@databricks/sdk-uc-credentials 0.1.0-dev.3 → 0.1.0-dev.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/src/v1/model.ts DELETED
@@ -1,2881 +0,0 @@
1
- // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
-
3
- import {z} from 'zod';
4
-
5
- export enum IsolationMode {
6
- ISOLATION_MODE_UNSPECIFIED = 'ISOLATION_MODE_UNSPECIFIED',
7
- ISOLATION_MODE_OPEN = 'ISOLATION_MODE_OPEN',
8
- ISOLATION_MODE_ISOLATED = 'ISOLATION_MODE_ISOLATED',
9
- }
10
-
11
- export enum PathOperation {
12
- PATH_READ = 'PATH_READ',
13
- PATH_READ_WRITE = 'PATH_READ_WRITE',
14
- PATH_CREATE_TABLE = 'PATH_CREATE_TABLE',
15
- }
16
-
17
- export enum TableOperation {
18
- READ = 'READ',
19
- READ_WRITE = 'READ_WRITE',
20
- }
21
-
22
- export enum VolumeOperation {
23
- READ_VOLUME = 'READ_VOLUME',
24
- WRITE_VOLUME = 'WRITE_VOLUME',
25
- }
26
-
27
- /** A enum represents the result of the file operation */
28
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
29
- export enum ValidateCredentialRequest_Result {
30
- PASS = 'PASS',
31
- FAIL = 'FAIL',
32
- SKIP = 'SKIP',
33
- }
34
-
35
- /**
36
- * A enum represents the file operation performed on the external location
37
- * with the storage credential
38
- */
39
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
40
- export enum ValidateStorageCredentialRequest_FileOperation {
41
- LIST = 'LIST',
42
- READ = 'READ',
43
- WRITE = 'WRITE',
44
- DELETE = 'DELETE',
45
- PATH_EXISTS = 'PATH_EXISTS',
46
- }
47
-
48
- /** A enum represents the result of the file operation */
49
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name.
50
- export enum ValidateStorageCredentialRequest_Result {
51
- PASS = 'PASS',
52
- FAIL = 'FAIL',
53
- SKIP = 'SKIP',
54
- }
55
-
56
- export interface AccountsCreateStorageCredentialRequest {
57
- /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
58
- accountId?: string | undefined;
59
- /** Unity Catalog metastore ID */
60
- metastoreId?: string | undefined;
61
- credentialInfo?: CreateAccountsStorageCredential | undefined;
62
- /**
63
- * Optional, default false.
64
- * Supplying true to this argument skips validation of the created set of credentials.
65
- */
66
- skipValidation?: boolean | undefined;
67
- }
68
-
69
- export interface AccountsCreateStorageCredentialResponse {
70
- credentialInfo?: StorageCredentialInfo | undefined;
71
- }
72
-
73
- /** Deletes a storage credential for an account */
74
- export interface AccountsDeleteStorageCredentialRequest {
75
- /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
76
- accountId?: string | undefined;
77
- /** Unity Catalog metastore ID */
78
- metastoreId?: string | undefined;
79
- /** Name of the storage credential. */
80
- nameArg?: string | undefined;
81
- /** Force deletion even if the Storage Credential is not empty. Default is false. */
82
- force?: boolean | undefined;
83
- }
84
-
85
- /** The storage credential was successfully deleted. */
86
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
87
- export interface AccountsDeleteStorageCredentialResponse {}
88
-
89
- /** Retrieves a single storage credential */
90
- export interface AccountsGetStorageCredentialRequest {
91
- /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
92
- accountId?: string | undefined;
93
- /** Unity Catalog metastore ID */
94
- metastoreId?: string | undefined;
95
- /** Required. Name of the storage credential. */
96
- nameArg?: string | undefined;
97
- }
98
-
99
- /** The storage credential was successfully retrieved. */
100
- export interface AccountsGetStorageCredentialResponse {
101
- credentialInfo?: StorageCredentialInfo | undefined;
102
- }
103
-
104
- /** Lists all storage credentials for the given account and metastore */
105
- export interface AccountsListStorageCredentialsRequest {
106
- /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
107
- accountId?: string | undefined;
108
- /** Unity Catalog metastore ID */
109
- metastoreId?: string | undefined;
110
- }
111
-
112
- /** The metastore storage credentials were successfully returned. */
113
- export interface AccountsListStorageCredentialsResponse {
114
- /** An array of metastore storage credentials. */
115
- storageCredentials?: StorageCredentialInfo[] | undefined;
116
- }
117
-
118
- /** The storage credential to update. */
