@databricks/sdk-uc-credentials 0.1.0-dev.2 → 0.1.0-dev.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/v1/client.d.ts +14 -14
- package/dist/v1/client.d.ts.map +1 -1
- package/dist/v1/client.js +14 -14
- package/dist/v1/client.js.map +1 -1
- package/dist/v1/index.d.ts +1 -1
- package/dist/v1/index.d.ts.map +1 -1
- package/dist/v1/model.d.ts +79 -72
- package/dist/v1/model.d.ts.map +1 -1
- package/dist/v1/model.js +79 -97
- package/dist/v1/model.js.map +1 -1
- package/dist/v1/utils.d.ts.map +1 -1
- package/dist/v1/utils.js +2 -1
- package/dist/v1/utils.js.map +1 -1
- package/package.json +6 -6
- package/src/v1/client.ts +0 -1081
- package/src/v1/index.ts +0 -80
- package/src/v1/model.ts +0 -2904
- package/src/v1/transport.ts +0 -73
- package/src/v1/utils.ts +0 -156
package/src/v1/model.ts
DELETED
|
@@ -1,2904 +0,0 @@
|
|
|
1
|
-
// Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
|
|
2
|
-
|
|
3
|
-
import {z} from 'zod';
|
|
4
|
-
|
|
5
|
-
export enum IsolationMode {
|
|
6
|
-
ISOLATION_MODE_UNSPECIFIED = 'ISOLATION_MODE_UNSPECIFIED',
|
|
7
|
-
ISOLATION_MODE_OPEN = 'ISOLATION_MODE_OPEN',
|
|
8
|
-
ISOLATION_MODE_ISOLATED = 'ISOLATION_MODE_ISOLATED',
|
|
9
|
-
}
|
|
10
|
-
|
|
11
|
-
export enum PathOperation {
|
|
12
|
-
PATH_READ = 'PATH_READ',
|
|
13
|
-
PATH_READ_WRITE = 'PATH_READ_WRITE',
|
|
14
|
-
PATH_CREATE_TABLE = 'PATH_CREATE_TABLE',
|
|
15
|
-
}
|
|
16
|
-
|
|
17
|
-
export enum TableOperation {
|
|
18
|
-
READ = 'READ',
|
|
19
|
-
READ_WRITE = 'READ_WRITE',
|
|
20
|
-
}
|
|
21
|
-
|
|
22
|
-
export enum VolumeOperation {
|
|
23
|
-
READ_VOLUME = 'READ_VOLUME',
|
|
24
|
-
WRITE_VOLUME = 'WRITE_VOLUME',
|
|
25
|
-
}
|
|
26
|
-
|
|
27
|
-
/** A enum represents the result of the file operation */
|
|
28
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
|
|
29
|
-
export enum ValidateCredentialRequest_Result {
|
|
30
|
-
PASS = 'PASS',
|
|
31
|
-
FAIL = 'FAIL',
|
|
32
|
-
SKIP = 'SKIP',
|
|
33
|
-
}
|
|
34
|
-
|
|
35
|
-
/**
|
|
36
|
-
* A enum represents the file operation performed on the external location
|
|
37
|
-
* with the storage credential
|
|
38
|
-
*/
|
|
39
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
|
|
40
|
-
export enum ValidateStorageCredentialRequest_FileOperation {
|
|
41
|
-
LIST = 'LIST',
|
|
42
|
-
READ = 'READ',
|
|
43
|
-
WRITE = 'WRITE',
|
|
44
|
-
DELETE = 'DELETE',
|
|
45
|
-
PATH_EXISTS = 'PATH_EXISTS',
|
|
46
|
-
}
|
|
47
|
-
|
|
48
|
-
/** A enum represents the result of the file operation */
|
|
49
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
|
|
50
|
-
export enum ValidateStorageCredentialRequest_Result {
|
|
51
|
-
PASS = 'PASS',
|
|
52
|
-
FAIL = 'FAIL',
|
|
53
|
-
SKIP = 'SKIP',
|
|
54
|
-
}
|
|
55
|
-
|
|
56
|
-
export interface AccountsCreateStorageCredentialRequest {
|
|
57
|
-
/** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
|
|
58
|
-
accountId?: string | undefined;
|
|
59
|
-
/** Unity Catalog metastore ID */
|
|
60
|
-
metastoreId?: string | undefined;
|
|
61
|
-
credentialInfo?: CreateAccountsStorageCredential | undefined;
|
|
62
|
-
/**
|
|
63
|
-
* Optional, default false.
|
|
64
|
-
* Supplying true to this argument skips validation of the created set of credentials.
|
|
65
|
-
*/
|
|
66
|
-
skipValidation?: boolean | undefined;
|
|
67
|
-
}
|
|
68
|
-
|
|
69
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
70
|
-
export interface AccountsCreateStorageCredentialRequest_Response {
|
|
71
|
-
credentialInfo?: StorageCredentialInfo | undefined;
|
|
72
|
-
}
|
|
73
|
-
|
|
74
|
-
/** Deletes a storage credential for an account */
|
|
75
|
-
export interface AccountsDeleteStorageCredentialRequest {
|
|
76
|
-
/** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
|
|
77
|
-
accountId?: string | undefined;
|
|
78
|
-
/** Unity Catalog metastore ID */
|
|
79
|
-
metastoreId?: string | undefined;
|
|
80
|
-
/** Name of the storage credential. */
|
|
81
|
-
nameArg?: string | undefined;
|
|
82
|
-
/** Force deletion even if the Storage Credential is not empty. Default is false. */
|
|
83
|
-
force?: boolean | undefined;
|
|
84
|
-
}
|
|
85
|
-
|
|
86
|
-
/** The storage credential was successfully deleted. */
|
|
87
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-object-type -- Proto-style nested message name.
|
|
88
|
-
export interface AccountsDeleteStorageCredentialRequest_Response {}
|
|
89
|
-
|
|
90
|
-
/** Retrieves a single storage credential */
|
|
91
|
-
export interface AccountsGetStorageCredentialRequest {
|
|
92
|
-
/** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
|
|
93
|
-
accountId?: string | undefined;
|
|
94
|
-
/** Unity Catalog metastore ID */
|
|
95
|
-
metastoreId?: string | undefined;
|
|
96
|
-
/** Required. Name of the storage credential. */
|
|
97
|
-
nameArg?: string | undefined;
|
|
98
|
-
}
|
|
99
|
-
|
|
100
|
-
/** The storage credential was successfully retrieved. */
|
|
101
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
102
|
-
export interface AccountsGetStorageCredentialRequest_Response {
|
|
103
|
-
credentialInfo?: StorageCredentialInfo | undefined;
|
|
104
|
-
}
|
|
105
|
-
|
|
106
|
-
/** Lists all storage credentials for the given account and metastore */
|
|
107
|
-
export interface AccountsListStorageCredentialsRequest {
|
|
108
|
-
/** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
|
|
109
|
-
accountId?: string | undefined;
|
|
110
|
-
/** Unity Catalog metastore ID */
|
|
111
|
-
metastoreId?: string | undefined;
|
|
112
|
-
}
|
|
113
|
-
|
|
114
|
-
/** The metastore storage credentials were successfully returned. */
|
|
115
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
116
|
-
export interface AccountsListStorageCredentialsRequest_Response {
|
|
117
|
-
/** An array of metastore storage credentials. */
|
|
118
|
-
storageCredentials?: StorageCredentialInfo[] | undefined;
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
/** The storage credential to update. */
|
|
122
|
-
export interface AccountsUpdateStorageCredentialRequest {
|
|
123
|
-
/** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
|
|
124
|
-
accountId?: string | undefined;
|
|
125
|
-
/** Unity Catalog metastore ID */
|
|
126
|
-
metastoreId?: string | undefined;
|
|
127
|
-
/** Name of the storage credential. */
|
|
128
|
-
nameArg?: string | undefined;
|
|
129
|
-
credentialInfo?: UpdateAccountsStorageCredential | undefined;
|
|
130
|
-
/** Optional. Supplying true to this argument skips validation of the updated set of credentials. */
|
|
131
|
-
skipValidation?: boolean | undefined;
|
|
132
|
-
}
|
|
133
|
-
|
|
134
|
-
/** The storage credential was successfully updated. */
|
|
135
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
136
|
-
export interface AccountsUpdateStorageCredentialRequest_Response {
|
|
137
|
-
credentialInfo?: StorageCredentialInfo | undefined;
|
|
138
|
-
}
|
|
139
|
-
|
|
140
|
-
export interface AwsCredentials {
|
|
141
|
-
creds?: {$case: 'stsRole'; stsRole: AwsCredentials_StsRole} | undefined;
|
|
142
|
-
}
|
|
143
|
-
|
|
144
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
145
|
-
export interface AwsCredentials_StsRole {
|
|
146
|
-
/** The Amazon Resource Name (ARN) of the cross account IAM role. */
|
|
147
|
-
roleArn?: string | undefined;
|
|
148
|
-
}
|
|
149
|
-
|
|
150
|
-
/** The AWS IAM role configuration */
|
|
151
|
-
export interface AwsIamRole {
|
|
152
|
-
/** The Amazon Resource Name (ARN) of the AWS IAM role used to vend temporary credentials. */
|
|
153
|
-
roleArn?: string | undefined;
|
|
154
|
-
/**
|
|
155
|
-
* The Amazon Resource Name (ARN) of the AWS IAM user managed by <Databricks>.
|
|
156
|
-
* This is the identity that is going to assume the AWS IAM role.
|
|
157
|
-
*/
|
|
158
|
-
unityCatalogIamArn?: string | undefined;
|
|
159
|
-
/** The external ID used in role assumption to prevent the confused deputy problem. */
|
|
160
|
-
externalId?: string | undefined;
|
|
161
|
-
}
|
|
162
|
-
|
|
163
|
-
/**
|
|
164
|
-
* Azure Active Directory token, essentially the Oauth token for Azure Service Principal or Managed
|
|
165
|
-
* Identity.
|
|
166
|
-
* Read more at https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token
|
|
167
|
-
*/
|
|
168
|
-
export interface AzureActiveDirectoryToken {
|
|
169
|
-
/** Opaque token that contains claims that you can use in Azure Active Directory to access cloud services. */
|
|
170
|
-
aadToken?: string | undefined;
|
|
171
|
-
}
|
|
172
|
-
|
|
173
|
-
/** The Azure managed identity configuration. */
|
|
174
|
-
export interface AzureManagedIdentity {
|
|
175
|
-
/**
|
|
176
|
-
* The Azure resource ID of the Azure Databricks Access Connector. Use the format
|
|
177
|
-
* `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.Databricks/accessConnectors/{connector-name}`.
|
|
178
|
-
*/
|
|
179
|
-
accessConnectorId?: string | undefined;
|
|
180
|
-
/**
|
|
181
|
-
* The Azure resource ID of the managed identity. Use the format,
|
|
182
|
-
* `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}`
|
|
183
|
-
* This is only available for user-assgined identities. For system-assigned identities, the access_connector_id is used to identify the identity.
|
|
184
|
-
* If this field is not provided, then we assume the AzureManagedIdentity is using the system-assigned identity.
|
|
185
|
-
*/
|
|
186
|
-
managedIdentityId?: string | undefined;
|
|
187
|
-
/** The <Databricks> internal ID that represents this managed identity. */
|
|
188
|
-
credentialId?: string | undefined;
|
|
189
|
-
}
|
|
190
|
-
|
|
191
|
-
/** The Azure service principal configuration. Only applicable when purpose is **STORAGE**. */
|
|
192
|
-
export interface AzureServicePrincipal {
|
|
193
|
-
/** The directory ID corresponding to the Azure Active Directory (AAD) tenant of the application. */
|
|
194
|
-
directoryId?: string | undefined;
|
|
195
|
-
/** The application ID of the application registration within the referenced AAD tenant. */
|
|
196
|
-
applicationId?: string | undefined;
|
|
197
|
-
/** The client secret generated for the above app ID in AAD. */
|
|
198
|
-
clientSecret?: string | undefined;
|
|
199
|
-
}
|
|
200
|
-
|
|
201
|
-
/**
|
|
202
|
-
* Azure temporary credentials for API authentication.
|
|
203
|
-
* Read more at https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas
|
|
204
|
-
*/
|
|
205
|
-
export interface AzureUserDelegationSas {
|
|
206
|
-
/** The signed URI (SAS Token) used to access blob services for a given path */
|
|
207
|
-
sasToken?: string | undefined;
|
|
208
|
-
}
|
|
209
|
-
|
|
210
|
-
/**
|
|
211
|
-
* The Cloudflare API token configuration.
|
|
212
|
-
* Read more at https://developers.cloudflare.com/r2/api/s3/tokens/
|
|
213
|
-
*/
|
|
214
|
-
export interface CloudflareApiToken {
|
|
215
|
-
/** The access key ID associated with the API token. */
|
|
216
|
-
accessKeyId?: string | undefined;
|
|
217
|
-
/** The secret access token generated for the above access key ID. */
|
|
218
|
-
secretAccessKey?: string | undefined;
|
|
219
|
-
/** The ID of the account associated with the API token. */
|
|
220
|
-
accountId?: string | undefined;
|
|
221
|
-
}
|
|
222
|
-
|
|
223
|
-
export interface CreateAccountsStorageCredential {
|
|
224
|
-
/**
|
|
225
|
-
* The credential name. The name must be unique among storage and service
|
|
226
|
-
* credentials within the metastore.
|
|
227
|
-
*/
|
|
228
|
-
name?: string | undefined;
|
|
229
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
230
|
-
credential?:
|
|
231
|
-
| {
|
|
232
|
-
$case: 'awsIamRole';
|
|
233
|
-
/** The AWS IAM role configuration. */
|
|
234
|
-
awsIamRole: AwsIamRole;
|
|
235
|
-
}
|
|
236
|
-
| {
|
|
237
|
-
$case: 'azureServicePrincipal';
|
|
238
|
-
/** The Azure service principal configuration. */
|
|
239
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
240
|
-
}
|
|
241
|
-
| {
|
|
242
|
-
$case: 'gcpServiceAccountKey';
|
|
243
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
244
|
-
}
|
|
245
|
-
| {
|
|
246
|
-
$case: 'azureManagedIdentity';
|
|
247
|
-
/** The Azure managed identity configuration. */
|
|
248
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
249
|
-
}
|
|
250
|
-
| {
|
|
251
|
-
$case: 'databricksGcpServiceAccount';
|
|
252
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
253
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
254
|
-
}
|
|
255
|
-
| {
|
|
256
|
-
$case: 'cloudflareApiToken';
|
|
257
|
-
/** The Cloudflare API token configuration. */
|
|
258
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
259
|
-
}
|
|
260
|
-
| undefined;
|
|
261
|
-
/** Comment associated with the credential. */
|
|
262
|
-
comment?: string | undefined;
|
|
263
|
-
/**
|
|
264
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
265
|
-
* when purpose is **STORAGE**.
|
|
266
|
-
*/
|
|
267
|
-
readOnly?: boolean | undefined;
|
|
268
|
-
/** Username of current owner of credential. */
|
|
269
|
-
owner?: string | undefined;
|
|
270
|
-
/** The unique identifier of the credential. */
|
|
271
|
-
id?: string | undefined;
|
|
272
|
-
/** Unique identifier of the parent metastore. */
|
|
273
|
-
metastoreId?: string | undefined;
|
|
274
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
275
|
-
createdAt?: bigint | undefined;
|
|
276
|
-
/** Username of credential creator. */
|
|
277
|
-
createdBy?: string | undefined;
|
|
278
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
279
|
-
updatedAt?: bigint | undefined;
|
|
280
|
-
/** Username of user who last modified the credential. */
|
|
281
|
-
updatedBy?: string | undefined;
|
|
282
|
-
/**
|
|
283
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
284
|
-
* Only applicable when purpose is **STORAGE**.
|
|
285
|
-
*/
|
|
286
|
-
usedForManagedStorage?: boolean | undefined;
|
|
287
|
-
/** The full name of the credential. */
|
|
288
|
-
fullName?: string | undefined;
|
|
289
|
-
/**
|
|
290
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
291
|
-
* specific set of workspaces.
|
|
292
|
-
*/
|
|
293
|
-
isolationMode?: IsolationMode | undefined;
|
|
294
|
-
}
|
|
295
|
-
|
|
296
|
-
export interface CreateCredentialAwsCredentials {
|
|
297
|
-
creds?: {$case: 'stsRole'; stsRole: AwsCredentials_StsRole} | undefined;
|
|
298
|
-
}
|
|
299
|
-
|
|
300
|
-
export interface CreateCredentialRequest {
|
|
301
|
-
/**
|
|
302
|
-
* Optional. Supplying true to this argument skips validation of the created
|
|
303
|
-
* set of credentials.
|
|
304
|
-
*/
|
|
305
|
-
skipValidation?: boolean | undefined;
|
|
306
|
-
/**
|
|
307
|
-
* The credential name. The name must be unique among storage and service
|
|
308
|
-
* credentials within the metastore.
|
|
309
|
-
*/
|
|
310
|
-
name?: string | undefined;
|
|
311
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
312
|
-
credential?:
|
|
313
|
-
| {
|
|
314
|
-
$case: 'awsIamRole';
|
|
315
|
-
/** The AWS IAM role configuration. */
|
|
316
|
-
awsIamRole: AwsIamRole;
|
|
317
|
-
}
|
|
318
|
-
| {
|
|
319
|
-
$case: 'azureServicePrincipal';
|
|
320
|
-
/** The Azure service principal configuration. */
|
|
321
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
322
|
-
}
|
|
323
|
-
| {
|
|
324
|
-
$case: 'gcpServiceAccountKey';
|
|
325
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
326
|
-
}
|
|
327
|
-
| {
|
|
328
|
-
$case: 'azureManagedIdentity';
|
|
329
|
-
/** The Azure managed identity configuration. */
|
|
330
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
331
|
-
}
|
|
332
|
-
| {
|
|
333
|
-
$case: 'databricksGcpServiceAccount';
|
|
334
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
335
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
336
|
-
}
|
|
337
|
-
| {
|
|
338
|
-
$case: 'cloudflareApiToken';
|
|
339
|
-
/** The Cloudflare API token configuration. */
|
|
340
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
341
|
-
}
|
|
342
|
-
| undefined;
|
|
343
|
-
/** Comment associated with the credential. */
|
|
344
|
-
comment?: string | undefined;
|
|
345
|
-
/**
|
|
346
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
347
|
-
* when purpose is **STORAGE**.
