Skip to content

Commit 85f43e9

Browse files
authored
Added permissions support for Lakebase Database projects (#4626)
## Changes Added permissions support for Lakebase Database projects ## Why Permissions are supported in TF provider and API hence expanding to DABs ## Tests Added an acceptance test <!-- If your PR needs to be included in the release notes for next release, add a separate entry in NEXT_CHANGELOG.md as part of your PR. -->
1 parent bc211f9 commit 85f43e9

29 files changed

+408
-2
lines changed

NEXT_CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
### CLI
66

77
### Bundles
8+
* Added permissions support for Lakebase Database projects ([#4626](https://github.com/databricks/cli/pull/4626))
89

910
### Dependency updates
1011

acceptance/bundle/refschema/out.fields.txt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2627,6 +2627,12 @@ resources.postgres_projects.*.lifecycle resources.Lifecycle INPUT
26272627
resources.postgres_projects.*.lifecycle.prevent_destroy bool INPUT
26282628
resources.postgres_projects.*.modified_status string INPUT
26292629
resources.postgres_projects.*.name string REMOTE
2630+
resources.postgres_projects.*.permissions []resources.DatabaseProjectPermission INPUT
2631+
resources.postgres_projects.*.permissions[*] resources.DatabaseProjectPermission INPUT
2632+
resources.postgres_projects.*.permissions[*].group_name string INPUT
2633+
resources.postgres_projects.*.permissions[*].level resources.DatabaseProjectPermissionLevel INPUT
2634+
resources.postgres_projects.*.permissions[*].service_principal_name string INPUT
2635+
resources.postgres_projects.*.permissions[*].user_name string INPUT
26302636
resources.postgres_projects.*.pg_version int INPUT STATE
26312637
resources.postgres_projects.*.project_id string INPUT STATE
26322638
resources.postgres_projects.*.spec *postgres.ProjectSpec REMOTE
@@ -2667,6 +2673,13 @@ resources.postgres_projects.*.status.synthetic_storage_size_bytes int64 REMOTE
26672673
resources.postgres_projects.*.uid string REMOTE
26682674
resources.postgres_projects.*.update_time *time.Time REMOTE
26692675
resources.postgres_projects.*.url string INPUT
2676+
resources.postgres_projects.*.permissions.object_id string ALL
2677+
resources.postgres_projects.*.permissions.permissions []iam.AccessControlRequest ALL
2678+
resources.postgres_projects.*.permissions.permissions[*] iam.AccessControlRequest ALL
2679+
resources.postgres_projects.*.permissions.permissions[*].group_name string ALL
2680+
resources.postgres_projects.*.permissions.permissions[*].permission_level iam.PermissionLevel ALL
2681+
resources.postgres_projects.*.permissions.permissions[*].service_principal_name string ALL
2682+
resources.postgres_projects.*.permissions.permissions[*].user_name string ALL
26702683
resources.quality_monitors.*.assets_dir string ALL
26712684
resources.quality_monitors.*.baseline_table_name string ALL
26722685
resources.quality_monitors.*.custom_metrics []catalog.MonitorMetric ALL

