@databricks/sdk-uc-credentials 0.0.0-dev → 0.1.0-dev.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,1274 @@
1
+ import { z } from 'zod';
2
+ export declare enum IsolationMode {
3
+ ISOLATION_MODE_UNSPECIFIED = "ISOLATION_MODE_UNSPECIFIED",
4
+ ISOLATION_MODE_OPEN = "ISOLATION_MODE_OPEN",
5
+ ISOLATION_MODE_ISOLATED = "ISOLATION_MODE_ISOLATED"
6
+ }
7
+ export declare enum PathOperation {
8
+ PATH_READ = "PATH_READ",
9
+ PATH_READ_WRITE = "PATH_READ_WRITE",
10
+ PATH_CREATE_TABLE = "PATH_CREATE_TABLE"
11
+ }
12
+ export declare enum TableOperation {
13
+ READ = "READ",
14
+ READ_WRITE = "READ_WRITE"
15
+ }
16
+ export declare enum VolumeOperation {
17
+ READ_VOLUME = "READ_VOLUME",
18
+ WRITE_VOLUME = "WRITE_VOLUME"
19
+ }
20
+ /** A enum represents the result of the file operation */
21
+ export declare enum ValidateCredentialRequest_Result {
22
+ PASS = "PASS",
23
+ FAIL = "FAIL",
24
+ SKIP = "SKIP"
25
+ }
26
+ /**
27
+ * A enum represents the file operation performed on the external location
28
+ * with the storage credential
29
+ */
30
+ export declare enum ValidateStorageCredentialRequest_FileOperation {
31
+ LIST = "LIST",
32
+ READ = "READ",
33
+ WRITE = "WRITE",
34
+ DELETE = "DELETE",
35
+ PATH_EXISTS = "PATH_EXISTS"
36
+ }
37
+ /** A enum represents the result of the file operation */
38
+ export declare enum ValidateStorageCredentialRequest_Result {
39
+ PASS = "PASS",
40
+ FAIL = "FAIL",
41
+ SKIP = "SKIP"
42
+ }
43
+ export interface AccountsCreateStorageCredentialRequest {
44
+ /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
45
+ accountId?: string | undefined;
46
+ /** Unity Catalog metastore ID */
47
+ metastoreId?: string | undefined;
48
+ credentialInfo?: CreateAccountsStorageCredential | undefined;
49
+ /**
50
+ * Optional, default false.
51
+ * Supplying true to this argument skips validation of the created set of credentials.
52
+ */
53
+ skipValidation?: boolean | undefined;
54
+ }
55
+ export interface AccountsCreateStorageCredentialRequest_Response {
56
+ credentialInfo?: StorageCredentialInfo | undefined;
57
+ }
58
+ /** Deletes a storage credential for an account */
59
+ export interface AccountsDeleteStorageCredentialRequest {
60
+ /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
61
+ accountId?: string | undefined;
62
+ /** Unity Catalog metastore ID */
63
+ metastoreId?: string | undefined;
64
+ /** Name of the storage credential. */
65
+ nameArg?: string | undefined;
66
+ /** Force deletion even if the Storage Credential is not empty. Default is false. */
67
+ force?: boolean | undefined;
68
+ }
69
+ /** The storage credential was successfully deleted. */
70
+ export interface AccountsDeleteStorageCredentialRequest_Response {
71
+ }
72
+ /** Retrieves a single storage credential */
73
+ export interface AccountsGetStorageCredentialRequest {
74
+ /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
75
+ accountId?: string | undefined;
76
+ /** Unity Catalog metastore ID */
77
+ metastoreId?: string | undefined;
78
+ /** Required. Name of the storage credential. */
79
+ nameArg?: string | undefined;
80
+ }
81
+ /** The storage credential was successfully retrieved. */
82
+ export interface AccountsGetStorageCredentialRequest_Response {
83
+ credentialInfo?: StorageCredentialInfo | undefined;
84
+ }
85
+ /** Lists all storage credentials for the given account and metastore */
86
+ export interface AccountsListStorageCredentialsRequest {
87
+ /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
88
+ accountId?: string | undefined;
89
+ /** Unity Catalog metastore ID */
90
+ metastoreId?: string | undefined;
91
+ }
92
+ /** The metastore storage credentials were successfully returned. */
93
+ export interface AccountsListStorageCredentialsRequest_Response {
94
+ /** An array of metastore storage credentials. */
95
+ storageCredentials?: StorageCredentialInfo[] | undefined;
96
+ }
97
+ /** The storage credential to update. */
98
+ export interface AccountsUpdateStorageCredentialRequest {
99
+ /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
100
+ accountId?: string | undefined;
101
+ /** Unity Catalog metastore ID */
102
+ metastoreId?: string | undefined;
103
+ /** Name of the storage credential. */
104
+ nameArg?: string | undefined;
105
+ credentialInfo?: UpdateAccountsStorageCredential | undefined;
106
+ /** Optional. Supplying true to this argument skips validation of the updated set of credentials. */
107
+ skipValidation?: boolean | undefined;
108
+ }
109
+ /** The storage credential was successfully updated. */
110
+ export interface AccountsUpdateStorageCredentialRequest_Response {
111
+ credentialInfo?: StorageCredentialInfo | undefined;
112
+ }
113
+ export interface AwsCredentials {
114
+ creds?: {
115
+ $case: 'stsRole';
116
+ stsRole: AwsCredentials_StsRole;
117
+ } | undefined;
118
+ }
119
+ export interface AwsCredentials_StsRole {
120
+ /** The Amazon Resource Name (ARN) of the cross account IAM role. */
121
+ roleArn?: string | undefined;
122
+ }
123
+ /** The AWS IAM role configuration */
124
+ export interface AwsIamRole {
125
+ /** The Amazon Resource Name (ARN) of the AWS IAM role used to vend temporary credentials. */
126
+ roleArn?: string | undefined;
127
+ /**
128
+ * The Amazon Resource Name (ARN) of the AWS IAM user managed by <Databricks>.
129
+ * This is the identity that is going to assume the AWS IAM role.
130
+ */
131
+ unityCatalogIamArn?: string | undefined;
132
+ /** The external ID used in role assumption to prevent the confused deputy problem. */
133
+ externalId?: string | undefined;
134
+ }
135
+ /**
136
+ * Azure Active Directory token, essentially the Oauth token for Azure Service Principal or Managed
137
+ * Identity.
138
+ * Read more at https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token
139
+ */
140
+ export interface AzureActiveDirectoryToken {
141
+ /** Opaque token that contains claims that you can use in Azure Active Directory to access cloud services. */
142
+ aadToken?: string | undefined;
143
+ }
144
+ /** The Azure managed identity configuration. */
145
+ export interface AzureManagedIdentity {
146
+ /**
147
+ * The Azure resource ID of the Azure Databricks Access Connector. Use the format
148
+ * `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.Databricks/accessConnectors/{connector-name}`.
149
+ */
150
+ accessConnectorId?: string | undefined;
151
+ /**
152
+ * The Azure resource ID of the managed identity. Use the format,
153
+ * `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}`
154
+ * This is only available for user-assgined identities. For system-assigned identities, the access_connector_id is used to identify the identity.
155
+ * If this field is not provided, then we assume the AzureManagedIdentity is using the system-assigned identity.
