotebookTask` field for [jobs.Task](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/jobs#Task). + * Changed `DaysOfWeek` field for [pipelines.RestartWindow](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/pipelines#RestartWindow) to type [pipelines.RestartWindowDaysOfWeekList](https://pkg.go.dev/github.com/databricks/databricks-sdk-go/service/pipelines#RestartWindowDaysOfWeekList). + +OpenAPI SHA: a6a317df8327c9b1e5cb59a03a42ffa2aabeef6d, Date: 2024-12-16 + ## [Release] Release v0.53.0 ### Bug Fixes diff --git a/account_client.go b/account_client.go index 0387feb56..50632e4f8 100755 --- a/account_client.go +++ b/account_client.go @@ -60,6 +60,61 @@ type AccountClient struct { // Databricks representative. EncryptionKeys provisioning.EncryptionKeysInterface + // These APIs manage account federation policies. + // + // Account federation policies allow users and service principals in your + // Databricks account to securely access Databricks APIs using tokens from + // your trusted identity providers (IdPs). + // + // With token federation, your users and service principals can exchange + // tokens from your IdP for Databricks OAuth tokens, which can be used to + // access Databricks APIs. Token federation eliminates the need to manage + // Databricks secrets, and allows you to centralize management of token + // issuance policies in your IdP. Databricks token federation is typically + // used in combination with [SCIM], so users in your IdP are synchronized + // into your Databricks account. + // + // Token federation is configured in your Databricks account using an + // account federation policy. An account federation policy specifies: * + // which IdP, or issuer, your Databricks account should accept tokens from * + // how to determine which Databricks user, or subject, a token is issued for + // + // To configure a federation policy, you provide the following: * The + // required token __issuer__, as specified in the “iss” claim of your + // tokens. The issuer is an https URL that identifies your IdP. * The + // allowed token __audiences__, as specified in the “aud” claim of your + // tokens. This identifier is intended to represent the recipient of the + // token. As long as the audience in the token matches at least one audience + // in the policy, the token is considered a match. If unspecified, the + // default value is your Databricks account id. * The __subject claim__, + // which indicates which token claim contains the Databricks username of the + // user the token was issued for. If unspecified, the default value is + // “sub”. * Optionally, the public keys used to validate the signature + // of your tokens, in JWKS format. If unspecified (recommended), Databricks + // automatically fetches the public keys from your issuer’s well known + // endpoint. Databricks strongly recommends relying on your issuer’s well + // known endpoint for discovering public keys. + // + // An example federation policy is: ``` issuer: + // "https://idp.mycompany.com/oidc" audiences: ["databricks"] subject_claim: + // "sub" ``` + // + // An example JWT token body that matches this policy and could be used to + // authenticate to Databricks as user `username@mycompany.com` is: ``` { + // "iss": "https://idp.mycompany.com/oidc", "aud": "databricks", "sub": + // "username@mycompany.com" } ``` + // + // You may also need to configure your IdP to generate tokens for your users + // to exchange with Databricks, if your users do not already have the + // ability to generate tokens that are compatible with your federation + // policy. + // + // You do not need to configure an OAuth application in Databricks to use + // token federation. + // + // [SCIM]: https://docs.databricks.com/admin/users-groups/scim/index.html + FederationPolicy oauth2.AccountFederationPolicyInterface + // Groups simplify identity management, making it easier to assign access to // Databricks account, data, and other securable objects. // @@ -188,6 +243,63 @@ type AccountClient struct { // Integration like Tableau Desktop for Databricks in AWS cloud. PublishedAppIntegration oauth2.PublishedAppIntegrationInterface + // These APIs manage service principal federation policies. + // + // Service principal federation, also known as Workload Identity Federation, + // allows your automated workloads running outside of Databricks to securely + // access Databricks APIs without the need for Databricks secrets. With + // Workload Identity Federation, your application (or workload) + // authenticates to Databricks as a Databricks service principal, using + // tokens provided by the workload runtime. + // + // Databricks strongly recommends using Workload Identity Federation to + // authenticate to Databricks from automated workloads, over alternatives + // such as OAuth client secrets or Personal Access Tokens, whenever + // possible. Workload Identity Federation is supported by many popular + // services, including Github Actions, Azure DevOps, GitLab, Terraform + // Cloud, and Kubernetes clusters, among others. + // + // Workload identity federation is configured in your Databricks account + // using a service principal federation policy. A service principal + // federation policy specifies: * which IdP, or issuer, the service + // principal is allowed to authenticate from * which workload identity, or + // subject, is allowed to authenticate as the Databricks service principal + // + // To configure a federation policy, you provide the following: * The + // required token __issuer__, as specified in the “iss” claim of + // workload identity tokens. The issuer is an https URL that identifies the + // workload identity provider. * The required token __subject__, as + // specified in the “sub” claim of workload identity tokens. The subject + // uniquely identifies the workload in the workload runtime environment. * + // The allowed token __audiences__, as specified in the “aud” claim of + // workload identity tokens. The audience is intended to represent the + // recipient of the token. As long as the audience in the token matches at + // least one audience in the policy, the token is considered a match. If + // unspecified, the default value is your Databricks account id. * + // Optionally, the public keys used to validate the signature of the + // workload identity tokens, in JWKS format. If unspecified (recommended), + // Databricks automatically fetches the public keys from the issuer’s well + // known endpoint. Databricks strongly recommends relying on the issuer’s + // well known endpoint for discovering public keys. + // + // An example service principal federation policy, for a Github Actions + // workload, is: ``` issuer: "https://token.actions.githubusercontent.com" + // audiences: ["https://github.com/my-github-org"] subject: + // "repo:my-github-org/my-repo:environment:prod" ``` + // + // An example JWT token body that matches this policy and could be used to + // authenticate to Databricks is: ``` { "iss": + // "https://token.actions.githubusercontent.com", "aud": + // "https://github.com/my-github-org", "sub": + // "repo:my-github-org/my-repo:environment:prod" } ``` + // + // You may also need to configure the workload runtime to generate tokens + // for your workloads. + // + // You do not need to configure an OAuth application in Databricks to use + // token federation. + ServicePrincipalFederationPolicy oauth2.ServicePrincipalFederationPolicyInterface + // These APIs enable administrators to manage service principal secrets. // // You can use the generated secrets to obtain OAuth access tokens for a @@ -300,31 +412,33 @@ func NewAccountClient(c ...*Config) (*AccountClient, error) { return &AccountClient{ Config: cfg, - AccessControl: iam.NewAccountAccessControl(apiClient), - BillableUsage: billing.NewBillableUsage(apiClient), - Credentials: provisioning.NewCredentials(apiClient), - CustomAppIntegration: oauth2.NewCustomAppIntegration(apiClient), - EncryptionKeys: provisioning.NewEncryptionKeys(apiClient), - Groups: iam.NewAccountGroups(apiClient), - IpAccessLists: settings.NewAccountIpAccessLists(apiClient), - LogDelivery: billing.NewLogDelivery(apiClient), - MetastoreAssignments: catalog.NewAccountMetastoreAssignments(apiClient), - Metastores: catalog.NewAccountMetastores(apiClient), - NetworkConnectivity: settings.NewNetworkConnectivity(apiClient), - Networks: provisioning.NewNetworks(apiClient), - OAuthPublishedApps: oauth2.NewOAuthPublishedApps(apiClient), - PrivateAccess: provisioning.NewPrivateAccess(apiClient), - PublishedAppIntegration: oauth2.NewPublishedAppIntegration(apiClient), - ServicePrincipalSecrets: oauth2.NewServicePrincipalSecrets(apiClient), - ServicePrincipals: iam.NewAccountServicePrincipals(apiClient), - Settings: settings.NewAccountSettings(apiClient), - Storage: provisioning.NewStorage(apiClient), - StorageCredentials: catalog.NewAccountStorageCredentials(apiClient), - UsageDashboards: billing.NewUsageDashboards(apiClient), - Users: iam.NewAccountUsers(apiClient), - VpcEndpoints: provisioning.NewVpcEndpoints(apiClient), - WorkspaceAssignment: iam.NewWorkspaceAssignment(apiClient), - Workspaces: provisioning.NewWorkspaces(apiClient), - Budgets: billing.NewBudgets(apiClient), + AccessControl: iam.NewAccountAccessControl(apiClient), + BillableUsage: billing.NewBillableUsage(apiClient), + Credentials: provisioning.NewCredentials(apiClient), + CustomAppIntegration: oauth2.NewCustomAppIntegration(apiClient), + EncryptionKeys: provisioning.NewEncryptionKeys(apiClient), + FederationPolicy: oauth2.NewAccountFederationPolicy(apiClient), + Groups: iam.NewAccountGroups(apiClient), + IpAccessLists: settings.NewAccountIpAccessLists(apiClient), + LogDelivery: billing.NewLogDelivery(apiClient), + MetastoreAssignments: catalog.NewAccountMetastoreAssignments(apiClient), + Metastores: catalog.NewAccountMetastores(apiClient), + NetworkConnectivity: settings.NewNetworkConnectivity(apiClient), + Networks: provisioning.NewNetworks(apiClient), + OAuthPublishedApps: oauth2.NewOAuthPublishedApps(apiClient), + PrivateAccess: provisioning.NewPrivateAccess(apiClient), + PublishedAppIntegration: oauth2.NewPublishedAppIntegration(apiClient), + ServicePrincipalFederationPolicy: oauth2.NewServicePrincipalFederationPolicy(apiClient), + ServicePrincipalSecrets: oauth2.NewServicePrincipalSecrets(apiClient), + ServicePrincipals: iam.NewAccountServicePrincipals(apiClient), + Settings: settings.NewAccountSettings(apiClient), + Storage: provisioning.NewStorage(apiClient), + StorageCredentials: catalog.NewAccountStorageCredentials(apiClient), + UsageDashboards: billing.NewUsageDashboards(apiClient), + Users: iam.NewAccountUsers(apiClient), + VpcEndpoints: provisioning.NewVpcEndpoints(apiClient), + WorkspaceAssignment: iam.NewWorkspaceAssignment(apiClient), + Workspaces: provisioning.NewWorkspaces(apiClient), + Budgets: billing.NewBudgets(apiClient), }, nil } diff --git a/experimental/mocks/mock_account_client.go b/experimental/mocks/mock_account_client.go index 3e5024c2c..af59c5a2e 100755 --- a/experimental/mocks/mock_account_client.go +++ b/experimental/mocks/mock_account_client.go @@ -30,32 +30,34 @@ func NewMockAccountClient(t interface { AccountClient: &databricks.AccountClient{ Config: nil, - AccessControl: iam.NewMockAccountAccessControlInterface(t), - BillableUsage: billing.NewMockBillableUsageInterface(t), - Credentials: provisioning.NewMockCredentialsInterface(t), - CustomAppIntegration: oauth2.NewMockCustomAppIntegrationInterface(t), - EncryptionKeys: provisioning.NewMockEncryptionKeysInterface(t), - Groups: iam.NewMockAccountGroupsInterface(t), - IpAccessLists: settings.NewMockAccountIpAccessListsInterface(t), - LogDelivery: billing.NewMockLogDeliveryInterface(t), - MetastoreAssignments: catalog.NewMockAccountMetastoreAssignmentsInterface(t), - Metastores: catalog.NewMockAccountMetastoresInterface(t), - NetworkConnectivity: settings.NewMockNetworkConnectivityInterface(t), - Networks: provisioning.NewMockNetworksInterface(t), - OAuthPublishedApps: oauth2.NewMockOAuthPublishedAppsInterface(t), - PrivateAccess: provisioning.NewMockPrivateAccessInterface(t), - PublishedAppIntegration: oauth2.NewMockPublishedAppIntegrationInterface(t), - ServicePrincipalSecrets: oauth2.NewMockServicePrincipalSecretsInterface(t), - ServicePrincipals: iam.NewMockAccountServicePrincipalsInterface(t), - Settings: settings.NewMockAccountSettingsInterface(t), - Storage: provisioning.NewMockStorageInterface(t), - StorageCredentials: catalog.NewMockAccountStorageCredentialsInterface(t), - UsageDashboards: billing.NewMockUsageDashboardsInterface(t), - Users: iam.NewMockAccountUsersInterface(t), - VpcEndpoints: provisioning.NewMockVpcEndpointsInterface(t), - WorkspaceAssignment: iam.NewMockWorkspaceAssignmentInterface(t), - Workspaces: provisioning.NewMockWorkspacesInterface(t), - Budgets: billing.NewMockBudgetsInterface(t), + AccessControl: iam.NewMockAccountAccessControlInterface(t), + BillableUsage: billing.NewMockBillableUsageInterface(t), + Credentials: provisioning.NewMockCredentialsInterface(t), + CustomAppIntegration: oauth2.NewMockCustomAppIntegrationInterface(t), + EncryptionKeys: provisioning.NewMockEncryptionKeysInterface(t), + FederationPolicy: oauth2.NewMockAccountFederationPolicyInterface(t), + Groups: iam.NewMockAccountGroupsInterface(t), + IpAccessLists: settings.NewMockAccountIpAccessListsInterface(t), + LogDelivery: billing.NewMockLogDeliveryInterface(t), + MetastoreAssignments: catalog.NewMockAccountMetastoreAssignmentsInterface(t), + Metastores: catalog.NewMockAccountMetastoresInterface(t), + NetworkConnectivity: settings.NewMockNetworkConnectivityInterface(t), + Networks: provisioning.NewMockNetworksInterface(t), + OAuthPublishedApps: oauth2.NewMockOAuthPublishedAppsInterface(t), + PrivateAccess: provisioning.NewMockPrivateAccessInterface(t), + PublishedAppIntegration: oauth2.NewMockPublishedAppIntegrationInterface(t), + ServicePrincipalFederationPolicy: oauth2.NewMockServicePrincipalFederationPolicyInterface(t), + ServicePrincipalSecrets: oauth2.NewMockServicePrincipalSecretsInterface(t), + ServicePrincipals: iam.NewMockAccountServicePrincipalsInterface(t), + Settings: settings.NewMockAccountSettingsInterface(t), + Storage: provisioning.NewMockStorageInterface(t), + StorageCredentials: catalog.NewMockAccountStorageCredentialsInterface(t), + UsageDashboards: billing.NewMockUsageDashboardsInterface(t), + Users: iam.NewMockAccountUsersInterface(t), + VpcEndpoints: provisioning.NewMockVpcEndpointsInterface(t), + WorkspaceAssignment: iam.NewMockWorkspaceAssignmentInterface(t), + Workspaces: provisioning.NewMockWorkspacesInterface(t), + Budgets: billing.NewMockBudgetsInterface(t), }, } @@ -148,6 +150,14 @@ func (m *MockAccountClient) GetMockEncryptionKeysAPI() *provisioning.MockEncrypt return api } +func (m *MockAccountClient) GetMockAccountFederationPolicyAPI() *oauth2.MockAccountFederationPolicyInterface { + api, ok := m.AccountClient.FederationPolicy.