@databricks/sdk-secrets 0.1.0-dev.3 → 0.1.0-dev.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/src/v1/client.ts DELETED
@@ -1,700 +0,0 @@
1
- // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
-
3
- import {VERSION as AUTH_VERSION} from '@databricks/sdk-auth';
4
- import {createDefault} from '@databricks/sdk-core/clientinfo';
5
- import type {Logger} from '@databricks/sdk-core/logger';
6
- import {NoOpLogger} from '@databricks/sdk-core/logger';
7
- import type {CallOptions} from '@databricks/sdk-options/call';
8
- import type {ClientOptions} from '@databricks/sdk-options/client';
9
- import type {HttpClient} from '@databricks/sdk-core/http';
10
- import {newHttpClient} from './transport';
11
- import {
12
- buildHttpRequest,
13
- executeCall,
14
- executeHttpCall,
15
- marshalRequest,
16
- parseResponse,
17
- } from './utils';
18
- import pkgJson from '../../package.json' with {type: 'json'};
19
- import type {
20
- AclItem,
21
- CreateScopeRequest,
22
- CreateScopeResponse,
23
- DeleteAclRequest,
24
- DeleteAclResponse,
25
- DeleteScopeRequest,
26
- DeleteScopeResponse,
27
- DeleteSecretRequest,
28
- DeleteSecretResponse,
29
- GetAclRequest,
30
- GetSecretRequest,
31
- GetSecretResponse,
32
- ListAclsRequest,
33
- ListAclsResponse,
34
- ListScopesRequest,
35
- ListScopesResponse,
36
- ListSecretsRequest,
37
- ListSecretsResponse,
38
- PutAclRequest,
39
- PutAclResponse,
40
- PutSecretRequest,
41
- PutSecretResponse,
42
- } from './model';
43
- import {
44
- marshalCreateScopeRequestSchema,
45
- marshalDeleteAclRequestSchema,
46
- marshalDeleteScopeRequestSchema,
47
- marshalDeleteSecretRequestSchema,
48
- marshalPutAclRequestSchema,
49
- marshalPutSecretRequestSchema,
50
- unmarshalAclItemSchema,
51
- unmarshalCreateScopeResponseSchema,
52
- unmarshalDeleteAclResponseSchema,
53
- unmarshalDeleteScopeResponseSchema,
54
- unmarshalDeleteSecretResponseSchema,
55
- unmarshalGetSecretResponseSchema,
56
- unmarshalListAclsResponseSchema,
57
- unmarshalListScopesResponseSchema,
58
- unmarshalListSecretsResponseSchema,
59
- unmarshalPutAclResponseSchema,
60
- unmarshalPutSecretResponseSchema,
61
- } from './model';
62
-
63
- // Package identity segment for this client to be used in the User-Agent header.
64
- const PACKAGE_SEGMENT = {
65
- key: 'sdk-js-' + pkgJson.name.replace(/^@[^/]+\/sdk-/, ''),
66
- value: pkgJson.version,
67
- };
68
-
69
- export class SecretsClient {
70
- private readonly host: string;
71
- // Workspace ID used to route workspace-level calls on unified hosts (SPOG).
72
- // When set, workspace-level methods send X-Databricks-Org-Id on every
73
- // request.
74
- private readonly workspaceId: string | undefined;
75
- private readonly httpClient: HttpClient;
76
- private readonly logger: Logger;
77
- // User-Agent header value. Composed once at construction from
78
- // createDefault() merged with this package's identity and the active
79
- // credential's name.
80
- private readonly userAgent: string;
81
-
82
- constructor(options: ClientOptions) {
83
- if (options.host === undefined) {
84
- throw new Error('Host is required.');
85
- }
86
- this.host = options.host.replace(/\/$/, '');
87
- this.workspaceId = options.workspaceId;
88
- this.logger = options.logger ?? new NoOpLogger();
89
- const info = createDefault()
90
- .with(PACKAGE_SEGMENT)
91
- .with({key: 'sdk-js-auth', value: AUTH_VERSION})
92
- .with({key: 'auth', value: options.credentials?.name() ?? 'default'});
93
- this.userAgent = info.toString();
94
- this.httpClient = newHttpClient(options);
95
- }
96
-
97
- /**
98
- * Creates a new secret scope.