|
|
348
|
-
*/
|
|
349
|
-
readOnly?: boolean | undefined;
|
|
350
|
-
/** Username of current owner of credential. */
|
|
351
|
-
owner?: string | undefined;
|
|
352
|
-
/** The unique identifier of the credential. */
|
|
353
|
-
id?: string | undefined;
|
|
354
|
-
/** Unique identifier of the parent metastore. */
|
|
355
|
-
metastoreId?: string | undefined;
|
|
356
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
357
|
-
createdAt?: bigint | undefined;
|
|
358
|
-
/** Username of credential creator. */
|
|
359
|
-
createdBy?: string | undefined;
|
|
360
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
361
|
-
updatedAt?: bigint | undefined;
|
|
362
|
-
/** Username of user who last modified the credential. */
|
|
363
|
-
updatedBy?: string | undefined;
|
|
364
|
-
/**
|
|
365
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
366
|
-
* Only applicable when purpose is **STORAGE**.
|
|
367
|
-
*/
|
|
368
|
-
usedForManagedStorage?: boolean | undefined;
|
|
369
|
-
/** The full name of the credential. */
|
|
370
|
-
fullName?: string | undefined;
|
|
371
|
-
/**
|
|
372
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
373
|
-
* specific set of workspaces.
|
|
374
|
-
*/
|
|
375
|
-
isolationMode?: IsolationMode | undefined;
|
|
376
|
-
}
|
|
377
|
-
|
|
378
|
-
export interface CreateCredentialsRequest {
|
|
379
|
-
accountId?: string | undefined;
|
|
380
|
-
/** The human-readable name of the credential configuration object. */
|
|
381
|
-
credentialsName?: string | undefined;
|
|
382
|
-
/** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
|
|
383
|
-
cloudCredentials?:
|
|
384
|
-
| {$case: 'awsCredentials'; awsCredentials: CreateCredentialAwsCredentials}
|
|
385
|
-
| undefined;
|
|
386
|
-
}
|
|
387
|
-
|
|
388
|
-
export interface CreateStorageCredentialRequest {
|
|
389
|
-
/** Supplying true to this argument skips validation of the created credential. */
|
|
390
|
-
skipValidation?: boolean | undefined;
|
|
391
|
-
/**
|
|
392
|
-
* The credential name. The name must be unique among storage and service
|
|
393
|
-
* credentials within the metastore.
|
|
394
|
-
*/
|
|
395
|
-
name?: string | undefined;
|
|
396
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
397
|
-
credential?:
|
|
398
|
-
| {
|
|
399
|
-
$case: 'awsIamRole';
|
|
400
|
-
/** The AWS IAM role configuration. */
|
|
401
|
-
awsIamRole: AwsIamRole;
|
|
402
|
-
}
|
|
403
|
-
| {
|
|
404
|
-
$case: 'azureServicePrincipal';
|
|
405
|
-
/** The Azure service principal configuration. */
|
|
406
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
407
|
-
}
|
|
408
|
-
| {
|
|
409
|
-
$case: 'gcpServiceAccountKey';
|
|
410
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
411
|
-
}
|
|
412
|
-
| {
|
|
413
|
-
$case: 'azureManagedIdentity';
|
|
414
|
-
/** The Azure managed identity configuration. */
|
|
415
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
416
|
-
}
|
|
417
|
-
| {
|
|
418
|
-
$case: 'databricksGcpServiceAccount';
|
|
419
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
420
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
421
|
-
}
|
|
422
|
-
| {
|
|
423
|
-
$case: 'cloudflareApiToken';
|
|
424
|
-
/** The Cloudflare API token configuration. */
|
|
425
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
426
|
-
}
|
|
427
|
-
| undefined;
|
|
428
|
-
/** Comment associated with the credential. */
|
|
429
|
-
comment?: string | undefined;
|
|
430
|
-
/**
|
|
431
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
432
|
-
* when purpose is **STORAGE**.
|
|
433
|
-
*/
|
|
434
|
-
readOnly?: boolean | undefined;
|
|
435
|
-
/** Username of current owner of credential. */
|
|
436
|
-
owner?: string | undefined;
|
|
437
|
-
/** The unique identifier of the credential. */
|
|
438
|
-
id?: string | undefined;
|
|
439
|
-
/** Unique identifier of the parent metastore. */
|
|
440
|
-
metastoreId?: string | undefined;
|
|
441
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
442
|
-
createdAt?: bigint | undefined;
|
|
443
|
-
/** Username of credential creator. */
|
|
444
|
-
createdBy?: string | undefined;
|
|
445
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
446
|
-
updatedAt?: bigint | undefined;
|
|
447
|
-
/** Username of user who last modified the credential. */
|
|
448
|
-
updatedBy?: string | undefined;
|
|
449
|
-
/**
|
|
450
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
451
|
-
* Only applicable when purpose is **STORAGE**.
|
|
452
|
-
*/
|
|
453
|
-
usedForManagedStorage?: boolean | undefined;
|
|
454
|
-
/** The full name of the credential. */
|
|
455
|
-
fullName?: string | undefined;
|
|
456
|
-
/**
|
|
457
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
458
|
-
* specific set of workspaces.
|
|
459
|
-
*/
|
|
460
|
-
isolationMode?: IsolationMode | undefined;
|
|
461
|
-
}
|
|
462
|
-
|
|
463
|
-
export interface CredentialInfo {
|
|
464
|
-
/**
|
|
465
|
-
* The credential name. The name must be unique among storage and service
|
|
466
|
-
* credentials within the metastore.
|
|
467
|
-
*/
|
|
468
|
-
name?: string | undefined;
|
|
469
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
470
|
-
credential?:
|
|
471
|
-
| {
|
|
472
|
-
$case: 'awsIamRole';
|
|
473
|
-
/** The AWS IAM role configuration. */
|
|
474
|
-
awsIamRole: AwsIamRole;
|
|
475
|
-
}
|
|
476
|
-
| {
|
|
477
|
-
$case: 'azureServicePrincipal';
|
|
478
|
-
/** The Azure service principal configuration. */
|
|
479
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
480
|
-
}
|
|
481
|
-
| {
|
|
482
|
-
$case: 'gcpServiceAccountKey';
|
|
483
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
484
|
-
}
|
|
485
|
-
| {
|
|
486
|
-
$case: 'azureManagedIdentity';
|
|
487
|
-
/** The Azure managed identity configuration. */
|
|
488
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
489
|
-
}
|
|
490
|
-
| {
|
|
491
|
-
$case: 'databricksGcpServiceAccount';
|
|
492
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
493
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
494
|
-
}
|
|
495
|
-
| {
|
|
496
|
-
$case: 'cloudflareApiToken';
|
|
497
|
-
/** The Cloudflare API token configuration. */
|
|
498
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
499
|
-
}
|
|
500
|
-
| undefined;
|
|
501
|
-
/** Comment associated with the credential. */
|
|
502
|
-
comment?: string | undefined;
|
|
503
|
-
/**
|
|
504
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
505
|
-
* when purpose is **STORAGE**.
|
|
506
|
-
*/
|
|
507
|
-
readOnly?: boolean | undefined;
|
|
508
|
-
/** Username of current owner of credential. */
|
|
509
|
-
owner?: string | undefined;
|
|
510
|
-
/** The unique identifier of the credential. */
|
|
511
|
-
id?: string | undefined;
|
|
512
|
-
/** Unique identifier of the parent metastore. */
|
|
513
|
-
metastoreId?: string | undefined;
|
|
514
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
515
|
-
createdAt?: bigint | undefined;
|
|
516
|
-
/** Username of credential creator. */
|
|
517
|
-
createdBy?: string | undefined;
|
|
518
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
519
|
-
updatedAt?: bigint | undefined;
|
|
520
|
-
/** Username of user who last modified the credential. */
|
|
521
|
-
updatedBy?: string | undefined;
|
|
522
|
-
/**
|
|
523
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
524
|
-
* Only applicable when purpose is **STORAGE**.
|
|
525
|
-
*/
|
|
526
|
-
usedForManagedStorage?: boolean | undefined;
|
|
527
|
-
/** The full name of the credential. */
|
|
528
|
-
fullName?: string | undefined;
|
|
529
|
-
/**
|
|
530
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
531
|
-
* specific set of workspaces.
|
|
532
|
-
*/
|
|
533
|
-
isolationMode?: IsolationMode | undefined;
|
|
534
|
-
}
|
|
535
|
-
|
|
536
|
-
export interface Credentials {
|
|
537
|
-
/** <Databricks> credential configuration ID. */
|
|
538
|
-
credentialsId?: string | undefined;
|
|
539
|
-
/** The <Databricks> account ID that hosts the credential. */
|
|
540
|
-
accountId?: string | undefined;
|
|
541
|
-
/** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
|
|
542
|
-
cloudCredentials?:
|
|
543
|
-
| {$case: 'awsCredentials'; awsCredentials: AwsCredentials}
|
|
544
|
-
| undefined;
|
|
545
|
-
/** The human-readable name of the credential configuration object. */
|
|
546
|
-
credentialsName?: string | undefined;
|
|
547
|
-
/** Time in epoch milliseconds when the credential was created. */
|
|
548
|
-
creationTime?: bigint | undefined;
|
|
549
|
-
}
|
|
550
|
-
|
|
551
|
-
/**
|
|
552
|
-
* GCP long-lived credential.
|
|
553
|
-
* <Databricks>-created Google Cloud Storage service account.
|
|
554
|
-
*/
|
|
555
|
-
export interface DatabricksGcpServiceAccount {
|
|
556
|
-
/** The email of the service account. */
|
|
557
|
-
email?: string | undefined;
|
|
558
|
-
/** The ID that represents the private key for this Service Account */
|
|
559
|
-
privateKeyId?: string | undefined;
|
|
560
|
-
/** The <Databricks> internal ID that represents this managed identity. */
|
|
561
|
-
credentialId?: string | undefined;
|
|
562
|
-
}
|
|
563
|
-
|
|
564
|
-
export interface DeleteCredentialRequest {
|
|
565
|
-
/** Name of the credential. */
|
|
566
|
-
nameArg?: string | undefined;
|
|
567
|
-
/**
|
|
568
|
-
* Force an update even if there are dependent services (when purpose is
|
|
569
|
-
* **SERVICE**) or dependent external locations and external tables (when
|
|
570
|
-
* purpose is **STORAGE**).
|
|
571
|
-
*/
|
|
572
|
-
force?: boolean | undefined;
|
|
573
|
-
}
|
|
574
|
-
|
|
575
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-object-type -- Proto-style nested message name.
|
|
576
|
-
export interface DeleteCredentialRequest_Response {}
|
|
577
|
-
|
|
578
|
-
export interface DeleteCredentialsRequest {
|
|
579
|
-
/** Databricks Account API credential configuration ID */
|
|
580
|
-
credentialsId?: string | undefined;
|
|
581
|
-
accountId?: string | undefined;
|
|
582
|
-
}
|
|
583
|
-
|
|
584
|
-
export interface DeleteStorageCredentialRequest {
|
|
585
|
-
/** Name of the storage credential. */
|
|
586
|
-
nameArg?: string | undefined;
|
|
587
|
-
/**
|
|
588
|
-
* Force an update even if there are dependent external locations or external
|
|
589
|
-
* tables (when purpose is **STORAGE**) or dependent services (when purpose is
|
|
590
|
-
* **SERVICE**).
|
|
591
|
-
*/
|
|
592
|
-
force?: boolean | undefined;
|
|
593
|
-
}
|
|
594
|
-
|
|
595
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention, @typescript-eslint/no-empty-object-type -- Proto-style nested message name.
|
|
596
|
-
export interface DeleteStorageCredentialRequest_Response {}
|
|
597
|
-
|
|
598
|
-
/**
|
|
599
|
-
* GCP temporary credentials for API authentication.
|
|
600
|
-
* Read more at https://developers.google.com/identity/protocols/oauth2/service-account
|
|
601
|
-
*/
|
|
602
|
-
export interface GcpOauthToken {
|
|
603
|
-
oauthToken?: string | undefined;
|
|
604
|
-
}
|
|
605
|
-
|
|
606
|
-
/**
|
|
607
|
-
* GCP long-lived credential.
|
|
608
|
-
* GCP Service Account.
|
|
609
|
-
*/
|
|
610
|
-
export interface GcpServiceAccountKey {
|
|
611
|
-
/** The email of the service account. */
|
|
612
|
-
email?: string | undefined;
|
|
613
|
-
/** The ID of the service account's private key. */
|
|
614
|
-
privateKeyId?: string | undefined;
|
|
615
|
-
/** The service account's RSA private key. */
|
|
616
|
-
privateKey?: string | undefined;
|
|
617
|
-
}
|
|
618
|
-
|
|
619
|
-
export interface GenerateTemporaryPathCredentialRequest {
|
|
620
|
-
/** URL for path-based access. */
|
|
621
|
-
url?: string | undefined;
|
|
622
|
-
/** The operation being performed on the path. */
|
|
623
|
-
operation?: PathOperation | undefined;
|
|
624
|
-
/**
|
|
625
|
-
* Optional. When set to true, the service will not validate that the generated
|
|
626
|
-
* credentials can perform write operations, therefore no new paths will be created
|
|
627
|
-
* and the response will not contain valid credentials. Defaults to false.
|
|
628
|
-
*/
|
|
629
|
-
dryRun?: boolean | undefined;
|
|
630
|
-
}
|
|
631
|
-
|
|
632
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
633
|
-
export interface GenerateTemporaryPathCredentialRequest_Response {
|
|
634
|
-
/** The temporary credential. */
|
|
635
|
-
credentials?:
|
|
636
|
-
| {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
|
|
637
|
-
| {
|
|
638
|
-
$case: 'azureUserDelegationSas';
|
|
639
|
-
azureUserDelegationSas: AzureUserDelegationSas;
|
|
640
|
-
}
|
|
641
|
-
| {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
|
|
642
|
-
| {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
|
|
643
|
-
| {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
|
|
644
|
-
| undefined;
|
|
645
|
-
/**
|
|
646
|
-
* Server time when the credential will expire, in epoch milliseconds.
|
|
647
|
-
* The API client is advised to cache the credential given this expiration time.
|
|
648
|
-
*/
|
|
649
|
-
expirationTime?: bigint | undefined;
|
|
650
|
-
/** The URL of the storage path accessible by the temporary credential. */
|
|
651
|
-
url?: string | undefined;
|
|
652
|
-
}
|
|
653
|
-
|
|
654
|
-
export interface GenerateTemporaryServiceCredentialRequest {
|
|
655
|
-
/** The name of the service credential used to generate a temporary credential */
|
|
656
|
-
credentialName?: string | undefined;
|
|
657
|
-
options?:
|
|
658
|
-
| {
|
|
659
|
-
$case: 'azureOptions';
|
|
660
|
-
azureOptions: GenerateTemporaryServiceCredentialRequest_AzureOptions;
|
|
661
|
-
}
|
|
662
|
-
| {
|
|
663
|
-
$case: 'gcpOptions';
|
|
664
|
-
gcpOptions: GenerateTemporaryServiceCredentialRequest_GcpOptions;
|
|
665
|
-
}
|
|
666
|
-
| undefined;
|
|
667
|
-
}
|
|
668
|
-
|
|
669
|
-
/** The Azure cloud options to customize the requested temporary credential */
|
|
670
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
671
|
-
export interface GenerateTemporaryServiceCredentialRequest_AzureOptions {
|
|
672
|
-
/**
|
|
673
|
-
* The resources to which the temporary Azure credential should apply. These resources
|
|
674
|
-
* are the scopes that are passed to the token provider (see https://learn.microsoft.com/python/api/azure-core/azure.core.credentials.tokencredential?view=azure-python)
|
|
675
|
-
*/
|
|
676
|
-
resources?: string[] | undefined;
|
|
677
|
-
}
|
|
678
|
-
|
|
679
|
-
/** The GCP cloud options to customize the requested temporary credential */
|
|
680
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
681
|
-
export interface GenerateTemporaryServiceCredentialRequest_GcpOptions {
|
|
682
|
-
/**
|
|
683
|
-
* The scopes to which the temporary GCP credential should apply. These resources
|
|
684
|
-
* are the scopes that are passed to the token provider (see
|
|
685
|
-
* https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.credentials.Credentials)
|
|
686
|
-
*/
|
|
687
|
-
scopes?: string[] | undefined;
|
|
688
|
-
}
|
|
689
|
-
|
|
690
|
-
export interface GenerateTemporaryTableCredentialRequest {
|
|
691
|
-
/** UUID of the table to read or write. */
|
|
692
|
-
tableId?: string | undefined;
|
|
693
|
-
/**
|
|
694
|
-
* The operation performed against the table data, either READ or READ_WRITE. If READ_WRITE is specified,
|
|
695
|
-
* the credentials returned will have write permissions, otherwise, it will be read only.
|
|
696
|
-
*/
|
|
697
|
-
operation?: TableOperation | undefined;
|
|
698
|
-
}
|
|
699
|
-
|
|
700
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
701
|
-
export interface GenerateTemporaryTableCredentialRequest_Response {
|
|
702
|
-
/** The temporary credential. */
|
|
703
|
-
credentials?:
|
|
704
|
-
| {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
|
|
705
|
-
| {
|
|
706
|
-
$case: 'azureUserDelegationSas';
|
|
707
|
-
azureUserDelegationSas: AzureUserDelegationSas;
|
|
708
|
-
}
|
|
709
|
-
| {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
|
|
710
|
-
| {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
|
|
711
|
-
| {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
|
|
712
|
-
| undefined;
|
|
713
|
-
/**
|
|
714
|
-
* Server time when the credential will expire, in epoch milliseconds.