156
+ */
157
+ managedIdentityId?: string | undefined;
158
+ /** The <Databricks> internal ID that represents this managed identity. */
159
+ credentialId?: string | undefined;
160
+ }
161
+ /** The Azure service principal configuration. Only applicable when purpose is **STORAGE**. */
162
+ export interface AzureServicePrincipal {
163
+ /** The directory ID corresponding to the Azure Active Directory (AAD) tenant of the application. */
164
+ directoryId?: string | undefined;
165
+ /** The application ID of the application registration within the referenced AAD tenant. */
166
+ applicationId?: string | undefined;
167
+ /** The client secret generated for the above app ID in AAD. */
168
+ clientSecret?: string | undefined;
169
+ }
170
+ /**
171
+ * Azure temporary credentials for API authentication.
172
+ * Read more at https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas
173
+ */
174
+ export interface AzureUserDelegationSas {
175
+ /** The signed URI (SAS Token) used to access blob services for a given path */
176
+ sasToken?: string | undefined;
177
+ }
178
+ /**
179
+ * The Cloudflare API token configuration.
180
+ * Read more at https://developers.cloudflare.com/r2/api/s3/tokens/
181
+ */
182
+ export interface CloudflareApiToken {
183
+ /** The access key ID associated with the API token. */
184
+ accessKeyId?: string | undefined;
185
+ /** The secret access token generated for the above access key ID. */
186
+ secretAccessKey?: string | undefined;
187
+ /** The ID of the account associated with the API token. */
188
+ accountId?: string | undefined;
189
+ }
190
+ export interface CreateAccountsStorageCredential {
191
+ /**
192
+ * The credential name. The name must be unique among storage and service
193
+ * credentials within the metastore.
194
+ */
195
+ name?: string | undefined;
196
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
197
+ credential?: {
198
+ $case: 'awsIamRole';
199
+ /** The AWS IAM role configuration. */
200
+ awsIamRole: AwsIamRole;
201
+ } | {
202
+ $case: 'azureServicePrincipal';
203
+ /** The Azure service principal configuration. */
204
+ azureServicePrincipal: AzureServicePrincipal;
205
+ } | {
206
+ $case: 'gcpServiceAccountKey';
207
+ gcpServiceAccountKey: GcpServiceAccountKey;
208
+ } | {
209
+ $case: 'azureManagedIdentity';
210
+ /** The Azure managed identity configuration. */
211
+ azureManagedIdentity: AzureManagedIdentity;
212
+ } | {
213
+ $case: 'databricksGcpServiceAccount';
214
+ /** The <Databricks> managed GCP service account configuration. */
215
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
216
+ } | {
217
+ $case: 'cloudflareApiToken';
218
+ /** The Cloudflare API token configuration. */
219
+ cloudflareApiToken: CloudflareApiToken;
220
+ } | undefined;
221
+ /** Comment associated with the credential. */
222
+ comment?: string | undefined;
223
+ /**
224
+ * Whether the credential is usable only for read operations. Only applicable
225
+ * when purpose is **STORAGE**.
226
+ */
227
+ readOnly?: boolean | undefined;
228
+ /** Username of current owner of credential. */
229
+ owner?: string | undefined;
230
+ /** The unique identifier of the credential. */
231
+ id?: string | undefined;
232
+ /** Unique identifier of the parent metastore. */
233
+ metastoreId?: string | undefined;
234
+ /** Time at which this credential was created, in epoch milliseconds. */
235
+ createdAt?: bigint | undefined;
236
+ /** Username of credential creator. */
237
+ createdBy?: string | undefined;
238
+ /** Time at which this credential was last modified, in epoch milliseconds. */
239
+ updatedAt?: bigint | undefined;
240
+ /** Username of user who last modified the credential. */
241
+ updatedBy?: string | undefined;
242
+ /**
243
+ * Whether this credential is the current metastore's root storage credential.
244
+ * Only applicable when purpose is **STORAGE**.
245
+ */
246
+ usedForManagedStorage?: boolean | undefined;
247
+ /** The full name of the credential. */
248
+ fullName?: string | undefined;
249
+ /**
250
+ * Whether the current securable is accessible from all workspaces or a
251
+ * specific set of workspaces.
252
+ */
253
+ isolationMode?: IsolationMode | undefined;
254
+ }
255
+ export interface CreateCredentialAwsCredentials {
256
+ creds?: {
257
+ $case: 'stsRole';
258
+ stsRole: AwsCredentials_StsRole;
259
+ } | undefined;
260
+ }
261
+ export interface CreateCredentialRequest {
262
+ /**
263
+ * Optional. Supplying true to this argument skips validation of the created
264
+ * set of credentials.
265
+ */
266
+ skipValidation?: boolean | undefined;
267
+ /**
268
+ * The credential name. The name must be unique among storage and service
269
+ * credentials within the metastore.
270
+ */
271
+ name?: string | undefined;
272
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
273
+ credential?: {
274
+ $case: 'awsIamRole';
275
+ /** The AWS IAM role configuration. */
276
+ awsIamRole: AwsIamRole;
277
+ } | {
278
+ $case: 'azureServicePrincipal';
279
+ /** The Azure service principal configuration. */
280
+ azureServicePrincipal: AzureServicePrincipal;
281
+ } | {
282
+ $case: 'gcpServiceAccountKey';
283
+ gcpServiceAccountKey: GcpServiceAccountKey;
284
+ } | {
285
+ $case: 'azureManagedIdentity';
286
+ /** The Azure managed identity configuration. */
287
+ azureManagedIdentity: AzureManagedIdentity;
288
+ } | {
289
+ $case: 'databricksGcpServiceAccount';
290
+ /** The <Databricks> managed GCP service account configuration. */
291
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
292
+ } | {
293
+ $case: 'cloudflareApiToken';
294
+ /** The Cloudflare API token configuration. */
295
+ cloudflareApiToken: CloudflareApiToken;
296
+ } | undefined;
297
+ /** Comment associated with the credential. */
298
+ comment?: string | undefined;
299
+ /**
300
+ * Whether the credential is usable only for read operations. Only applicable
301
+ * when purpose is **STORAGE**.
302
+ */
303
+ readOnly?: boolean | undefined;
304
+ /** Username of current owner of credential. */
305
+ owner?: string | undefined;
306
+ /** The unique identifier of the credential. */
307
+ id?: string | undefined;
308
+ /** Unique identifier of the parent metastore. */
309
+ metastoreId?: string | undefined;
310
+ /** Time at which this credential was created, in epoch milliseconds. */
311
+ createdAt?: bigint | undefined;
312
+ /** Username of credential creator. */
313
+ createdBy?: string | undefined;
314
+ /** Time at which this credential was last modified, in epoch milliseconds. */
315
+ updatedAt?: bigint | undefined;
316
+ /** Username of user who last modified the credential. */
317
+ updatedBy?: string | undefined;
318
+ /**
319
+ * Whether this credential is the current metastore's root storage credential.
320
+ * Only applicable when purpose is **STORAGE**.
321
+ */
322
+ usedForManagedStorage?: boolean | undefined;
323
+ /** The full name of the credential. */
324
+ fullName?: string | undefined;
325
+ /**
326
+ * Whether the current securable is accessible from all workspaces or a
327
+ * specific set of workspaces.