99
- *
100
- * The scope name must consist of alphanumeric characters, dashes, underscores, and
101
- * periods, and may not exceed 128 characters.
102
- *
103
- * Example request:
104
- *
105
- * .. code::
106
- *
107
- * {
108
- * "scope": "my-simple-databricks-scope",
109
- * "initial_manage_principal": "users"
110
- * "scope_backend_type": "databricks|azure_keyvault",
111
- * # below is only required if scope type is azure_keyvault
112
- * "backend_azure_keyvault": {
113
- * "resource_id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxx/providers/Microsoft.KeyVault/vaults/xxxx",
114
- * "tenant_id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
115
- * "dns_name": "https://xxxx.vault.azure.net/",
116
- * }
117
- * }
118
- *
119
- * If ``initial_manage_principal`` is specified, the initial ACL applied to the scope is
120
- * applied to the supplied principal (user or group) with ``MANAGE`` permissions.
121
- * The only supported principal for this option is the group ``users``, which
122
- * contains all users in the workspace. If ``initial_manage_principal`` is not specified,
123
- * the initial ACL with ``MANAGE`` permission applied to the scope is assigned to the
124
- * API request issuer's user identity.
125
- *
126
- * If ``scope_backend_type`` is ``azure_keyvault``, a secret scope is created with secrets
127
- * from a given Azure KeyVault. The caller must provide the keyvault_resource_id and the tenant_id
128
- * for the key vault. If ``scope_backend_type`` is ``databricks`` or is unspecified, an empty
129
- * secret scope is created and stored in <Databricks>'s own storage.
130
- *
131
- *
132
- * Throws ``RESOURCE_ALREADY_EXISTS`` if a scope with the given name already exists.
133
- * Throws ``RESOURCE_LIMIT_EXCEEDED`` if maximum number of scopes in the workspace is exceeded.
134
- * Throws ``INVALID_PARAMETER_VALUE`` if the scope name is invalid.
135
- * Throws ``BAD_REQUEST`` if request violated constraints.
136
- * Throws ``CUSTOMER_UNAUTHORIZED`` if normal user attempts to create a scope with name reserved for databricks internal usage.
137
- * Throws ``UNAUTHENTICATED`` if unable to verify user access permission on Azure KeyVault
138
- */
139
- async createScope(
140
- req: CreateScopeRequest,
141
- options?: CallOptions
142
- ): Promise<CreateScopeResponse> {
143
- const url = `${this.host}/api/2.0/secrets/scopes/create`;
144
- const body = marshalRequest(req, marshalCreateScopeRequestSchema);
145
- let resp: CreateScopeResponse | undefined;
146
- const call = async (callSignal?: AbortSignal): Promise<void> => {
147
- const headers = new Headers({'Content-Type': 'application/json'});
148
- if (this.workspaceId !== undefined) {
149
- headers.set('X-Databricks-Org-Id', this.workspaceId);
150
- }
151
- headers.set('User-Agent', this.userAgent);
152
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
153
- const respBody = await executeHttpCall({
154
- request: httpReq,
155
- httpClient: this.httpClient,
156
- logger: this.logger,
157
- });
158
- resp = parseResponse(respBody, unmarshalCreateScopeResponseSchema);
159
- };
160
- await executeCall(call, options);
161
- if (resp === undefined) {
162
- throw new Error('operation completed without a result.');
163
- }
164
- return resp;
165
- }
166
-
167
- /**
168
- * Deletes the given ACL on the given scope.
169
- *
170
- * Users must have the ``MANAGE`` permission to invoke this API.