|
|
715
|
-
* The API client is advised to cache the credential given this expiration time.
|
|
716
|
-
*/
|
|
717
|
-
expirationTime?: bigint | undefined;
|
|
718
|
-
/** The URL of the storage path accessible by the temporary credential. */
|
|
719
|
-
url?: string | undefined;
|
|
720
|
-
}
|
|
721
|
-
|
|
722
|
-
/** Generate volume credentials RPC */
|
|
723
|
-
export interface GenerateTemporaryVolumeCredentialRequest {
|
|
724
|
-
/** Id of the volume to read or write. */
|
|
725
|
-
volumeId?: string | undefined;
|
|
726
|
-
/**
|
|
727
|
-
* The operation performed against the volume data, either READ_VOLUME or WRITE_VOLUME. If WRITE_VOLUME is specified,
|
|
728
|
-
* the credentials returned will have write permissions, otherwise, it will be read only.
|
|
729
|
-
*/
|
|
730
|
-
operation?: VolumeOperation | undefined;
|
|
731
|
-
}
|
|
732
|
-
|
|
733
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
734
|
-
export interface GenerateTemporaryVolumeCredentialRequest_Response {
|
|
735
|
-
/** The temporary credential. */
|
|
736
|
-
credentials?:
|
|
737
|
-
| {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
|
|
738
|
-
| {
|
|
739
|
-
$case: 'azureUserDelegationSas';
|
|
740
|
-
azureUserDelegationSas: AzureUserDelegationSas;
|
|
741
|
-
}
|
|
742
|
-
| {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
|
|
743
|
-
| {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
|
|
744
|
-
| {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
|
|
745
|
-
| undefined;
|
|
746
|
-
/**
|
|
747
|
-
* Server time when the credential will expire, in epoch milliseconds.
|
|
748
|
-
* The API client is advised to cache the credential given this expiration time.
|
|
749
|
-
*/
|
|
750
|
-
expirationTime?: bigint | undefined;
|
|
751
|
-
/** The URL of the storage path accessible by the temporary credential. */
|
|
752
|
-
url?: string | undefined;
|
|
753
|
-
}
|
|
754
|
-
|
|
755
|
-
export interface GetCredentialRequest {
|
|
756
|
-
/** Name of the credential. */
|
|
757
|
-
nameArg?: string | undefined;
|
|
758
|
-
}
|
|
759
|
-
|
|
760
|
-
export interface GetCredentialsRequest {
|
|
761
|
-
/** Credential configuration ID */
|
|
762
|
-
credentialsId?: string | undefined;
|
|
763
|
-
accountId?: string | undefined;
|
|
764
|
-
}
|
|
765
|
-
|
|
766
|
-
/**
|
|
767
|
-
* TODO(UC-1710): The legacy /storage-credentials API is being deprecated.
|
|
768
|
-
* Please use the new consolidated /credentials API instead.
|
|
769
|
-
* See https://github.com/databricks-eng/universe/pull/857047#discussion_r1924779791 for an example of a case when that wasn't possible.
|
|
770
|
-
*/
|
|
771
|
-
export interface GetStorageCredentialRequest {
|
|
772
|
-
/** Name of the storage credential. */
|
|
773
|
-
nameArg?: string | undefined;
|
|
774
|
-
}
|
|
775
|
-
|
|
776
|
-
export interface ListCredentialsPublicRequest {
|
|
777
|
-
accountId?: string | undefined;
|
|
778
|
-
}
|
|
779
|
-
|
|
780
|
-
/**
|
|
781
|
-
* ListCredentialsRequest is used to list credentials in the metastore.
|
|
782
|
-
* Returns an array of credentials (as CredentialInfo objects). The array is
|
|
783
|
-
* limited to the credentials that the caller has permission to access. If the
|
|
784
|
-
* caller is a metastore admin, retrieval of credentials is unrestricted.
|
|
785
|
-
*
|
|
786
|
-
* There is no guarantee of a specific ordering of the elements in the array.
|
|
787
|
-
*/
|
|
788
|
-
export interface ListCredentialsRequest {
|
|
789
|
-
/**
|
|
790
|
-
* Whether to include credentials not bound to the workspace.
|
|
791
|
-
* Effective only if the user has permission to update the credential–workspace binding.
|
|
792
|
-
*/
|
|
793
|
-
includeUnbound?: boolean | undefined;
|
|
794
|
-
/**
|
|
795
|
-
* Maximum number of credentials to return.
|
|
796
|
-
* - If not set, the default max page size is used.
|
|
797
|
-
* - When set to a value greater than 0, the page length is the minimum of
|
|
798
|
-
* this value and a server-configured value.
|
|
799
|
-
* - When set to 0, the page length is set to a server-configured value
|
|
800
|
-
* (recommended).
|
|
801
|
-
* - When set to a value less than 0, an invalid parameter error is
|
|
802
|
-
* returned.
|
|
803
|
-
*/
|
|
804
|
-
maxResults?: number | undefined;
|
|
805
|
-
/** Opaque token to retrieve the next page of results. */
|
|
806
|
-
pageToken?: string | undefined;
|
|
807
|
-
}
|
|
808
|
-
|
|
809
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
810
|
-
export interface ListCredentialsRequest_Response {
|
|
811
|
-
credentials?: CredentialInfo[] | undefined;
|
|
812
|
-
/**
|
|
813
|
-
* Opaque token to retrieve the next page of results. Absent if there are no
|
|
814
|
-
* more pages.
|
|
815
|
-
* __page_token__ should be set to this value for the next request (for the
|
|
816
|
-
* next page of results).
|
|
817
|
-
*/
|
|
818
|
-
nextPageToken?: string | undefined;
|
|
819
|
-
}
|
|
820
|
-
|
|
821
|
-
export interface ListCredentialsResponse {
|
|
822
|
-
credentials?: Credentials[] | undefined;
|
|
823
|
-
}
|
|
824
|
-
|
|
825
|
-
export interface ListStorageCredentialsRequest {
|
|
826
|
-
/**
|
|
827
|
-
* Whether to include credentials not bound to the workspace.
|
|
828
|
-
* Effective only if the user has permission to update the credential–workspace binding.
|
|
829
|
-
*/
|
|
830
|
-
includeUnbound?: boolean | undefined;
|
|
831
|
-
/**
|
|
832
|
-
* Maximum number of storage credentials to return.
|
|
833
|
-
* If not set, all the storage credentials are returned (not recommended).
|
|
834
|
-
* - when set to a value greater than 0, the page length is the minimum of
|
|
835
|
-
* this value and a server configured value;
|
|
836
|
-
* - when set to 0, the page length is set to a server configured value
|
|
837
|
-
* (recommended);
|
|
838
|
-
* - when set to a value less than 0, an invalid parameter error is returned;
|
|
839
|
-
*/
|
|
840
|
-
maxResults?: number | undefined;
|
|
841
|
-
/** Opaque pagination token to go to next page based on previous query. */
|
|
842
|
-
pageToken?: string | undefined;
|
|
843
|
-
}
|
|
844
|
-
|
|
845
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
846
|
-
export interface ListStorageCredentialsRequest_Response {
|
|
847
|
-
storageCredentials?: StorageCredentialInfo[] | undefined;
|
|
848
|
-
/**
|
|
849
|
-
* Opaque token to retrieve the next page of results. Absent if there are no
|
|
850
|
-
* more pages.
|
|
851
|
-
* __page_token__ should be set to this value for the next request (for the
|
|
852
|
-
* next page of results).
|
|
853
|
-
*/
|
|
854
|
-
nextPageToken?: string | undefined;
|
|
855
|
-
}
|
|
856
|
-
|
|
857
|
-
/**
|
|
858
|
-
* R2 temporary credentials for API authentication.
|
|
859
|
-
* Read more at https://developers.cloudflare.com/r2/api/s3/tokens/.
|
|
860
|
-
*/
|
|
861
|
-
export interface R2Credentials {
|
|
862
|
-
/** The access key ID that identifies the temporary credentials. */
|
|
863
|
-
accessKeyId?: string | undefined;
|
|
864
|
-
/** The secret access key associated with the access key. */
|
|
865
|
-
secretAccessKey?: string | undefined;
|
|
866
|
-
/** The generated JWT that users must pass to use the temporary credentials. */
|
|
867
|
-
sessionToken?: string | undefined;
|
|
868
|
-
}
|
|
869
|
-
|
|
870
|
-
export interface StorageCredentialInfo {
|
|
871
|
-
/**
|
|
872
|
-
* The credential name. The name must be unique among storage and service
|
|
873
|
-
* credentials within the metastore.
|
|
874
|
-
*/
|
|
875
|
-
name?: string | undefined;
|
|
876
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
877
|
-
credential?:
|
|
878
|
-
| {
|
|
879
|
-
$case: 'awsIamRole';
|
|
880
|
-
/** The AWS IAM role configuration. */
|
|
881
|
-
awsIamRole: AwsIamRole;
|
|
882
|
-
}
|
|
883
|
-
| {
|
|
884
|
-
$case: 'azureServicePrincipal';
|
|
885
|
-
/** The Azure service principal configuration. */
|
|
886
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
887
|
-
}
|
|
888
|
-
| {
|
|
889
|
-
$case: 'gcpServiceAccountKey';
|
|
890
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
891
|
-
}
|
|
892
|
-
| {
|
|
893
|
-
$case: 'azureManagedIdentity';
|
|
894
|
-
/** The Azure managed identity configuration. */
|
|
895
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
896
|
-
}
|
|
897
|
-
| {
|
|
898
|
-
$case: 'databricksGcpServiceAccount';
|
|
899
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
900
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
901
|
-
}
|
|
902
|
-
| {
|
|
903
|
-
$case: 'cloudflareApiToken';
|
|
904
|
-
/** The Cloudflare API token configuration. */
|
|
905
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
906
|
-
}
|
|
907
|
-
| undefined;
|
|
908
|
-
/** Comment associated with the credential. */
|
|
909
|
-
comment?: string | undefined;
|
|
910
|
-
/**
|
|
911
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
912
|
-
* when purpose is **STORAGE**.
|
|
913
|
-
*/
|
|
914
|
-
readOnly?: boolean | undefined;
|
|
915
|
-
/** Username of current owner of credential. */
|
|
916
|
-
owner?: string | undefined;
|
|
917
|
-
/** The unique identifier of the credential. */
|
|
918
|
-
id?: string | undefined;
|
|
919
|
-
/** Unique identifier of the parent metastore. */
|
|
920
|
-
metastoreId?: string | undefined;
|
|
921
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
922
|
-
createdAt?: bigint | undefined;
|
|
923
|
-
/** Username of credential creator. */
|
|
924
|
-
createdBy?: string | undefined;
|
|
925
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
926
|
-
updatedAt?: bigint | undefined;
|
|
927
|
-
/** Username of user who last modified the credential. */
|
|
928
|
-
updatedBy?: string | undefined;
|
|
929
|
-
/**
|
|
930
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
931
|
-
* Only applicable when purpose is **STORAGE**.
|
|
932
|
-
*/
|
|
933
|
-
usedForManagedStorage?: boolean | undefined;
|
|
934
|
-
/** The full name of the credential. */
|
|
935
|
-
fullName?: string | undefined;
|
|
936
|
-
/**
|
|
937
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
938
|
-
* specific set of workspaces.
|
|
939
|
-
*/
|
|
940
|
-
isolationMode?: IsolationMode | undefined;
|
|
941
|
-
}
|
|
942
|
-
|
|
943
|
-
/**
|
|
944
|
-
* AWS temporary credentials for API authentication.
|
|
945
|
-
* Read more at https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html.
|
|
946
|
-
*/
|
|
947
|
-
export interface TemporaryAwsCredentials {
|
|
948
|
-
/** The access key ID that identifies the temporary credentials. */
|
|
949
|
-
accessKeyId?: string | undefined;
|
|
950
|
-
/** The secret access key that can be used to sign AWS API requests. */
|
|
951
|
-
secretAccessKey?: string | undefined;
|
|
952
|
-
/** The token that users must pass to AWS API to use the temporary credentials. */
|
|
953
|
-
sessionToken?: string | undefined;
|
|
954
|
-
/**
|
|
955
|
-
* The Amazon Resource Name (ARN) of the S3 access point for
|
|
956
|
-
* temporary credentials related the external location.
|
|
957
|
-
*/
|
|
958
|
-
accessPoint?: string | undefined;
|
|
959
|
-
}
|
|
960
|
-
|
|
961
|
-
export interface TemporaryCredentials {
|
|
962
|
-
/** The temporary credential. */
|
|
963
|
-
credentials?:
|
|
964
|
-
| {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
|
|
965
|
-
| {
|
|
966
|
-
$case: 'azureUserDelegationSas';
|
|
967
|
-
azureUserDelegationSas: AzureUserDelegationSas;
|
|
968
|
-
}
|
|
969
|
-
| {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
|
|
970
|
-
| {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
|
|
971
|
-
| {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
|
|
972
|
-
| undefined;
|
|
973
|
-
/**
|
|
974
|
-
* Server time when the credential will expire, in epoch milliseconds.
|
|
975
|
-
* The API client is advised to cache the credential given this expiration time.
|
|
976
|
-
*/
|
|
977
|
-
expirationTime?: bigint | undefined;
|
|
978
|
-
/** The URL of the storage path accessible by the temporary credential. */
|
|
979
|
-
url?: string | undefined;
|
|
980
|
-
}
|
|
981
|
-
|
|
982
|
-
export interface UpdateAccountsStorageCredential {
|
|
983
|
-
/**
|
|
984
|
-
* The credential name. The name must be unique among storage and service
|
|
985
|
-
* credentials within the metastore.
|
|
986
|
-
*/
|
|
987
|
-
name?: string | undefined;
|
|
988
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
989
|
-
credential?:
|
|
990
|
-
| {
|
|
991
|
-
$case: 'awsIamRole';
|
|
992
|
-
/** The AWS IAM role configuration. */
|
|
993
|
-
awsIamRole: AwsIamRole;
|
|
994
|
-
}
|
|
995
|
-
| {
|
|
996
|
-
$case: 'azureServicePrincipal';
|
|
997
|
-
/** The Azure service principal configuration. */
|
|
998
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
999
|
-
}
|
|
1000
|
-
| {
|
|
1001
|
-
$case: 'gcpServiceAccountKey';
|
|
1002
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
1003
|
-
}
|
|
1004
|
-
| {
|
|
1005
|
-
$case: 'azureManagedIdentity';
|
|
1006
|
-
/** The Azure managed identity configuration. */
|
|
1007
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
1008
|
-
}
|
|
1009
|
-
| {
|
|
1010
|
-
$case: 'databricksGcpServiceAccount';
|
|
1011
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
1012
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
1013
|
-
}
|
|
1014
|
-
| {
|
|
1015
|
-
$case: 'cloudflareApiToken';
|
|
1016
|
-
/** The Cloudflare API token configuration. */
|
|
1017
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
1018
|
-
}
|
|
1019
|
-
| undefined;
|
|
1020
|
-
/** Comment associated with the credential. */
|
|
1021
|
-
comment?: string | undefined;
|
|
1022
|
-
/**
|
|
1023
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
1024
|
-
* when purpose is **STORAGE**.
|
|
1025
|
-
*/
|
|
1026
|
-
readOnly?: boolean | undefined;
|
|
1027
|
-
/** Username of current owner of credential. */
|
|
1028
|
-
owner?: string | undefined;
|
|
1029
|
-
/** The unique identifier of the credential. */
|
|
1030
|
-
id?: string | undefined;
|
|
1031
|
-
/** Unique identifier of the parent metastore. */
|
|
1032
|
-
metastoreId?: string | undefined;
|
|
1033
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
1034
|
-
createdAt?: bigint | undefined;
|
|
1035
|
-
/** Username of credential creator. */
|
|
1036
|
-
createdBy?: string | undefined;
|
|
1037
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
1038
|
-
updatedAt?: bigint | undefined;
|
|
1039
|
-
/** Username of user who last modified the credential. */
|
|
1040
|
-
updatedBy?: string | undefined;
|
|
1041
|
-
/**
|
|
1042
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
1043
|
-
* Only applicable when purpose is **STORAGE**.
|
|
1044
|
-
*/
|
|
1045
|
-
usedForManagedStorage?: boolean | undefined;
|
|
1046
|
-
/** The full name of the credential. */
|
|
1047
|
-
fullName?: string | undefined;
|
|
1048
|
-
/**
|
|
1049
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
1050
|
-
* specific set of workspaces.
|
|
1051
|
-
*/
|
|
1052
|
-
isolationMode?: IsolationMode | undefined;
|
|
1053
|
-
}
|
|
1054
|
-
|
|
1055
|
-
export interface UpdateCredentialRequest {
|
|
1056
|
-
/** Name of the credential. */
|
|
1057
|
-
nameArg?: string | undefined;
|
|
1058
|
-
/** New name of credential. */
|
|
1059
|
-
newName?: string | undefined;
|
|
1060
|
-
/** Supply true to this argument to skip validation of the updated credential. */
|
|
1061
|
-
skipValidation?: boolean | undefined;
|
|
1062
|
-
/**
|
|
1063
|
-
* Force an update even if there are dependent services (when purpose is
|
|
1064
|
-
* **SERVICE**) or dependent external locations and external tables (when
|
|
1065
|
-
* purpose is **STORAGE**).
|
|
1066
|
-
*/
|
|
1067
|
-
force?: boolean | undefined;
|
|
1068
|
-
/**
|
|
1069
|
-
* The credential name. The name must be unique among storage and service
|
|
1070
|
-
* credentials within the metastore.