328
+ */
329
+ isolationMode?: IsolationMode | undefined;
330
+ }
331
+ export interface CreateCredentialsRequest {
332
+ accountId?: string | undefined;
333
+ /** The human-readable name of the credential configuration object. */
334
+ credentialsName?: string | undefined;
335
+ /** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
336
+ cloudCredentials?: {
337
+ $case: 'awsCredentials';
338
+ awsCredentials: CreateCredentialAwsCredentials;
339
+ } | undefined;
340
+ }
341
+ export interface CreateStorageCredentialRequest {
342
+ /** Supplying true to this argument skips validation of the created credential. */
343
+ skipValidation?: boolean | undefined;
344
+ /**
345
+ * The credential name. The name must be unique among storage and service
346
+ * credentials within the metastore.
347
+ */
348
+ name?: string | undefined;
349
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
350
+ credential?: {
351
+ $case: 'awsIamRole';
352
+ /** The AWS IAM role configuration. */
353
+ awsIamRole: AwsIamRole;
354
+ } | {
355
+ $case: 'azureServicePrincipal';
356
+ /** The Azure service principal configuration. */
357
+ azureServicePrincipal: AzureServicePrincipal;
358
+ } | {
359
+ $case: 'gcpServiceAccountKey';
360
+ gcpServiceAccountKey: GcpServiceAccountKey;
361
+ } | {
362
+ $case: 'azureManagedIdentity';
363
+ /** The Azure managed identity configuration. */
364
+ azureManagedIdentity: AzureManagedIdentity;
365
+ } | {
366
+ $case: 'databricksGcpServiceAccount';
367
+ /** The <Databricks> managed GCP service account configuration. */
368
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
369
+ } | {
370
+ $case: 'cloudflareApiToken';
371
+ /** The Cloudflare API token configuration. */
372
+ cloudflareApiToken: CloudflareApiToken;
373
+ } | undefined;
374
+ /** Comment associated with the credential. */
375
+ comment?: string | undefined;
376
+ /**
377
+ * Whether the credential is usable only for read operations. Only applicable
378
+ * when purpose is **STORAGE**.
379
+ */
380
+ readOnly?: boolean | undefined;
381
+ /** Username of current owner of credential. */
382
+ owner?: string | undefined;
383
+ /** The unique identifier of the credential. */
384
+ id?: string | undefined;
385
+ /** Unique identifier of the parent metastore. */
386
+ metastoreId?: string | undefined;
387
+ /** Time at which this credential was created, in epoch milliseconds. */
388
+ createdAt?: bigint | undefined;
389
+ /** Username of credential creator. */
390
+ createdBy?: string | undefined;
391
+ /** Time at which this credential was last modified, in epoch milliseconds. */
392
+ updatedAt?: bigint | undefined;
393
+ /** Username of user who last modified the credential. */
394
+ updatedBy?: string | undefined;
395
+ /**
396
+ * Whether this credential is the current metastore's root storage credential.
397
+ * Only applicable when purpose is **STORAGE**.
398
+ */
399
+ usedForManagedStorage?: boolean | undefined;
400
+ /** The full name of the credential. */
401
+ fullName?: string | undefined;
402
+ /**
403
+ * Whether the current securable is accessible from all workspaces or a
404
+ * specific set of workspaces.
405
+ */
406
+ isolationMode?: IsolationMode | undefined;
407
+ }
408
+ export interface CredentialInfo {
409
+ /**
410
+ * The credential name. The name must be unique among storage and service
411
+ * credentials within the metastore.
412
+ */
413
+ name?: string | undefined;
414
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
415
+ credential?: {
416
+ $case: 'awsIamRole';
417
+ /** The AWS IAM role configuration. */
418
+ awsIamRole: AwsIamRole;
419
+ } | {
420
+ $case: 'azureServicePrincipal';
421
+ /** The Azure service principal configuration. */
422
+ azureServicePrincipal: AzureServicePrincipal;
423
+ } | {
424
+ $case: 'gcpServiceAccountKey';
425
+ gcpServiceAccountKey: GcpServiceAccountKey;
426
+ } | {
427
+ $case: 'azureManagedIdentity';
428
+ /** The Azure managed identity configuration. */
429
+ azureManagedIdentity: AzureManagedIdentity;
430
+ } | {
431
+ $case: 'databricksGcpServiceAccount';
432
+ /** The <Databricks> managed GCP service account configuration. */
433
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
434
+ } | {
435
+ $case: 'cloudflareApiToken';
436
+ /** The Cloudflare API token configuration. */
437
+ cloudflareApiToken: CloudflareApiToken;
438
+ } | undefined;
439
+ /** Comment associated with the credential. */
440
+ comment?: string | undefined;
441
+ /**
442
+ * Whether the credential is usable only for read operations. Only applicable
443
+ * when purpose is **STORAGE**.
444
+ */
445
+ readOnly?: boolean | undefined;
446
+ /** Username of current owner of credential. */
447
+ owner?: string | undefined;
448
+ /** The unique identifier of the credential. */
449
+ id?: string | undefined;
450
+ /** Unique identifier of the parent metastore. */
451
+ metastoreId?: string | undefined;
452
+ /** Time at which this credential was created, in epoch milliseconds. */
453
+ createdAt?: bigint | undefined;
454
+ /** Username of credential creator. */
455
+ createdBy?: string | undefined;
456
+ /** Time at which this credential was last modified, in epoch milliseconds. */
457
+ updatedAt?: bigint | undefined;
458
+ /** Username of user who last modified the credential. */
459
+ updatedBy?: string | undefined;
460
+ /**
461
+ * Whether this credential is the current metastore's root storage credential.
462
+ * Only applicable when purpose is **STORAGE**.
463
+ */
464
+ usedForManagedStorage?: boolean | undefined;
465
+ /** The full name of the credential. */
466
+ fullName?: string | undefined;
467
+ /**
468
+ * Whether the current securable is accessible from all workspaces or a
469
+ * specific set of workspaces.
470
+ */
471
+ isolationMode?: IsolationMode | undefined;
472
+ }
473
+ export interface Credentials {
474
+ /** <Databricks> credential configuration ID. */
475
+ credentialsId?: string | undefined;
476
+ /** The <Databricks> account ID that hosts the credential. */
477
+ accountId?: string | undefined;
478
+ /** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
479
+ cloudCredentials?: {
480
+ $case: 'awsCredentials';
481
+ awsCredentials: AwsCredentials;
482
+ } | undefined;
483
+ /** The human-readable name of the credential configuration object. */
484
+ credentialsName?: string | undefined;
485
+ /** Time in epoch milliseconds when the credential was created. */
486
+ creationTime?: bigint | undefined;
487
+ }
488
+ /**
489
+ * GCP long-lived credential.
490
+ * <Databricks>-created Google Cloud Storage service account.
491
+ */
492
+ export interface DatabricksGcpServiceAccount {
493
+ /** The email of the service account. */
494
+ email?: string | undefined;
495
+ /** The ID that represents the private key for this Service Account */
496
+ privateKeyId?: string | undefined;
497
+ /** The <Databricks> internal ID that represents this managed identity. */
498
+ credentialId?: string | undefined;
499
+ }
500
+ export interface DeleteCredentialRequest {
501
+ /** Name of the credential. */
502
+ nameArg?: string | undefined;
503
+ /**
504
+ * Force an update even if there are dependent services (when purpose is
505
+ * **SERVICE**) or dependent external locations and external tables (when
506
+ * purpose is **STORAGE**).