(*oauth2.MockAccountFederationPolicyInterface) + if !ok { + panic(fmt.Sprintf("expected FederationPolicy to be *oauth2.MockAccountFederationPolicyInterface, actual was %T", m.AccountClient.FederationPolicy)) + } + return api +} + func (m *MockAccountClient) GetMockAccountGroupsAPI() *iam.MockAccountGroupsInterface { api, ok := m.AccountClient.Groups.(*iam.MockAccountGroupsInterface) if !ok { @@ -228,6 +238,14 @@ func (m *MockAccountClient) GetMockPublishedAppIntegrationAPI() *oauth2.MockPubl return api } +func (m *MockAccountClient) GetMockServicePrincipalFederationPolicyAPI() *oauth2.MockServicePrincipalFederationPolicyInterface { + api, ok := m.AccountClient.ServicePrincipalFederationPolicy.(*oauth2.MockServicePrincipalFederationPolicyInterface) + if !ok { + panic(fmt.Sprintf("expected ServicePrincipalFederationPolicy to be *oauth2.MockServicePrincipalFederationPolicyInterface, actual was %T", m.AccountClient.ServicePrincipalFederationPolicy)) + } + return api +} + func (m *MockAccountClient) GetMockServicePrincipalSecretsAPI() *oauth2.MockServicePrincipalSecretsInterface { api, ok := m.AccountClient.ServicePrincipalSecrets.(*oauth2.MockServicePrincipalSecretsInterface) if !ok { diff --git a/experimental/mocks/service/oauth2/mock_account_federation_policy_interface.go b/experimental/mocks/service/oauth2/mock_account_federation_policy_interface.go new file mode 100644 index 000000000..13fe9d482 --- /dev/null +++ b/experimental/mocks/service/oauth2/mock_account_federation_policy_interface.go @@ -0,0 +1,477 @@ +// Code generated by mockery v2.43.0. DO NOT EDIT. + +package oauth2 + +import ( + context "context" + + listing "github.com/databricks/databricks-sdk-go/listing" + mock "github.com/stretchr/testify/mock" + + oauth2 "github.com/databricks/databricks-sdk-go/service/oauth2" +) + +// MockAccountFederationPolicyInterface is an autogenerated mock type for the AccountFederationPolicyInterface type +type MockAccountFederationPolicyInterface struct { + mock.Mock +} + +type MockAccountFederationPolicyInterface_Expecter struct { + mock *mock.Mock +} + +func (_m *MockAccountFederationPolicyInterface) EXPECT() *MockAccountFederationPolicyInterface_Expecter { + return &MockAccountFederationPolicyInterface_Expecter{mock: &_m.Mock} +} + +// Create provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) Create(ctx context.Context, request oauth2.CreateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Create") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.CreateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.CreateAccountFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.CreateAccountFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockAccountFederationPolicyInterface_Create_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Create' +type MockAccountFederationPolicyInterface_Create_Call struct { + *mock.Call +} + +// Create is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.CreateAccountFederationPolicyRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) Create(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_Create_Call { + return &MockAccountFederationPolicyInterface_Create_Call{Call: _e.mock.On("Create", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_Create_Call) Run(run func(ctx context.Context, request oauth2.CreateAccountFederationPolicyRequest)) *MockAccountFederationPolicyInterface_Create_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.CreateAccountFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Create_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockAccountFederationPolicyInterface_Create_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Create_Call) RunAndReturn(run func(context.Context, oauth2.CreateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockAccountFederationPolicyInterface_Create_Call { + _c.Call.Return(run) + return _c +} + +// Delete provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) Delete(ctx context.Context, request oauth2.DeleteAccountFederationPolicyRequest) error { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Delete") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.DeleteAccountFederationPolicyRequest) error); ok { + r0 = rf(ctx, request) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// MockAccountFederationPolicyInterface_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete' +type MockAccountFederationPolicyInterface_Delete_Call struct { + *mock.Call +} + +// Delete is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.DeleteAccountFederationPolicyRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) Delete(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_Delete_Call { + return &MockAccountFederationPolicyInterface_Delete_Call{Call: _e.mock.On("Delete", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_Delete_Call) Run(run func(ctx context.Context, request oauth2.DeleteAccountFederationPolicyRequest)) *MockAccountFederationPolicyInterface_Delete_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.DeleteAccountFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Delete_Call) Return(_a0 error) *MockAccountFederationPolicyInterface_Delete_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Delete_Call) RunAndReturn(run func(context.Context, oauth2.DeleteAccountFederationPolicyRequest) error) *MockAccountFederationPolicyInterface_Delete_Call { + _c.Call.Return(run) + return _c +} + +// DeleteByPolicyId provides a mock function with given fields: ctx, policyId +func (_m *MockAccountFederationPolicyInterface) DeleteByPolicyId(ctx context.Context, policyId string) error { + ret := _m.Called(ctx, policyId) + + if len(ret) == 0 { + panic("no return value specified for DeleteByPolicyId") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, string) error); ok { + r0 = rf(ctx, policyId) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// MockAccountFederationPolicyInterface_DeleteByPolicyId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DeleteByPolicyId' +type MockAccountFederationPolicyInterface_DeleteByPolicyId_Call struct { + *mock.Call +} + +// DeleteByPolicyId is a helper method to define mock.On call +// - ctx context.Context +// - policyId string +func (_e *MockAccountFederationPolicyInterface_Expecter) DeleteByPolicyId(ctx interface{}, policyId interface{}) *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call { + return &MockAccountFederationPolicyInterface_DeleteByPolicyId_Call{Call: _e.mock.On("DeleteByPolicyId", ctx, policyId)} +} + +func (_c *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call) Run(run func(ctx context.Context, policyId string)) *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call) Return(_a0 error) *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call) RunAndReturn(run func(context.Context, string) error) *MockAccountFederationPolicyInterface_DeleteByPolicyId_Call { + _c.Call.Return(run) + return _c +} + +// Get provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) Get(ctx context.Context, request oauth2.GetAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Get") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.GetAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.GetAccountFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.GetAccountFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockAccountFederationPolicyInterface_Get_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Get' +type MockAccountFederationPolicyInterface_Get_Call struct { + *mock.Call +} + +// Get is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.GetAccountFederationPolicyRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) Get(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_Get_Call { + return &MockAccountFederationPolicyInterface_Get_Call{Call: _e.mock.On("Get", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_Get_Call) Run(run func(ctx context.Context, request oauth2.GetAccountFederationPolicyRequest)) *MockAccountFederationPolicyInterface_Get_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.GetAccountFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Get_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockAccountFederationPolicyInterface_Get_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Get_Call) RunAndReturn(run func(context.Context, oauth2.GetAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockAccountFederationPolicyInterface_Get_Call { + _c.Call.Return(run) + return _c +} + +// GetByPolicyId provides a mock function with given fields: ctx, policyId +func (_m *MockAccountFederationPolicyInterface) GetByPolicyId(ctx context.Context, policyId string) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, policyId) + + if len(ret) == 0 { + panic("no return value specified for GetByPolicyId") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, policyId) + } + if rf, ok := ret.Get(0).(func(context.Context, string) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, policyId) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(ctx, policyId) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockAccountFederationPolicyInterface_GetByPolicyId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetByPolicyId' +type MockAccountFederationPolicyInterface_GetByPolicyId_Call struct { + *mock.Call +} + +// GetByPolicyId is a helper method to define mock.On call +// - ctx context.Context +// - policyId string +func (_e *MockAccountFederationPolicyInterface_Expecter) GetByPolicyId(ctx interface{}, policyId interface{}) *MockAccountFederationPolicyInterface_GetByPolicyId_Call { + return &MockAccountFederationPolicyInterface_GetByPolicyId_Call{Call: _e.mock.On("GetByPolicyId", ctx, policyId)} +} + +func (_c *MockAccountFederationPolicyInterface_GetByPolicyId_Call) Run(run func(ctx context.Context, policyId string)) *MockAccountFederationPolicyInterface_GetByPolicyId_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(string)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_GetByPolicyId_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockAccountFederationPolicyInterface_GetByPolicyId_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_GetByPolicyId_Call) RunAndReturn(run func(context.Context, string) (*oauth2.FederationPolicy, error)) *MockAccountFederationPolicyInterface_GetByPolicyId_Call { + _c.Call.Return(run) + return _c +} + +// List provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) List(ctx context.Context, request oauth2.ListAccountFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy] { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for List") + } + + var r0 listing.Iterator[oauth2.FederationPolicy] + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListAccountFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy]); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(listing.Iterator[oauth2.FederationPolicy]) + } + } + + return r0 +} + +// MockAccountFederationPolicyInterface_List_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'List' +type MockAccountFederationPolicyInterface_List_Call struct { + *mock.Call +} + +// List is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.ListAccountFederationPoliciesRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) List(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_List_Call { + return &MockAccountFederationPolicyInterface_List_Call{Call: _e.mock.On("List", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_List_Call) Run(run func(ctx context.Context, request oauth2.ListAccountFederationPoliciesRequest)) *MockAccountFederationPolicyInterface_List_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.ListAccountFederationPoliciesRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_List_Call) Return(_a0 listing.Iterator[oauth2.FederationPolicy]) *MockAccountFederationPolicyInterface_List_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_List_Call) RunAndReturn(run func(context.Context, oauth2.ListAccountFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy]) *MockAccountFederationPolicyInterface_List_Call { + _c.Call.Return(run) + return _c +} + +// ListAll provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) ListAll(ctx context.Context, request oauth2.ListAccountFederationPoliciesRequest) ([]oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for ListAll") + } + + var r0 []oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListAccountFederationPoliciesRequest) ([]oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListAccountFederationPoliciesRequest) []oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.ListAccountFederationPoliciesRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockAccountFederationPolicyInterface_ListAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListAll' +type MockAccountFederationPolicyInterface_ListAll_Call struct { + *mock.Call +} + +// ListAll is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.ListAccountFederationPoliciesRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) ListAll(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_ListAll_Call { + return &MockAccountFederationPolicyInterface_ListAll_Call{Call: _e.mock.On("ListAll", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_ListAll_Call) Run(run func(ctx context.Context, request oauth2.ListAccountFederationPoliciesRequest)) *MockAccountFederationPolicyInterface_ListAll_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.ListAccountFederationPoliciesRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_ListAll_Call) Return(_a0 []oauth2.FederationPolicy, _a1 error) *MockAccountFederationPolicyInterface_ListAll_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_ListAll_Call) RunAndReturn(run func(context.Context, oauth2.ListAccountFederationPoliciesRequest) ([]oauth2.FederationPolicy, error)) *MockAccountFederationPolicyInterface_ListAll_Call { + _c.Call.Return(run) + return _c +} + +// Update provides a mock function with given fields: ctx, request +func (_m *MockAccountFederationPolicyInterface) Update(ctx context.Context, request oauth2.UpdateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Update") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.UpdateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.UpdateAccountFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.UpdateAccountFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockAccountFederationPolicyInterface_Update_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Update' +type MockAccountFederationPolicyInterface_Update_Call struct { + *mock.Call +} + +// Update is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.UpdateAccountFederationPolicyRequest +func (_e *MockAccountFederationPolicyInterface_Expecter) Update(ctx interface{}, request interface{}) *MockAccountFederationPolicyInterface_Update_Call { + return &MockAccountFederationPolicyInterface_Update_Call{Call: _e.mock.On("Update", ctx, request)} +} + +func (_c *MockAccountFederationPolicyInterface_Update_Call) Run(run func(ctx context.Context, request oauth2.UpdateAccountFederationPolicyRequest)) *MockAccountFederationPolicyInterface_Update_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.UpdateAccountFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Update_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockAccountFederationPolicyInterface_Update_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockAccountFederationPolicyInterface_Update_Call) RunAndReturn(run func(context.Context, oauth2.UpdateAccountFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockAccountFederationPolicyInterface_Update_Call { + _c.Call.Return(run) + return _c +} + +// NewMockAccountFederationPolicyInterface creates a new instance of MockAccountFederationPolicyInterface. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewMockAccountFederationPolicyInterface(t interface { + mock.TestingT + Cleanup(func()) +}) *MockAccountFederationPolicyInterface { + mock := &MockAccountFederationPolicyInterface{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/experimental/mocks/service/oauth2/mock_service_principal_federation_policy_interface.go b/experimental/mocks/service/oauth2/mock_service_principal_federation_policy_interface.go new file mode 100644 index 000000000..31ab67310 --- /dev/null +++ b/experimental/mocks/service/oauth2/mock_service_principal_federation_policy_interface.go @@ -0,0 +1,538 @@ +// Code generated by mockery v2.43.0. DO NOT EDIT. + +package oauth2 + +import ( + context "context" + + listing "github.com/databricks/databricks-sdk-go/listing" + mock "github.com/stretchr/testify/mock" + + oauth2 "github.com/databricks/databricks-sdk-go/service/oauth2" +) + +// MockServicePrincipalFederationPolicyInterface is an autogenerated mock type for the ServicePrincipalFederationPolicyInterface type +type MockServicePrincipalFederationPolicyInterface struct { + mock.Mock +} + +type MockServicePrincipalFederationPolicyInterface_Expecter struct { + mock *mock.Mock +} + +func (_m *MockServicePrincipalFederationPolicyInterface) EXPECT() *MockServicePrincipalFederationPolicyInterface_Expecter { + return &MockServicePrincipalFederationPolicyInterface_Expecter{mock: &_m.Mock} +} + +// Create provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) Create(ctx context.Context, request oauth2.CreateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Create") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.CreateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.CreateServicePrincipalFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.CreateServicePrincipalFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_Create_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Create' +type MockServicePrincipalFederationPolicyInterface_Create_Call struct { + *mock.Call +} + +// Create is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.CreateServicePrincipalFederationPolicyRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) Create(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_Create_Call { + return &MockServicePrincipalFederationPolicyInterface_Create_Call{Call: _e.mock.On("Create", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Create_Call) Run(run func(ctx context.Context, request oauth2.CreateServicePrincipalFederationPolicyRequest)) *MockServicePrincipalFederationPolicyInterface_Create_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.CreateServicePrincipalFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Create_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockServicePrincipalFederationPolicyInterface_Create_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Create_Call) RunAndReturn(run func(context.Context, oauth2.CreateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockServicePrincipalFederationPolicyInterface_Create_Call { + _c.Call.Return(run) + return _c +} + +// Delete provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) Delete(ctx context.Context, request oauth2.DeleteServicePrincipalFederationPolicyRequest) error { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Delete") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.DeleteServicePrincipalFederationPolicyRequest) error); ok { + r0 = rf(ctx, request) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// MockServicePrincipalFederationPolicyInterface_Delete_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Delete' +type MockServicePrincipalFederationPolicyInterface_Delete_Call struct { + *mock.Call +} + +// Delete is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.DeleteServicePrincipalFederationPolicyRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) Delete(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_Delete_Call { + return &MockServicePrincipalFederationPolicyInterface_Delete_Call{Call: _e.mock.On("Delete", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Delete_Call) Run(run func(ctx context.Context, request oauth2.DeleteServicePrincipalFederationPolicyRequest)) *MockServicePrincipalFederationPolicyInterface_Delete_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.DeleteServicePrincipalFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Delete_Call) Return(_a0 error) *MockServicePrincipalFederationPolicyInterface_Delete_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Delete_Call) RunAndReturn(run func(context.Context, oauth2.DeleteServicePrincipalFederationPolicyRequest) error) *MockServicePrincipalFederationPolicyInterface_Delete_Call { + _c.Call.Return(run) + return _c +} + +// DeleteByServicePrincipalIdAndPolicyId provides a mock function with given fields: ctx, servicePrincipalId, policyId +func (_m *MockServicePrincipalFederationPolicyInterface) DeleteByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) error { + ret := _m.Called(ctx, servicePrincipalId, policyId) + + if len(ret) == 0 { + panic("no return value specified for DeleteByServicePrincipalIdAndPolicyId") + } + + var r0 error + if rf, ok := ret.Get(0).(func(context.Context, int64, string) error); ok { + r0 = rf(ctx, servicePrincipalId, policyId) + } else { + r0 = ret.Error(0) + } + + return r0 +} + +// MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DeleteByServicePrincipalIdAndPolicyId' +type MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call struct { + *mock.Call +} + +// DeleteByServicePrincipalIdAndPolicyId is a helper method to define mock.On call +// - ctx context.Context +// - servicePrincipalId int64 +// - policyId string +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) DeleteByServicePrincipalIdAndPolicyId(ctx interface{}, servicePrincipalId interface{}, policyId interface{}) *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call { + return &MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call{Call: _e.mock.On("DeleteByServicePrincipalIdAndPolicyId", ctx, servicePrincipalId, policyId)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call) Run(run func(ctx context.Context, servicePrincipalId int64, policyId string)) *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(int64), args[2].(string)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call) Return(_a0 error) *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call) RunAndReturn(run func(context.Context, int64, string) error) *MockServicePrincipalFederationPolicyInterface_DeleteByServicePrincipalIdAndPolicyId_Call { + _c.Call.Return(run) + return _c +} + +// Get provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) Get(ctx context.Context, request oauth2.GetServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Get") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.GetServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.GetServicePrincipalFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.GetServicePrincipalFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_Get_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Get' +type MockServicePrincipalFederationPolicyInterface_Get_Call struct { + *mock.Call +} + +// Get is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.GetServicePrincipalFederationPolicyRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) Get(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_Get_Call { + return &MockServicePrincipalFederationPolicyInterface_Get_Call{Call: _e.mock.On("Get", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Get_Call) Run(run func(ctx context.Context, request oauth2.GetServicePrincipalFederationPolicyRequest)) *MockServicePrincipalFederationPolicyInterface_Get_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.GetServicePrincipalFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Get_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockServicePrincipalFederationPolicyInterface_Get_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Get_Call) RunAndReturn(run func(context.Context, oauth2.GetServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockServicePrincipalFederationPolicyInterface_Get_Call { + _c.Call.Return(run) + return _c +} + +// GetByServicePrincipalIdAndPolicyId provides a mock function with given fields: ctx, servicePrincipalId, policyId +func (_m *MockServicePrincipalFederationPolicyInterface) GetByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, servicePrincipalId, policyId) + + if len(ret) == 0 { + panic("no return value specified for GetByServicePrincipalIdAndPolicyId") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, int64, string) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, servicePrincipalId, policyId) + } + if rf, ok := ret.Get(0).(func(context.Context, int64, string) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, servicePrincipalId, policyId) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, int64, string) error); ok { + r1 = rf(ctx, servicePrincipalId, policyId) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetByServicePrincipalIdAndPolicyId' +type MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call struct { + *mock.Call +} + +// GetByServicePrincipalIdAndPolicyId is a helper method to define mock.On call +// - ctx context.Context +// - servicePrincipalId int64 +// - policyId string +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) GetByServicePrincipalIdAndPolicyId(ctx interface{}, servicePrincipalId interface{}, policyId interface{}) *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call { + return &MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call{Call: _e.mock.On("GetByServicePrincipalIdAndPolicyId", ctx, servicePrincipalId, policyId)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call) Run(run func(ctx context.Context, servicePrincipalId int64, policyId string)) *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(int64), args[2].(string)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call) RunAndReturn(run func(context.Context, int64, string) (*oauth2.FederationPolicy, error)) *MockServicePrincipalFederationPolicyInterface_GetByServicePrincipalIdAndPolicyId_Call { + _c.Call.Return(run) + return _c +} + +// List provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) List(ctx context.Context, request oauth2.ListServicePrincipalFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy] { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for List") + } + + var r0 listing.Iterator[oauth2.FederationPolicy] + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy]); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(listing.Iterator[oauth2.FederationPolicy]) + } + } + + return r0 +} + +// MockServicePrincipalFederationPolicyInterface_List_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'List' +type MockServicePrincipalFederationPolicyInterface_List_Call struct { + *mock.Call +} + +// List is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.ListServicePrincipalFederationPoliciesRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) List(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_List_Call { + return &MockServicePrincipalFederationPolicyInterface_List_Call{Call: _e.mock.On("List", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_List_Call) Run(run func(ctx context.Context, request oauth2.ListServicePrincipalFederationPoliciesRequest)) *MockServicePrincipalFederationPolicyInterface_List_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.ListServicePrincipalFederationPoliciesRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_List_Call) Return(_a0 listing.Iterator[oauth2.FederationPolicy]) *MockServicePrincipalFederationPolicyInterface_List_Call { + _c.Call.Return(_a0) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_List_Call) RunAndReturn(run func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) listing.Iterator[oauth2.FederationPolicy]) *MockServicePrincipalFederationPolicyInterface_List_Call { + _c.Call.Return(run) + return _c +} + +// ListAll provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) ListAll(ctx context.Context, request oauth2.ListServicePrincipalFederationPoliciesRequest) ([]oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for ListAll") + } + + var r0 []oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) ([]oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) []oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).