119
- export interface AccountsUpdateStorageCredentialRequest {
120
- /** <Databricks> account ID of any type. For non-E2 account types, get your account ID from the [Accounts Console](https://docs.databricks.com/administration-guide/account-settings/usage.html) */
121
- accountId?: string | undefined;
122
- /** Unity Catalog metastore ID */
123
- metastoreId?: string | undefined;
124
- /** Name of the storage credential. */
125
- nameArg?: string | undefined;
126
- credentialInfo?: UpdateAccountsStorageCredential | undefined;
127
- /** Optional. Supplying true to this argument skips validation of the updated set of credentials. */
128
- skipValidation?: boolean | undefined;
129
- }
130
-
131
- /** The storage credential was successfully updated. */
132
- export interface AccountsUpdateStorageCredentialResponse {
133
- credentialInfo?: StorageCredentialInfo | undefined;
134
- }
135
-
136
- export interface AwsCredentials {
137
- creds?: {$case: 'stsRole'; stsRole: AwsCredentials_StsRole} | undefined;
138
- }
139
-
140
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
141
- export interface AwsCredentials_StsRole {
142
- /** The Amazon Resource Name (ARN) of the cross account IAM role. */
143
- roleArn?: string | undefined;
144
- }
145
-
146
- /** The AWS IAM role configuration */
147
- export interface AwsIamRole {
148
- /** The Amazon Resource Name (ARN) of the AWS IAM role used to vend temporary credentials. */
149
- roleArn?: string | undefined;
150
- /**
151
- * The Amazon Resource Name (ARN) of the AWS IAM user managed by <Databricks>.
152
- * This is the identity that is going to assume the AWS IAM role.
153
- */
154
- unityCatalogIamArn?: string | undefined;
155
- /** The external ID used in role assumption to prevent the confused deputy problem. */
156
- externalId?: string | undefined;
157
- }
158
-
159
- /**
160
- * Azure Active Directory token, essentially the Oauth token for Azure Service Principal or Managed
161
- * Identity.
162
- * Read more at https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token
163
- */
164
- export interface AzureActiveDirectoryToken {
165
- /** Opaque token that contains claims that you can use in Azure Active Directory to access cloud services. */
166
- aadToken?: string | undefined;
167
- }
168
-
169
- /** The Azure managed identity configuration. */
170
- export interface AzureManagedIdentity {
171
- /**
172
- * The Azure resource ID of the Azure Databricks Access Connector. Use the format
173
- * `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.Databricks/accessConnectors/{connector-name}`.
174
- */
175
- accessConnectorId?: string | undefined;
176
- /**
177
- * The Azure resource ID of the managed identity. Use the format,
178
- * `/subscriptions/{guid}/resourceGroups/{rg-name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}`
179
- * This is only available for user-assgined identities. For system-assigned identities, the access_connector_id is used to identify the identity.
180
- * If this field is not provided, then we assume the AzureManagedIdentity is using the system-assigned identity.
181
- */
182
- managedIdentityId?: string | undefined;
183
- /** The <Databricks> internal ID that represents this managed identity. */
184
- credentialId?: string | undefined;
185
- }
186
-
187
- /** The Azure service principal configuration. Only applicable when purpose is **STORAGE**. */
188
- export interface AzureServicePrincipal {
189
- /** The directory ID corresponding to the Azure Active Directory (AAD) tenant of the application. */
190
- directoryId?: string | undefined;
191
- /** The application ID of the application registration within the referenced AAD tenant. */
192
- applicationId?: string | undefined;
193
- /** The client secret generated for the above app ID in AAD. */
194
- clientSecret?: string | undefined;
195
- }
196
-
197
- /**
198
- * Azure temporary credentials for API authentication.
199
- * Read more at https://docs.microsoft.com/en-us/rest/api/storageservices/create-user-delegation-sas
200
- */
201
- export interface AzureUserDelegationSas {
202
- /** The signed URI (SAS Token) used to access blob services for a given path */
203
- sasToken?: string | undefined;
204
- }
205
-
206
- /**
207
- * The Cloudflare API token configuration.