507
+ */
508
+ force?: boolean | undefined;
509
+ }
510
+ export interface DeleteCredentialRequest_Response {
511
+ }
512
+ export interface DeleteCredentialsRequest {
513
+ /** Databricks Account API credential configuration ID */
514
+ credentialsId?: string | undefined;
515
+ accountId?: string | undefined;
516
+ }
517
+ export interface DeleteStorageCredentialRequest {
518
+ /** Name of the storage credential. */
519
+ nameArg?: string | undefined;
520
+ /**
521
+ * Force an update even if there are dependent external locations or external
522
+ * tables (when purpose is **STORAGE**) or dependent services (when purpose is
523
+ * **SERVICE**).
524
+ */
525
+ force?: boolean | undefined;
526
+ }
527
+ export interface DeleteStorageCredentialRequest_Response {
528
+ }
529
+ /**
530
+ * GCP temporary credentials for API authentication.
531
+ * Read more at https://developers.google.com/identity/protocols/oauth2/service-account
532
+ */
533
+ export interface GcpOauthToken {
534
+ oauthToken?: string | undefined;
535
+ }
536
+ /**
537
+ * GCP long-lived credential.
538
+ * GCP Service Account.
539
+ */
540
+ export interface GcpServiceAccountKey {
541
+ /** The email of the service account. */
542
+ email?: string | undefined;
543
+ /** The ID of the service account's private key. */
544
+ privateKeyId?: string | undefined;
545
+ /** The service account's RSA private key. */
546
+ privateKey?: string | undefined;
547
+ }
548
+ export interface GenerateTemporaryPathCredentialRequest {
549
+ /** URL for path-based access. */
550
+ url?: string | undefined;
551
+ /** The operation being performed on the path. */
552
+ operation?: PathOperation | undefined;
553
+ /**
554
+ * Optional. When set to true, the service will not validate that the generated
555
+ * credentials can perform write operations, therefore no new paths will be created
556
+ * and the response will not contain valid credentials. Defaults to false.
557
+ */
558
+ dryRun?: boolean | undefined;
559
+ }
560
+ export interface GenerateTemporaryPathCredentialRequest_Response {
561
+ /** The temporary credential. */
562
+ credentials?: {
563
+ $case: 'awsTempCredentials';
564
+ awsTempCredentials: TemporaryAwsCredentials;
565
+ } | {
566
+ $case: 'azureUserDelegationSas';
567
+ azureUserDelegationSas: AzureUserDelegationSas;
568
+ } | {
569
+ $case: 'gcpOauthToken';
570
+ gcpOauthToken: GcpOauthToken;
571
+ } | {
572
+ $case: 'azureAad';
573
+ azureAad: AzureActiveDirectoryToken;
574
+ } | {
575
+ $case: 'r2TempCredentials';
576
+ r2TempCredentials: R2Credentials;
577
+ } | undefined;
578
+ /**
579
+ * Server time when the credential will expire, in epoch milliseconds.
580
+ * The API client is advised to cache the credential given this expiration time.
581
+ */
582
+ expirationTime?: bigint | undefined;
583
+ /** The URL of the storage path accessible by the temporary credential. */
584
+ url?: string | undefined;
585
+ }
586
+ export interface GenerateTemporaryServiceCredentialRequest {
587
+ /** The name of the service credential used to generate a temporary credential */
588
+ credentialName?: string | undefined;
589
+ options?: {
590
+ $case: 'azureOptions';
591
+ azureOptions: GenerateTemporaryServiceCredentialRequest_AzureOptions;
592
+ } | {
593
+ $case: 'gcpOptions';
594
+ gcpOptions: GenerateTemporaryServiceCredentialRequest_GcpOptions;
595
+ } | undefined;
596
+ }
597
+ /** The Azure cloud options to customize the requested temporary credential */
598
+ export interface GenerateTemporaryServiceCredentialRequest_AzureOptions {
599
+ /**
600
+ * The resources to which the temporary Azure credential should apply. These resources
601
+ * are the scopes that are passed to the token provider (see https://learn.microsoft.com/python/api/azure-core/azure.core.credentials.tokencredential?view=azure-python)
602
+ */
603
+ resources?: string[] | undefined;
604
+ }
605
+ /** The GCP cloud options to customize the requested temporary credential */
606
+ export interface GenerateTemporaryServiceCredentialRequest_GcpOptions {
607
+ /**
608
+ * The scopes to which the temporary GCP credential should apply. These resources
609
+ * are the scopes that are passed to the token provider (see
610
+ * https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.credentials.Credentials)
611
+ */
612
+ scopes?: string[] | undefined;
613
+ }
614
+ export interface GenerateTemporaryTableCredentialRequest {
615
+ /** UUID of the table to read or write. */
616
+ tableId?: string | undefined;
617
+ /**
618
+ * The operation performed against the table data, either READ or READ_WRITE. If READ_WRITE is specified,
619
+ * the credentials returned will have write permissions, otherwise, it will be read only.
620
+ */
621
+ operation?: TableOperation | undefined;
622
+ }
623
+ export interface GenerateTemporaryTableCredentialRequest_Response {
624
+ /** The temporary credential. */
625
+ credentials?: {
626
+ $case: 'awsTempCredentials';
627
+ awsTempCredentials: TemporaryAwsCredentials;
628
+ } | {
629
+ $case: 'azureUserDelegationSas';
630
+ azureUserDelegationSas: AzureUserDelegationSas;
631
+ } | {
632
+ $case: 'gcpOauthToken';
633
+ gcpOauthToken: GcpOauthToken;
634
+ } | {
635
+ $case: 'azureAad';
636
+ azureAad: AzureActiveDirectoryToken;
637
+ } | {
638
+ $case: 'r2TempCredentials';
639
+ r2TempCredentials: R2Credentials;
640
+ } | undefined;
641
+ /**
642
+ * Server time when the credential will expire, in epoch milliseconds.
643
+ * The API client is advised to cache the credential given this expiration time.
644
+ */
645
+ expirationTime?: bigint | undefined;
646
+ /** The URL of the storage path accessible by the temporary credential. */
647
+ url?: string | undefined;
648
+ }
649
+ /** Generate volume credentials RPC */
650
+ export interface GenerateTemporaryVolumeCredentialRequest {
651
+ /** Id of the volume to read or write. */
652
+ volumeId?: string | undefined;
653
+ /**
654
+ * The operation performed against the volume data, either READ_VOLUME or WRITE_VOLUME. If WRITE_VOLUME is specified,
655
+ * the credentials returned will have write permissions, otherwise, it will be read only.
656
+ */
657
+ operation?: VolumeOperation | undefined;
658
+ }
659
+ export interface GenerateTemporaryVolumeCredentialRequest_Response {
660
+ /** The temporary credential. */
661
+ credentials?: {
662
+ $case: 'awsTempCredentials';
663
+ awsTempCredentials: TemporaryAwsCredentials;
664
+ } | {
665
+ $case: 'azureUserDelegationSas';
666
+ azureUserDelegationSas: AzureUserDelegationSas;
667
+ } | {
668
+ $case: 'gcpOauthToken';
669
+ gcpOauthToken: GcpOauthToken;
670
+ } | {
671
+ $case: 'azureAad';
672
+ azureAad: AzureActiveDirectoryToken;
673
+ } | {
674
+ $case: 'r2TempCredentials';
675
+ r2TempCredentials: R2Credentials;
676
+ } | undefined;
677
+ /**
678
+ * Server time when the credential will expire, in epoch milliseconds.
679
+ * The API client is advised to cache the credential given this expiration time.