171
- *
172
- * Example request:
173
- *
174
- * .. code::
175
- *
176
- * {
177
- * "scope": "my-secret-scope",
178
- * "principal": "data-scientists"
179
- * }
180
- *
181
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope, principal, or ACL exists.
182
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
183
- * Throws ``INVALID_PARAMETER_VALUE`` if the permission or principal is invalid.
184
- */
185
- async deleteAcl(
186
- req: DeleteAclRequest,
187
- options?: CallOptions
188
- ): Promise<DeleteAclResponse> {
189
- const url = `${this.host}/api/2.0/secrets/acls/delete`;
190
- const body = marshalRequest(req, marshalDeleteAclRequestSchema);
191
- let resp: DeleteAclResponse | undefined;
192
- const call = async (callSignal?: AbortSignal): Promise<void> => {
193
- const headers = new Headers({'Content-Type': 'application/json'});
194
- if (this.workspaceId !== undefined) {
195
- headers.set('X-Databricks-Org-Id', this.workspaceId);
196
- }
197
- headers.set('User-Agent', this.userAgent);
198
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
199
- const respBody = await executeHttpCall({
200
- request: httpReq,
201
- httpClient: this.httpClient,
202
- logger: this.logger,
203
- });
204
- resp = parseResponse(respBody, unmarshalDeleteAclResponseSchema);
205
- };
206
- await executeCall(call, options);
207
- if (resp === undefined) {
208
- throw new Error('operation completed without a result.');
209
- }
210
- return resp;
211
- }
212
-
213
- /**
214
- * Deletes a secret scope.
215
- *
216
- * Example request:
217
- *
218
- * .. code::
219
- *
220
- * {
221
- * "scope": "my-secret-scope"
222
- * }
223
- *
224
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if the scope does not exist.
225
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
226
- * Throws ``BAD_REQUEST`` if system user attempts to delete internal secret scope.
227
- */
228
- async deleteScope(
229
- req: DeleteScopeRequest,
230
- options?: CallOptions
231
- ): Promise<DeleteScopeResponse> {
232
- const url = `${this.host}/api/2.0/secrets/scopes/delete`;
233
- const body = marshalRequest(req, marshalDeleteScopeRequestSchema);
234
- let resp: DeleteScopeResponse | undefined;
235
- const call = async (callSignal?: AbortSignal): Promise<void> => {
236
- const headers = new Headers({'Content-Type': 'application/json'});
237
- if (this.workspaceId !== undefined) {
238
- headers.set('X-Databricks-Org-Id', this.workspaceId);
239
- }
240
- headers.set('User-Agent', this.userAgent);
241
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
242
- const respBody = await executeHttpCall({
243
- request: httpReq,
244
- httpClient: this.httpClient,
245
- logger: this.logger,
246
- });
247
- resp = parseResponse(respBody, unmarshalDeleteScopeResponseSchema);
248
- };
249
- await executeCall(call, options);
250
- if (resp === undefined) {
251
- throw new Error('operation completed without a result.');
252
- }
253
- return resp;
254
- }
255
-
256
- /**
257
- * Deletes the secret stored in this secret scope. You must have ``WRITE`` or ``MANAGE``
258
- * permission on the Secret Scope.
259
- *
260
- * Example request:
261
- *
262
- * .. code::
263
- *
264
- * {
265
- * "scope": "my-secret-scope",
266
- * "key": "my-secret-key"
267
- * }
268
- *
269
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope or secret exists.
270
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
271
- * Throws ``BAD_REQUEST`` if system user attempts to delete an internal secret, or request is made against Azure KeyVault backed scope.