([]oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_ListAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListAll' +type MockServicePrincipalFederationPolicyInterface_ListAll_Call struct { + *mock.Call +} + +// ListAll is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.ListServicePrincipalFederationPoliciesRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) ListAll(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_ListAll_Call { + return &MockServicePrincipalFederationPolicyInterface_ListAll_Call{Call: _e.mock.On("ListAll", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListAll_Call) Run(run func(ctx context.Context, request oauth2.ListServicePrincipalFederationPoliciesRequest)) *MockServicePrincipalFederationPolicyInterface_ListAll_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.ListServicePrincipalFederationPoliciesRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListAll_Call) Return(_a0 []oauth2.FederationPolicy, _a1 error) *MockServicePrincipalFederationPolicyInterface_ListAll_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListAll_Call) RunAndReturn(run func(context.Context, oauth2.ListServicePrincipalFederationPoliciesRequest) ([]oauth2.FederationPolicy, error)) *MockServicePrincipalFederationPolicyInterface_ListAll_Call { + _c.Call.Return(run) + return _c +} + +// ListByServicePrincipalId provides a mock function with given fields: ctx, servicePrincipalId +func (_m *MockServicePrincipalFederationPolicyInterface) ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*oauth2.ListFederationPoliciesResponse, error) { + ret := _m.Called(ctx, servicePrincipalId) + + if len(ret) == 0 { + panic("no return value specified for ListByServicePrincipalId") + } + + var r0 *oauth2.ListFederationPoliciesResponse + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, int64) (*oauth2.ListFederationPoliciesResponse, error)); ok { + return rf(ctx, servicePrincipalId) + } + if rf, ok := ret.Get(0).(func(context.Context, int64) *oauth2.ListFederationPoliciesResponse); ok { + r0 = rf(ctx, servicePrincipalId) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.ListFederationPoliciesResponse) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, int64) error); ok { + r1 = rf(ctx, servicePrincipalId) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'ListByServicePrincipalId' +type MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call struct { + *mock.Call +} + +// ListByServicePrincipalId is a helper method to define mock.On call +// - ctx context.Context +// - servicePrincipalId int64 +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) ListByServicePrincipalId(ctx interface{}, servicePrincipalId interface{}) *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call { + return &MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call{Call: _e.mock.On("ListByServicePrincipalId", ctx, servicePrincipalId)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call) Run(run func(ctx context.Context, servicePrincipalId int64)) *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(int64)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call) Return(_a0 *oauth2.ListFederationPoliciesResponse, _a1 error) *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call) RunAndReturn(run func(context.Context, int64) (*oauth2.ListFederationPoliciesResponse, error)) *MockServicePrincipalFederationPolicyInterface_ListByServicePrincipalId_Call { + _c.Call.Return(run) + return _c +} + +// Update provides a mock function with given fields: ctx, request +func (_m *MockServicePrincipalFederationPolicyInterface) Update(ctx context.Context, request oauth2.UpdateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error) { + ret := _m.Called(ctx, request) + + if len(ret) == 0 { + panic("no return value specified for Update") + } + + var r0 *oauth2.FederationPolicy + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, oauth2.UpdateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)); ok { + return rf(ctx, request) + } + if rf, ok := ret.Get(0).(func(context.Context, oauth2.UpdateServicePrincipalFederationPolicyRequest) *oauth2.FederationPolicy); ok { + r0 = rf(ctx, request) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*oauth2.FederationPolicy) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, oauth2.UpdateServicePrincipalFederationPolicyRequest) error); ok { + r1 = rf(ctx, request) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +// MockServicePrincipalFederationPolicyInterface_Update_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Update' +type MockServicePrincipalFederationPolicyInterface_Update_Call struct { + *mock.Call +} + +// Update is a helper method to define mock.On call +// - ctx context.Context +// - request oauth2.UpdateServicePrincipalFederationPolicyRequest +func (_e *MockServicePrincipalFederationPolicyInterface_Expecter) Update(ctx interface{}, request interface{}) *MockServicePrincipalFederationPolicyInterface_Update_Call { + return &MockServicePrincipalFederationPolicyInterface_Update_Call{Call: _e.mock.On("Update", ctx, request)} +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Update_Call) Run(run func(ctx context.Context, request oauth2.UpdateServicePrincipalFederationPolicyRequest)) *MockServicePrincipalFederationPolicyInterface_Update_Call { + _c.Call.Run(func(args mock.Arguments) { + run(args[0].(context.Context), args[1].(oauth2.UpdateServicePrincipalFederationPolicyRequest)) + }) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Update_Call) Return(_a0 *oauth2.FederationPolicy, _a1 error) *MockServicePrincipalFederationPolicyInterface_Update_Call { + _c.Call.Return(_a0, _a1) + return _c +} + +func (_c *MockServicePrincipalFederationPolicyInterface_Update_Call) RunAndReturn(run func(context.Context, oauth2.UpdateServicePrincipalFederationPolicyRequest) (*oauth2.FederationPolicy, error)) *MockServicePrincipalFederationPolicyInterface_Update_Call { + _c.Call.Return(run) + return _c +} + +// NewMockServicePrincipalFederationPolicyInterface creates a new instance of MockServicePrincipalFederationPolicyInterface. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +// The first argument is typically a *testing.T value. +func NewMockServicePrincipalFederationPolicyInterface(t interface { + mock.TestingT + Cleanup(func()) +}) *MockServicePrincipalFederationPolicyInterface { + mock := &MockServicePrincipalFederationPolicyInterface{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/service/catalog/model.go b/service/catalog/model.go index b26517e2c..fce115ed1 100755 --- a/service/catalog/model.go +++ b/service/catalog/model.go @@ -2549,9 +2549,9 @@ type GetBindingsSecurableType string const GetBindingsSecurableTypeCatalog GetBindingsSecurableType = `catalog` -const GetBindingsSecurableTypeExternalLocation GetBindingsSecurableType = `external_location` +const GetBindingsSecurableTypeCredential GetBindingsSecurableType = `credential` -const GetBindingsSecurableTypeServiceCredential GetBindingsSecurableType = `service_credential` +const GetBindingsSecurableTypeExternalLocation GetBindingsSecurableType = `external_location` const GetBindingsSecurableTypeStorageCredential GetBindingsSecurableType = `storage_credential` @@ -2563,11 +2563,11 @@ func (f *GetBindingsSecurableType) String() string { // Set raw string value and validate it against allowed values func (f *GetBindingsSecurableType) Set(v string) error { switch v { - case `catalog`, `external_location`, `service_credential`, `storage_credential`: + case `catalog`, `credential`, `external_location`, `storage_credential`: *f = GetBindingsSecurableType(v) return nil default: - return fmt.Errorf(`value "%s" is not one of "catalog", "external_location", "service_credential", "storage_credential"`, v) + return fmt.Errorf(`value "%s" is not one of "catalog", "credential", "external_location", "storage_credential"`, v) } } @@ -5421,9 +5421,9 @@ type UpdateBindingsSecurableType string const UpdateBindingsSecurableTypeCatalog UpdateBindingsSecurableType = `catalog` -const UpdateBindingsSecurableTypeExternalLocation UpdateBindingsSecurableType = `external_location` +const UpdateBindingsSecurableTypeCredential UpdateBindingsSecurableType = `credential` -const UpdateBindingsSecurableTypeServiceCredential UpdateBindingsSecurableType = `service_credential` +const UpdateBindingsSecurableTypeExternalLocation UpdateBindingsSecurableType = `external_location` const UpdateBindingsSecurableTypeStorageCredential UpdateBindingsSecurableType = `storage_credential` @@ -5435,11 +5435,11 @@ func (f *UpdateBindingsSecurableType) String() string { // Set raw string value and validate it against allowed values func (f *UpdateBindingsSecurableType) Set(v string) error { switch v { - case `catalog`, `external_location`, `service_credential`, `storage_credential`: + case `catalog`, `credential`, `external_location`, `storage_credential`: *f = UpdateBindingsSecurableType(v) return nil default: - return fmt.Errorf(`value "%s" is not one of "catalog", "external_location", "service_credential", "storage_credential"`, v) + return fmt.Errorf(`value "%s" is not one of "catalog", "credential", "external_location", "storage_credential"`, v) } } diff --git a/service/compute/model.go b/service/compute/model.go index 5ac509272..6414a21eb 100755 --- a/service/compute/model.go +++ b/service/compute/model.go @@ -438,9 +438,16 @@ type ClusterAttributes struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -485,6 +492,19 @@ type ClusterAttributes struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // This field encodes, through a single value, the resources available to // each of the Spark nodes in this cluster. For example, the Spark nodes can // be provisioned and optimized for memory or compute intensive workloads. A @@ -532,6 +552,12 @@ type ClusterAttributes struct { // cluster. The corresponding private keys can be used to login with the // user name `ubuntu` on port `2200`. Up to 10 keys can be specified. SshPublicKeys []string `json:"ssh_public_keys,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` @@ -626,9 +652,16 @@ type ClusterDetails struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -692,9 +725,22 @@ type ClusterDetails struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` // Port on which Spark JDBC server is listening, in the driver nod. No // service will be listeningon on this port in executor nodes. JdbcPort int `json:"jdbc_port,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // the timestamp that the cluster was started/restarted LastRestartedTime int64 `json:"last_restarted_time,omitempty"` // Time when the cluster driver last lost its state (due to a restart or @@ -781,6 +827,12 @@ type ClusterDetails struct { // Information about why the cluster was terminated. This field only appears // when the cluster is in a `TERMINATING` or `TERMINATED` state. TerminationReason *TerminationReason `json:"termination_reason,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` @@ -1203,9 +1255,16 @@ type ClusterSpec struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -1250,6 +1309,19 @@ type ClusterSpec struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // This field encodes, through a single value, the resources available to // each of the Spark nodes in this cluster. For example, the Spark nodes can // be provisioned and optimized for memory or compute intensive workloads. A @@ -1308,6 +1380,12 @@ type ClusterSpec struct { // cluster. The corresponding private keys can be used to login with the // user name `ubuntu` on port `2200`. Up to 10 keys can be specified. SshPublicKeys []string `json:"ssh_public_keys,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` @@ -1509,9 +1587,16 @@ type CreateCluster struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -1556,6 +1641,19 @@ type CreateCluster struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // This field encodes, through a single value, the resources available to // each of the Spark nodes in this cluster. For example, the Spark nodes can // be provisioned and optimized for memory or compute intensive workloads. A @@ -1614,6 +1712,12 @@ type CreateCluster struct { // cluster. The corresponding private keys can be used to login with the // user name `ubuntu` on port `2200`. Up to 10 keys can be specified. SshPublicKeys []string `json:"ssh_public_keys,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` @@ -1883,15 +1987,22 @@ func (f *DataPlaneEventDetailsEventType) Type() string { // Data security mode decides what data governance model to use when accessing // data from a cluster. // -// * `NONE`: No security isolation for multiple users sharing the cluster. Data -// governance features are not available in this mode. * `SINGLE_USER`: A secure -// cluster that can only be exclusively used by a single user specified in -// `single_user_name`. Most programming languages, cluster features and data -// governance features are available in this mode. * `USER_ISOLATION`: A secure -// cluster that can be shared by multiple users. Cluster users are fully -// isolated so that they cannot see each other's data and credentials. Most data -// governance features are supported in this mode. But programming languages and -// cluster features might be limited. +// The following modes can only be used with `kind`. * +// `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate access +// mode depending on your compute configuration. * +// `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * +// `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. +// +// The following modes can be used regardless of `kind`. * `NONE`: No security +// isolation for multiple users sharing the cluster. Data governance features +// are not available in this mode. * `SINGLE_USER`: A secure cluster that can +// only be exclusively used by a single user specified in `single_user_name`. +// Most programming languages, cluster features and data governance features are +// available in this mode. * `USER_ISOLATION`: A secure cluster that can be +// shared by multiple users. Cluster users are fully isolated