208
- * Read more at https://developers.cloudflare.com/r2/api/s3/tokens/
209
- */
210
- export interface CloudflareApiToken {
211
- /** The access key ID associated with the API token. */
212
- accessKeyId?: string | undefined;
213
- /** The secret access token generated for the above access key ID. */
214
- secretAccessKey?: string | undefined;
215
- /** The ID of the account associated with the API token. */
216
- accountId?: string | undefined;
217
- }
218
-
219
- export interface CreateAccountsStorageCredential {
220
- /**
221
- * The credential name. The name must be unique among storage and service
222
- * credentials within the metastore.
223
- */
224
- name?: string | undefined;
225
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
226
- credential?:
227
- | {
228
- $case: 'awsIamRole';
229
- /** The AWS IAM role configuration. */
230
- awsIamRole: AwsIamRole;
231
- }
232
- | {
233
- $case: 'azureServicePrincipal';
234
- /** The Azure service principal configuration. */
235
- azureServicePrincipal: AzureServicePrincipal;
236
- }
237
- | {
238
- $case: 'gcpServiceAccountKey';
239
- gcpServiceAccountKey: GcpServiceAccountKey;
240
- }
241
- | {
242
- $case: 'azureManagedIdentity';
243
- /** The Azure managed identity configuration. */
244
- azureManagedIdentity: AzureManagedIdentity;
245
- }
246
- | {
247
- $case: 'databricksGcpServiceAccount';
248
- /** The <Databricks> managed GCP service account configuration. */
249
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
250
- }
251
- | {
252
- $case: 'cloudflareApiToken';
253
- /** The Cloudflare API token configuration. */
254
- cloudflareApiToken: CloudflareApiToken;
255
- }
256
- | undefined;
257
- /** Comment associated with the credential. */
258
- comment?: string | undefined;
259
- /**
260
- * Whether the credential is usable only for read operations. Only applicable
261
- * when purpose is **STORAGE**.
262
- */
263
- readOnly?: boolean | undefined;
264
- /** Username of current owner of credential. */
265
- owner?: string | undefined;
266
- /** The unique identifier of the credential. */
267
- id?: string | undefined;
268
- /** Unique identifier of the parent metastore. */
269
- metastoreId?: string | undefined;
270
- /** Time at which this credential was created, in epoch milliseconds. */
271
- createdAt?: bigint | undefined;
272
- /** Username of credential creator. */
273
- createdBy?: string | undefined;
274
- /** Time at which this credential was last modified, in epoch milliseconds. */
275
- updatedAt?: bigint | undefined;
276
- /** Username of user who last modified the credential. */
277
- updatedBy?: string | undefined;
278
- /**
279
- * Whether this credential is the current metastore's root storage credential.
280
- * Only applicable when purpose is **STORAGE**.
281
- */
282
- usedForManagedStorage?: boolean | undefined;
283
- /** The full name of the credential. */
284
- fullName?: string | undefined;
285
- /**
286
- * Whether the current securable is accessible from all workspaces or a
287
- * specific set of workspaces.
288
- */
289
- isolationMode?: IsolationMode | undefined;
290
- }
291
-
292
- export interface CreateCredentialAwsCredentials {
293
- creds?: {$case: 'stsRole'; stsRole: AwsCredentials_StsRole} | undefined;
294
- }
295
-
296
- export interface CreateCredentialRequest {
297
- /**
298
- * Optional. Supplying true to this argument skips validation of the created
299
- * set of credentials.
300
- */
301
- skipValidation?: boolean | undefined;
302
- /**
303
- * The credential name. The name must be unique among storage and service
304
- * credentials within the metastore.
305
- */
306
- name?: string | undefined;
307
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
308
- credential?:
309
- | {
310
- $case: 'awsIamRole';
311
- /** The AWS IAM role configuration. */
312
- awsIamRole: AwsIamRole;
313
- }
314
- | {
315
- $case: 'azureServicePrincipal';
316
- /** The Azure service principal configuration. */
317
- azureServicePrincipal: AzureServicePrincipal;
318
- }
319
- | {
320
- $case: 'gcpServiceAccountKey';
321
- gcpServiceAccountKey: GcpServiceAccountKey;
322
- }
323
- | {
324
- $case: 'azureManagedIdentity';
325
- /** The Azure managed identity configuration. */
326
- azureManagedIdentity: AzureManagedIdentity;
327
- }
328
- | {
329
- $case: 'databricksGcpServiceAccount';
330
- /** The <Databricks> managed GCP service account configuration. */
331
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
332
- }
333
- | {
334
- $case: 'cloudflareApiToken';
335
- /** The Cloudflare API token configuration. */
336
- cloudflareApiToken: CloudflareApiToken;
337
- }
338
- | undefined;
339
- /** Comment associated with the credential. */
340
- comment?: string | undefined;
341
- /**
342
- * Whether the credential is usable only for read operations. Only applicable
343
- * when purpose is **STORAGE**.