|
|
1071
|
-
*/
|
|
1072
|
-
name?: string | undefined;
|
|
1073
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
1074
|
-
credential?:
|
|
1075
|
-
| {
|
|
1076
|
-
$case: 'awsIamRole';
|
|
1077
|
-
/** The AWS IAM role configuration. */
|
|
1078
|
-
awsIamRole: AwsIamRole;
|
|
1079
|
-
}
|
|
1080
|
-
| {
|
|
1081
|
-
$case: 'azureServicePrincipal';
|
|
1082
|
-
/** The Azure service principal configuration. */
|
|
1083
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
1084
|
-
}
|
|
1085
|
-
| {
|
|
1086
|
-
$case: 'gcpServiceAccountKey';
|
|
1087
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
1088
|
-
}
|
|
1089
|
-
| {
|
|
1090
|
-
$case: 'azureManagedIdentity';
|
|
1091
|
-
/** The Azure managed identity configuration. */
|
|
1092
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
1093
|
-
}
|
|
1094
|
-
| {
|
|
1095
|
-
$case: 'databricksGcpServiceAccount';
|
|
1096
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
1097
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
1098
|
-
}
|
|
1099
|
-
| {
|
|
1100
|
-
$case: 'cloudflareApiToken';
|
|
1101
|
-
/** The Cloudflare API token configuration. */
|
|
1102
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
1103
|
-
}
|
|
1104
|
-
| undefined;
|
|
1105
|
-
/** Comment associated with the credential. */
|
|
1106
|
-
comment?: string | undefined;
|
|
1107
|
-
/**
|
|
1108
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
1109
|
-
* when purpose is **STORAGE**.
|
|
1110
|
-
*/
|
|
1111
|
-
readOnly?: boolean | undefined;
|
|
1112
|
-
/** Username of current owner of credential. */
|
|
1113
|
-
owner?: string | undefined;
|
|
1114
|
-
/** The unique identifier of the credential. */
|
|
1115
|
-
id?: string | undefined;
|
|
1116
|
-
/** Unique identifier of the parent metastore. */
|
|
1117
|
-
metastoreId?: string | undefined;
|
|
1118
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
1119
|
-
createdAt?: bigint | undefined;
|
|
1120
|
-
/** Username of credential creator. */
|
|
1121
|
-
createdBy?: string | undefined;
|
|
1122
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
1123
|
-
updatedAt?: bigint | undefined;
|
|
1124
|
-
/** Username of user who last modified the credential. */
|
|
1125
|
-
updatedBy?: string | undefined;
|
|
1126
|
-
/**
|
|
1127
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
1128
|
-
* Only applicable when purpose is **STORAGE**.
|
|
1129
|
-
*/
|
|
1130
|
-
usedForManagedStorage?: boolean | undefined;
|
|
1131
|
-
/** The full name of the credential. */
|
|
1132
|
-
fullName?: string | undefined;
|
|
1133
|
-
/**
|
|
1134
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
1135
|
-
* specific set of workspaces.
|
|
1136
|
-
*/
|
|
1137
|
-
isolationMode?: IsolationMode | undefined;
|
|
1138
|
-
}
|
|
1139
|
-
|
|
1140
|
-
export interface UpdateStorageCredentialRequest {
|
|
1141
|
-
/** Name of the storage credential. */
|
|
1142
|
-
nameArg?: string | undefined;
|
|
1143
|
-
/** New name for the storage credential. */
|
|
1144
|
-
newName?: string | undefined;
|
|
1145
|
-
/** Supplying true to this argument skips validation of the updated credential. */
|
|
1146
|
-
skipValidation?: boolean | undefined;
|
|
1147
|
-
/**
|
|
1148
|
-
* Force update even if there are dependent external locations or external
|
|
1149
|
-
* tables.
|
|
1150
|
-
*/
|
|
1151
|
-
force?: boolean | undefined;
|
|
1152
|
-
/**
|
|
1153
|
-
* The credential name. The name must be unique among storage and service
|
|
1154
|
-
* credentials within the metastore.
|
|
1155
|
-
*/
|
|
1156
|
-
name?: string | undefined;
|
|
1157
|
-
/** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
|
|
1158
|
-
credential?:
|
|
1159
|
-
| {
|
|
1160
|
-
$case: 'awsIamRole';
|
|
1161
|
-
/** The AWS IAM role configuration. */
|
|
1162
|
-
awsIamRole: AwsIamRole;
|
|
1163
|
-
}
|
|
1164
|
-
| {
|
|
1165
|
-
$case: 'azureServicePrincipal';
|
|
1166
|
-
/** The Azure service principal configuration. */
|
|
1167
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
1168
|
-
}
|
|
1169
|
-
| {
|
|
1170
|
-
$case: 'gcpServiceAccountKey';
|
|
1171
|
-
gcpServiceAccountKey: GcpServiceAccountKey;
|
|
1172
|
-
}
|
|
1173
|
-
| {
|
|
1174
|
-
$case: 'azureManagedIdentity';
|
|
1175
|
-
/** The Azure managed identity configuration. */
|
|
1176
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
1177
|
-
}
|
|
1178
|
-
| {
|
|
1179
|
-
$case: 'databricksGcpServiceAccount';
|
|
1180
|
-
/** The <Databricks> managed GCP service account configuration. */
|
|
1181
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
1182
|
-
}
|
|
1183
|
-
| {
|
|
1184
|
-
$case: 'cloudflareApiToken';
|
|
1185
|
-
/** The Cloudflare API token configuration. */
|
|
1186
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
1187
|
-
}
|
|
1188
|
-
| undefined;
|
|
1189
|
-
/** Comment associated with the credential. */
|
|
1190
|
-
comment?: string | undefined;
|
|
1191
|
-
/**
|
|
1192
|
-
* Whether the credential is usable only for read operations. Only applicable
|
|
1193
|
-
* when purpose is **STORAGE**.
|
|
1194
|
-
*/
|
|
1195
|
-
readOnly?: boolean | undefined;
|
|
1196
|
-
/** Username of current owner of credential. */
|
|
1197
|
-
owner?: string | undefined;
|
|
1198
|
-
/** The unique identifier of the credential. */
|
|
1199
|
-
id?: string | undefined;
|
|
1200
|
-
/** Unique identifier of the parent metastore. */
|
|
1201
|
-
metastoreId?: string | undefined;
|
|
1202
|
-
/** Time at which this credential was created, in epoch milliseconds. */
|
|
1203
|
-
createdAt?: bigint | undefined;
|
|
1204
|
-
/** Username of credential creator. */
|
|
1205
|
-
createdBy?: string | undefined;
|
|
1206
|
-
/** Time at which this credential was last modified, in epoch milliseconds. */
|
|
1207
|
-
updatedAt?: bigint | undefined;
|
|
1208
|
-
/** Username of user who last modified the credential. */
|
|
1209
|
-
updatedBy?: string | undefined;
|
|
1210
|
-
/**
|
|
1211
|
-
* Whether this credential is the current metastore's root storage credential.
|
|
1212
|
-
* Only applicable when purpose is **STORAGE**.
|
|
1213
|
-
*/
|
|
1214
|
-
usedForManagedStorage?: boolean | undefined;
|
|
1215
|
-
/** The full name of the credential. */
|
|
1216
|
-
fullName?: string | undefined;
|
|
1217
|
-
/**
|
|
1218
|
-
* Whether the current securable is accessible from all workspaces or a
|
|
1219
|
-
* specific set of workspaces.
|
|
1220
|
-
*/
|
|
1221
|
-
isolationMode?: IsolationMode | undefined;
|
|
1222
|
-
}
|
|
1223
|
-
|
|
1224
|
-
/** Next ID: 18 */
|
|
1225
|
-
export interface ValidateCredentialRequest {
|
|
1226
|
-
credential?:
|
|
1227
|
-
| {
|
|
1228
|
-
$case: 'credentialName';
|
|
1229
|
-
/**
|
|
1230
|
-
* Required. The name of an existing credential or long-lived cloud
|
|
1231
|
-
* credential to validate.
|
|
1232
|
-
*/
|
|
1233
|
-
credentialName: string;
|
|
1234
|
-
}
|
|
1235
|
-
| {$case: 'awsIamRole'; awsIamRole: AwsIamRole}
|
|
1236
|
-
| {
|
|
1237
|
-
$case: 'azureManagedIdentity';
|
|
1238
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
1239
|
-
}
|
|
1240
|
-
| {
|
|
1241
|
-
$case: 'databricksGcpServiceAccount';
|
|
1242
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
1243
|
-
}
|
|
1244
|
-
| undefined;
|
|
1245
|
-
/**
|
|
1246
|
-
* The name of an existing external location to validate. Only applicable for
|
|
1247
|
-
* storage credentials (purpose is
|
|
1248
|
-
* **STORAGE**.)
|
|
1249
|
-
*/
|
|
1250
|
-
externalLocationName?: string | undefined;
|
|
1251
|
-
/**
|
|
1252
|
-
* The external location url to validate. Only applicable when purpose is
|
|
1253
|
-
* **STORAGE**.
|
|
1254
|
-
*/
|
|
1255
|
-
url?: string | undefined;
|
|
1256
|
-
/**
|
|
1257
|
-
* Whether the credential is only usable for read operations. Only applicable
|
|
1258
|
-
* for storage credentials (purpose is
|
|
1259
|
-
* **STORAGE**.)
|
|
1260
|
-
*/
|
|
1261
|
-
readOnly?: boolean | undefined;
|
|
1262
|
-
}
|
|
1263
|
-
|
|
1264
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1265
|
-
export interface ValidateCredentialRequest_Response {
|
|
1266
|
-
/** The results of the validation check. */
|
|
1267
|
-
results?: ValidateCredentialRequest_ValidationResult[] | undefined;
|
|
1268
|
-
/**
|
|
1269
|
-
* Whether the tested location is a directory in cloud storage. Only
|
|
1270
|
-
* applicable for when purpose is **STORAGE**.
|
|
1271
|
-
*/
|
|
1272
|
-
isDir?: boolean | undefined;
|
|
1273
|
-
}
|
|
1274
|
-
|
|
1275
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1276
|
-
export interface ValidateCredentialRequest_ValidationResult {
|
|
1277
|
-
/** The results of the tested operation. */
|
|
1278
|
-
result?: ValidateCredentialRequest_Result | undefined;
|
|
1279
|
-
/** Error message would exist when the result does not equal to **PASS**. */
|
|
1280
|
-
message?: string | undefined;
|
|
1281
|
-
}
|
|
1282
|
-
|
|
1283
|
-
export interface ValidateStorageCredentialRequest {
|
|
1284
|
-
credential?:
|
|
1285
|
-
| {
|
|
1286
|
-
$case: 'storageCredentialName';
|
|
1287
|
-
/**
|
|
1288
|
-
* Required. The name of an existing credential or long-lived cloud
|
|
1289
|
-
* credential to validate.
|
|
1290
|
-
*/
|
|
1291
|
-
storageCredentialName: string;
|
|
1292
|
-
}
|
|
1293
|
-
| {
|
|
1294
|
-
$case: 'awsIamRole';
|
|
1295
|
-
/** The AWS IAM role configuration. */
|
|
1296
|
-
awsIamRole: AwsIamRole;
|
|
1297
|
-
}
|
|
1298
|
-
| {
|
|
1299
|
-
$case: 'azureServicePrincipal';
|
|
1300
|
-
/** The Azure service principal configuration. */
|
|
1301
|
-
azureServicePrincipal: AzureServicePrincipal;
|
|
1302
|
-
}
|
|
1303
|
-
| {
|
|
1304
|
-
$case: 'azureManagedIdentity';
|
|
1305
|
-
/** The Azure managed identity configuration. */
|
|
1306
|
-
azureManagedIdentity: AzureManagedIdentity;
|
|
1307
|
-
}
|
|
1308
|
-
| {
|
|
1309
|
-
$case: 'databricksGcpServiceAccount';
|
|
1310
|
-
/** The <Databricks> created GCP service account configuration. */
|
|
1311
|
-
databricksGcpServiceAccount: DatabricksGcpServiceAccount;
|
|
1312
|
-
}
|
|
1313
|
-
| {
|
|
1314
|
-
$case: 'cloudflareApiToken';
|
|
1315
|
-
/** The Cloudflare API token configuration. */
|
|
1316
|
-
cloudflareApiToken: CloudflareApiToken;
|
|
1317
|
-
}
|
|
1318
|
-
| undefined;
|
|
1319
|
-
/** The name of an existing external location to validate. */
|
|
1320
|
-
externalLocationName?: string | undefined;
|
|
1321
|
-
/** The external location url to validate. */
|
|
1322
|
-
url?: string | undefined;
|
|
1323
|
-
/** Whether the storage credential is only usable for read operations. */
|
|
1324
|
-
readOnly?: boolean | undefined;
|
|
1325
|
-
}
|
|
1326
|
-
|
|
1327
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1328
|
-
export interface ValidateStorageCredentialRequest_Response {
|
|
1329
|
-
/** Whether the tested location is a directory in cloud storage. */
|
|
1330
|
-
isDir?: boolean | undefined;
|
|
1331
|
-
/** The results of the validation check. */
|
|
1332
|
-
results?: ValidateStorageCredentialRequest_ValidationResult[] | undefined;
|
|
1333
|
-
}
|
|
1334
|
-
|
|
1335
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1336
|
-
export interface ValidateStorageCredentialRequest_ValidationResult {
|
|
1337
|
-
/** The operation tested. */
|
|
1338
|
-
operation?: ValidateStorageCredentialRequest_FileOperation | undefined;
|
|
1339
|
-
/** The results of the tested operation. */
|
|
1340
|
-
result?: ValidateStorageCredentialRequest_Result | undefined;
|
|
1341
|
-
/** Error message would exist when the result does not equal to **PASS**. */
|
|
1342
|
-
message?: string | undefined;
|
|
1343
|
-
}
|
|
1344
|
-
|
|
1345
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1346
|
-
export const unmarshalAccountsCreateStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsCreateStorageCredentialRequest_Response> =
|
|
1347
|
-
z
|
|
1348
|
-
.object({
|
|
1349
|
-
credential_info: z
|
|
1350
|
-
.lazy(() => unmarshalStorageCredentialInfoSchema)
|
|
1351
|
-
.optional(),
|
|
1352
|
-
})
|
|
1353
|
-
.transform(d => ({
|
|
1354
|
-
credentialInfo: d.credential_info,
|
|
1355
|
-
}));
|
|
1356
|
-
|
|
1357
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1358
|
-
export const unmarshalAccountsDeleteStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsDeleteStorageCredentialRequest_Response> =
|
|
1359
|
-
z.object({});
|
|
1360
|
-
|
|
1361
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1362
|
-
export const unmarshalAccountsGetStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsGetStorageCredentialRequest_Response> =
|
|
1363
|
-
z
|
|
1364
|
-
.object({
|
|
1365
|
-
credential_info: z
|
|
1366
|
-
.lazy(() => unmarshalStorageCredentialInfoSchema)
|
|
1367
|
-
.optional(),
|
|
1368
|
-
})
|
|
1369
|
-
.transform(d => ({
|
|
1370
|
-
credentialInfo: d.credential_info,
|
|
1371
|
-
}));
|
|
1372
|
-
|
|
1373
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1374
|
-
export const unmarshalAccountsListStorageCredentialsRequest_ResponseSchema: z.ZodType<AccountsListStorageCredentialsRequest_Response> =
|
|
1375
|
-
z
|
|
1376
|
-
.object({
|
|
1377
|
-
storage_credentials: z
|
|
1378
|
-
.array(z.lazy(() => unmarshalStorageCredentialInfoSchema))
|
|
1379
|
-
.optional(),
|
|
1380
|
-
})
|
|
1381
|
-
.transform(d => ({
|
|
1382
|
-
storageCredentials: d.storage_credentials,
|
|
1383
|
-
}));
|
|
1384
|
-
|
|
1385
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1386
|
-
export const unmarshalAccountsUpdateStorageCredentialRequest_ResponseSchema: z.ZodType<AccountsUpdateStorageCredentialRequest_Response> =
|
|
1387
|
-
z
|
|
1388
|
-
.object({
|
|
1389
|
-
credential_info: z
|
|
1390
|
-
.lazy(() => unmarshalStorageCredentialInfoSchema)
|
|
1391
|
-
.optional(),
|
|
1392
|
-
})
|
|
1393
|
-
.transform(d => ({
|
|
1394
|
-
credentialInfo: d.credential_info,
|
|
1395
|
-
}));
|
|
1396
|
-
|
|
1397
|
-
export const unmarshalAwsCredentialsSchema: z.ZodType<AwsCredentials> = z
|
|
1398
|
-
.object({
|
|
1399
|
-
sts_role: z.lazy(() => unmarshalAwsCredentials_StsRoleSchema).optional(),
|
|
1400
|
-
})
|
|
1401
|
-
.transform(d => ({
|
|
1402
|
-
creds:
|
|
1403
|
-
d.sts_role !== undefined
|
|
1404
|
-
? {$case: 'stsRole' as const, stsRole: d.sts_role}
|
|
1405
|
-
: undefined,
|
|
1406
|
-
}));
|
|
1407
|
-
|
|
1408
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1409
|
-
export const unmarshalAwsCredentials_StsRoleSchema: z.ZodType<AwsCredentials_StsRole> =
|
|
1410
|
-
z
|
|
1411
|
-
.object({
|
|
1412
|
-
role_arn: z.string().optional(),
|
|
1413
|
-
})
|
|
1414
|
-
.transform(d => ({
|
|
1415
|
-
roleArn: d.role_arn,
|
|
1416
|
-
}));
|
|
1417
|
-
|
|
1418