so that they +// cannot see each other's data and credentials. Most data governance features +// are supported in this mode. But programming languages and cluster features +// might be limited. // // The following modes are deprecated starting with Databricks Runtime 15.0 and // will be removed for future Databricks Runtime versions: @@ -1904,6 +2015,16 @@ func (f *DataPlaneEventDetailsEventType) Type() string { // UC nor passthrough enabled. type DataSecurityMode string +// will choose the most appropriate access mode depending on your +// compute configuration. +const DataSecurityModeDataSecurityModeAuto DataSecurityMode = `DATA_SECURITY_MODE_AUTO` + +// Alias for `SINGLE_USER`. +const DataSecurityModeDataSecurityModeDedicated DataSecurityMode = `DATA_SECURITY_MODE_DEDICATED` + +// Alias for `USER_ISOLATION`. +const DataSecurityModeDataSecurityModeStandard DataSecurityMode = `DATA_SECURITY_MODE_STANDARD` + // This mode is for users migrating from legacy Passthrough on high concurrency // clusters. const DataSecurityModeLegacyPassthrough DataSecurityMode = `LEGACY_PASSTHROUGH` @@ -1941,11 +2062,11 @@ func (f *DataSecurityMode) String() string { // Set raw string value and validate it against allowed values func (f *DataSecurityMode) Set(v string) error { switch v { - case `LEGACY_PASSTHROUGH`, `LEGACY_SINGLE_USER`, `LEGACY_SINGLE_USER_STANDARD`, `LEGACY_TABLE_ACL`, `NONE`, `SINGLE_USER`, `USER_ISOLATION`: + case `DATA_SECURITY_MODE_AUTO`, `DATA_SECURITY_MODE_DEDICATED`, `DATA_SECURITY_MODE_STANDARD`, `LEGACY_PASSTHROUGH`, `LEGACY_SINGLE_USER`, `LEGACY_SINGLE_USER_STANDARD`, `LEGACY_TABLE_ACL`, `NONE`, `SINGLE_USER`, `USER_ISOLATION`: *f = DataSecurityMode(v) return nil default: - return fmt.Errorf(`value "%s" is not one of "LEGACY_PASSTHROUGH", "LEGACY_SINGLE_USER", "LEGACY_SINGLE_USER_STANDARD", "LEGACY_TABLE_ACL", "NONE", "SINGLE_USER", "USER_ISOLATION"`, v) + return fmt.Errorf(`value "%s" is not one of "DATA_SECURITY_MODE_AUTO", "DATA_SECURITY_MODE_DEDICATED", "DATA_SECURITY_MODE_STANDARD", "LEGACY_PASSTHROUGH", "LEGACY_SINGLE_USER", "LEGACY_SINGLE_USER_STANDARD", "LEGACY_TABLE_ACL", "NONE", "SINGLE_USER", "USER_ISOLATION"`, v) } } @@ -2212,9 +2333,16 @@ type EditCluster struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -2259,6 +2387,19 @@ type EditCluster struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // This field encodes, through a single value, the resources available to // each of the Spark nodes in this cluster. For example, the Spark nodes can // be provisioned and optimized for memory or compute intensive workloads. A @@ -2317,6 +2458,12 @@ type EditCluster struct { // cluster. The corresponding private keys can be used to login with the // user name `ubuntu` on port `2200`. Up to 10 keys can be specified. SshPublicKeys []string `json:"ssh_public_keys,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` @@ -3754,6 +3901,38 @@ func (s InstanceProfile) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// The kind of compute described by this compute specification. +// +// Depending on `kind`, different validations and default values will be +// applied. +// +// The first usage of this value is for the simple cluster form where it sets +// `kind = CLASSIC_PREVIEW`. +type Kind string + +const KindClassicPreview Kind = `CLASSIC_PREVIEW` + +// String representation for [fmt.Print] +func (f *Kind) String() string { + return string(*f) +} + +// Set raw string value and validate it against allowed values +func (f *Kind) Set(v string) error { + switch v { + case `CLASSIC_PREVIEW`: + *f = Kind(v) + return nil + default: + return fmt.Errorf(`value "%s" is not one of "CLASSIC_PREVIEW"`, v) + } +} + +// Type always returns Kind to satisfy [pflag.Value] interface +func (f *Kind) Type() string { + return "Kind" +} + type Language string const LanguagePython Language = `python` @@ -5145,9 +5324,16 @@ type UpdateClusterResource struct { // Data security mode decides what data governance model to use when // accessing data from a cluster. // - // * `NONE`: No security isolation for multiple users sharing the cluster. - // Data governance features are not available in this mode. * `SINGLE_USER`: - // A secure cluster that can only be exclusively used by a single user + // The following modes can only be used with `kind`. * + // `DATA_SECURITY_MODE_AUTO`: Databricks will choose the most appropriate + // access mode depending on your compute configuration. * + // `DATA_SECURITY_MODE_STANDARD`: Alias for `USER_ISOLATION`. * + // `DATA_SECURITY_MODE_DEDICATED`: Alias for `SINGLE_USER`. + // + // The following modes can be used regardless of `kind`. * `NONE`: No + // security isolation for multiple users sharing the cluster. Data + // governance features are not available in this mode. * `SINGLE_USER`: A + // secure cluster that can only be exclusively used by a single user // specified in `single_user_name`. Most programming languages, cluster // features and data governance features are available in this mode. * // `USER_ISOLATION`: A secure cluster that can be shared by multiple users. @@ -5192,6 +5378,19 @@ type UpdateClusterResource struct { InitScripts []InitScriptInfo `json:"init_scripts,omitempty"` // The optional ID of the instance pool to which the cluster belongs. InstancePoolId string `json:"instance_pool_id,omitempty"` + // This field can only be used with `kind`. + // + // When set to true, Databricks will automatically set single node related + // `custom_tags`, `spark_conf`, and `num_workers` + IsSingleNode bool `json:"is_single_node,omitempty"` + // The kind of compute described by this compute specification. + // + // Depending on `kind`, different validations and default values will be + // applied. + // + // The first usage of this value is for the simple cluster form where it + // sets `kind = CLASSIC_PREVIEW`. + Kind Kind `json:"kind,omitempty"` // This field encodes, through a single value, the resources available to // each of the Spark nodes in this cluster. For example, the Spark nodes can // be provisioned and optimized for memory or compute intensive workloads. A @@ -5250,6 +5449,12 @@ type UpdateClusterResource struct { // cluster. The corresponding private keys can be used to login with the // user name `ubuntu` on port `2200`. Up to 10 keys can be specified. SshPublicKeys []string `json:"ssh_public_keys,omitempty"` + // This field can only be used with `kind`. + // + // `effective_spark_version` is determined by `spark_version` (DBR release), + // this field `use_ml_runtime`, and whether `node_type_id` is gpu node or + // not. + UseMlRuntime bool `json:"use_ml_runtime,omitempty"` WorkloadType *WorkloadType `json:"workload_type,omitempty"` diff --git a/service/dashboards/model.go b/service/dashboards/model.go index 1905f92b6..310008e61 100755 --- a/service/dashboards/model.go +++ b/service/dashboards/model.go @@ -749,6 +749,10 @@ type MigrateDashboardRequest struct { ParentPath string `json:"parent_path,omitempty"` // UUID of the dashboard to be migrated. SourceDashboardId string `json:"source_dashboard_id"` + // Flag to indicate if mustache parameter syntax ({{ param }}) should be + // auto-updated to named syntax (:param) when converting datasets in the + // dashboard. + UpdateParameterSyntax bool `json:"update_parameter_syntax,omitempty"` ForceSendFields []string `json:"-"` } diff --git a/service/jobs/model.go b/service/jobs/model.go index f26b53c3a..641d98afa 100755 --- a/service/jobs/model.go +++ b/service/jobs/model.go @@ -165,6 +165,8 @@ type BaseRun struct { // failures. * `RUN_JOB_TASK`: Indicates a run that is triggered using a Run // Job task. * `FILE_ARRIVAL`: Indicates a run that is triggered by a file // arrival. * `TABLE`: Indicates a run that is triggered by a table update. + // * `CONTINUOUS_RESTART`: Indicates a run created by user to manually + // restart a continuous job run. Trigger TriggerType `json:"trigger,omitempty"` // Additional details about what triggered the run TriggerInfo *TriggerInfo `json:"trigger_info,omitempty"` @@ -301,7 +303,7 @@ func (f *CleanRoomTaskRunResultState) Type() string { return "CleanRoomTaskRunResultState" } -// Stores the run state of the clean room notebook V1 task. +// Stores the run state of the clean rooms notebook task. type CleanRoomTaskRunState struct { // A value indicating the run's current lifecycle state. This field is // always available in the response. @@ -311,6 +313,29 @@ type CleanRoomTaskRunState struct { ResultState CleanRoomTaskRunResultState `json:"result_state,omitempty"` } +type CleanRoomsNotebookTask struct { + // The clean room that the notebook belongs to. + CleanRoomName string `json:"clean_room_name"` + // Checksum to validate the freshness of the notebook resource (i.e. the + // notebook being run is the latest version). It can be fetched by calling + // the :method:cleanroomassets/get API. + Etag string `json:"etag,omitempty"` + // Base parameters to be used for the clean room notebook job. + NotebookBaseParameters map[string]string `json:"notebook_base_parameters,omitempty"` + // Name of the notebook being run. + NotebookName string `json:"notebook_name"` + + ForceSendFields []string `json:"-"` +} + +func (s *CleanRoomsNotebookTask) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s CleanRoomsNotebookTask) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + type ClusterInstance struct { // The canonical identifier for the cluster used by a run. This field is // always available for runs on existing clusters. For runs on new clusters, @@ -1686,12 +1711,12 @@ func (f *JobSourceDirtyState) Type() string { // // * `RUN_DURATION_SECONDS`: Expected total time for a run in seconds. * // `STREAMING_BACKLOG_BYTES`: An estimate of the maximum bytes of data waiting -// to be consumed across all streams. This metric is in Private Preview. * +// to be consumed across all streams. This metric is in Public Preview. * // `STREAMING_BACKLOG_RECORDS`: An estimate of the maximum offset lag across all -// streams. This metric is in Private Preview. * `STREAMING_BACKLOG_SECONDS`: An +// streams. This metric is in Public Preview. * `STREAMING_BACKLOG_SECONDS`: An // estimate of the maximum consumer delay across all streams. This metric is in -// Private Preview. * `STREAMING_BACKLOG_FILES`: An estimate of the maximum -// number of outstanding files across all streams. This metric is in Private +// Public Preview. * `STREAMING_BACKLOG_FILES`: An estimate of the maximum +// number of outstanding files across all streams. This metric is in Public // Preview. type JobsHealthMetric string @@ -1699,19 +1724,19 @@ type JobsHealthMetric string const JobsHealthMetricRunDurationSeconds JobsHealthMetric = `RUN_DURATION_SECONDS` // An estimate of the maximum bytes of data waiting to be consumed across all -// streams. This metric is in Private Preview. +// streams. This metric is in Public Preview. const JobsHealthMetricStreamingBacklogBytes JobsHealthMetric = `STREAMING_BACKLOG_BYTES` // An estimate of the maximum number of outstanding files across all streams. -// This metric is in Private Preview. +// This metric is in Public Preview. const JobsHealthMetricStreamingBacklogFiles JobsHealthMetric = `STREAMING_BACKLOG_FILES` // An estimate of the maximum offset lag across all streams. This metric is in -// Private Preview. +// Public Preview. const JobsHealthMetricStreamingBacklogRecords JobsHealthMetric = `STREAMING_BACKLOG_RECORDS` // An estimate of the maximum consumer delay across all streams. This metric is -// in Private Preview. +// in Public Preview. const JobsHealthMetricStreamingBacklogSeconds JobsHealthMetric = `STREAMING_BACKLOG_SECONDS` // String representation for [fmt.Print] @@ -1768,13 +1793,13 @@ type JobsHealthRule struct { // // * `RUN_DURATION_SECONDS`: Expected total time for a run in seconds. * // `STREAMING_BACKLOG_BYTES`: An estimate of the maximum bytes of data - // waiting to be consumed across all streams. This metric is in Private + // waiting to be consumed across all streams. This metric is in Public // Preview. * `STREAMING_BACKLOG_RECORDS`: An estimate of the maximum offset - // lag across all streams. This metric is in Private Preview. * + // lag across all streams. This metric is in Public Preview. * // `STREAMING_BACKLOG_SECONDS`: An estimate of the maximum consumer delay - // across all streams. This metric is in Private Preview. * + // across all streams. This metric is in Public Preview. * // `STREAMING_BACKLOG_FILES`: An estimate of the maximum number of - // outstanding files across all streams. This metric is in Private Preview. + // outstanding files across all streams. This metric is in Public Preview. Metric JobsHealthMetric `json:"metric"` // Specifies the operator used to compare the health metric value with the // specified threshold. @@ -2613,6 +2638,8 @@ type Run struct { // failures. * `RUN_JOB_TASK`: Indicates a run that is triggered using a Run // Job task. * `FILE_ARRIVAL`: Indicates a run that is triggered by a file // arrival. * `TABLE`: Indicates a run that is triggered by a table update. + // * `CONTINUOUS_RESTART`: Indicates a run created by user to manually + // restart a continuous job run. Trigger TriggerType `json:"trigger,omitempty"` // Additional details about what triggered the run TriggerInfo *TriggerInfo `json:"trigger_info,omitempty"` @@ -3337,6 +3364,11 @@ type RunTask struct { // retried only until they succeed, and the maximum `attempt_number` is the // same as the `max_retries` value for the job. AttemptNumber int `json:"attempt_number,omitempty"` + // The task runs a [clean rooms] notebook when the + // `clean_rooms_notebook_task` field is present. + // + // [clean rooms]: https://docs.databricks.com/en/clean-rooms/index.html + CleanRoomsNotebookTask *CleanRoomsNotebookTask `json:"clean_rooms_notebook_task,omitempty"` // The time in milliseconds it took to terminate the cluster and clean up // any associated artifacts. The duration of a task run is the sum of the // `setup_duration`, `execution_duration`, and the `cleanup_duration`. The @@ -4040,6 +4072,11 @@ func (s SubmitRunResponse) MarshalJSON() ([]byte, error) { } type SubmitTask struct { + // The task runs a [clean rooms] notebook when the + // `clean_rooms_notebook_task` field is present. + // + // [clean rooms]: https://docs.databricks.com/en/clean-rooms/index.html + CleanRoomsNotebookTask *CleanRoomsNotebookTask `json:"clean_rooms_notebook_task,omitempty"` // The task evaluates a condition that can be used to control the execution // of other tasks when the `condition_task` field is present. The condition // task does not require a cluster to execute and does not support retries @@ -4177,6 +4214,11 @@ func (s TableUpdateTriggerConfiguration) MarshalJSON() ([]byte, error) { } type Task struct { + // The task runs a [clean rooms] notebook when the + // `clean_rooms_notebook_task` field is present. + // + // [clean rooms]: https://docs.databricks.com/en/clean-rooms/index.html + CleanRoomsNotebookTask *CleanRoomsNotebookTask `json:"clean_rooms_notebook_task,omitempty"` // The task evaluates a condition that can be used to control the execution // of other tasks when the `condition_task` field is present. The condition // task does not require a cluster to execute and does not support retries @@ -4708,7 +4750,9 @@ type TriggerSettings struct { // run. This occurs when you request to re-run the job in case of failures. * // `RUN_JOB_TASK`: Indicates a run that is triggered using a Run Job task. * // `FILE_ARRIVAL`: Indicates a run that is triggered by a file arrival. * -// `TABLE`: Indicates a run that is triggered by a table update. +// `TABLE`: Indicates a run that is triggered by a table update. * +// `CONTINUOUS_RESTART`: Indicates a run created by user to manually restart a +// continuous job run. type TriggerType string // Indicates a run that is triggered by a file arrival. diff --git a/service/oauth2/api.go b/service/oauth2/api.go index bd5dea941..5119197e3 100755 --- a/service/oauth2/api.go +++ b/service/oauth2/api.go @@ -1,6 +1,6 @@ // Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT. -// These APIs allow you to manage Custom App Integration, O Auth Published Apps, Published App Integration, Service Principal Secrets, etc. +// These APIs allow you to manage Account Federation Policy, Custom App Integration, O Auth Published Apps, Published App Integration, Service Principal Federation Policy, Service Principal Secrets, etc. package oauth2 import ( @@ -11,6 +11,148 @@ import ( "github.com/databricks/databricks-sdk-go/useragent" ) +type AccountFederationPolicyInterface interface { + + // Create account federation policy. + Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error) + + // Delete account federation policy. + Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error + + // Delete account federation policy. + DeleteByPolicyId(ctx context.Context, policyId string) error + + // Get account federation policy. + Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error) + + // Get account federation policy. + GetByPolicyId(ctx context.Context, policyId string) (*FederationPolicy, error) + + // List account federation policies. + // + // This method is generated by Databricks SDK Code Generator. + List(ctx context.Context, request ListAccountFederationPoliciesRequest) listing.Iterator[FederationPolicy] + + // List account federation policies. + // + // This method is generated by Databricks SDK Code Generator. + ListAll(ctx context.Context, request ListAccountFederationPoliciesRequest) ([]FederationPolicy, error) + + // Update account federation policy. + Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error) +} + +func NewAccountFederationPolicy(client *client.DatabricksClient) *AccountFederationPolicyAPI { + return &AccountFederationPolicyAPI{ + accountFederationPolicyImpl: accountFederationPolicyImpl{ + client: client, + }, + } +} + +// These APIs manage account federation policies. +// +// Account federation policies allow users and service principals in your +// Databricks account to securely access Databricks APIs using tokens from your +// trusted identity providers (IdPs). +// +// With token federation, your users and service principals can exchange tokens +// from your IdP for Databricks OAuth tokens, which can be used to access +// Databricks APIs. Token federation eliminates the need to manage Databricks +// secrets, and allows you to centralize management of token issuance policies +// in your IdP. Databricks token federation is typically used in combination +// with [SCIM], so users in your IdP are synchronized into your Databricks +// account. +// +// Token federation is configured in your Databricks account using an account +// federation policy. An account federation policy specifies: * which IdP, or +// issuer, your Databricks account should accept tokens from * how to determine +// which Databricks user, or subject, a token is issued for +// +// To configure a federation policy, you provide the following: * The required +// token __issuer__, as specified in the “iss” claim of your tokens. The +// issuer is an https URL that identifies your IdP. * The allowed token +// __audiences__, as specified in the “aud” claim of your tokens. This +// identifier is intended to represent the recipient of the token. As long as +// the audience in the token matches at least one audience in the policy, the +// token is considered a match. If unspecified, the default value is your +// Databricks account id. * The __subject claim__, which indicates which token +// claim contains the Databricks username of the user the token was issued for. +// If unspecified, the default value is “sub”. * Optionally, the public keys +// used to validate the signature of your tokens, in JWKS format. If unspecified +// (recommended), Databricks automatically fetches the public keys from your +// issuer’s well known endpoint. Databricks strongly recommends relying on +// your issuer’s well known endpoint for discovering public keys. +// +// An example federation policy is: ``` issuer: "https://idp.mycompany.com/oidc" +// audiences: ["databricks"] subject_claim: "sub" ``` +// +// An example JWT token body that matches this policy and could be used to +// authenticate to Databricks as user `username@mycompany.com` is: ``` { "iss": +// "https://idp.mycompany.com/oidc", "aud": "databricks", "sub": +// "username@mycompany.com" } ``` +// +// You may also need to configure your IdP to generate tokens for your users to +// exchange with Databricks, if your users do not already have the ability to +// generate tokens that are compatible with your federation policy. +// +// You do not need to configure an OAuth application in Databricks to use token +// federation. +// +// [SCIM]: https://docs.databricks.com/admin/users-groups/scim/index.html +type AccountFederationPolicyAPI struct { + accountFederationPolicyImpl +} + +// Delete account federation policy. +func (a *AccountFederationPolicyAPI) DeleteByPolicyId(ctx context.Context, policyId string) error { + return a.accountFederationPolicyImpl.Delete(ctx, DeleteAccountFederationPolicyRequest{ + PolicyId: policyId, + }) +} + +// Get account federation policy. +func (a *AccountFederationPolicyAPI) GetByPolicyId(ctx context.Context, policyId string) (*FederationPolicy, error) { + return a.accountFederationPolicyImpl.Get(ctx, GetAccountFederationPolicyRequest{ + PolicyId: policyId, + }) +} + +// List account federation policies. +// +// This method is generated by Databricks SDK Code Generator. +func (a *AccountFederationPolicyAPI) List(ctx context.Context, request ListAccountFederationPoliciesRequest) listing.Iterator[FederationPolicy] { + + getNextPage := func(ctx context.Context, req ListAccountFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) { + ctx = useragent.InContext(ctx, "sdk-feature", "pagination") + return a.accountFederationPolicyImpl.List(ctx, req) + } + getItems := func(resp *ListFederationPoliciesResponse) []FederationPolicy { + return resp.Policies + } + getNextReq := func(resp *ListFederationPoliciesResponse) *ListAccountFederationPoliciesRequest { + if resp.NextPageToken == "" { + return nil + } + request.PageToken = resp.NextPageToken + return &request + } + iterator := listing.NewIterator( + &request, + getNextPage, + getItems, + getNextReq) + return iterator +} + +// List account federation policies. +// +// This method is generated by Databricks SDK Code Generator. +func (a *AccountFederationPolicyAPI) ListAll(ctx context.Context, request ListAccountFederationPoliciesRequest) ([]FederationPolicy, error) { + iterator := a.List(ctx, request) + return listing.ToSlice[FederationPolicy](ctx, iterator) +} + type CustomAppIntegrationInterface interface { // Create Custom OAuth App Integration. @@ -343,6 +485,164 @@ func (a *PublishedAppIntegrationAPI) ListAll(ctx context.Context, request ListPu return listing.ToSlice[GetPublishedAppIntegrationOutput](ctx, iterator) } +type ServicePrincipalFederationPolicyInterface interface { + + // Create service principal federation policy. + Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) + + // Delete service principal federation policy. + Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error + + // Delete service principal federation policy. + DeleteByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) error + + // Get service principal federation policy. + Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) + + // Get service principal federation policy. + GetByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) (*FederationPolicy, error) + + // List service principal federation policies. + // + // This method is generated by Databricks SDK Code Generator. + List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) listing.Iterator[FederationPolicy] + + // List service principal federation policies. + // + // This method is generated by Databricks SDK Code Generator. + ListAll(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) ([]FederationPolicy, error) + + // List service principal federation policies. + ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListFederationPoliciesResponse, error) + + // Update service principal federation policy. + Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) +} + +func NewServicePrincipalFederationPolicy(client *client.DatabricksClient) *ServicePrincipalFederationPolicyAPI { + return &ServicePrincipalFederationPolicyAPI{ + servicePrincipalFederationPolicyImpl: servicePrincipalFederationPolicyImpl{ + client: client, + }, + } +} + +// These APIs manage service principal federation policies. +// +// Service principal federation, also known as Workload Identity Federation, +// allows your automated workloads running outside of Databricks to securely +// access Databricks APIs without the need for Databricks secrets. With Workload +// Identity Federation, your application (or workload) authenticates to +// Databricks as a Databricks service principal, using tokens provided by the +// workload runtime. +// +// Databricks strongly recommends using Workload Identity Federation to +// authenticate to Databricks from automated workloads, over alternatives such +// as OAuth client secrets or Personal Access Tokens, whenever possible. +// Workload Identity Federation is supported by many popular services, including +// Github Actions, Azure DevOps, GitLab, Terraform Cloud, and Kubernetes +// clusters, among others. +// +// Workload identity federation is configured in your Databricks account using a +// service principal federation policy. A service principal federation policy +// specifies: * which IdP, or issuer, the service principal is allowed to +// authenticate from * which workload identity, or subject, is allowed to +// authenticate as the Databricks service principal +// +// To configure a federation policy, you provide the following: * The required +// token __issuer__, as specified in the “iss” claim of workload identity +// tokens. The issuer is an https URL that identifies the workload identity +// provider. * The required token __subject__, as specified in the “sub” +// claim of workload identity tokens. The subject uniquely identifies the +// workload in the workload runtime environment. * The allowed token +// __audiences__, as specified in the “aud” claim of workload identity +// tokens. The audience is intended to represent the recipient of the token. As +// long as the audience in the token matches at least one audience in the +// policy, the token is considered a match. If unspecified, the default value is +// your Databricks account id. * Optionally, the public keys used to validate +// the signature of the workload identity tokens, in JWKS format. If unspecified +// (recommended), Databricks automatically fetches the public keys from the +// issuer’s well known endpoint. Databricks strongly recommends relying on the +// issuer’s well known endpoint for discovering public keys. +// +// An example service principal federation policy, for a Github Actions +// workload, is: ``` issuer: "https://token.actions.githubusercontent.com" +// audiences: ["https://github.com/my-github-org"] subject: +// "repo:my-github-org/my-repo:environment:prod" ``` +// +// An example JWT token body that matches this policy and could be used to +// authenticate to Databricks is: ``` { "iss": +// "https://token.actions.githubusercontent.com", "aud": +// "https://github.com/my-github-org", "sub": +// "repo:my-github-org/my-repo:environment:prod" } ``` +// +// You may also need to configure the workload runtime to generate tokens for +// your workloads. +// +// You do not need to configure an OAuth application in Databricks to use token +// federation. +type ServicePrincipalFederationPolicyAPI struct { + servicePrincipalFederationPolicyImpl +} + +// Delete service principal federation policy. +func (a *ServicePrincipalFederationPolicyAPI) DeleteByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) error { + return a.servicePrincipalFederationPolicyImpl.Delete(ctx, DeleteServicePrincipalFederationPolicyRequest{ + ServicePrincipalId: servicePrincipalId, + PolicyId: policyId, + }) +} + +// Get service principal federation policy. +func (a *ServicePrincipalFederationPolicyAPI) GetByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) (*FederationPolicy, error) { + return a.servicePrincipalFederationPolicyImpl.Get(ctx, GetServicePrincipalFederationPolicyRequest{ + ServicePrincipalId: servicePrincipalId, + PolicyId: policyId, + }) +} + +// List service principal federation policies. +// +// This method is generated by Databricks SDK Code Generator. +func (a *ServicePrincipalFederationPolicyAPI) List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) listing.Iterator[FederationPolicy] { + + getNextPage := func(ctx context.Context, req ListServicePrincipalFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) { + ctx = useragent.InContext(ctx, "sdk-feature", "pagination") + return a.servicePrincipalFederationPolicyImpl.List(ctx, req) + } + getItems := func(resp *ListFederationPoliciesResponse) []FederationPolicy { + return resp.Policies + } + getNextReq := func(resp *ListFederationPoliciesResponse) *ListServicePrincipalFederationPoliciesRequest { + if resp.NextPageToken == "" { + return nil + } + request.PageToken = resp.NextPageToken + return &request + } + iterator := listing.NewIterator( + &request, + getNextPage, + getItems, + getNextReq) + return iterator +} + +// List service principal federation policies. +// +// This method is generated by Databricks SDK Code Generator. +func (a *ServicePrincipalFederationPolicyAPI) ListAll(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) ([]FederationPolicy, error) { + iterator := a.List(ctx, request) + return listing.ToSlice[FederationPolicy](ctx, iterator) +} + +// List service principal federation policies. +func (a *ServicePrincipalFederationPolicyAPI) ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListFederationPoliciesResponse, error) { + return a.servicePrincipalFederationPolicyImpl.List(ctx, ListServicePrincipalFederationPoliciesRequest{ + ServicePrincipalId: servicePrincipalId, + }) +} + type ServicePrincipalSecretsInterface interface { // Create service principal secret. diff --git a/service/oauth2/impl.go b/service/oauth2/impl.go index a5c92a350..643052a3b 100755 --- a/service/oauth2/impl.go +++ b/service/oauth2/impl.go @@ -10,6 +10,58 @@ import ( "github.com/databricks/databricks-sdk-go/client" ) +// unexported type that holds implementations of just AccountFederationPolicy API methods +type accountFederationPolicyImpl struct { + client *client.DatabricksClient +} + +func (a *accountFederationPolicyImpl) Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/federationPolicies", a.client.ConfiguredAccountID()) + headers := make(map[string]string) + headers["Accept"] = "application/json" + headers["Content-Type"] = "application/json" + err := a.client.Do(ctx, http.MethodPost, path, headers, request.Policy, &federationPolicy) + return &federationPolicy, err +} + +func (a *accountFederationPolicyImpl) Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error { + var deleteResponse DeleteResponse + path := fmt.Sprintf("/api/2.0/accounts/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodDelete, path, headers, request, &deleteResponse) + return err +} + +func (a *accountFederationPolicyImpl) Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodGet, path, headers, request, &federationPolicy) + return &federationPolicy, err +} + +func (a *accountFederationPolicyImpl) List(ctx context.Context, request ListAccountFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) { + var listFederationPoliciesResponse ListFederationPoliciesResponse + path := fmt.Sprintf("/api/2.0/accounts/%v/federationPolicies", a.client.ConfiguredAccountID()) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodGet, path, headers, request, &listFederationPoliciesResponse) + return &listFederationPoliciesResponse, err +} + +func (a *accountFederationPolicyImpl) Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + headers["Content-Type"] = "application/json" + err := a.client.Do(ctx, http.MethodPatch, path, headers, request.Policy, &federationPolicy) + return &federationPolicy, err +} + // unexported type that holds implementations of just CustomAppIntegration API methods type customAppIntegrationImpl struct { client *client.DatabricksClient @@ -128,6 +180,58 @@ func (a *publishedAppIntegrationImpl) Update(ctx context.Context, request Update return err } +// unexported type that holds implementations of just ServicePrincipalFederationPolicy API methods +type servicePrincipalFederationPolicyImpl struct { + client *client.DatabricksClient +} + +func (a *servicePrincipalFederationPolicyImpl) Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/servicePrincipals/%v/federationPolicies", a.client.ConfiguredAccountID(), request.ServicePrincipalId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + headers["Content-Type"] = "application/json" + err := a.client.Do(ctx, http.MethodPost, path, headers, request.Policy, &federationPolicy) + return &federationPolicy, err +} + +func (a *servicePrincipalFederationPolicyImpl) Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error { + var deleteResponse DeleteResponse + path := fmt.Sprintf("/api/2.0/accounts/%v/servicePrincipals/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.ServicePrincipalId, request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodDelete, path, headers, request, &deleteResponse) + return err +} + +func (a *servicePrincipalFederationPolicyImpl) Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/servicePrincipals/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.ServicePrincipalId, request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodGet, path, headers, request, &federationPolicy) + return &federationPolicy, err +} + +func (a *servicePrincipalFederationPolicyImpl) List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) { + var listFederationPoliciesResponse ListFederationPoliciesResponse + path := fmt.Sprintf("/api/2.0/accounts/%v/servicePrincipals/%v/federationPolicies", a.client.ConfiguredAccountID(), request.ServicePrincipalId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + err := a.client.Do(ctx, http.MethodGet, path, headers, request, &listFederationPoliciesResponse) + return &listFederationPoliciesResponse, err +} + +func (a *servicePrincipalFederationPolicyImpl) Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) { + var federationPolicy FederationPolicy + path := fmt.Sprintf("/api/2.0/accounts/%v/servicePrincipals/%v/federationPolicies/%v", a.client.ConfiguredAccountID(), request.ServicePrincipalId, request.PolicyId) + headers := make(map[string]string) + headers["Accept"] = "application/json" + headers["Content-Type"] = "application/json" + err := a.client.Do(ctx, http.MethodPatch, path, headers, request.Policy, &federationPolicy) + return &federationPolicy, err +} + // unexported type that holds implementations of just ServicePrincipalSecrets API methods type servicePrincipalSecretsImpl struct { client *client.DatabricksClient diff --git a/service/oauth2/interface.go b/service/oauth2/interface.go index 016449037..dd42df15b 100755 --- a/service/oauth2/interface.go +++ b/service/oauth2/interface.go @@ -6,6 +6,76 @@ import ( "context" ) +// These APIs manage account federation policies. +// +// Account federation policies allow users and service principals in your +// Databricks account to securely access Databricks APIs using tokens from your +// trusted identity providers (IdPs). +// +// With token federation, your users and service principals can exchange tokens +// from your IdP for Databricks OAuth tokens, which can be used to access +// Databricks APIs. Token federation eliminates the need to manage Databricks +// secrets, and allows you to centralize management of token issuance policies +// in your IdP. Databricks token federation is typically used in combination +// with [SCIM], so users in your IdP are synchronized into your Databricks +// account. +// +// Token federation is configured in your Databricks account using an account +// federation policy. An account federation policy specifies: * which IdP, or +// issuer, your Databricks account should accept tokens from * how to determine +// which Databricks user, or subject, a token is issued for +// +// To configure a federation policy, you provide the following: * The required +// token __issuer__, as specified in the “iss” claim of your tokens. The +// issuer is an https URL that identifies your IdP. * The allowed token +// __audiences__, as specified in the “aud” claim of your tokens. This +// identifier is intended to represent the recipient of the token. As long as +// the audience in the token matches at least one audience in the policy, the +// token is considered a match. If unspecified, the default value is your +// Databricks account id. * The __subject claim__, which indicates which token +// claim contains the Databricks username of the user the token was issued for. +// If unspecified, the default value is “sub”. * Optionally, the public keys +// used to validate the signature of your tokens, in JWKS format. If unspecified +// (recommended), Databricks automatically fetches the public keys from your +// issuer’s well known endpoint. Databricks strongly recommends relying on +// your issuer’s well known endpoint for discovering public keys. +// +// An example federation policy is: ``` issuer: "https://idp.mycompany.com/oidc" +// audiences: ["databricks"] subject_claim: "sub" ``` +// +// An example JWT token body that matches this policy and could be used to +// authenticate to Databricks as user `username@mycompany.com` is: ``` { "iss": +// "https://idp.mycompany.com/oidc", "aud": "databricks", "sub": +// "username@mycompany.com" } ``` +// +// You may also need to configure your IdP to generate tokens for your users to +// exchange with Databricks, if your users do not already have the ability to +// generate tokens that are compatible with your federation policy. +// +// You do not need to configure an OAuth application in Databricks to use token +// federation. +// +// [SCIM]: https://docs.databricks.com/admin/users-groups/scim/index.html +type AccountFederationPolicyService interface { + + // Create account federation policy. + Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error) + + // Delete account federation policy. + Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error + + // Get account federation policy. + Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error) + + // List account federation policies. + // + // Use ListAll() to get all FederationPolicy instances, which will iterate over every result page. + List(ctx context.Context, request ListAccountFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) + + // Update account federation policy. + Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error) +} + // These APIs enable administrators to manage custom OAuth app integrations, // which is required for adding/using Custom OAuth App Integration like Tableau // Cloud for Databricks in AWS cloud. @@ -98,6 +168,80 @@ type PublishedAppIntegrationService interface { Update(ctx context.Context, request UpdatePublishedAppIntegration) error } +// These APIs manage service principal federation policies. +// +// Service principal federation, also known as Workload Identity Federation, +// allows your automated workloads running outside of Databricks to securely +// access Databricks APIs without the need for Databricks secrets. With Workload +// Identity Federation, your application (or workload) authenticates to +// Databricks as a Databricks service principal, using tokens provided by the +// workload runtime. +// +// Databricks strongly recommends using Workload Identity Federation to +// authenticate to Databricks from automated workloads, over alternatives such +// as OAuth client secrets or Personal Access Tokens, whenever possible. +// Workload Identity Federation is supported by many popular services, including +// Github Actions, Azure DevOps, GitLab, Terraform Cloud, and Kubernetes +// clusters, among others. +// +// Workload identity federation is configured in your Databricks account using a +// service principal federation policy. A service principal federation policy +// specifies: * which IdP, or issuer, the service principal is allowed to +// authenticate from * which workload identity, or subject, is allowed to +// authenticate as the Databricks service principal +// +// To configure a federation policy, you provide the following: * The required +// token __issuer__, as specified in the “iss” claim of workload identity +// tokens. The issuer is an https URL that identifies the workload identity +// provider. * The required token __subject__, as specified in the “sub” +// claim of workload identity tokens. The subject uniquely identifies the +// workload in the workload runtime environment. * The allowed token +// __audiences__, as specified in the “aud” claim of workload identity +// tokens. The audience is intended to represent the recipient of the token. As +// long as the audience in the token matches at least one audience in the +// policy, the token is considered a match. If unspecified, the default value is +// your Databricks account id. * Optionally, the public keys used to validate +// the signature of the workload identity tokens, in JWKS format. If unspecified +// (recommended), Databricks automatically fetches the public keys from the +// issuer’s well known endpoint. Databricks strongly recommends relying on the +// issuer’s well known endpoint for discovering public keys. +// +// An example service principal federation policy, for a Github Actions +// workload, is: ``` issuer: "https://token.actions.githubusercontent.com" +// audiences: ["https://github.com/my-github-org"] subject: +// "repo:my-github-org/my-repo:environment:prod" ``` +// +// An example JWT token body that matches this policy and could be used to +// authenticate to Databricks is: ``` { "iss": +// "https://token.actions.githubusercontent.com", "aud": +// "https://github.com/my-github-org", "sub": +// "repo:my-github-org/my-repo:environment:prod" } ``` +// +// You may also need to configure the workload runtime to generate tokens for +// your workloads. +// +// You do not need to configure an OAuth application in Databricks to use token +// federation. +type ServicePrincipalFederationPolicyService interface { + + // Create service principal federation policy. + Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) + + // Delete service principal federation policy. + Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error + + // Get service principal federation policy. + Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) + + // List service principal federation policies. + // + // Use