WIP: Add databricks permissions command #314
Conversation
| } | ||
|
|
||
|
|
||
| class PermissionsApi(object): |
There was a problem hiding this comment.
This class doesn't expose a way to set / update permissions.
There was a problem hiding this comment.
Thank you, that's a good point I'll fix it.
There was a problem hiding this comment.
I'll add update, but looking at https://docs.databricks.com/dev-tools/api/latest/permissions.html#operation/update-all-notebook-permissions
I'm kinda skeptical of set_permissions. The issue I have is it's dangerous, you could wipe all permission out everywhere if you are not careful.
I'm going to leave that out of this pr, and start a thread with engineering to determine if that's something that should be exposed.
| return | ||
|
|
||
| click.echo(pretty_format(perms_api.add_permissions(object_type, object_id, all_permissions))) | ||
|
|
There was a problem hiding this comment.
We should add support for the following:
- Set / update permissions
- Ability to specify multiple permissions (not sure if this is possible already)
There was a problem hiding this comment.
I'll take note of that.
I also need to add some tests, and I'll cover those as part of the tests.
| } | ||
| } | ||
|
|
||
|
|
There was a problem hiding this comment.
Can we add tests for other operations as well?
There was a problem hiding this comment.
Yes. :). Oversight.
I'm trying to collect all of the bits I have, and get them pushed.
Once there are tests and better coverage, we can take another look.
Move get_id_for_directory from PermissionsApi to WorkspaceApi
…n error that said level. :(
…nts, as that breaks existing code
areese
changed the title
|
This is still WIP, there are a number of requests from @gauthamsunjay that need to be addressed, once those are fixed, we can review again. |
…ssions api calls to make life easier
Move from argument to option so help can be provided. Share the same help text across all of the databricks permissions functions
Move from --object_type to --object-id to be inline with other commands Fix tests to validate the test output the same way clusters does
…ype hint not being the first line of the functions Remove an unused variable from tests/permissions/test_cli.py
1. Reuse the same help string for all object types 2. Update the group help to display the object types, it could be hard coded or displayed a lot cleaner. 3. object-id is always required, even on list, need to find out why 4. Remove if not object_type checks, as object type is a required option 5. Add mostly complete tests for list-permission-types, I do not have registered-models or instance-pools data available
Fix line too long lint errors. Fix errors looking up instance-pools in the enum
$ databricks permissions add --object-type clusters --object-id foo Error: Missing None. One of ['group-name', 'user-name', 'service-name'] must be provided. $ databricks permissions add --object-type clusters --object-id foo Error: Missing option '--group-name'. One of ['group-name', 'user-name', 'service-name'] must be provided.
Cleanup ordering of commands added to the group Remove checks that are done by click and are not required in databricks permissions add
Rename databricks_cli/permissions/api.py:Lookups to PermissionsLookup PermissionsLookup.from_name should raise a useful error with a message instead of KeyError Remove more error checking that is done by click. --permission-level should be checked by click to provide a useful error
Use click.Choice to validate permission levels Add test for databricks permissions add clusters manage
…ions api and service better
Allow PermissionsObject to init with constructor databricks permissions ls should require path, and path should have help Add more tests
Remove dead code that wasn't called Update tests to cover all of the commands
…detecting bad combinations easier
|
|
||
|
|
||
| class PermissionTargets(Enum): | ||
| clusters = 'clusters' |
There was a problem hiding this comment.
logically this should rather be a dictionary or list of tuples, because it's mixing two different things under same enumeration.
e.g. cluster is the object type and clusters is the prefix for object it,
| return ', '.join([e.value for e in PermissionLevel]) | ||
|
|
||
|
|
||
| class BasicPermissions(object): |
There was a problem hiding this comment.
it looks over-engineered. please simplify.
technically, it all can be replaced by single simple lookup structure.
| @click.command(context_settings=CONTEXT_SETTINGS, | ||
| short_help='Get permissions for an item. ' + POSSIBLE_OBJECT_TYPES) | ||
| @click.option('--object-type', required=True, help=POSSIBLE_OBJECT_TYPES) | ||
| @click.option('--object-id', required=True, help='object id to require permission about') |
There was a problem hiding this comment.
why not providing one of kind of arguments? e.g. --cluster-id, --job-id, --tokens, --passwords, --cluster-policy-id and etc? CLI is supposed to simplify usage for admins and not always be 1-1 mapping to API resources.
| @click.option('--group-name', metavar='<string>', cls=OneOfOption, | ||
| one_of=GROUP_USER_SERVICE_OPTIONS) | ||
| @click.option('--user-name', metavar='<string>', cls=OneOfOption, one_of=GROUP_USER_SERVICE_OPTIONS) | ||
| @click.option('--service-name', metavar='<string>', cls=OneOfOption, |
There was a problem hiding this comment.
it's not really a service name, but --service-principal
| # limitations under the License. | ||
|
|
||
|
|
||
| class PermissionsError(Exception): |
There was a problem hiding this comment.
why do we need a file for two lines of code? why it cannot be in the same file as where it's thrown from?
| @@ -0,0 +1,95 @@ | |||
| from typing import Optional | |||
|
|
|||
| from databricks_cli.sdk.preview_service import PreviewService | |||
There was a problem hiding this comment.
there's no such a thing as preview service. please remove or rename to something like PreviewStability
There was a problem hiding this comment.
That's reasonable.
I'm probably going to use the newer openapi spec that is part of the rest specification and rewrite this differently.
|
FYI: This is stale, it has semi-useful code but has a lot to be addressed. |
This is a public preview api