|
-
export const unmarshalAwsIamRoleSchema: z.ZodType<AwsIamRole> = z
|
|
1419
|
-
.object({
|
|
1420
|
-
role_arn: z.string().optional(),
|
|
1421
|
-
unity_catalog_iam_arn: z.string().optional(),
|
|
1422
|
-
external_id: z.string().optional(),
|
|
1423
|
-
})
|
|
1424
|
-
.transform(d => ({
|
|
1425
|
-
roleArn: d.role_arn,
|
|
1426
|
-
unityCatalogIamArn: d.unity_catalog_iam_arn,
|
|
1427
|
-
externalId: d.external_id,
|
|
1428
|
-
}));
|
|
1429
|
-
|
|
1430
|
-
export const unmarshalAzureActiveDirectoryTokenSchema: z.ZodType<AzureActiveDirectoryToken> =
|
|
1431
|
-
z
|
|
1432
|
-
.object({
|
|
1433
|
-
aad_token: z.string().optional(),
|
|
1434
|
-
})
|
|
1435
|
-
.transform(d => ({
|
|
1436
|
-
aadToken: d.aad_token,
|
|
1437
|
-
}));
|
|
1438
|
-
|
|
1439
|
-
export const unmarshalAzureManagedIdentitySchema: z.ZodType<AzureManagedIdentity> =
|
|
1440
|
-
z
|
|
1441
|
-
.object({
|
|
1442
|
-
access_connector_id: z.string().optional(),
|
|
1443
|
-
managed_identity_id: z.string().optional(),
|
|
1444
|
-
credential_id: z.string().optional(),
|
|
1445
|
-
})
|
|
1446
|
-
.transform(d => ({
|
|
1447
|
-
accessConnectorId: d.access_connector_id,
|
|
1448
|
-
managedIdentityId: d.managed_identity_id,
|
|
1449
|
-
credentialId: d.credential_id,
|
|
1450
|
-
}));
|
|
1451
|
-
|
|
1452
|
-
export const unmarshalAzureServicePrincipalSchema: z.ZodType<AzureServicePrincipal> =
|
|
1453
|
-
z
|
|
1454
|
-
.object({
|
|
1455
|
-
directory_id: z.string().optional(),
|
|
1456
|
-
application_id: z.string().optional(),
|
|
1457
|
-
client_secret: z.string().optional(),
|
|
1458
|
-
})
|
|
1459
|
-
.transform(d => ({
|
|
1460
|
-
directoryId: d.directory_id,
|
|
1461
|
-
applicationId: d.application_id,
|
|
1462
|
-
clientSecret: d.client_secret,
|
|
1463
|
-
}));
|
|
1464
|
-
|
|
1465
|
-
export const unmarshalAzureUserDelegationSasSchema: z.ZodType<AzureUserDelegationSas> =
|
|
1466
|
-
z
|
|
1467
|
-
.object({
|
|
1468
|
-
sas_token: z.string().optional(),
|
|
1469
|
-
})
|
|
1470
|
-
.transform(d => ({
|
|
1471
|
-
sasToken: d.sas_token,
|
|
1472
|
-
}));
|
|
1473
|
-
|
|
1474
|
-
export const unmarshalCloudflareApiTokenSchema: z.ZodType<CloudflareApiToken> =
|
|
1475
|
-
z
|
|
1476
|
-
.object({
|
|
1477
|
-
access_key_id: z.string().optional(),
|
|
1478
|
-
secret_access_key: z.string().optional(),
|
|
1479
|
-
account_id: z.string().optional(),
|
|
1480
|
-
})
|
|
1481
|
-
.transform(d => ({
|
|
1482
|
-
accessKeyId: d.access_key_id,
|
|
1483
|
-
secretAccessKey: d.secret_access_key,
|
|
1484
|
-
accountId: d.account_id,
|
|
1485
|
-
}));
|
|
1486
|
-
|
|
1487
|
-
export const unmarshalCredentialInfoSchema: z.ZodType<CredentialInfo> = z
|
|
1488
|
-
.object({
|
|
1489
|
-
name: z.string().optional(),
|
|
1490
|
-
aws_iam_role: z.lazy(() => unmarshalAwsIamRoleSchema).optional(),
|
|
1491
|
-
azure_service_principal: z
|
|
1492
|
-
.lazy(() => unmarshalAzureServicePrincipalSchema)
|
|
1493
|
-
.optional(),
|
|
1494
|
-
gcp_service_account_key: z
|
|
1495
|
-
.lazy(() => unmarshalGcpServiceAccountKeySchema)
|
|
1496
|
-
.optional(),
|
|
1497
|
-
azure_managed_identity: z
|
|
1498
|
-
.lazy(() => unmarshalAzureManagedIdentitySchema)
|
|
1499
|
-
.optional(),
|
|
1500
|
-
databricks_gcp_service_account: z
|
|
1501
|
-
.lazy(() => unmarshalDatabricksGcpServiceAccountSchema)
|
|
1502
|
-
.optional(),
|
|
1503
|
-
cloudflare_api_token: z
|
|
1504
|
-
.lazy(() => unmarshalCloudflareApiTokenSchema)
|
|
1505
|
-
.optional(),
|
|
1506
|
-
comment: z.string().optional(),
|
|
1507
|
-
read_only: z.boolean().optional(),
|
|
1508
|
-
owner: z.string().optional(),
|
|
1509
|
-
id: z.string().optional(),
|
|
1510
|
-
metastore_id: z.string().optional(),
|
|
1511
|
-
created_at: z
|
|
1512
|
-
.union([z.number(), z.bigint()])
|
|
1513
|
-
.transform(v => BigInt(v))
|
|
1514
|
-
.optional(),
|
|
1515
|
-
created_by: z.string().optional(),
|
|
1516
|
-
updated_at: z
|
|
1517
|
-
.union([z.number(), z.bigint()])
|
|
1518
|
-
.transform(v => BigInt(v))
|
|
1519
|
-
.optional(),
|
|
1520
|
-
updated_by: z.string().optional(),
|
|
1521
|
-
used_for_managed_storage: z.boolean().optional(),
|
|
1522
|
-
full_name: z.string().optional(),
|
|
1523
|
-
isolation_mode: z.enum(IsolationMode).optional(),
|
|
1524
|
-
})
|
|
1525
|
-
.transform(d => ({
|
|
1526
|
-
name: d.name,
|
|
1527
|
-
credential:
|
|
1528
|
-
d.aws_iam_role !== undefined
|
|
1529
|
-
? {$case: 'awsIamRole' as const, awsIamRole: d.aws_iam_role}
|
|
1530
|
-
: d.azure_service_principal !== undefined
|
|
1531
|
-
? {
|
|
1532
|
-
$case: 'azureServicePrincipal' as const,
|
|
1533
|
-
azureServicePrincipal: d.azure_service_principal,
|
|
1534
|
-
}
|
|
1535
|
-
: d.gcp_service_account_key !== undefined
|
|
1536
|
-
? {
|
|
1537
|
-
$case: 'gcpServiceAccountKey' as const,
|
|
1538
|
-
gcpServiceAccountKey: d.gcp_service_account_key,
|
|
1539
|
-
}
|
|
1540
|
-
: d.azure_managed_identity !== undefined
|
|
1541
|
-
? {
|
|
1542
|
-
$case: 'azureManagedIdentity' as const,
|
|
1543
|
-
azureManagedIdentity: d.azure_managed_identity,
|
|
1544
|
-
}
|
|
1545
|
-
: d.databricks_gcp_service_account !== undefined
|
|
1546
|
-
? {
|
|
1547
|
-
$case: 'databricksGcpServiceAccount' as const,
|
|
1548
|
-
databricksGcpServiceAccount:
|
|
1549
|
-
d.databricks_gcp_service_account,
|
|
1550
|
-
}
|
|
1551
|
-
: d.cloudflare_api_token !== undefined
|
|
1552
|
-
? {
|
|
1553
|
-
$case: 'cloudflareApiToken' as const,
|
|
1554
|
-
cloudflareApiToken: d.cloudflare_api_token,
|
|
1555
|
-
}
|
|
1556
|
-
: undefined,
|
|
1557
|
-
comment: d.comment,
|
|
1558
|
-
readOnly: d.read_only,
|
|
1559
|
-
owner: d.owner,
|
|
1560
|
-
id: d.id,
|
|
1561
|
-
metastoreId: d.metastore_id,
|
|
1562
|
-
createdAt: d.created_at,
|
|
1563
|
-
createdBy: d.created_by,
|
|
1564
|
-
updatedAt: d.updated_at,
|
|
1565
|
-
updatedBy: d.updated_by,
|
|
1566
|
-
usedForManagedStorage: d.used_for_managed_storage,
|
|
1567
|
-
fullName: d.full_name,
|
|
1568
|
-
isolationMode: d.isolation_mode,
|
|
1569
|
-
}));
|
|
1570
|
-
|
|
1571
|
-
export const unmarshalCredentialsSchema: z.ZodType<Credentials> = z
|
|
1572
|
-
.object({
|
|
1573
|
-
credentials_id: z.string().optional(),
|
|
1574
|
-
account_id: z.string().optional(),
|
|
1575
|
-
aws_credentials: z.lazy(() => unmarshalAwsCredentialsSchema).optional(),
|
|
1576
|
-
credentials_name: z.string().optional(),
|
|
1577
|
-
creation_time: z
|
|
1578
|
-
.union([z.number(), z.bigint()])
|
|
1579
|
-
.transform(v => BigInt(v))
|
|
1580
|
-
.optional(),
|
|
1581
|
-
})
|
|
1582
|
-
.transform(d => ({
|
|
1583
|
-
credentialsId: d.credentials_id,
|
|
1584
|
-
accountId: d.account_id,
|
|
1585
|
-
cloudCredentials:
|
|
1586
|
-
d.aws_credentials !== undefined
|
|
1587
|
-
? {$case: 'awsCredentials' as const, awsCredentials: d.aws_credentials}
|
|
1588
|
-
: undefined,
|
|
1589
|
-
credentialsName: d.credentials_name,
|
|
1590
|
-
creationTime: d.creation_time,
|
|
1591
|
-
}));
|
|
1592
|
-
|
|
1593
|
-
export const unmarshalDatabricksGcpServiceAccountSchema: z.ZodType<DatabricksGcpServiceAccount> =
|
|
1594
|
-
z
|
|
1595
|
-
.object({
|
|
1596
|
-
email: z.string().optional(),
|
|
1597
|
-
private_key_id: z.string().optional(),
|
|
1598
|
-
credential_id: z.string().optional(),
|
|
1599
|
-
})
|
|
1600
|
-
.transform(d => ({
|
|
1601
|
-
email: d.email,
|
|
1602
|
-
privateKeyId: d.private_key_id,
|
|
1603
|
-
credentialId: d.credential_id,
|
|
1604
|
-
}));
|
|
1605
|
-
|
|
1606
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1607
|
-
export const unmarshalDeleteCredentialRequest_ResponseSchema: z.ZodType<DeleteCredentialRequest_Response> =
|
|
1608
|
-
z.object({});
|
|
1609
|
-
|
|
1610
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1611
|
-
export const unmarshalDeleteStorageCredentialRequest_ResponseSchema: z.ZodType<DeleteStorageCredentialRequest_Response> =
|
|
1612
|
-
z.object({});
|
|
1613
|
-
|
|
1614
|
-
export const unmarshalGcpOauthTokenSchema: z.ZodType<GcpOauthToken> = z
|
|
1615
|
-
.object({
|
|
1616
|
-
oauth_token: z.string().optional(),
|
|
1617
|
-
})
|
|
1618
|
-
.transform(d => ({
|
|
1619
|
-
oauthToken: d.oauth_token,
|
|
1620
|
-
}));
|
|
1621
|
-
|
|
1622
|
-
export const unmarshalGcpServiceAccountKeySchema: z.ZodType<GcpServiceAccountKey> =
|
|
1623
|
-
z
|
|
1624
|
-
.object({
|
|
1625
|
-
email: z.string().optional(),
|
|
1626
|
-
private_key_id: z.string().optional(),
|
|
1627
|
-
private_key: z.string().optional(),
|
|
1628
|
-
})
|
|
1629
|
-
.transform(d => ({
|
|
1630
|
-
email: d.email,
|
|
1631
|
-
privateKeyId: d.private_key_id,
|
|
1632
|
-
privateKey: d.private_key,
|
|
1633
|
-
}));
|
|
1634
|
-
|
|
1635
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1636
|
-
export const unmarshalGenerateTemporaryPathCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryPathCredentialRequest_Response> =
|
|
1637
|
-
z
|
|
1638
|
-
.object({
|
|
1639
|
-
aws_temp_credentials: z
|
|
1640
|
-
.lazy(() => unmarshalTemporaryAwsCredentialsSchema)
|
|
1641
|
-
.optional(),
|
|
1642
|
-
azure_user_delegation_sas: z
|
|
1643
|
-
.lazy(() => unmarshalAzureUserDelegationSasSchema)
|
|
1644
|
-
.optional(),
|
|
1645
|
-
gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
|
|
1646
|
-
azure_aad: z
|
|
1647
|
-
.lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
|
|
1648
|
-
.optional(),
|
|
1649
|
-
r2_temp_credentials: z
|
|
1650
|
-
.lazy(() => unmarshalR2CredentialsSchema)
|
|
1651
|
-
.optional(),
|
|
1652
|
-
expiration_time: z
|
|
1653
|
-
.union([z.number(), z.bigint()])
|
|
1654
|
-
.transform(v => BigInt(v))
|
|
1655
|
-
.optional(),
|
|
1656
|
-
url: z.string().optional(),
|
|
1657
|
-
})
|
|
1658
|
-
.transform(d => ({
|
|
1659
|
-
credentials:
|
|
1660
|
-
d.aws_temp_credentials !== undefined
|
|
1661
|
-
? {
|
|
1662
|
-
$case: 'awsTempCredentials' as const,
|
|
1663
|
-
awsTempCredentials: d.aws_temp_credentials,
|
|
1664
|
-
}
|
|
1665
|
-
: d.azure_user_delegation_sas !== undefined
|
|
1666
|
-
? {
|
|
1667
|
-
$case: 'azureUserDelegationSas' as const,
|
|
1668
|
-
azureUserDelegationSas: d.azure_user_delegation_sas,
|
|
1669
|
-
}
|
|
1670
|
-
: d.gcp_oauth_token !== undefined
|
|
1671
|
-
? {
|
|
1672
|
-
$case: 'gcpOauthToken' as const,
|
|
1673
|
-
gcpOauthToken: d.gcp_oauth_token,
|
|
1674
|
-
}
|
|
1675
|
-
: d.azure_aad !== undefined
|
|
1676
|
-
? {$case: 'azureAad' as const, azureAad: d.azure_aad}
|
|
1677
|
-
: d.r2_temp_credentials !== undefined
|
|
1678
|
-
? {
|
|
1679
|
-
$case: 'r2TempCredentials' as const,
|
|
1680
|
-
r2TempCredentials: d.r2_temp_credentials,
|
|
1681
|
-
}
|
|
1682
|
-
: undefined,
|
|
1683
|
-
expirationTime: d.expiration_time,
|
|
1684
|
-
url: d.url,
|
|
1685
|
-
}));
|
|
1686
|
-
|
|
1687
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1688
|
-
export const unmarshalGenerateTemporaryTableCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryTableCredentialRequest_Response> =
|
|
1689
|
-
z
|
|
1690
|
-
.object({
|
|
1691
|
-
aws_temp_credentials: z
|
|
1692
|
-
.lazy(() => unmarshalTemporaryAwsCredentialsSchema)
|
|
1693
|
-
.optional(),
|
|
1694
|
-
azure_user_delegation_sas: z
|
|
1695
|
-
.lazy(() => unmarshalAzureUserDelegationSasSchema)
|
|
1696
|
-
.optional(),
|
|
1697
|
-
gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
|
|
1698
|
-
azure_aad: z
|
|
1699
|
-
.lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
|
|
1700
|
-
.optional(),
|
|
1701
|
-
r2_temp_credentials: z
|
|
1702
|
-
.lazy(() => unmarshalR2CredentialsSchema)
|
|
1703
|
-
.optional(),
|
|
1704
|
-
expiration_time: z
|
|
1705
|
-
.union([z.number(), z.bigint()])
|
|
1706
|
-
.transform(v => BigInt(v))
|
|
1707
|
-
.optional(),
|
|
1708
|
-
url: z.string().optional(),
|
|
1709
|
-
})
|
|
1710
|
-
.transform(d => ({
|
|
1711
|
-
credentials:
|
|
1712
|
-
d.aws_temp_credentials !== undefined
|
|
1713
|
-
? {
|
|
1714
|
-
$case: 'awsTempCredentials' as const,
|
|
1715
|
-
awsTempCredentials: d.aws_temp_credentials,
|
|
1716
|
-
}
|
|
1717
|
-
: d.azure_user_delegation_sas !== undefined
|
|
1718
|
-
? {
|
|
1719
|
-
$case: 'azureUserDelegationSas' as const,
|
|
1720
|
-
azureUserDelegationSas: d.azure_user_delegation_sas,
|
|
1721
|
-
}
|
|
1722
|
-
: d.gcp_oauth_token !== undefined
|
|
1723
|
-
? {
|
|
1724
|
-
$case: 'gcpOauthToken' as const,
|
|
1725
|
-
gcpOauthToken: d.gcp_oauth_token,
|
|
1726
|
-
}
|
|
1727
|
-
: d.azure_aad !== undefined
|
|
1728
|
-
? {$case: 'azureAad' as const, azureAad: d.azure_aad}
|
|
1729
|
-
: d.r2_temp_credentials !== undefined
|
|
1730
|
-
? {
|
|
1731
|
-
$case: 'r2TempCredentials' as const,
|
|
1732
|
-
r2TempCredentials: d.r2_temp_credentials,
|
|
1733
|
-
}
|
|
1734
|
-
: undefined,
|
|
1735
|
-
expirationTime: d.expiration_time,
|
|
1736
|
-
url: d.url,
|
|
1737
|
-
}));
|
|
1738
|
-
|
|
1739
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1740
|
-
export const unmarshalGenerateTemporaryVolumeCredentialRequest_ResponseSchema: z.ZodType<GenerateTemporaryVolumeCredentialRequest_Response> =
|
|
1741
|
-
z
|
|
1742
|
-
.object({
|
|
1743
|
-
aws_temp_credentials: z
|
|
1744
|
-
.lazy(() => unmarshalTemporaryAwsCredentialsSchema)
|
|
1745
|
-
.optional(),
|
|
1746
|
-
azure_user_delegation_sas: z
|
|
1747
|
-
.lazy(() => unmarshalAzureUserDelegationSasSchema)
|
|
1748
|
-
.optional(),
|
|
1749
|
-
gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
|
|
1750
|
-
azure_aad: z
|
|
1751
|
-
.lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
|
|
1752
|
-
.optional(),
|
|
1753
|
-
r2_temp_credentials: z
|
|
1754
|
-
.lazy(() => unmarshalR2CredentialsSchema)
|
|
1755
|
-
.optional(),
|
|
1756
|
-
expiration_time: z
|
|
1757
|
-
.union([z.number(), z.bigint()])
|
|
1758
|
-
.transform(v => BigInt(v))
|
|
1759
|
-
.optional(),
|
|
1760
|
-
url: z.string().optional(),
|
|
1761
|
-
})
|
|
1762
|
-
.transform(d => ({
|
|
1763
|
-
credentials:
|
|
1764
|
-
d.aws_temp_credentials !== undefined
|
|
1765
|
-
? {
|
|
1766
|
-
$case: 'awsTempCredentials' as const,
|
|
1767
|
-
awsTempCredentials: d.aws_temp_credentials,
|
|
1768
|
-
}
|
|
1769
|
-
: d.azure_user_delegation_sas !== undefined
|
|
1770
|
-
? {
|
|
1771
|
-
$case: 'azureUserDelegationSas' as const,
|
|
1772
|
-
azureUserDelegationSas: d.azure_user_delegation_sas,
|
|
1773
|
-
}
|
|
1774
|
-
: d.gcp_oauth_token !== undefined
|
|
1775
|
-
? {
|
|
1776
|
-
$case: 'gcpOauthToken' as const,
|
|
1777
|
-
gcpOauthToken: d.gcp_oauth_token,
|
|
1778
|
-
}
|
|
1779
|
-
: d.azure_aad !== undefined
|
|
1780
|
-
? {$case: 'azureAad' as const, azureAad: d.azure_aad}
|
|
1781
|
-
: d.r2_temp_credentials !== undefined
|
|
1782
|
-
? {
|
|
1783
|
-
$case: 'r2TempCredentials' as const,