acceptance/bundle/resources/permissions/output.txt

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -331,6 +331,25 @@ MATCH pipelines/other_can_manage/out.requests.deploy.direct.json
331331
EXACT pipelines/other_can_manage/out.requests.destroy.direct.json
332332
EXACT pipelines/other_is_owner/out.requests.deploy.direct.json
333333
EXACT pipelines/other_is_owner/out.requests.destroy.direct.json
334+
MATCH postgres_projects/current_can_manage/out.requests.deploy.direct.json
335+
DIFF postgres_projects/current_can_manage/out.requests.destroy.direct.json
336+
--- postgres_projects/current_can_manage/out.requests.destroy.direct.json
337+
+++ postgres_projects/current_can_manage/out.requests.destroy.terraform.json
338+
@@ -1 +1,14 @@
339+
-[]+[
340+
+ {
341+
+ "body": {
342+
+ "access_control_list": [
343+
+ {
344+
+ "permission_level": "CAN_MANAGE",
345+
+ "user_name": "[USERNAME]"
346+
+ }
347+
+ ]
348+
+ },
349+
+ "method": "PUT",
350+
+ "path": "/api/2.0/permissions/database-projects/test-project"
351+
+ }
352+
+]
334353
MATCH sql_warehouses/current_can_manage/out.requests.deploy.direct.json
335354
DIFF sql_warehouses/current_can_manage/out.requests.destroy.direct.json
336355
--- sql_warehouses/current_can_manage/out.requests.destroy.direct.json
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
bundle:
2+
name: test-bundle
3+
4+
resources:
5+
postgres_projects:
6+
foo:
7+
project_id: test-project
8+
display_name: Test Postgres Project
9+
permissions:
10+
- level: CAN_USE
11+
user_name: viewer@example.com
12+
- level: CAN_MANAGE
13+
group_name: data-team
14+
- level: CAN_MANAGE
15+
service_principal_name: f37d18cd-98a8-4db5-8112-12dd0a6bfe38
16+
- level: CAN_MANAGE
17+
user_name: tester@databricks.com
Lines changed: 47 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,47 @@
1+
{
2+
"plan_version": 2,
3+
"cli_version": "[DEV_VERSION]",
4+
"plan": {
5+
"resources.postgres_projects.foo": {
6+
"action": "create",
7+
"new_state": {
8+
"value": {
9+
"display_name": "Test Postgres Project",
10+
"project_id": "test-project"
11+
}
12+
}
13+
},
14+
"resources.postgres_projects.foo.permissions": {
15+
"depends_on": [
16+
{
17+
"node": "resources.postgres_projects.foo",
18+
"label": "${resources.postgres_projects.foo.project_id}"
19+
}
20+
],
21+
"action": "create",
22+
"new_state": {
23+
"value": {
24+
"object_id": "/database-projects/test-project",
25+
"permissions": [
26+
{
27+
"permission_level": "CAN_USE",
28+
"user_name": "viewer@example.com"
29+
},
30+
{
31+
"group_name": "data-team",
32+
"permission_level": "CAN_MANAGE"
33+
},
34+
{
35+
"permission_level": "CAN_MANAGE",
36+
"service_principal_name": "[UUID]"
37+
},
38+
{
39+
"permission_level": "CAN_MANAGE",
40+
"user_name": "[USERNAME]"
41+
}
42+
]
43+
}
44+
}
45+
}
46+
}
47+
}
Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
{
2+
"cli_version": "[DEV_VERSION]",
3+
"plan": {
4+
"resources.postgres_projects.foo": {
5+
"action": "create"
6+
},
7+
"resources.postgres_projects.foo.permissions": {
8+
"action": "create"
9+
}
10+
}
11+
}
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{
2+
"method": "PUT",
3+
"path": "/api/2.0/permissions/database-projects/test-project",
4+
"body": {
5+
"access_control_list": [
6+
{
7+
"permission_level": "CAN_USE",
8+
"user_name": "viewer@example.com"
9+
},
10+
{
11+
"group_name": "data-team",
12+
"permission_level": "CAN_MANAGE"
13+
},
14+
{
15+
"permission_level": "CAN_MANAGE",
16+
"service_principal_name": "[UUID]"
17+
},
18+
{
19+
"permission_level": "CAN_MANAGE",
20+
"user_name": "[USERNAME]"
21+
}
22+
]
23+
}
24+
}
Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{
2+
"method": "PUT",
3+
"path": "/api/2.0/permissions/database-projects/test-project",
4+
"body": {
5+
"access_control_list": [
6+
{
7+
"permission_level": "CAN_USE",
8+
"user_name": "viewer@example.com"
9+
},
10+
{
11+
"permission_level": "CAN_MANAGE",
12+
"service_principal_name": "[UUID]"
13+
},
14+
{
15+
"group_name": "data-team",
16+
"permission_level": "CAN_MANAGE"
17+
},
18+
{
19+
"permission_level": "CAN_MANAGE",
20+
"user_name": "[USERNAME]"
21+
}
22+
]
23+
}
24+
}

acceptance/bundle/resources/permissions/postgres_projects/current_can_manage/out.requests.destroy.direct.json

Whitespace-only changes.
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
{
2+
"method": "PUT",
3+
"path": "/api/2.0/permissions/database-projects/test-project",
4+
"body": {
5+
"access_control_list": [
6+
{
7+
"permission_level": "CAN_MANAGE",
8+
"user_name": "[USERNAME]"
9+
}
10+
]
11+
}
12+
}

0 commit comments

Comments
 (0)