680
+ */
681
+ expirationTime?: bigint | undefined;
682
+ /** The URL of the storage path accessible by the temporary credential. */
683
+ url?: string | undefined;
684
+ }
685
+ export interface GetCredentialRequest {
686
+ /** Name of the credential. */
687
+ nameArg?: string | undefined;
688
+ }
689
+ export interface GetCredentialsRequest {
690
+ /** Credential configuration ID */
691
+ credentialsId?: string | undefined;
692
+ accountId?: string | undefined;
693
+ }
694
+ /**
695
+ * TODO(UC-1710): The legacy /storage-credentials API is being deprecated.
696
+ * Please use the new consolidated /credentials API instead.
697
+ * See https://github.com/databricks-eng/universe/pull/857047#discussion_r1924779791 for an example of a case when that wasn't possible.
698
+ */
699
+ export interface GetStorageCredentialRequest {
700
+ /** Name of the storage credential. */
701
+ nameArg?: string | undefined;
702
+ }
703
+ export interface ListCredentialsPublicRequest {
704
+ accountId?: string | undefined;
705
+ }
706
+ /**
707
+ * ListCredentialsRequest is used to list credentials in the metastore.
708
+ * Returns an array of credentials (as CredentialInfo objects). The array is
709
+ * limited to the credentials that the caller has permission to access. If the
710
+ * caller is a metastore admin, retrieval of credentials is unrestricted.
711
+ *
712
+ * There is no guarantee of a specific ordering of the elements in the array.
713
+ */
714
+ export interface ListCredentialsRequest {
715
+ /**
716
+ * Whether to include credentials not bound to the workspace.
717
+ * Effective only if the user has permission to update the credential–workspace binding.
718
+ */
719
+ includeUnbound?: boolean | undefined;
720
+ /**
721
+ * Maximum number of credentials to return.
722
+ * - If not set, the default max page size is used.
723
+ * - When set to a value greater than 0, the page length is the minimum of
724
+ * this value and a server-configured value.
725
+ * - When set to 0, the page length is set to a server-configured value
726
+ * (recommended).
727
+ * - When set to a value less than 0, an invalid parameter error is
728
+ * returned.
729
+ */
730
+ maxResults?: number | undefined;
731
+ /** Opaque token to retrieve the next page of results. */
732
+ pageToken?: string | undefined;
733
+ }
734
+ export interface ListCredentialsRequest_Response {
735
+ credentials?: CredentialInfo[] | undefined;
736
+ /**
737
+ * Opaque token to retrieve the next page of results. Absent if there are no
738
+ * more pages.
739
+ * __page_token__ should be set to this value for the next request (for the
740
+ * next page of results).
741
+ */
742
+ nextPageToken?: string | undefined;
743
+ }
744
+ export interface ListCredentialsResponse {
745
+ credentials?: Credentials[] | undefined;
746
+ }
747
+ export interface ListStorageCredentialsRequest {
748
+ /**
749
+ * Whether to include credentials not bound to the workspace.
750
+ * Effective only if the user has permission to update the credential–workspace binding.
751
+ */
752
+ includeUnbound?: boolean | undefined;
753
+ /**
754
+ * Maximum number of storage credentials to return.
755
+ * If not set, all the storage credentials are returned (not recommended).
756
+ * - when set to a value greater than 0, the page length is the minimum of
757
+ * this value and a server configured value;
758
+ * - when set to 0, the page length is set to a server configured value
759
+ * (recommended);
760
+ * - when set to a value less than 0, an invalid parameter error is returned;
761
+ */
762
+ maxResults?: number | undefined;
763
+ /** Opaque pagination token to go to next page based on previous query. */
764
+ pageToken?: string | undefined;
765
+ }
766
+ export interface ListStorageCredentialsRequest_Response {
767
+ storageCredentials?: StorageCredentialInfo[] | undefined;
768
+ /**
769
+ * Opaque token to retrieve the next page of results. Absent if there are no
770
+ * more pages.
771
+ * __page_token__ should be set to this value for the next request (for the
772
+ * next page of results).
773
+ */
774
+ nextPageToken?: string | undefined;
775
+ }
776
+ /**
777
+ * R2 temporary credentials for API authentication.
778
+ * Read more at https://developers.cloudflare.com/r2/api/s3/tokens/.
779
+ */
780
+ export interface R2Credentials {
781
+ /** The access key ID that identifies the temporary credentials. */
782
+ accessKeyId?: string | undefined;
783
+ /** The secret access key associated with the access key. */
784
+ secretAccessKey?: string | undefined;
785
+ /** The generated JWT that users must pass to use the temporary credentials. */
786
+ sessionToken?: string | undefined;
787
+ }
788
+ export interface StorageCredentialInfo {
789
+ /**
790
+ * The credential name. The name must be unique among storage and service
791
+ * credentials within the metastore.
792
+ */
793
+ name?: string | undefined;
794
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
795
+ credential?: {
796
+ $case: 'awsIamRole';
797
+ /** The AWS IAM role configuration. */
798
+ awsIamRole: AwsIamRole;
799
+ } | {
800
+ $case: 'azureServicePrincipal';
801
+ /** The Azure service principal configuration. */
802
+ azureServicePrincipal: AzureServicePrincipal;
803
+ } | {
804
+ $case: 'gcpServiceAccountKey';
805
+ gcpServiceAccountKey: GcpServiceAccountKey;
806
+ } | {
807
+ $case: 'azureManagedIdentity';
808
+ /** The Azure managed identity configuration. */
809
+ azureManagedIdentity: AzureManagedIdentity;
810
+ } | {
811
+ $case: 'databricksGcpServiceAccount';
812
+ /** The <Databricks> managed GCP service account configuration. */
813
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
814
+ } | {
815
+ $case: 'cloudflareApiToken';
816
+ /** The Cloudflare API token configuration. */
817
+ cloudflareApiToken: CloudflareApiToken;
818
+ } | undefined;
819
+ /** Comment associated with the credential. */
820
+ comment?: string | undefined;
821
+ /**
822
+ * Whether the credential is usable only for read operations. Only applicable
823
+ * when purpose is **STORAGE**.
824
+ */
825
+ readOnly?: boolean | undefined;
826
+ /** Username of current owner of credential. */
827
+ owner?: string | undefined;
828
+ /** The unique identifier of the credential. */
829
+ id?: string | undefined;
830
+ /** Unique identifier of the parent metastore. */
831
+ metastoreId?: string | undefined;
832
+ /** Time at which this credential was created, in epoch milliseconds. */
833
+ createdAt?: bigint | undefined;
834
+ /** Username of credential creator. */
835
+ createdBy?: string | undefined;
836
+ /** Time at which this credential was last modified, in epoch milliseconds. */
837
+ updatedAt?: bigint | undefined;
838
+ /** Username of user who last modified the credential. */
839
+ updatedBy?: string | undefined;
840
+ /**
841
+ * Whether this credential is the current metastore's root storage credential.
842
+ * Only applicable when purpose is **STORAGE**.
843
+ */
844
+ usedForManagedStorage?: boolean | undefined;
845
+ /** The full name of the credential. */
846
+ fullName?: string | undefined;
847
+ /**
848
+ * Whether the current securable is accessible from all workspaces or a
849
+ * specific set of workspaces.
850
+ */
851
+ isolationMode?: IsolationMode | undefined;
852
+ }
853
+ /**
854
+ * AWS temporary credentials for API authentication.