|
|
1784
|
-
r2TempCredentials: d.r2_temp_credentials,
|
|
1785
|
-
}
|
|
1786
|
-
: undefined,
|
|
1787
|
-
expirationTime: d.expiration_time,
|
|
1788
|
-
url: d.url,
|
|
1789
|
-
}));
|
|
1790
|
-
|
|
1791
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1792
|
-
export const unmarshalListCredentialsRequest_ResponseSchema: z.ZodType<ListCredentialsRequest_Response> =
|
|
1793
|
-
z
|
|
1794
|
-
.object({
|
|
1795
|
-
credentials: z
|
|
1796
|
-
.array(z.lazy(() => unmarshalCredentialInfoSchema))
|
|
1797
|
-
.optional(),
|
|
1798
|
-
next_page_token: z.string().optional(),
|
|
1799
|
-
})
|
|
1800
|
-
.transform(d => ({
|
|
1801
|
-
credentials: d.credentials,
|
|
1802
|
-
nextPageToken: d.next_page_token,
|
|
1803
|
-
}));
|
|
1804
|
-
|
|
1805
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1806
|
-
export const unmarshalListStorageCredentialsRequest_ResponseSchema: z.ZodType<ListStorageCredentialsRequest_Response> =
|
|
1807
|
-
z
|
|
1808
|
-
.object({
|
|
1809
|
-
storage_credentials: z
|
|
1810
|
-
.array(z.lazy(() => unmarshalStorageCredentialInfoSchema))
|
|
1811
|
-
.optional(),
|
|
1812
|
-
next_page_token: z.string().optional(),
|
|
1813
|
-
})
|
|
1814
|
-
.transform(d => ({
|
|
1815
|
-
storageCredentials: d.storage_credentials,
|
|
1816
|
-
nextPageToken: d.next_page_token,
|
|
1817
|
-
}));
|
|
1818
|
-
|
|
1819
|
-
export const unmarshalR2CredentialsSchema: z.ZodType<R2Credentials> = z
|
|
1820
|
-
.object({
|
|
1821
|
-
access_key_id: z.string().optional(),
|
|
1822
|
-
secret_access_key: z.string().optional(),
|
|
1823
|
-
session_token: z.string().optional(),
|
|
1824
|
-
})
|
|
1825
|
-
.transform(d => ({
|
|
1826
|
-
accessKeyId: d.access_key_id,
|
|
1827
|
-
secretAccessKey: d.secret_access_key,
|
|
1828
|
-
sessionToken: d.session_token,
|
|
1829
|
-
}));
|
|
1830
|
-
|
|
1831
|
-
export const unmarshalStorageCredentialInfoSchema: z.ZodType<StorageCredentialInfo> =
|
|
1832
|
-
z
|
|
1833
|
-
.object({
|
|
1834
|
-
name: z.string().optional(),
|
|
1835
|
-
aws_iam_role: z.lazy(() => unmarshalAwsIamRoleSchema).optional(),
|
|
1836
|
-
azure_service_principal: z
|
|
1837
|
-
.lazy(() => unmarshalAzureServicePrincipalSchema)
|
|
1838
|
-
.optional(),
|
|
1839
|
-
gcp_service_account_key: z
|
|
1840
|
-
.lazy(() => unmarshalGcpServiceAccountKeySchema)
|
|
1841
|
-
.optional(),
|
|
1842
|
-
azure_managed_identity: z
|
|
1843
|
-
.lazy(() => unmarshalAzureManagedIdentitySchema)
|
|
1844
|
-
.optional(),
|
|
1845
|
-
databricks_gcp_service_account: z
|
|
1846
|
-
.lazy(() => unmarshalDatabricksGcpServiceAccountSchema)
|
|
1847
|
-
.optional(),
|
|
1848
|
-
cloudflare_api_token: z
|
|
1849
|
-
.lazy(() => unmarshalCloudflareApiTokenSchema)
|
|
1850
|
-
.optional(),
|
|
1851
|
-
comment: z.string().optional(),
|
|
1852
|
-
read_only: z.boolean().optional(),
|
|
1853
|
-
owner: z.string().optional(),
|
|
1854
|
-
id: z.string().optional(),
|
|
1855
|
-
metastore_id: z.string().optional(),
|
|
1856
|
-
created_at: z
|
|
1857
|
-
.union([z.number(), z.bigint()])
|
|
1858
|
-
.transform(v => BigInt(v))
|
|
1859
|
-
.optional(),
|
|
1860
|
-
created_by: z.string().optional(),
|
|
1861
|
-
updated_at: z
|
|
1862
|
-
.union([z.number(), z.bigint()])
|
|
1863
|
-
.transform(v => BigInt(v))
|
|
1864
|
-
.optional(),
|
|
1865
|
-
updated_by: z.string().optional(),
|
|
1866
|
-
used_for_managed_storage: z.boolean().optional(),
|
|
1867
|
-
full_name: z.string().optional(),
|
|
1868
|
-
isolation_mode: z.enum(IsolationMode).optional(),
|
|
1869
|
-
})
|
|
1870
|
-
.transform(d => ({
|
|
1871
|
-
name: d.name,
|
|
1872
|
-
credential:
|
|
1873
|
-
d.aws_iam_role !== undefined
|
|
1874
|
-
? {$case: 'awsIamRole' as const, awsIamRole: d.aws_iam_role}
|
|
1875
|
-
: d.azure_service_principal !== undefined
|
|
1876
|
-
? {
|
|
1877
|
-
$case: 'azureServicePrincipal' as const,
|
|
1878
|
-
azureServicePrincipal: d.azure_service_principal,
|
|
1879
|
-
}
|
|
1880
|
-
: d.gcp_service_account_key !== undefined
|
|
1881
|
-
? {
|
|
1882
|
-
$case: 'gcpServiceAccountKey' as const,
|
|
1883
|
-
gcpServiceAccountKey: d.gcp_service_account_key,
|
|
1884
|
-
}
|
|
1885
|
-
: d.azure_managed_identity !== undefined
|
|
1886
|
-
? {
|
|
1887
|
-
$case: 'azureManagedIdentity' as const,
|
|
1888
|
-
azureManagedIdentity: d.azure_managed_identity,
|
|
1889
|
-
}
|
|
1890
|
-
: d.databricks_gcp_service_account !== undefined
|
|
1891
|
-
? {
|
|
1892
|
-
$case: 'databricksGcpServiceAccount' as const,
|
|
1893
|
-
databricksGcpServiceAccount:
|
|
1894
|
-
d.databricks_gcp_service_account,
|
|
1895
|
-
}
|
|
1896
|
-
: d.cloudflare_api_token !== undefined
|
|
1897
|
-
? {
|
|
1898
|
-
$case: 'cloudflareApiToken' as const,
|
|
1899
|
-
cloudflareApiToken: d.cloudflare_api_token,
|
|
1900
|
-
}
|
|
1901
|
-
: undefined,
|
|
1902
|
-
comment: d.comment,
|
|
1903
|
-
readOnly: d.read_only,
|
|
1904
|
-
owner: d.owner,
|
|
1905
|
-
id: d.id,
|
|
1906
|
-
metastoreId: d.metastore_id,
|
|
1907
|
-
createdAt: d.created_at,
|
|
1908
|
-
createdBy: d.created_by,
|
|
1909
|
-
updatedAt: d.updated_at,
|
|
1910
|
-
updatedBy: d.updated_by,
|
|
1911
|
-
usedForManagedStorage: d.used_for_managed_storage,
|
|
1912
|
-
fullName: d.full_name,
|
|
1913
|
-
isolationMode: d.isolation_mode,
|
|
1914
|
-
}));
|
|
1915
|
-
|
|
1916
|
-
export const unmarshalTemporaryAwsCredentialsSchema: z.ZodType<TemporaryAwsCredentials> =
|
|
1917
|
-
z
|
|
1918
|
-
.object({
|
|
1919
|
-
access_key_id: z.string().optional(),
|
|
1920
|
-
secret_access_key: z.string().optional(),
|
|
1921
|
-
session_token: z.string().optional(),
|
|
1922
|
-
access_point: z.string().optional(),
|
|
1923
|
-
})
|
|
1924
|
-
.transform(d => ({
|
|
1925
|
-
accessKeyId: d.access_key_id,
|
|
1926
|
-
secretAccessKey: d.secret_access_key,
|
|
1927
|
-
sessionToken: d.session_token,
|
|
1928
|
-
accessPoint: d.access_point,
|
|
1929
|
-
}));
|
|
1930
|
-
|
|
1931
|
-
export const unmarshalTemporaryCredentialsSchema: z.ZodType<TemporaryCredentials> =
|
|
1932
|
-
z
|
|
1933
|
-
.object({
|
|
1934
|
-
aws_temp_credentials: z
|
|
1935
|
-
.lazy(() => unmarshalTemporaryAwsCredentialsSchema)
|
|
1936
|
-
.optional(),
|
|
1937
|
-
azure_user_delegation_sas: z
|
|
1938
|
-
.lazy(() => unmarshalAzureUserDelegationSasSchema)
|
|
1939
|
-
.optional(),
|
|
1940
|
-
gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
|
|
1941
|
-
azure_aad: z
|
|
1942
|
-
.lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
|
|
1943
|
-
.optional(),
|
|
1944
|
-
r2_temp_credentials: z
|
|
1945
|
-
.lazy(() => unmarshalR2CredentialsSchema)
|
|
1946
|
-
.optional(),
|
|
1947
|
-
expiration_time: z
|
|
1948
|
-
.union([z.number(), z.bigint()])
|
|
1949
|
-
.transform(v => BigInt(v))
|
|
1950
|
-
.optional(),
|
|
1951
|
-
url: z.string().optional(),
|
|
1952
|
-
})
|
|
1953
|
-
.transform(d => ({
|
|
1954
|
-
credentials:
|
|
1955
|
-
d.aws_temp_credentials !== undefined
|
|
1956
|
-
? {
|
|
1957
|
-
$case: 'awsTempCredentials' as const,
|
|
1958
|
-
awsTempCredentials: d.aws_temp_credentials,
|
|
1959
|
-
}
|
|
1960
|
-
: d.azure_user_delegation_sas !== undefined
|
|
1961
|
-
? {
|
|
1962
|
-
$case: 'azureUserDelegationSas' as const,
|
|
1963
|
-
azureUserDelegationSas: d.azure_user_delegation_sas,
|
|
1964
|
-
}
|
|
1965
|
-
: d.gcp_oauth_token !== undefined
|
|
1966
|
-
? {
|
|
1967
|
-
$case: 'gcpOauthToken' as const,
|
|
1968
|
-
gcpOauthToken: d.gcp_oauth_token,
|
|
1969
|
-
}
|
|
1970
|
-
: d.azure_aad !== undefined
|
|
1971
|
-
? {$case: 'azureAad' as const, azureAad: d.azure_aad}
|
|
1972
|
-
: d.r2_temp_credentials !== undefined
|
|
1973
|
-
? {
|
|
1974
|
-
$case: 'r2TempCredentials' as const,
|
|
1975
|
-
r2TempCredentials: d.r2_temp_credentials,
|
|
1976
|
-
}
|
|
1977
|
-
: undefined,
|
|
1978
|
-
expirationTime: d.expiration_time,
|
|
1979
|
-
url: d.url,
|
|
1980
|
-
}));
|
|
1981
|
-
|
|
1982
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
1983
|
-
export const unmarshalValidateCredentialRequest_ResponseSchema: z.ZodType<ValidateCredentialRequest_Response> =
|
|
1984
|
-
z
|
|
1985
|
-
.object({
|
|
1986
|
-
results: z
|
|
1987
|
-
.array(
|
|
1988
|
-
z.lazy(
|
|
1989
|
-
() => unmarshalValidateCredentialRequest_ValidationResultSchema
|
|
1990
|
-
)
|
|
1991
|
-
)
|
|
1992
|
-
.optional(),
|
|
1993
|
-
isDir: z.boolean().optional(),
|
|
1994
|
-
})
|
|
1995
|
-
.transform(d => ({
|
|
1996
|
-
results: d.results,
|
|
1997
|
-
isDir: d.isDir,
|
|
1998
|
-
}));
|
|
1999
|
-
|
|
2000
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2001
|
-
export const unmarshalValidateCredentialRequest_ValidationResultSchema: z.ZodType<ValidateCredentialRequest_ValidationResult> =
|
|
2002
|
-
z
|
|
2003
|
-
.object({
|
|
2004
|
-
result: z.enum(ValidateCredentialRequest_Result).optional(),
|
|
2005
|
-
message: z.string().optional(),
|
|
2006
|
-
})
|
|
2007
|
-
.transform(d => ({
|
|
2008
|
-
result: d.result,
|
|
2009
|
-
message: d.message,
|
|
2010
|
-
}));
|
|
2011
|
-
|
|
2012
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2013
|
-
export const unmarshalValidateStorageCredentialRequest_ResponseSchema: z.ZodType<ValidateStorageCredentialRequest_Response> =
|
|
2014
|
-
z
|
|
2015
|
-
.object({
|
|
2016
|
-
isDir: z.boolean().optional(),
|
|
2017
|
-
results: z
|
|
2018
|
-
.array(
|
|
2019
|
-
z.lazy(
|
|
2020
|
-
() =>
|
|
2021
|
-
unmarshalValidateStorageCredentialRequest_ValidationResultSchema
|
|
2022
|
-
)
|
|
2023
|
-
)
|
|
2024
|
-
.optional(),
|
|
2025
|
-
})
|
|
2026
|
-
.transform(d => ({
|
|
2027
|
-
isDir: d.isDir,
|
|
2028
|
-
results: d.results,
|
|
2029
|
-
}));
|
|
2030
|
-
|
|
2031
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2032
|
-
export const unmarshalValidateStorageCredentialRequest_ValidationResultSchema: z.ZodType<ValidateStorageCredentialRequest_ValidationResult> =
|
|
2033
|
-
z
|
|
2034
|
-
.object({
|
|
2035
|
-
operation: z
|
|
2036
|
-
.enum(ValidateStorageCredentialRequest_FileOperation)
|
|
2037
|
-
.optional(),
|
|
2038
|
-
result: z.enum(ValidateStorageCredentialRequest_Result).optional(),
|
|
2039
|
-
message: z.string().optional(),
|
|
2040
|
-
})
|
|
2041
|
-
.transform(d => ({
|
|
2042
|
-
operation: d.operation,
|
|
2043
|
-
result: d.result,
|
|
2044
|
-
message: d.message,
|
|
2045
|
-
}));
|
|
2046
|
-
|
|
2047
|
-
export const marshalAccountsCreateStorageCredentialRequestSchema: z.ZodType = z
|
|
2048
|
-
.object({
|
|
2049
|
-
accountId: z.string().optional(),
|
|
2050
|
-
metastoreId: z.string().optional(),
|
|
2051
|
-
credentialInfo: z
|
|
2052
|
-
.lazy(() => marshalCreateAccountsStorageCredentialSchema)
|
|
2053
|
-
.optional(),
|
|
2054
|
-
skipValidation: z.boolean().optional(),
|
|
2055
|
-
})
|
|
2056
|
-
.transform(d => ({
|
|
2057
|
-
account_id: d.accountId,
|
|
2058
|
-
metastore_id: d.metastoreId,
|
|
2059
|
-
credential_info: d.credentialInfo,
|
|
2060
|
-
skip_validation: d.skipValidation,
|
|
2061
|
-
}));
|
|
2062
|
-
|
|
2063
|
-
export const marshalAccountsUpdateStorageCredentialRequestSchema: z.ZodType = z
|
|
2064
|
-
.object({
|
|
2065
|
-
accountId: z.string().optional(),
|
|
2066
|
-
metastoreId: z.string().optional(),
|
|
2067
|
-
nameArg: z.string().optional(),
|
|
2068
|
-
credentialInfo: z
|
|
2069
|
-
.lazy(() => marshalUpdateAccountsStorageCredentialSchema)
|
|
2070
|
-
.optional(),
|
|
2071
|
-
skipValidation: z.boolean().optional(),
|
|
2072
|
-
})
|
|
2073
|
-
.transform(d => ({
|
|
2074
|
-
account_id: d.accountId,
|
|
2075
|
-
metastore_id: d.metastoreId,
|
|
2076
|
-
name_arg: d.nameArg,
|
|
2077
|
-
credential_info: d.credentialInfo,
|
|
2078
|
-
skip_validation: d.skipValidation,
|
|
2079
|
-
}));
|
|
2080
|
-
|
|
2081
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2082
|
-
export const marshalAwsCredentials_StsRoleSchema: z.ZodType = z
|
|
2083
|
-
.object({
|
|
2084
|
-
roleArn: z.string().optional(),
|
|
2085
|
-
})
|
|
2086
|
-
.transform(d => ({
|
|
2087
|
-
role_arn: d.roleArn,
|
|
2088
|
-
}));
|
|
2089
|
-
|
|
2090
|
-
export const marshalAwsIamRoleSchema: z.ZodType = z
|
|
2091
|
-
.object({
|
|
2092
|
-
roleArn: z.string().optional(),
|
|
2093
|
-
unityCatalogIamArn: z.string().optional(),
|
|
2094
|
-
externalId: z.string().optional(),
|
|
2095
|
-
})
|
|
2096
|
-
.transform(d => ({
|
|
2097
|
-
role_arn: d.roleArn,
|
|
2098
|
-
unity_catalog_iam_arn: d.unityCatalogIamArn,
|
|
2099
|
-
external_id: d.externalId,
|
|
2100
|
-
}));
|
|
2101
|
-
|
|
2102
|
-
export const marshalAzureManagedIdentitySchema: z.ZodType = z
|
|
2103
|
-
.object({
|
|
2104
|
-
accessConnectorId: z.string().optional(),
|
|
2105
|
-
managedIdentityId: z.string().optional(),
|
|
2106
|
-
credentialId: z.string().optional(),
|
|
2107
|
-
})
|
|
2108
|
-
.transform(d => ({
|
|
2109
|
-
access_connector_id: d.accessConnectorId,
|
|
2110
|
-
managed_identity_id: d.managedIdentityId,
|
|
2111
|
-
credential_id: d.credentialId,
|
|
2112
|
-
}));
|
|
2113
|
-
|
|
2114
|
-
export const marshalAzureServicePrincipalSchema: z.ZodType = z
|
|
2115
|
-
.object({
|
|
2116
|
-
directoryId: z.string().optional(),
|
|
2117
|
-
applicationId: z.string().optional(),
|
|
2118
|
-
clientSecret: z.string().optional(),
|
|
2119
|
-
})
|
|
2120
|
-
.transform(d => ({
|
|
2121
|
-
directory_id: d.directoryId,
|
|
2122
|
-
application_id: d.applicationId,
|
|
2123
|
-
client_secret: d.clientSecret,
|
|
2124
|
-
}));
|
|
2125
|
-
|
|
2126
|
-
export const marshalCloudflareApiTokenSchema: z.ZodType = z
|
|
2127
|
-
.object({
|
|
2128
|
-
accessKeyId: z.string().optional(),
|
|
2129
|
-
secretAccessKey: z.string().optional(),
|
|
2130
|
-
accountId: z.string().optional(),
|
|
2131
|
-
})
|
|
2132
|
-
.transform(d => ({
|
|
2133
|
-
access_key_id: d.accessKeyId,
|
|
2134
|
-
secret_access_key: d.secretAccessKey,
|
|
2135
|
-
account_id: d.accountId,
|
|
2136
|
-
}));
|
|
2137
|
-
|
|
2138
|
-
export const marshalCreateAccountsStorageCredentialSchema: z.ZodType = z
|
|
2139
|
-
.object({
|
|
2140
|
-
name: z.string().optional(),
|
|
2141
|
-
credential: z
|
|
2142
|
-
.discriminatedUnion('$case', [
|
|
2143
|
-
z.object({
|
|
2144
|
-
$case: z.literal('awsIamRole'),
|
|
2145
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2146
|
-
}),
|
|
2147
|
-
z.object({
|
|
2148
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2149
|
-
azureServicePrincipal: z.lazy(
|
|
2150
|
-
() => marshalAzureServicePrincipalSchema
|
|
2151
|
-
),
|
|
2152
|
-
}),
|
|
2153
|
-
z.object({
|
|
2154
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2155
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2156
|
-
}),
|
|
2157
|
-
z.object({
|
|
2158
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2159