272
- */
273
- async deleteSecret(
274
- req: DeleteSecretRequest,
275
- options?: CallOptions
276
- ): Promise<DeleteSecretResponse> {
277
- const url = `${this.host}/api/2.0/secrets/delete`;
278
- const body = marshalRequest(req, marshalDeleteSecretRequestSchema);
279
- let resp: DeleteSecretResponse | undefined;
280
- const call = async (callSignal?: AbortSignal): Promise<void> => {
281
- const headers = new Headers({'Content-Type': 'application/json'});
282
- if (this.workspaceId !== undefined) {
283
- headers.set('X-Databricks-Org-Id', this.workspaceId);
284
- }
285
- headers.set('User-Agent', this.userAgent);
286
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
287
- const respBody = await executeHttpCall({
288
- request: httpReq,
289
- httpClient: this.httpClient,
290
- logger: this.logger,
291
- });
292
- resp = parseResponse(respBody, unmarshalDeleteSecretResponseSchema);
293
- };
294
- await executeCall(call, options);
295
- if (resp === undefined) {
296
- throw new Error('operation completed without a result.');
297
- }
298
- return resp;
299
- }
300
-
301
- /**
302
- * Describes the details about the given ACL, such as the group and permission.
303
- *
304
- * Users must have the ``MANAGE`` permission to invoke this API.
305
- *
306
- * Example response:
307
- *
308
- * .. code::
309
- *
310
- * {
311
- * "principal": "data-scientists",
312
- * "permission": "READ"
313
- * }
314
- *
315
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope exists.
316
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
317
- * Throws ``INVALID_PARAMETER_VALUE`` if the permission or principal is invalid.
318
- */
319
- async getAcl(req: GetAclRequest, options?: CallOptions): Promise<AclItem> {
320
- const url = `${this.host}/api/2.0/secrets/acls/get`;
321
- const params = new URLSearchParams();
322
- if (req.scope !== undefined) {
323
- params.append('scope', req.scope);
324
- }
325
- if (req.principal !== undefined) {
326
- params.append('principal', req.principal);
327
- }
328
- const query = params.toString();
329
- const fullUrl = query !== '' ? `${url}?${query}` : url;
330
- let resp: AclItem | undefined;
331
- const call = async (callSignal?: AbortSignal): Promise<void> => {
332
- const headers = new Headers();
333
- if (this.workspaceId !== undefined) {
334
- headers.set('X-Databricks-Org-Id', this.workspaceId);
335
- }
336
- headers.set('User-Agent', this.userAgent);
337
- const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal);
338
- const respBody = await executeHttpCall({
339
- request: httpReq,
340
- httpClient: this.httpClient,
341
- logger: this.logger,
342
- });
343
- resp = parseResponse(respBody, unmarshalAclItemSchema);
344
- };
345
- await executeCall(call, options);
346
- if (resp === undefined) {
347
- throw new Error('operation completed without a result.');
348
- }
349
- return resp;
350
- }
351
-
352
- /**
353
- * Gets a secret for a given key and scope. This API can only be called from the DBUtils
354
- * interface. Users need the READ permission to make this call.
355
- *
356
- * Example response:
357
- *
358
- * .. code::
359
- *
360
- * {
361
- * "key": "my-string-key",
362
- * "value": <bytes of the secret value>
363
- * }
364
- *
365
- * Note that the secret value returned is in bytes. The interpretation of the bytes
366
- * is determined by the caller in DBUtils and the type the data is decoded into.
367
- *
368
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret or secret scope exists.
369
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
370
- *
371
- * Note: This is explicitly an undocumented API. It also doesn't need to be supported
372
- * for the /preview prefix, because it's not a customer-facing API (i.e. only used
373
- * for DBUtils SecretUtils to fetch secrets).
374
- *
375
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope or secret exists.
376
- * Throws ``BAD_REQUEST`` if normal user calls get secret outside of a notebook.
377
- * AKV specific errors:
378
- * Throws ``INVALID_PARAMETER_VALUE`` if secret name is not alphanumeric or too long.