855
+ * Read more at https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html.
856
+ */
857
+ export interface TemporaryAwsCredentials {
858
+ /** The access key ID that identifies the temporary credentials. */
859
+ accessKeyId?: string | undefined;
860
+ /** The secret access key that can be used to sign AWS API requests. */
861
+ secretAccessKey?: string | undefined;
862
+ /** The token that users must pass to AWS API to use the temporary credentials. */
863
+ sessionToken?: string | undefined;
864
+ /**
865
+ * The Amazon Resource Name (ARN) of the S3 access point for
866
+ * temporary credentials related the external location.
867
+ */
868
+ accessPoint?: string | undefined;
869
+ }
870
+ export interface TemporaryCredentials {
871
+ /** The temporary credential. */
872
+ credentials?: {
873
+ $case: 'awsTempCredentials';
874
+ awsTempCredentials: TemporaryAwsCredentials;
875
+ } | {
876
+ $case: 'azureUserDelegationSas';
877
+ azureUserDelegationSas: AzureUserDelegationSas;
878
+ } | {
879
+ $case: 'gcpOauthToken';
880
+ gcpOauthToken: GcpOauthToken;
881
+ } | {
882
+ $case: 'azureAad';
883
+ azureAad: AzureActiveDirectoryToken;
884
+ } | {
885
+ $case: 'r2TempCredentials';
886
+ r2TempCredentials: R2Credentials;
887
+ } | undefined;
888
+ /**
889
+ * Server time when the credential will expire, in epoch milliseconds.
890
+ * The API client is advised to cache the credential given this expiration time.
891
+ */
892
+ expirationTime?: bigint | undefined;
893
+ /** The URL of the storage path accessible by the temporary credential. */
894
+ url?: string | undefined;
895
+ }
896
+ export interface UpdateAccountsStorageCredential {
897
+ /**
898
+ * The credential name. The name must be unique among storage and service
899
+ * credentials within the metastore.
900
+ */
901
+ name?: string | undefined;
902
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
903
+ credential?: {
904
+ $case: 'awsIamRole';
905
+ /** The AWS IAM role configuration. */
906
+ awsIamRole: AwsIamRole;
907
+ } | {
908
+ $case: 'azureServicePrincipal';
909
+ /** The Azure service principal configuration. */
910
+ azureServicePrincipal: AzureServicePrincipal;
911
+ } | {
912
+ $case: 'gcpServiceAccountKey';
913
+ gcpServiceAccountKey: GcpServiceAccountKey;
914
+ } | {
915
+ $case: 'azureManagedIdentity';
916
+ /** The Azure managed identity configuration. */
917
+ azureManagedIdentity: AzureManagedIdentity;
918
+ } | {
919
+ $case: 'databricksGcpServiceAccount';
920
+ /** The <Databricks> managed GCP service account configuration. */
921
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
922
+ } | {
923
+ $case: 'cloudflareApiToken';
924
+ /** The Cloudflare API token configuration. */
925
+ cloudflareApiToken: CloudflareApiToken;
926
+ } | undefined;
927
+ /** Comment associated with the credential. */
928
+ comment?: string | undefined;
929
+ /**
930
+ * Whether the credential is usable only for read operations. Only applicable
931
+ * when purpose is **STORAGE**.
932
+ */
933
+ readOnly?: boolean | undefined;
934
+ /** Username of current owner of credential. */
935
+ owner?: string | undefined;
936
+ /** The unique identifier of the credential. */
937
+ id?: string | undefined;
938
+ /** Unique identifier of the parent metastore. */
939
+ metastoreId?: string | undefined;
940
+ /** Time at which this credential was created, in epoch milliseconds. */
941
+ createdAt?: bigint | undefined;
942
+ /** Username of credential creator. */
943
+ createdBy?: string | undefined;
944
+ /** Time at which this credential was last modified, in epoch milliseconds. */
945
+ updatedAt?: bigint | undefined;
946
+ /** Username of user who last modified the credential. */
947
+ updatedBy?: string | undefined;
948
+ /**
949
+ * Whether this credential is the current metastore's root storage credential.
950
+ * Only applicable when purpose is **STORAGE**.
951
+ */
952
+ usedForManagedStorage?: boolean | undefined;
953
+ /** The full name of the credential. */
954
+ fullName?: string | undefined;
955
+ /**
956
+ * Whether the current securable is accessible from all workspaces or a
957
+ * specific set of workspaces.
958
+ */
959
+ isolationMode?: IsolationMode | undefined;
960
+ }
961
+ export interface UpdateCredentialRequest {
962
+ /** Name of the credential. */
963
+ nameArg?: string | undefined;
964
+ /** New name of credential. */
965
+ newName?: string | undefined;
966
+ /** Supply true to this argument to skip validation of the updated credential. */
967
+ skipValidation?: boolean | undefined;
968
+ /**
969
+ * Force an update even if there are dependent services (when purpose is
970
+ * **SERVICE**) or dependent external locations and external tables (when
971
+ * purpose is **STORAGE**).
972
+ */
973
+ force?: boolean | undefined;
974
+ /**
975
+ * The credential name. The name must be unique among storage and service
976
+ * credentials within the metastore.
977
+ */
978
+ name?: string | undefined;
979
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
980
+ credential?: {
981
+ $case: 'awsIamRole';
982
+ /** The AWS IAM role configuration. */
983
+ awsIamRole: AwsIamRole;
984
+ } | {
985
+ $case: 'azureServicePrincipal';
986
+ /** The Azure service principal configuration. */
987
+ azureServicePrincipal: AzureServicePrincipal;
988
+ } | {
989
+ $case: 'gcpServiceAccountKey';
990
+ gcpServiceAccountKey: GcpServiceAccountKey;
991
+ } | {
992
+ $case: 'azureManagedIdentity';
993
+ /** The Azure managed identity configuration. */
994
+ azureManagedIdentity: AzureManagedIdentity;
995
+ } | {
996
+ $case: 'databricksGcpServiceAccount';
997
+ /** The <Databricks> managed GCP service account configuration. */
998
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
999
+ } | {
1000
+ $case: 'cloudflareApiToken';
1001
+ /** The Cloudflare API token configuration. */
1002
+ cloudflareApiToken: CloudflareApiToken;
1003
+ } | undefined;
1004
+ /** Comment associated with the credential. */
1005
+ comment?: string | undefined;
1006
+ /**
1007
+ * Whether the credential is usable only for read operations. Only applicable
1008
+ * when purpose is **STORAGE**.
1009
+ */
1010
+ readOnly?: boolean | undefined;
1011
+ /** Username of current owner of credential. */
1012
+ owner?: string | undefined;
1013
+ /** The unique identifier of the credential. */
1014
+ id?: string | undefined;
1015
+ /** Unique identifier of the parent metastore. */
1016
+ metastoreId?: string | undefined;
1017
+ /** Time at which this credential was created, in epoch milliseconds. */
1018
+ createdAt?: bigint | undefined;
1019
+ /** Username of credential creator. */
1020
+ createdBy?: string | undefined;
1021
+ /** Time at which this credential was last modified, in epoch milliseconds. */
1022
+ updatedAt?: bigint | undefined;
1023
+ /** Username of user who last modified the credential. */
1024
+ updatedBy?: string | undefined;
1025
+ /**
1026
+ * Whether this credential is the current metastore's root storage credential.
1027
+ * Only applicable when purpose is **STORAGE**.