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2160
|
-
}),
|
|
2161
|
-
z.object({
|
|
2162
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2163
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2164
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2165
|
-
),
|
|
2166
|
-
}),
|
|
2167
|
-
z.object({
|
|
2168
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2169
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2170
|
-
}),
|
|
2171
|
-
])
|
|
2172
|
-
.optional(),
|
|
2173
|
-
comment: z.string().optional(),
|
|
2174
|
-
readOnly: z.boolean().optional(),
|
|
2175
|
-
owner: z.string().optional(),
|
|
2176
|
-
id: z.string().optional(),
|
|
2177
|
-
metastoreId: z.string().optional(),
|
|
2178
|
-
createdAt: z.bigint().optional(),
|
|
2179
|
-
createdBy: z.string().optional(),
|
|
2180
|
-
updatedAt: z.bigint().optional(),
|
|
2181
|
-
updatedBy: z.string().optional(),
|
|
2182
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2183
|
-
fullName: z.string().optional(),
|
|
2184
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2185
|
-
})
|
|
2186
|
-
.transform(d => ({
|
|
2187
|
-
name: d.name,
|
|
2188
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2189
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2190
|
-
}),
|
|
2191
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2192
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2193
|
-
}),
|
|
2194
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2195
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2196
|
-
}),
|
|
2197
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2198
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2199
|
-
}),
|
|
2200
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2201
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2202
|
-
}),
|
|
2203
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2204
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2205
|
-
}),
|
|
2206
|
-
comment: d.comment,
|
|
2207
|
-
read_only: d.readOnly,
|
|
2208
|
-
owner: d.owner,
|
|
2209
|
-
id: d.id,
|
|
2210
|
-
metastore_id: d.metastoreId,
|
|
2211
|
-
created_at: d.createdAt,
|
|
2212
|
-
created_by: d.createdBy,
|
|
2213
|
-
updated_at: d.updatedAt,
|
|
2214
|
-
updated_by: d.updatedBy,
|
|
2215
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2216
|
-
full_name: d.fullName,
|
|
2217
|
-
isolation_mode: d.isolationMode,
|
|
2218
|
-
}));
|
|
2219
|
-
|
|
2220
|
-
export const marshalCreateCredentialAwsCredentialsSchema: z.ZodType = z
|
|
2221
|
-
.object({
|
|
2222
|
-
creds: z
|
|
2223
|
-
.discriminatedUnion('$case', [
|
|
2224
|
-
z.object({
|
|
2225
|
-
$case: z.literal('stsRole'),
|
|
2226
|
-
stsRole: z.lazy(() => marshalAwsCredentials_StsRoleSchema),
|
|
2227
|
-
}),
|
|
2228
|
-
])
|
|
2229
|
-
.optional(),
|
|
2230
|
-
})
|
|
2231
|
-
.transform(d => ({
|
|
2232
|
-
...(d.creds?.$case === 'stsRole' && {sts_role: d.creds.stsRole}),
|
|
2233
|
-
}));
|
|
2234
|
-
|
|
2235
|
-
export const marshalCreateCredentialRequestSchema: z.ZodType = z
|
|
2236
|
-
.object({
|
|
2237
|
-
skipValidation: z.boolean().optional(),
|
|
2238
|
-
name: z.string().optional(),
|
|
2239
|
-
credential: z
|
|
2240
|
-
.discriminatedUnion('$case', [
|
|
2241
|
-
z.object({
|
|
2242
|
-
$case: z.literal('awsIamRole'),
|
|
2243
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2244
|
-
}),
|
|
2245
|
-
z.object({
|
|
2246
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2247
|
-
azureServicePrincipal: z.lazy(
|
|
2248
|
-
() => marshalAzureServicePrincipalSchema
|
|
2249
|
-
),
|
|
2250
|
-
}),
|
|
2251
|
-
z.object({
|
|
2252
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2253
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2254
|
-
}),
|
|
2255
|
-
z.object({
|
|
2256
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2257
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2258
|
-
}),
|
|
2259
|
-
z.object({
|
|
2260
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2261
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2262
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2263
|
-
),
|
|
2264
|
-
}),
|
|
2265
|
-
z.object({
|
|
2266
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2267
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2268
|
-
}),
|
|
2269
|
-
])
|
|
2270
|
-
.optional(),
|
|
2271
|
-
comment: z.string().optional(),
|
|
2272
|
-
readOnly: z.boolean().optional(),
|
|
2273
|
-
owner: z.string().optional(),
|
|
2274
|
-
id: z.string().optional(),
|
|
2275
|
-
metastoreId: z.string().optional(),
|
|
2276
|
-
createdAt: z.bigint().optional(),
|
|
2277
|
-
createdBy: z.string().optional(),
|
|
2278
|
-
updatedAt: z.bigint().optional(),
|
|
2279
|
-
updatedBy: z.string().optional(),
|
|
2280
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2281
|
-
fullName: z.string().optional(),
|
|
2282
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2283
|
-
})
|
|
2284
|
-
.transform(d => ({
|
|
2285
|
-
skip_validation: d.skipValidation,
|
|
2286
|
-
name: d.name,
|
|
2287
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2288
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2289
|
-
}),
|
|
2290
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2291
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2292
|
-
}),
|
|
2293
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2294
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2295
|
-
}),
|
|
2296
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2297
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2298
|
-
}),
|
|
2299
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2300
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2301
|
-
}),
|
|
2302
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2303
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2304
|
-
}),
|
|
2305
|
-
comment: d.comment,
|
|
2306
|
-
read_only: d.readOnly,
|
|
2307
|
-
owner: d.owner,
|
|
2308
|
-
id: d.id,
|
|
2309
|
-
metastore_id: d.metastoreId,
|
|
2310
|
-
created_at: d.createdAt,
|
|
2311
|
-
created_by: d.createdBy,
|
|
2312
|
-
updated_at: d.updatedAt,
|
|
2313
|
-
updated_by: d.updatedBy,
|
|
2314
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2315
|
-
full_name: d.fullName,
|
|
2316
|
-
isolation_mode: d.isolationMode,
|
|
2317
|
-
}));
|
|
2318
|
-
|
|
2319
|
-
export const marshalCreateCredentialsRequestSchema: z.ZodType = z
|
|
2320
|
-
.object({
|
|
2321
|
-
accountId: z.string().optional(),
|
|
2322
|
-
credentialsName: z.string().optional(),
|
|
2323
|
-
cloudCredentials: z
|
|
2324
|
-
.discriminatedUnion('$case', [
|
|
2325
|
-
z.object({
|
|
2326
|
-
$case: z.literal('awsCredentials'),
|
|
2327
|
-
awsCredentials: z.lazy(
|
|
2328
|
-
() => marshalCreateCredentialAwsCredentialsSchema
|
|
2329
|
-
),
|
|
2330
|
-
}),
|
|
2331
|
-
])
|
|
2332
|
-
.optional(),
|
|
2333
|
-
})
|
|
2334
|
-
.transform(d => ({
|
|
2335
|
-
account_id: d.accountId,
|
|
2336
|
-
credentials_name: d.credentialsName,
|
|
2337
|
-
...(d.cloudCredentials?.$case === 'awsCredentials' && {
|
|
2338
|
-
aws_credentials: d.cloudCredentials.awsCredentials,
|
|
2339
|
-
}),
|
|
2340
|
-
}));
|
|
2341
|
-
|
|
2342
|
-
export const marshalCreateStorageCredentialRequestSchema: z.ZodType = z
|
|
2343
|
-
.object({
|
|
2344
|
-
skipValidation: z.boolean().optional(),
|
|
2345
|
-
name: z.string().optional(),
|
|
2346
|
-
credential: z
|
|
2347
|
-
.discriminatedUnion('$case', [
|
|
2348
|
-
z.object({
|
|
2349
|
-
$case: z.literal('awsIamRole'),
|
|
2350
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2351
|
-
}),
|
|
2352
|
-
z.object({
|
|
2353
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2354
|
-
azureServicePrincipal: z.lazy(
|
|
2355
|
-
() => marshalAzureServicePrincipalSchema
|
|
2356
|
-
),
|
|
2357
|
-
}),
|
|
2358
|
-
z.object({
|
|
2359
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2360
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2361
|
-
}),
|
|
2362
|
-
z.object({
|
|
2363
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2364
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2365
|
-
}),
|
|
2366
|
-
z.object({
|
|
2367
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2368
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2369
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2370
|
-
),
|
|
2371
|
-
}),
|
|
2372
|
-
z.object({
|
|
2373
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2374
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2375
|
-
}),
|
|
2376
|
-
])
|
|
2377
|
-
.optional(),
|
|
2378
|
-
comment: z.string().optional(),
|
|
2379
|
-
readOnly: z.boolean().optional(),
|
|
2380
|
-
owner: z.string().optional(),
|
|
2381
|
-
id: z.string().optional(),
|
|
2382
|
-
metastoreId: z.string().optional(),
|
|
2383
|
-
createdAt: z.bigint().optional(),
|
|
2384
|
-
createdBy: z.string().optional(),
|
|
2385
|
-
updatedAt: z.bigint().optional(),
|
|
2386
|
-
updatedBy: z.string().optional(),
|
|
2387
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2388
|
-
fullName: z.string().optional(),
|
|
2389
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2390
|
-
})
|
|
2391
|
-
.transform(d => ({
|
|
2392
|
-
skip_validation: d.skipValidation,
|
|
2393
|
-
name: d.name,
|
|
2394
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2395
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2396
|
-
}),
|
|
2397
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2398
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2399
|
-
}),
|
|
2400
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2401
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2402
|
-
}),
|
|
2403
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2404
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2405
|
-
}),
|
|
2406
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2407
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2408
|
-
}),
|
|
2409
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2410
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2411
|
-
}),
|
|
2412
|
-
comment: d.comment,
|
|
2413
|
-
read_only: d.readOnly,
|
|
2414
|
-
owner: d.owner,
|
|
2415
|
-
id: d.id,
|
|
2416
|
-
metastore_id: d.metastoreId,
|
|
2417
|
-
created_at: d.createdAt,
|
|
2418
|
-
created_by: d.createdBy,
|
|
2419
|
-
updated_at: d.updatedAt,
|
|
2420
|
-
updated_by: d.updatedBy,
|
|
2421
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2422
|
-
full_name: d.fullName,
|
|
2423
|
-
isolation_mode: d.isolationMode,
|
|
2424
|
-
}));
|
|
2425
|
-
|
|
2426
|
-
export const marshalDatabricksGcpServiceAccountSchema: z.ZodType = z
|
|
2427
|
-
.object({
|
|
2428
|
-
email: z.string().optional(),
|
|
2429
|
-
privateKeyId: z.string().optional(),
|
|
2430
|
-
credentialId: z.string().optional(),
|
|
2431
|
-
})
|
|
2432
|
-
.transform(d => ({
|
|
2433
|
-
email: d.email,
|
|
2434
|
-
private_key_id: d.privateKeyId,
|
|
2435
|
-
credential_id: d.credentialId,
|
|
2436
|
-
}));
|
|
2437
|
-
|
|
2438
|
-
export const marshalGcpServiceAccountKeySchema: z.ZodType = z
|
|
2439
|
-
.object({
|
|
2440
|
-
email: z.string().optional(),
|
|
2441
|
-
privateKeyId: z.string().optional(),
|
|
2442
|
-
privateKey: z.string().optional(),
|
|
2443
|
-
})
|
|
2444
|
-
.transform(d => ({
|
|
2445
|
-
email: d.email,
|
|
2446
|
-
private_key_id: d.privateKeyId,
|
|
2447
|
-
private_key: d.privateKey,
|
|
2448
|
-
}));
|
|
2449
|
-
|
|
2450
|
-
export const marshalGenerateTemporaryPathCredentialRequestSchema: z.ZodType = z
|
|
2451
|
-
.object({
|
|
2452
|
-
url: z.string().optional(),
|
|
2453
|
-
operation: z.enum(PathOperation).optional(),
|
|
2454
|
-
dryRun: z.boolean().optional(),
|
|
2455
|
-
})
|
|
2456
|
-
.transform(d => ({
|
|
2457
|
-
url: d.url,
|
|
2458
|
-
operation: d.operation,
|
|
2459
|
-
dry_run: d.dryRun,
|
|
2460
|
-
}));
|
|
2461
|
-
|
|
2462
|
-
export const marshalGenerateTemporaryServiceCredentialRequestSchema: z.ZodType =
|
|
2463
|
-
z
|
|
2464
|
-
.object({
|
|
2465
|
-
credentialName: z.string().optional(),
|
|
2466
|
-
options: z
|
|
2467
|
-
.discriminatedUnion('$case', [
|
|
2468
|
-
z.object({
|
|
2469
|
-
$case: z.literal('azureOptions'),
|
|
2470
|
-
azureOptions: z.lazy(
|
|
2471
|
-
() =>
|
|
2472
|
-
marshalGenerateTemporaryServiceCredentialRequest_AzureOptionsSchema
|
|
2473
|
-
),
|
|
2474
|
-
}),
|
|
2475
|
-
z.object({
|
|
2476
|
-
$case: z.literal('gcpOptions'),
|
|
2477
|
-
gcpOptions: z.lazy(
|
|
2478
|
-
() =>
|
|
2479
|
-
marshalGenerateTemporaryServiceCredentialRequest_GcpOptionsSchema
|
|
2480
|
-
),
|
|
2481
|
-
}),
|
|
2482
|
-
])
|
|
2483
|
-
.optional(),
|
|
2484
|
-
})
|
|
2485
|
-
.transform(d => ({
|
|
2486
|
-
credential_name: d.credentialName,
|
|
2487
|
-
...(d.options?.$case === 'azureOptions' && {
|
|
2488
|
-
azure_options: d.options.azureOptions,
|
|
2489
|
-
}),
|
|
2490
|
-
...(d.options?.$case === 'gcpOptions' && {
|
|
2491
|
-
gcp_options: d.options.gcpOptions,
|
|
2492
|
-
}),
|
|
2493
|
-
}));
|
|
2494
|
-
|
|
2495
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2496
|
-
export const marshalGenerateTemporaryServiceCredentialRequest_AzureOptionsSchema: z.ZodType =
|
|
2497
|
-
z
|
|
2498
|
-
.object({
|
|
2499
|
-
resources: z.array(z.string()).optional(),
|
|
2500
|
-
})
|
|
2501
|
-
.transform(d => ({
|
|
2502
|
-
resources: d.resources,
|
|
2503
|
-
}));
|
|
2504
|
-
|
|
2505
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
|
|
2506
|
-
export const marshalGenerateTemporaryServiceCredentialRequest_GcpOptionsSchema: z.ZodType =
|
|
2507
|
-
z
|
|
2508
|
-
.object({
|
|
2509
|
-
scopes: z.array(z.string()).optional(),
|
|
2510
|
-
})
|
|
2511
|
-
.transform(d => ({
|
|
2512
|
-
scopes: d.scopes,
|
|
2513
|
-
}));
|
|
2514
|
-
|
|
2515
|
-
export const marshalGenerateTemporaryTableCredentialRequestSchema: z.ZodType = z
|
|
2516
|
-
.object({
|
|
2517
|
-
tableId: z.string().optional(),
|
|
2518
|
-
operation: z.enum(TableOperation).optional(),
|
|
2519
|
-
})
|
|
2520
|
-
.transform(d => ({
|
|
2521
|
-
table_id: d.tableId,
|
|
2522
|
-
operation: d.operation,
|
|
2523
|
-
}));
|
|
2524
|
-
|
|
2525
|
-
export const marshalGenerateTemporaryVolumeCredentialRequestSchema: z.ZodType =
|
|
2526
|
-
z
|
|
2527
|
-
.object({
|
|
2528
|
-
volumeId: z.string().optional(),
|
|
2529
|
-
operation: z.enum(VolumeOperation).optional(),
|
|
2530
|
-
})
|
|
2531
|
-
.transform(d => ({
|
|
2532
|
-
volume_id: d.volumeId,
|
|
2533
|
-
operation: d.operation,
|
|
2534
|
-
}));
|
|
2535
|
-
|
|
2536
|
-
export const marshalUpdateAccountsStorageCredentialSchema: z.ZodType = z
|
|
2537
|
-
.object({
|
|
2538
|
-
name: z.string().optional(),