379
- * Throws ``PERMISSION_DENIED`` if secret manager cannot access AKV with 403 error
380
- * Throws ``MALFORMED_REQUEST`` if secret manager cannot access AKV with any other 4xx error
381
- */
382
- async getSecret(
383
- req: GetSecretRequest,
384
- options?: CallOptions
385
- ): Promise<GetSecretResponse> {
386
- const url = `${this.host}/api/2.0/secrets/get`;
387
- const params = new URLSearchParams();
388
- if (req.scope !== undefined) {
389
- params.append('scope', req.scope);
390
- }
391
- if (req.key !== undefined) {
392
- params.append('key', req.key);
393
- }
394
- const query = params.toString();
395
- const fullUrl = query !== '' ? `${url}?${query}` : url;
396
- let resp: GetSecretResponse | undefined;
397
- const call = async (callSignal?: AbortSignal): Promise<void> => {
398
- const headers = new Headers();
399
- if (this.workspaceId !== undefined) {
400
- headers.set('X-Databricks-Org-Id', this.workspaceId);
401
- }
402
- headers.set('User-Agent', this.userAgent);
403
- const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal);
404
- const respBody = await executeHttpCall({
405
- request: httpReq,
406
- httpClient: this.httpClient,
407
- logger: this.logger,
408
- });
409
- resp = parseResponse(respBody, unmarshalGetSecretResponseSchema);
410
- };
411
- await executeCall(call, options);
412
- if (resp === undefined) {
413
- throw new Error('operation completed without a result.');
414
- }
415
- return resp;
416
- }
417
-
418
- /**
419
- * Lists the ACLs set on the given scope.
420
- *
421
- * Users must have the ``MANAGE`` permission to invoke this API.
422
- *
423
- * Example response:
424
- *
425
- * .. code::
426
- *
427
- * {
428
- * "acls": [{
429
- * "principal": "admins",
430
- * "permission": "MANAGE"
431
- * },{
432
- * "principal": "data-scientists",
433
- * "permission": "READ"
434
- * }]
435
- * }
436
- *
437
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope exists.
438
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
439
- */
440
- async listAcls(
441
- req: ListAclsRequest,
442
- options?: CallOptions
443
- ): Promise<ListAclsResponse> {
444
- const url = `${this.host}/api/2.0/secrets/acls/list`;
445
- const params = new URLSearchParams();
446
- if (req.scope !== undefined) {
447
- params.append('scope', req.scope);
448
- }
449
- const query = params.toString();
450
- const fullUrl = query !== '' ? `${url}?${query}` : url;
451
- let resp: ListAclsResponse | undefined;
452
- const call = async (callSignal?: AbortSignal): Promise<void> => {
453
- const headers = new Headers();
454
- if (this.workspaceId !== undefined) {
455
- headers.set('X-Databricks-Org-Id', this.workspaceId);
456
- }
457
- headers.set('User-Agent', this.userAgent);
458
- const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal);
459
- const respBody = await executeHttpCall({
460
- request: httpReq,
461
- httpClient: this.httpClient,
462
- logger: this.logger,
463
- });
464
- resp = parseResponse(respBody, unmarshalListAclsResponseSchema);
465
- };
466
- await executeCall(call, options);
467
- if (resp === undefined) {
468
- throw new Error('operation completed without a result.');
469
- }
470
- return resp;
471
- }
472
-
473
- /**
474
- * Lists all secret scopes available in the workspace.