1028
+ */
1029
+ usedForManagedStorage?: boolean | undefined;
1030
+ /** The full name of the credential. */
1031
+ fullName?: string | undefined;
1032
+ /**
1033
+ * Whether the current securable is accessible from all workspaces or a
1034
+ * specific set of workspaces.
1035
+ */
1036
+ isolationMode?: IsolationMode | undefined;
1037
+ }
1038
+ export interface UpdateStorageCredentialRequest {
1039
+ /** Name of the storage credential. */
1040
+ nameArg?: string | undefined;
1041
+ /** New name for the storage credential. */
1042
+ newName?: string | undefined;
1043
+ /** Supplying true to this argument skips validation of the updated credential. */
1044
+ skipValidation?: boolean | undefined;
1045
+ /**
1046
+ * Force update even if there are dependent external locations or external
1047
+ * tables.
1048
+ */
1049
+ force?: boolean | undefined;
1050
+ /**
1051
+ * The credential name. The name must be unique among storage and service
1052
+ * credentials within the metastore.
1053
+ */
1054
+ name?: string | undefined;
1055
+ /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
1056
+ credential?: {
1057
+ $case: 'awsIamRole';
1058
+ /** The AWS IAM role configuration. */
1059
+ awsIamRole: AwsIamRole;
1060
+ } | {
1061
+ $case: 'azureServicePrincipal';
1062
+ /** The Azure service principal configuration. */
1063
+ azureServicePrincipal: AzureServicePrincipal;
1064
+ } | {
1065
+ $case: 'gcpServiceAccountKey';
1066
+ gcpServiceAccountKey: GcpServiceAccountKey;
1067
+ } | {
1068
+ $case: 'azureManagedIdentity';
1069
+ /** The Azure managed identity configuration. */
1070
+ azureManagedIdentity: AzureManagedIdentity;
1071
+ } | {
1072
+ $case: 'databricksGcpServiceAccount';
1073
+ /** The <Databricks> managed GCP service account configuration. */
1074
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1075
+ } | {
1076
+ $case: 'cloudflareApiToken';
1077
+ /** The Cloudflare API token configuration. */
1078
+ cloudflareApiToken: CloudflareApiToken;
1079
+ } | undefined;
1080
+ /** Comment associated with the credential. */
1081
+ comment?: string | undefined;
1082
+ /**
1083
+ * Whether the credential is usable only for read operations. Only applicable
1084
+ * when purpose is **STORAGE**.
1085
+ */
1086
+ readOnly?: boolean | undefined;
1087
+ /** Username of current owner of credential. */
1088
+ owner?: string | undefined;
1089
+ /** The unique identifier of the credential. */
1090
+ id?: string | undefined;
1091
+ /** Unique identifier of the parent metastore. */
1092
+ metastoreId?: string | undefined;
1093
+ /** Time at which this credential was created, in epoch milliseconds. */
1094
+ createdAt?: bigint | undefined;
1095
+ /** Username of credential creator. */
1096
+ createdBy?: string | undefined;
1097
+ /** Time at which this credential was last modified, in epoch milliseconds. */
1098
+ updatedAt?: bigint | undefined;
1099
+ /** Username of user who last modified the credential. */
1100
+ updatedBy?: string | undefined;
1101
+ /**
1102
+ * Whether this credential is the current metastore's root storage credential.
1103
+ * Only applicable when purpose is **STORAGE**.
1104
+ */
1105
+ usedForManagedStorage?: boolean | undefined;
1106
+ /** The full name of the credential. */
1107
+ fullName?: string | undefined;
1108
+ /**
1109
+ * Whether the current securable is accessible from all workspaces or a
1110
+ * specific set of workspaces.
1111
+ */
1112
+ isolationMode?: IsolationMode | undefined;
1113
+ }
1114
+ /** Next ID: 18 */
1115
+ export interface ValidateCredentialRequest {
1116
+ credential?: {
1117
+ $case: 'credentialName';
1118
+ /**
1119
+ * Required. The name of an existing credential or long-lived cloud
1120
+ * credential to validate.
1121
+ */
1122
+ credentialName: string;
1123
+ } | {
1124
+ $case: 'awsIamRole';
1125
+ awsIamRole: AwsIamRole;
1126
+ } | {
1127
+ $case: 'azureManagedIdentity';
1128
+ azureManagedIdentity: AzureManagedIdentity;
1129
+ } | {
1130
+ $case: 'databricksGcpServiceAccount';
1131
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1132
+ } | undefined;
1133
+ /**
1134
+ * The name of an existing external location to validate. Only applicable for
1135
+ * storage credentials (purpose is
1136
+ * **STORAGE**.)
1137
+ */
1138
+ externalLocationName?: string | undefined;
1139
+ /**
1140
+ * The external location url to validate. Only applicable when purpose is
1141
+ * **STORAGE**.
1142
+ */
1143
+ url?: string | undefined;
1144
+ /**
1145
+ * Whether the credential is only usable for read operations. Only applicable
1146
+ * for storage credentials (purpose is
1147
+ * **STORAGE**.)
1148
+ */
1149
+ readOnly?: boolean | undefined;
1150
+ }
1151
+ export interface ValidateCredentialRequest_Response {
1152
+ /** The results of the validation check. */
1153
+ results?: ValidateCredentialRequest_ValidationResult[] | undefined;
1154
+ /**
1155
+ * Whether the tested location is a directory in cloud storage. Only
1156
+ * applicable for when purpose is **STORAGE**.
1157
+ */
1158
+ isDir?: boolean | undefined;
1159
+ }
1160
+ export interface ValidateCredentialRequest_ValidationResult {
1161
+ /** The results of the tested operation. */
1162
+ result?: ValidateCredentialRequest_Result | undefined;
1163
+ /** Error message would exist when the result does not equal to **PASS**. */
1164
+ message?: string | undefined;
1165
+ }
1166
+ export interface ValidateStorageCredentialRequest {
1167
+ credential?: {
1168
+ $case: 'storageCredentialName';
1169
+ /**
1170
+ * Required. The name of an existing credential or long-lived cloud
1171
+ * credential to validate.