ListAll() to get all FederationPolicy instances, which will iterate over every result page. + List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) (*ListFederationPoliciesResponse, error) + + // Update service principal federation policy. + Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error) +} + // These APIs enable administrators to manage service principal secrets. // // You can use the generated secrets to obtain OAuth access tokens for a service diff --git a/service/oauth2/model.go b/service/oauth2/model.go index 073a9cb9a..5ce0f66d5 100755 --- a/service/oauth2/model.go +++ b/service/oauth2/model.go @@ -6,6 +6,24 @@ import ( "github.com/databricks/databricks-sdk-go/marshal" ) +// Create account federation policy +type CreateAccountFederationPolicyRequest struct { + Policy *FederationPolicy `json:"policy,omitempty"` + // The identifier for the federation policy. If unspecified, the id will be + // assigned by Databricks. + PolicyId string `json:"-" url:"policy_id,omitempty"` + + ForceSendFields []string `json:"-"` +} + +func (s *CreateAccountFederationPolicyRequest) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s CreateAccountFederationPolicyRequest) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + type CreateCustomAppIntegration struct { // This field indicates whether an OAuth client secret is required to // authenticate this client. @@ -84,6 +102,26 @@ func (s CreatePublishedAppIntegrationOutput) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// Create service principal federation policy +type CreateServicePrincipalFederationPolicyRequest struct { + Policy *FederationPolicy `json:"policy,omitempty"` + // The identifier for the federation policy. If unspecified, the id will be + // assigned by Databricks. + PolicyId string `json:"-" url:"policy_id,omitempty"` + // The service principal id for the federation policy. + ServicePrincipalId int64 `json:"-" url:"-"` + + ForceSendFields []string `json:"-"` +} + +func (s *CreateServicePrincipalFederationPolicyRequest) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s CreateServicePrincipalFederationPolicyRequest) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + // Create service principal secret type CreateServicePrincipalSecretRequest struct { // The service principal ID. @@ -132,6 +170,11 @@ func (s DataPlaneInfo) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// Delete account federation policy +type DeleteAccountFederationPolicyRequest struct { + PolicyId string `json:"-" url:"-"` +} + type DeleteCustomAppIntegrationOutput struct { } @@ -151,6 +194,13 @@ type DeletePublishedAppIntegrationRequest struct { type DeleteResponse struct { } +// Delete service principal federation policy +type DeleteServicePrincipalFederationPolicyRequest struct { + PolicyId string `json:"-" url:"-"` + // The service principal id for the federation policy. + ServicePrincipalId int64 `json:"-" url:"-"` +} + // Delete service principal secret type DeleteServicePrincipalSecretRequest struct { // The secret ID. @@ -159,6 +209,39 @@ type DeleteServicePrincipalSecretRequest struct { ServicePrincipalId int64 `json:"-" url:"-"` } +type FederationPolicy struct { + // Creation time of the federation policy. + CreateTime string `json:"create_time,omitempty"` + // Description of the federation policy. + Description string `json:"description,omitempty"` + // Name of the federation policy. The name must contain only lowercase + // alphanumeric characters, numbers, and hyphens. It must be unique within + // the account. + Name string `json:"name,omitempty"` + // Specifies the policy to use for validating OIDC claims in your federated + // tokens. + OidcPolicy *OidcFederationPolicy `json:"oidc_policy,omitempty"` + // Unique, immutable id of the federation policy. + Uid string `json:"uid,omitempty"` + // Last update time of the federation policy. + UpdateTime string `json:"update_time,omitempty"` + + ForceSendFields []string `json:"-"` +} + +func (s *FederationPolicy) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s FederationPolicy) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + +// Get account federation policy +type GetAccountFederationPolicyRequest struct { + PolicyId string `json:"-" url:"-"` +} + type GetCustomAppIntegrationOutput struct { // The client id of the custom OAuth app ClientId string `json:"client_id,omitempty"` @@ -281,6 +364,30 @@ func (s GetPublishedAppsOutput) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// Get service principal federation policy +type GetServicePrincipalFederationPolicyRequest struct { + PolicyId string `json:"-" url:"-"` + // The service principal id for the federation policy. + ServicePrincipalId int64 `json:"-" url:"-"` +} + +// List account federation policies +type ListAccountFederationPoliciesRequest struct { + PageSize int `json:"-" url:"page_size,omitempty"` + + PageToken string `json:"-" url:"page_token,omitempty"` + + ForceSendFields []string `json:"-"` +} + +func (s *ListAccountFederationPoliciesRequest) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s ListAccountFederationPoliciesRequest) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + // Get custom oauth app integrations type ListCustomAppIntegrationsRequest struct { IncludeCreatorUsername bool `json:"-" url:"include_creator_username,omitempty"` @@ -300,6 +407,22 @@ func (s ListCustomAppIntegrationsRequest) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +type ListFederationPoliciesResponse struct { + NextPageToken string `json:"next_page_token,omitempty"` + + Policies []FederationPolicy `json:"policies,omitempty"` + + ForceSendFields []string `json:"-"` +} + +func (s *ListFederationPoliciesResponse) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s ListFederationPoliciesResponse) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + // Get all the published OAuth apps type ListOAuthPublishedAppsRequest struct { // The max number of OAuth published apps to return in one page. @@ -335,6 +458,25 @@ func (s ListPublishedAppIntegrationsRequest) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// List service principal federation policies +type ListServicePrincipalFederationPoliciesRequest struct { + PageSize int `json:"-" url:"page_size,omitempty"` + + PageToken string `json:"-" url:"page_token,omitempty"` + // The service principal id for the federation policy. + ServicePrincipalId int64 `json:"-" url:"-"` + + ForceSendFields []string `json:"-"` +} + +func (s *ListServicePrincipalFederationPoliciesRequest) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s ListServicePrincipalFederationPoliciesRequest) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + // List service principal secrets type ListServicePrincipalSecretsRequest struct { // An opaque page token which was the `next_page_token` in the response of @@ -378,6 +520,44 @@ func (s ListServicePrincipalSecretsResponse) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// Specifies the policy to use for validating OIDC claims in your federated +// tokens. +type OidcFederationPolicy struct { + // The allowed token audiences, as specified in the 'aud' claim of federated + // tokens. The audience identifier is intended to represent the recipient of + // the token. Can be any non-empty string value. As long as the audience in + // the token matches at least one audience in the policy, the token is + // considered a match. If audiences is unspecified, defaults to your + // Databricks account id. + Audiences []string `json:"audiences,omitempty"` + // The required token issuer, as specified in the 'iss' claim of federated + // tokens. + Issuer string `json:"issuer,omitempty"` + // The public keys used to validate the signature of federated tokens, in + // JWKS format. If unspecified (recommended), Databricks automatically + // fetches the public keys from your issuer’s well known endpoint. + // Databricks strongly recommends relying on your issuer’s well known + // endpoint for discovering public keys. + JwksJson string `json:"jwks_json,omitempty"` + // The required token subject, as specified in the subject claim of + // federated tokens. Must be specified for service principal federation + // policies. Must not be specified for account federation policies. + Subject string `json:"subject,omitempty"` + // The claim that contains the subject of the token. If unspecified, the + // default value is 'sub'. + SubjectClaim string `json:"subject_claim,omitempty"` + + ForceSendFields []string `json:"-"` +} + +func (s *OidcFederationPolicy) UnmarshalJSON(b []byte) error { + return marshal.Unmarshal(b, s) +} + +func (s OidcFederationPolicy) MarshalJSON() ([]byte, error) { + return marshal.Marshal(s) +} + type PublishedAppOutput struct { // Unique ID of the published OAuth app. AppId string `json:"app_id,omitempty"` @@ -447,6 +627,18 @@ func (s TokenAccessPolicy) MarshalJSON() ([]byte, error) { return marshal.Marshal(s) } +// Update account federation policy +type UpdateAccountFederationPolicyRequest struct { + Policy *FederationPolicy `json:"policy,omitempty"` + + PolicyId string `json:"-" url:"-"` + // Field mask is required to be passed into the PATCH request. Field mask + // specifies which fields of the setting payload will be updated. The field + // mask needs to be supplied as single string. To specify multiple fields in + // the field mask, use comma as the separator (no space). + UpdateMask string `json:"-" url:"update_mask"` +} + type UpdateCustomAppIntegration struct { IntegrationId string `json:"-" url:"-"` // List of OAuth redirect urls to be updated in the custom OAuth app @@ -467,3 +659,17 @@ type UpdatePublishedAppIntegration struct { type UpdatePublishedAppIntegrationOutput struct { } + +// Update service principal federation policy +type UpdateServicePrincipalFederationPolicyRequest struct { + Policy *FederationPolicy `json:"policy,omitempty"` + + PolicyId string `json:"-" url:"-"` + // The service principal id for the federation policy. + ServicePrincipalId int64 `json:"-" url:"-"` + // Field mask is required to be passed into the PATCH request. Field mask + // specifies which fields of the setting payload will be updated. The field + // mask needs to be supplied as single string. To specify multiple fields in + // the field mask, use comma as the separator (no space). + UpdateMask string `json:"-" url:"update_mask"` +} diff --git a/service/pipelines/model.go b/service/pipelines/model.go index c9b67cd4c..3a67b316e 100755 --- a/service/pipelines/model.go +++ b/service/pipelines/model.go @@ -1315,7 +1315,7 @@ type RestartWindow struct { // Days of week in which the restart is allowed to happen (within a // five-hour window starting at start_hour). If not specified all days of // the week will be used. - DaysOfWeek RestartWindowDaysOfWeek `json:"days_of_week,omitempty"` + DaysOfWeek []RestartWindowDaysOfWeek `json:"days_of_week,omitempty"` // An integer between 0 and 23 denoting the start hour for the restart // window in the 24-hour day. Continuous pipeline restart is triggered only // within a five-hour window starting at this hour. diff --git a/service/pkg.go b/service/pkg.go index 3cebabf98..bd49b7d6b 100644 --- a/service/pkg.go +++ b/service/pkg.go @@ -48,10 +48,10 @@ // // - [marketplace.ConsumerProvidersAPI]: Providers are the entities that publish listings to the Marketplace. // -// - [provisioning.CredentialsAPI]: These APIs manage credential configurations for this workspace. -// // - [catalog.CredentialsAPI]: A credential represents an authentication and authorization mechanism for accessing services on your cloud tenant. // +// - [provisioning.CredentialsAPI]: These APIs manage credential configurations for this workspace. +// // - [settings.CredentialsManagerAPI]: Credentials manager interacts with with Identity Providers to to perform token exchanges using stored credentials and refresh tokens. // // - [settings.CspEnablementAccountAPI]: The compliance security profile settings at the account level control whether to enable it for new workspaces. @@ -88,6 +88,8 @@ // // - [catalog.ExternalLocationsAPI]: An external location is an object that combines a cloud storage path with a storage credential that authorizes access to the cloud storage path. // +// - [oauth2.AccountFederationPolicyAPI]: These APIs manage account federation policies. +// // - [files.FilesAPI]: The Files API is a standard HTTP API that allows you to read, write, list, and delete files and directories by referring to their URI. // // - [catalog.FunctionsAPI]: Functions implement User-Defined Functions (UDFs) in Unity Catalog. @@ -202,6 +204,8 @@ // // - [workspace.SecretsAPI]: The Secrets API allows you to manage secrets, secret scopes, and access permissions. // +// - [oauth2.ServicePrincipalFederationPolicyAPI]: These APIs manage service principal federation policies. +// // - [oauth2.ServicePrincipalSecretsAPI]: These APIs enable administrators to manage service principal secrets. // // - [iam.ServicePrincipalsAPI]: Identities for use with jobs, automated tools, and systems such as scripts, apps, and CI/CD platforms. @@ -319,8 +323,8 @@ var ( _ *marketplace.ConsumerListingsAPI = nil _ *marketplace.ConsumerPersonalizationRequestsAPI = nil _ *marketplace.ConsumerProvidersAPI = nil - _ *provisioning.CredentialsAPI = nil _ *catalog.CredentialsAPI = nil + _ *provisioning.CredentialsAPI = nil _ *settings.CredentialsManagerAPI = nil _ *settings.CspEnablementAccountAPI = nil _ *iam.CurrentUserAPI = nil @@ -339,6 +343,7 @@ var ( _ *settings.EsmEnablementAccountAPI = nil _ *ml.ExperimentsAPI = nil _ *catalog.ExternalLocationsAPI = nil + _ *oauth2.AccountFederationPolicyAPI = nil _ *files.FilesAPI = nil _ *catalog.FunctionsAPI = nil _ *dashboards.GenieAPI = nil @@ -396,6 +401,7 @@ var ( _ *settings.RestrictWorkspaceAdminsAPI = nil _ *catalog.SchemasAPI = nil _ *workspace.SecretsAPI = nil + _ *oauth2.ServicePrincipalFederationPolicyAPI = nil _ *oauth2.ServicePrincipalSecretsAPI = nil _ *iam.ServicePrincipalsAPI = nil _ *iam.AccountServicePrincipalsAPI = nil diff --git a/version/version.go b/version/version.go index 11fcaef4c..bac14e8c6 100644 --- a/version/version.go +++ b/version/version.go @@ -1,4 +1,4 @@ package version // Version of the SDK, updated manually before every tag -const Version = "0.53.0" +const Version = "0.54.0"