475
- *
476
- * Example response:
477
- *
478
- * .. code::
479
- *
480
- * {
481
- * "scopes": [{
482
- * "name": "my-databricks-scope",
483
- * "backend_type": "DATABRICKS"
484
- * },{
485
- * "name": "mount-points",
486
- * "backend_type": "DATABRICKS"
487
- * }]
488
- * }
489
- *
490
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
491
- */
492
- async listScopes(
493
- _req: ListScopesRequest,
494
- options?: CallOptions
495
- ): Promise<ListScopesResponse> {
496
- const url = `${this.host}/api/2.0/secrets/scopes/list`;
497
- let resp: ListScopesResponse | undefined;
498
- const call = async (callSignal?: AbortSignal): Promise<void> => {
499
- const headers = new Headers();
500
- if (this.workspaceId !== undefined) {
501
- headers.set('X-Databricks-Org-Id', this.workspaceId);
502
- }
503
- headers.set('User-Agent', this.userAgent);
504
- const httpReq = buildHttpRequest('GET', url, headers, callSignal);
505
- const respBody = await executeHttpCall({
506
- request: httpReq,
507
- httpClient: this.httpClient,
508
- logger: this.logger,
509
- });
510
- resp = parseResponse(respBody, unmarshalListScopesResponseSchema);
511
- };
512
- await executeCall(call, options);
513
- if (resp === undefined) {
514
- throw new Error('operation completed without a result.');
515
- }
516
- return resp;
517
- }
518
-
519
- /**
520
- * Lists the secret keys that are stored at this scope. This is a metadata-only
521
- * operation; secret data cannot be retrieved using this API. Users need the READ
522
- * permission to make this call.
523
- *
524
- * Example response:
525
- *
526
- * .. code::
527
- *
528
- * {
529
- * "secrets": [
530
- * {
531
- * "key": "my-string-key"",
532
- * "last_updated_timestamp": "1520467595000"
533
- * },
534
- * {
535
- * "key": "my-byte-key",
536
- * "last_updated_timestamp": "1520467595000"
537
- * },
538
- * ]
539
- * }
540
- *
541
- * The lastUpdatedTimestamp returned is in milliseconds since epoch.
542
- *
543
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope exists.
544
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
545
- */
546
- async listSecrets(
547
- req: ListSecretsRequest,
548
- options?: CallOptions
549
- ): Promise<ListSecretsResponse> {
550
- const url = `${this.host}/api/2.0/secrets/list`;
551
- const params = new URLSearchParams();
552
- if (req.scope !== undefined) {
553
- params.append('scope', req.scope);
554
- }
555
- const query = params.toString();
556
- const fullUrl = query !== '' ? `${url}?${query}` : url;
557
- let resp: ListSecretsResponse | undefined;
558
- const call = async (callSignal?: AbortSignal): Promise<void> => {
559
- const headers = new Headers();
560
- if (this.workspaceId !== undefined) {
561
- headers.set('X-Databricks-Org-Id', this.workspaceId);
562
- }
563
- headers.set('User-Agent', this.userAgent);
564
- const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal);
565
- const respBody = await executeHttpCall({
566
- request: httpReq,
567
- httpClient: this.httpClient,
568
- logger: this.logger,
569
- });
570
- resp = parseResponse(respBody, unmarshalListSecretsResponseSchema);
571
- };
572
- await executeCall(call, options);
573
- if (resp === undefined) {
574
- throw new Error('operation completed without a result.');
575
- }
576
- return resp;
577
- }
578
-
579
- /**
580
- * Creates or overwrites the ACL associated with the given principal (user or group) on the
581
- * specified scope point. In general, a user or group will use the most powerful
582
- * permission available to them, and permissions are ordered as follows:
583
- *
584
- * * ``MANAGE`` - Allowed to change ACLs, and read and write to this secret scope.
585
- * * ``WRITE`` - Allowed to read and write to this secret scope.
586
- * * ``READ`` - Allowed to read this secret scope and list what secrets are available.
587
- *
588
- * Note that in general, secret values can only be read from within a command
589
- * on a cluster (for example, through a notebook). There is no API to read the actual
590
- * secret value material outside of a cluster. However, the user's permission will be
591
- * applied based on who is executing the command, and they must have at least READ permission.
592
- *
593
- * Users must have the ``MANAGE`` permission to invoke this API.
594
- *
595
- * Example request:
596
- *
597
- * .. code::
598
- *
599
- * {
600
- * "scope": "my-secret-scope",
601
- * "principal": "data-scientists",
602
- * "permission": "READ"
603
- * }
604
- *
605
- * The principal is a user or group name corresponding to an existing <Databricks>
606
- * principal to be granted or revoked access.
607
- *
608
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope exists.