1172
+ */
1173
+ storageCredentialName: string;
1174
+ } | {
1175
+ $case: 'awsIamRole';
1176
+ /** The AWS IAM role configuration. */
1177
+ awsIamRole: AwsIamRole;
1178
+ } | {
1179
+ $case: 'azureServicePrincipal';
1180
+ /** The Azure service principal configuration. */
1181
+ azureServicePrincipal: AzureServicePrincipal;
1182
+ } | {
1183
+ $case: 'azureManagedIdentity';
1184
+ /** The Azure managed identity configuration. */
1185
+ azureManagedIdentity: AzureManagedIdentity;
1186
+ } | {
1187
+ $case: 'databricksGcpServiceAccount';
1188
+ /** The <Databricks> created GCP service account configuration. */
1189
+ databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1190
+ } | {
1191
+ $case: 'cloudflareApiToken';
1192
+ /** The Cloudflare API token configuration. */
1193
+ cloudflareApiToken: CloudflareApiToken;
1194
+ } | undefined;
1195
+ /** The name of an existing external location to validate. */
1196
+ externalLocationName?: string | undefined;
1197
+ /** The external location url to validate. */
1198
+ url?: string | undefined;
1199
+ /** Whether the storage credential is only usable for read operations. */
1200
+ readOnly?: boolean | undefined;
1201
+ }
1202
+ export interface ValidateStorageCredentialRequest_Response {
1203
+ /** Whether the tested location is a directory in cloud storage. */
1204
+ isDir?: boolean | undefined;
1205
+ /** The results of the validation check. */
1206
+ results?: ValidateStorageCredentialRequest_ValidationResult[] | undefined;
1207
+ }
1208
+ export interface ValidateStorageCredentialRequest_ValidationResult {
1209
+ /** The operation tested. */
1210
+ operation?: ValidateStorageCredentialRequest_FileOperation | undefined;
1211
+ /** The results of the tested operation. */
1212
+ result?: ValidateStorageCredentialRequest_Result | undefined;
1213
+ /** Error message would exist when the result does not equal to **PASS**. */
1214
+ message?: string | undefined;
1215
+ }
1216
+ export declare const unmarshalAccountsCreateStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsCreateStorageCredentialRequest_Response>;
1217
+ export declare const unmarshalAccountsDeleteStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsDeleteStorageCredentialRequest_Response>;
1218
+ export declare const unmarshalAccountsGetStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsGetStorageCredentialRequest_Response>;
1219
+ export declare const unmarshalAccountsListStorageCredentialsRequest_ResponseSchema: z.ZodType<AccountsListStorageCredentialsRequest_Response>;
1220
+ export declare const unmarshalAccountsUpdateStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsUpdateStorageCredentialRequest_Response>;
1221
+ export declare const unmarshalAwsCredentialsSchema: z.ZodType<AwsCredentials>;
1222
+ export declare const unmarshalAwsCredentials_StsRoleSchema: z.ZodType<AwsCredentials_StsRole>;
1223
+ export declare const unmarshalAwsIamRoleSchema: z.ZodType<AwsIamRole>;
1224
+ export declare const unmarshalAzureActiveDirectoryTokenSchema: z.ZodType<AzureActiveDirectoryToken>;
1225
+ export declare const unmarshalAzureManagedIdentitySchema: z.ZodType<AzureManagedIdentity>;
1226
+ export declare const unmarshalAzureServicePrincipalSchema: z.ZodType<AzureServicePrincipal>;
1227
+ export declare const unmarshalAzureUserDelegationSasSchema: z.ZodType<AzureUserDelegationSas>;
1228
+ export declare const unmarshalCloudflareApiTokenSchema: z.ZodType<CloudflareApiToken>;
1229
+ export declare const unmarshalCredentialInfoSchema: z.ZodType<CredentialInfo>;
1230
+ export declare const unmarshalCredentialsSchema: z.ZodType<Credentials>;
1231
+ export declare const unmarshalDatabricksGcpServiceAccountSchema: z.ZodType<DatabricksGcpServiceAccount>;
1232
+ export declare const unmarshalDeleteCredentialRequest_ResponseSchema: z.ZodType<DeleteCredentialRequest_Response>;
1233
+ export declare const unmarshalDeleteStorageCredentialRequest_ResponseSchema: z.ZodType<DeleteStorageCredentialRequest_Response>;
1234
+ export declare const unmarshalGcpOauthTokenSchema: z.ZodType<GcpOauthToken>;
1235
+ export declare const unmarshalGcpServiceAccountKeySchema: z.ZodType<GcpServiceAccountKey>;
1236
+ export declare const unmarshalGenerateTemporaryPathCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryPathCredentialRequest_Response>;
1237
+ export declare const unmarshalGenerateTemporaryTableCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryTableCredentialRequest_Response>;
1238
+ export declare const unmarshalGenerateTemporaryVolumeCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryVolumeCredentialRequest_Response>;
1239
+ export declare const unmarshalListCredentialsRequest_ResponseSchema: z.ZodType<ListCredentialsRequest_Response>;
1240
+ export declare const unmarshalListStorageCredentialsRequest_ResponseSchema: z.ZodType<ListStorageCredentialsRequest_Response>;
1241
+ export declare const unmarshalR2CredentialsSchema: z.ZodType<R2Credentials>;
1242
+ export declare const unmarshalStorageCredentialInfoSchema: z.ZodType<StorageCredentialInfo>;
1243
+ export declare const unmarshalTemporaryAwsCredentialsSchema: z.ZodType<TemporaryAwsCredentials>;
1244
+ export declare const unmarshalTemporaryCredentialsSchema: z.ZodType<TemporaryCredentials>;
1245
+ export declare const unmarshalValidateCredentialRequest_ResponseSchema: z.ZodType<ValidateCredentialRequest_Response>;
1246
+ export declare const unmarshalValidateCredentialRequest_ValidationResultSchema: z.ZodType<ValidateCredentialRequest_ValidationResult>;
1247
+ export declare const unmarshalValidateStorageCredentialRequest_ResponseSchema: z.ZodType<ValidateStorageCredentialRequest_Response>;
1248
+ export declare const unmarshalValidateStorageCredentialRequest_ValidationResultSchema: z.ZodType<ValidateStorageCredentialRequest_ValidationResult>;
1249
+ export declare const marshalAccountsCreateStorageCredentialRequestSchema: z.ZodType;
1250
+ export declare const marshalAccountsUpdateStorageCredentialRequestSchema: z.ZodType;
1251
+ export declare const marshalAwsCredentials_StsRoleSchema: z.ZodType;
1252
+ export declare const marshalAwsIamRoleSchema: z.ZodType;
1253
+ export declare const marshalAzureManagedIdentitySchema: z.ZodType;
1254
+ export declare const marshalAzureServicePrincipalSchema: z.ZodType;
1255
+ export declare const marshalCloudflareApiTokenSchema: z.ZodType;
1256
+ export declare const marshalCreateAccountsStorageCredentialSchema: z.ZodType;
1257
+ export declare const marshalCreateCredentialAwsCredentialsSchema: z.ZodType;
1258
+ export declare const marshalCreateCredentialRequestSchema: z.ZodType;
1259
+ export declare const marshalCreateCredentialsRequestSchema: z.ZodType;
1260
+ export declare const marshalCreateStorageCredentialRequestSchema: z.ZodType;
1261
+ export declare const marshalDatabricksGcpServiceAccountSchema: z.ZodType;
1262
+ export declare const marshalGcpServiceAccountKeySchema: z.ZodType;
1263
+ export declare const marshalGenerateTemporaryPathCredentialRequestSchema: z.ZodType;
1264
+ export declare const marshalGenerateTemporaryServiceCredentialRequestSchema: z.ZodType;
1265
+ export declare const marshalGenerateTemporaryServiceCredentialRequest_AzureOptionsSchema: z.ZodType;
1266
+ export declare const marshalGenerateTemporaryServiceCredentialRequest_GcpOptionsSchema: z.ZodType;
1267
+ export declare const marshalGenerateTemporaryTableCredentialRequestSchema: z.ZodType;
1268
+ export declare const marshalGenerateTemporaryVolumeCredentialRequestSchema: z.ZodType;
1269
+ export declare const marshalUpdateAccountsStorageCredentialSchema: z.ZodType;
1270
+ export declare const marshalUpdateCredentialRequestSchema: z.ZodType;
1271
+ export declare const marshalUpdateStorageCredentialRequestSchema: z.ZodType;
1272
+ export declare const marshalValidateCredentialRequestSchema: z.ZodType;
1273
+ export declare const marshalValidateStorageCredentialRequestSchema: z.ZodType;
1274
+ //# sourceMappingURL=model.d.ts.map