|
|
2539
|
-
credential: z
|
|
2540
|
-
.discriminatedUnion('$case', [
|
|
2541
|
-
z.object({
|
|
2542
|
-
$case: z.literal('awsIamRole'),
|
|
2543
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2544
|
-
}),
|
|
2545
|
-
z.object({
|
|
2546
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2547
|
-
azureServicePrincipal: z.lazy(
|
|
2548
|
-
() => marshalAzureServicePrincipalSchema
|
|
2549
|
-
),
|
|
2550
|
-
}),
|
|
2551
|
-
z.object({
|
|
2552
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2553
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2554
|
-
}),
|
|
2555
|
-
z.object({
|
|
2556
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2557
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2558
|
-
}),
|
|
2559
|
-
z.object({
|
|
2560
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2561
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2562
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2563
|
-
),
|
|
2564
|
-
}),
|
|
2565
|
-
z.object({
|
|
2566
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2567
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2568
|
-
}),
|
|
2569
|
-
])
|
|
2570
|
-
.optional(),
|
|
2571
|
-
comment: z.string().optional(),
|
|
2572
|
-
readOnly: z.boolean().optional(),
|
|
2573
|
-
owner: z.string().optional(),
|
|
2574
|
-
id: z.string().optional(),
|
|
2575
|
-
metastoreId: z.string().optional(),
|
|
2576
|
-
createdAt: z.bigint().optional(),
|
|
2577
|
-
createdBy: z.string().optional(),
|
|
2578
|
-
updatedAt: z.bigint().optional(),
|
|
2579
|
-
updatedBy: z.string().optional(),
|
|
2580
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2581
|
-
fullName: z.string().optional(),
|
|
2582
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2583
|
-
})
|
|
2584
|
-
.transform(d => ({
|
|
2585
|
-
name: d.name,
|
|
2586
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2587
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2588
|
-
}),
|
|
2589
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2590
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2591
|
-
}),
|
|
2592
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2593
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2594
|
-
}),
|
|
2595
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2596
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2597
|
-
}),
|
|
2598
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2599
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2600
|
-
}),
|
|
2601
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2602
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2603
|
-
}),
|
|
2604
|
-
comment: d.comment,
|
|
2605
|
-
read_only: d.readOnly,
|
|
2606
|
-
owner: d.owner,
|
|
2607
|
-
id: d.id,
|
|
2608
|
-
metastore_id: d.metastoreId,
|
|
2609
|
-
created_at: d.createdAt,
|
|
2610
|
-
created_by: d.createdBy,
|
|
2611
|
-
updated_at: d.updatedAt,
|
|
2612
|
-
updated_by: d.updatedBy,
|
|
2613
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2614
|
-
full_name: d.fullName,
|
|
2615
|
-
isolation_mode: d.isolationMode,
|
|
2616
|
-
}));
|
|
2617
|
-
|
|
2618
|
-
export const marshalUpdateCredentialRequestSchema: z.ZodType = z
|
|
2619
|
-
.object({
|
|
2620
|
-
nameArg: z.string().optional(),
|
|
2621
|
-
newName: z.string().optional(),
|
|
2622
|
-
skipValidation: z.boolean().optional(),
|
|
2623
|
-
force: z.boolean().optional(),
|
|
2624
|
-
name: z.string().optional(),
|
|
2625
|
-
credential: z
|
|
2626
|
-
.discriminatedUnion('$case', [
|
|
2627
|
-
z.object({
|
|
2628
|
-
$case: z.literal('awsIamRole'),
|
|
2629
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2630
|
-
}),
|
|
2631
|
-
z.object({
|
|
2632
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2633
|
-
azureServicePrincipal: z.lazy(
|
|
2634
|
-
() => marshalAzureServicePrincipalSchema
|
|
2635
|
-
),
|
|
2636
|
-
}),
|
|
2637
|
-
z.object({
|
|
2638
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2639
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2640
|
-
}),
|
|
2641
|
-
z.object({
|
|
2642
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2643
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2644
|
-
}),
|
|
2645
|
-
z.object({
|
|
2646
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2647
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2648
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2649
|
-
),
|
|
2650
|
-
}),
|
|
2651
|
-
z.object({
|
|
2652
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2653
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2654
|
-
}),
|
|
2655
|
-
])
|
|
2656
|
-
.optional(),
|
|
2657
|
-
comment: z.string().optional(),
|
|
2658
|
-
readOnly: z.boolean().optional(),
|
|
2659
|
-
owner: z.string().optional(),
|
|
2660
|
-
id: z.string().optional(),
|
|
2661
|
-
metastoreId: z.string().optional(),
|
|
2662
|
-
createdAt: z.bigint().optional(),
|
|
2663
|
-
createdBy: z.string().optional(),
|
|
2664
|
-
updatedAt: z.bigint().optional(),
|
|
2665
|
-
updatedBy: z.string().optional(),
|
|
2666
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2667
|
-
fullName: z.string().optional(),
|
|
2668
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2669
|
-
})
|
|
2670
|
-
.transform(d => ({
|
|
2671
|
-
name_arg: d.nameArg,
|
|
2672
|
-
new_name: d.newName,
|
|
2673
|
-
skip_validation: d.skipValidation,
|
|
2674
|
-
force: d.force,
|
|
2675
|
-
name: d.name,
|
|
2676
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2677
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2678
|
-
}),
|
|
2679
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2680
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2681
|
-
}),
|
|
2682
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2683
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2684
|
-
}),
|
|
2685
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2686
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2687
|
-
}),
|
|
2688
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2689
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2690
|
-
}),
|
|
2691
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2692
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2693
|
-
}),
|
|
2694
|
-
comment: d.comment,
|
|
2695
|
-
read_only: d.readOnly,
|
|
2696
|
-
owner: d.owner,
|
|
2697
|
-
id: d.id,
|
|
2698
|
-
metastore_id: d.metastoreId,
|
|
2699
|
-
created_at: d.createdAt,
|
|
2700
|
-
created_by: d.createdBy,
|
|
2701
|
-
updated_at: d.updatedAt,
|
|
2702
|
-
updated_by: d.updatedBy,
|
|
2703
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2704
|
-
full_name: d.fullName,
|
|
2705
|
-
isolation_mode: d.isolationMode,
|
|
2706
|
-
}));
|
|
2707
|
-
|
|
2708
|
-
export const marshalUpdateStorageCredentialRequestSchema: z.ZodType = z
|
|
2709
|
-
.object({
|
|
2710
|
-
nameArg: z.string().optional(),
|
|
2711
|
-
newName: z.string().optional(),
|
|
2712
|
-
skipValidation: z.boolean().optional(),
|
|
2713
|
-
force: z.boolean().optional(),
|
|
2714
|
-
name: z.string().optional(),
|
|
2715
|
-
credential: z
|
|
2716
|
-
.discriminatedUnion('$case', [
|
|
2717
|
-
z.object({
|
|
2718
|
-
$case: z.literal('awsIamRole'),
|
|
2719
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2720
|
-
}),
|
|
2721
|
-
z.object({
|
|
2722
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2723
|
-
azureServicePrincipal: z.lazy(
|
|
2724
|
-
() => marshalAzureServicePrincipalSchema
|
|
2725
|
-
),
|
|
2726
|
-
}),
|
|
2727
|
-
z.object({
|
|
2728
|
-
$case: z.literal('gcpServiceAccountKey'),
|
|
2729
|
-
gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
|
|
2730
|
-
}),
|
|
2731
|
-
z.object({
|
|
2732
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2733
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2734
|
-
}),
|
|
2735
|
-
z.object({
|
|
2736
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2737
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2738
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2739
|
-
),
|
|
2740
|
-
}),
|
|
2741
|
-
z.object({
|
|
2742
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2743
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2744
|
-
}),
|
|
2745
|
-
])
|
|
2746
|
-
.optional(),
|
|
2747
|
-
comment: z.string().optional(),
|
|
2748
|
-
readOnly: z.boolean().optional(),
|
|
2749
|
-
owner: z.string().optional(),
|
|
2750
|
-
id: z.string().optional(),
|
|
2751
|
-
metastoreId: z.string().optional(),
|
|
2752
|
-
createdAt: z.bigint().optional(),
|
|
2753
|
-
createdBy: z.string().optional(),
|
|
2754
|
-
updatedAt: z.bigint().optional(),
|
|
2755
|
-
updatedBy: z.string().optional(),
|
|
2756
|
-
usedForManagedStorage: z.boolean().optional(),
|
|
2757
|
-
fullName: z.string().optional(),
|
|
2758
|
-
isolationMode: z.enum(IsolationMode).optional(),
|
|
2759
|
-
})
|
|
2760
|
-
.transform(d => ({
|
|
2761
|
-
name_arg: d.nameArg,
|
|
2762
|
-
new_name: d.newName,
|
|
2763
|
-
skip_validation: d.skipValidation,
|
|
2764
|
-
force: d.force,
|
|
2765
|
-
name: d.name,
|
|
2766
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2767
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2768
|
-
}),
|
|
2769
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2770
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2771
|
-
}),
|
|
2772
|
-
...(d.credential?.$case === 'gcpServiceAccountKey' && {
|
|
2773
|
-
gcp_service_account_key: d.credential.gcpServiceAccountKey,
|
|
2774
|
-
}),
|
|
2775
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2776
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2777
|
-
}),
|
|
2778
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2779
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2780
|
-
}),
|
|
2781
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2782
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2783
|
-
}),
|
|
2784
|
-
comment: d.comment,
|
|
2785
|
-
read_only: d.readOnly,
|
|
2786
|
-
owner: d.owner,
|
|
2787
|
-
id: d.id,
|
|
2788
|
-
metastore_id: d.metastoreId,
|
|
2789
|
-
created_at: d.createdAt,
|
|
2790
|
-
created_by: d.createdBy,
|
|
2791
|
-
updated_at: d.updatedAt,
|
|
2792
|
-
updated_by: d.updatedBy,
|
|
2793
|
-
used_for_managed_storage: d.usedForManagedStorage,
|
|
2794
|
-
full_name: d.fullName,
|
|
2795
|
-
isolation_mode: d.isolationMode,
|
|
2796
|
-
}));
|
|
2797
|
-
|
|
2798
|
-
export const marshalValidateCredentialRequestSchema: z.ZodType = z
|
|
2799
|
-
.object({
|
|
2800
|
-
credential: z
|
|
2801
|
-
.discriminatedUnion('$case', [
|
|
2802
|
-
z.object({
|
|
2803
|
-
$case: z.literal('credentialName'),
|
|
2804
|
-
credentialName: z.string(),
|
|
2805
|
-
}),
|
|
2806
|
-
z.object({
|
|
2807
|
-
$case: z.literal('awsIamRole'),
|
|
2808
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2809
|
-
}),
|
|
2810
|
-
z.object({
|
|
2811
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2812
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2813
|
-
}),
|
|
2814
|
-
z.object({
|
|
2815
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2816
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2817
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2818
|
-
),
|
|
2819
|
-
}),
|
|
2820
|
-
])
|
|
2821
|
-
.optional(),
|
|
2822
|
-
externalLocationName: z.string().optional(),
|
|
2823
|
-
url: z.string().optional(),
|
|
2824
|
-
readOnly: z.boolean().optional(),
|
|
2825
|
-
})
|
|
2826
|
-
.transform(d => ({
|
|
2827
|
-
...(d.credential?.$case === 'credentialName' && {
|
|
2828
|
-
credential_name: d.credential.credentialName,
|
|
2829
|
-
}),
|
|
2830
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2831
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2832
|
-
}),
|
|
2833
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2834
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2835
|
-
}),
|
|
2836
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2837
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2838
|
-
}),
|
|
2839
|
-
external_location_name: d.externalLocationName,
|
|
2840
|
-
url: d.url,
|
|
2841
|
-
read_only: d.readOnly,
|
|
2842
|
-
}));
|
|
2843
|
-
|
|
2844
|
-
export const marshalValidateStorageCredentialRequestSchema: z.ZodType = z
|
|
2845
|
-
.object({
|
|
2846
|
-
credential: z
|
|
2847
|
-
.discriminatedUnion('$case', [
|
|
2848
|
-
z.object({
|
|
2849
|
-
$case: z.literal('storageCredentialName'),
|
|
2850
|
-
storageCredentialName: z.string(),
|
|
2851
|
-
}),
|
|
2852
|
-
z.object({
|
|
2853
|
-
$case: z.literal('awsIamRole'),
|
|
2854
|
-
awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
|
|
2855
|
-
}),
|
|
2856
|
-
z.object({
|
|
2857
|
-
$case: z.literal('azureServicePrincipal'),
|
|
2858
|
-
azureServicePrincipal: z.lazy(
|
|
2859
|
-
() => marshalAzureServicePrincipalSchema
|
|
2860
|
-
),
|
|
2861
|
-
}),
|
|
2862
|
-
z.object({
|
|
2863
|
-
$case: z.literal('azureManagedIdentity'),
|
|
2864
|
-
azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
|
|
2865
|
-
}),
|
|
2866
|
-
z.object({
|
|
2867
|
-
$case: z.literal('databricksGcpServiceAccount'),
|
|
2868
|
-
databricksGcpServiceAccount: z.lazy(
|
|
2869
|
-
() => marshalDatabricksGcpServiceAccountSchema
|
|
2870
|
-
),
|
|
2871
|
-
}),
|
|
2872
|
-
z.object({
|
|
2873
|
-
$case: z.literal('cloudflareApiToken'),
|
|
2874
|
-
cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
|
|
2875
|
-
}),
|
|
2876
|
-
])
|
|
2877
|
-
.optional(),
|
|
2878
|
-
externalLocationName: z.string().optional(),
|
|
2879
|
-
url: z.string().optional(),
|
|
2880
|
-
readOnly: z.boolean().optional(),
|
|
2881
|
-
})
|
|
2882
|
-
.transform(d => ({
|
|
2883
|
-
...(d.credential?.$case === 'storageCredentialName' && {
|
|
2884
|
-
storage_credential_name: d.credential.storageCredentialName,
|
|
2885
|
-
}),
|
|
2886
|
-
...(d.credential?.$case === 'awsIamRole' && {
|
|
2887
|
-
aws_iam_role: d.credential.awsIamRole,
|
|
2888
|
-
}),
|
|
2889
|
-
...(d.credential?.$case === 'azureServicePrincipal' && {
|
|
2890
|
-
azure_service_principal: d.credential.azureServicePrincipal,
|
|
2891
|
-
}),
|
|
2892
|
-
...(d.credential?.$case === 'azureManagedIdentity' && {
|
|
2893
|
-
azure_managed_identity: d.credential.azureManagedIdentity,
|
|
2894
|
-
}),
|
|
2895
|
-
...(d.credential?.$case === 'databricksGcpServiceAccount' && {
|
|
2896
|
-
databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
|
|
2897
|
-
}),
|
|
2898
|
-
...(d.credential?.$case === 'cloudflareApiToken' && {
|
|
2899
|
-
cloudflare_api_token: d.credential.cloudflareApiToken,
|
|
2900
|
-
}),
|
|
2901
|
-
external_location_name: d.externalLocationName,
|
|
2902
|
-
url: d.url,
|
|
2903
|
-
read_only: d.readOnly,
|
|
2904
|
-
}));
|