609
- * Throws ``RESOURCE_ALREADY_EXISTS`` if a permission for the principal already exists.
610
- * Throws ``INVALID_PARAMETER_VALUE`` if the permission or principal is invalid.
611
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
612
- */
613
- async putAcl(
614
- req: PutAclRequest,
615
- options?: CallOptions
616
- ): Promise<PutAclResponse> {
617
- const url = `${this.host}/api/2.0/secrets/acls/put`;
618
- const body = marshalRequest(req, marshalPutAclRequestSchema);
619
- let resp: PutAclResponse | undefined;
620
- const call = async (callSignal?: AbortSignal): Promise<void> => {
621
- const headers = new Headers({'Content-Type': 'application/json'});
622
- if (this.workspaceId !== undefined) {
623
- headers.set('X-Databricks-Org-Id', this.workspaceId);
624
- }
625
- headers.set('User-Agent', this.userAgent);
626
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
627
- const respBody = await executeHttpCall({
628
- request: httpReq,
629
- httpClient: this.httpClient,
630
- logger: this.logger,
631
- });
632
- resp = parseResponse(respBody, unmarshalPutAclResponseSchema);
633
- };
634
- await executeCall(call, options);
635
- if (resp === undefined) {
636
- throw new Error('operation completed without a result.');
637
- }
638
- return resp;
639
- }
640
-
641
- /**
642
- * Inserts a secret under the provided scope with the given name. If a secret already
643
- * exists with the same name, this command overwrites the existing secret's value.
644
- * The server encrypts the secret using the secret scope's encryption settings before
645
- * storing it. You must have ``WRITE`` or ``MANAGE`` permission on the secret scope.
646
- *
647
- * The secret key must consist of alphanumeric characters, dashes, underscores,
648
- * and periods, and cannot exceed 128 characters. The maximum allowed secret
649
- * value size is 128 KB. The maximum number of secrets in a given scope is
650
- * 1000.
651
- *
652
- * Example request:
653
- *
654
- * .. code::
655
- *
656
- * {
657
- * "scope": "my-databricks-scope",
658
- * "key": "my-string-key",
659
- * "string_value": "foobar"
660
- * }
661
- *
662
- * The input fields "string_value" or "bytes_value"
663
- * specify the type of the secret, which will determine the value returned when
664
- * the secret value is requested. Exactly one must be specified.
665
- *
666
- * Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret scope exists.
667
- * Throws ``RESOURCE_LIMIT_EXCEEDED`` if maximum number of secrets in scope is exceeded.
668
- * Throws ``INVALID_PARAMETER_VALUE`` if the request parameters are invalid.
669
- * Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
670
- * Throws ``MALFORMED_REQUEST`` if request is incorrectly formatted or conflicting.
671
- * Throws ``BAD_REQUEST`` if request is made against Azure KeyVault backed scope.
672
- */
673
- async putSecret(
674
- req: PutSecretRequest,
675
- options?: CallOptions
676
- ): Promise<PutSecretResponse> {
677
- const url = `${this.host}/api/2.0/secrets/put`;
678
- const body = marshalRequest(req, marshalPutSecretRequestSchema);
679
- let resp: PutSecretResponse | undefined;
680
- const call = async (callSignal?: AbortSignal): Promise<void> => {
681
- const headers = new Headers({'Content-Type': 'application/json'});
682
- if (this.workspaceId !== undefined) {
683
- headers.set('X-Databricks-Org-Id', this.workspaceId);
684
- }
685
- headers.set('User-Agent', this.userAgent);
686
- const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
687
- const respBody = await executeHttpCall({
688
- request: httpReq,
689
- httpClient: this.httpClient,
690
- logger: this.logger,
691
- });
692
- resp = parseResponse(respBody, unmarshalPutSecretResponseSchema);
693
- };
694
- await executeCall(call, options);
695
- if (resp === undefined) {
696
- throw new Error('operation completed without a result.');
697
- }
698
- return resp;
699
- }
700
- }