344
- */
345
- readOnly?: boolean | undefined;
346
- /** Username of current owner of credential. */
347
- owner?: string | undefined;
348
- /** The unique identifier of the credential. */
349
- id?: string | undefined;
350
- /** Unique identifier of the parent metastore. */
351
- metastoreId?: string | undefined;
352
- /** Time at which this credential was created, in epoch milliseconds. */
353
- createdAt?: bigint | undefined;
354
- /** Username of credential creator. */
355
- createdBy?: string | undefined;
356
- /** Time at which this credential was last modified, in epoch milliseconds. */
357
- updatedAt?: bigint | undefined;
358
- /** Username of user who last modified the credential. */
359
- updatedBy?: string | undefined;
360
- /**
361
- * Whether this credential is the current metastore's root storage credential.
362
- * Only applicable when purpose is **STORAGE**.
363
- */
364
- usedForManagedStorage?: boolean | undefined;
365
- /** The full name of the credential. */
366
- fullName?: string | undefined;
367
- /**
368
- * Whether the current securable is accessible from all workspaces or a
369
- * specific set of workspaces.
370
- */
371
- isolationMode?: IsolationMode | undefined;
372
- }
373
-
374
- export interface CreateCredentialsRequest {
375
- accountId?: string | undefined;
376
- /** The human-readable name of the credential configuration object. */
377
- credentialsName?: string | undefined;
378
- /** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
379
- cloudCredentials?:
380
- | {$case: 'awsCredentials'; awsCredentials: CreateCredentialAwsCredentials}
381
- | undefined;
382
- }
383
-
384
- export interface CreateStorageCredentialRequest {
385
- /** Supplying true to this argument skips validation of the created credential. */
386
- skipValidation?: boolean | undefined;
387
- /**
388
- * The credential name. The name must be unique among storage and service
389
- * credentials within the metastore.
390
- */
391
- name?: string | undefined;
392
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
393
- credential?:
394
- | {
395
- $case: 'awsIamRole';
396
- /** The AWS IAM role configuration. */
397
- awsIamRole: AwsIamRole;
398
- }
399
- | {
400
- $case: 'azureServicePrincipal';
401
- /** The Azure service principal configuration. */
402
- azureServicePrincipal: AzureServicePrincipal;
403
- }
404
- | {
405
- $case: 'gcpServiceAccountKey';
406
- gcpServiceAccountKey: GcpServiceAccountKey;
407
- }
408
- | {
409
- $case: 'azureManagedIdentity';
410
- /** The Azure managed identity configuration. */
411
- azureManagedIdentity: AzureManagedIdentity;
412
- }
413
- | {
414
- $case: 'databricksGcpServiceAccount';
415
- /** The <Databricks> managed GCP service account configuration. */
416
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
417
- }
418
- | {
419
- $case: 'cloudflareApiToken';
420
- /** The Cloudflare API token configuration. */
421
- cloudflareApiToken: CloudflareApiToken;
422
- }
423
- | undefined;
424
- /** Comment associated with the credential. */
425
- comment?: string | undefined;
426
- /**
427
- * Whether the credential is usable only for read operations. Only applicable
428
- * when purpose is **STORAGE**.
429
- */
430
- readOnly?: boolean | undefined;
431
- /** Username of current owner of credential. */
432
- owner?: string | undefined;
433
- /** The unique identifier of the credential. */
434
- id?: string | undefined;
435
- /** Unique identifier of the parent metastore. */
436
- metastoreId?: string | undefined;
437
- /** Time at which this credential was created, in epoch milliseconds. */
438
- createdAt?: bigint | undefined;
439
- /** Username of credential creator. */
440
- createdBy?: string | undefined;
441
- /** Time at which this credential was last modified, in epoch milliseconds. */
442
- updatedAt?: bigint | undefined;
443
- /** Username of user who last modified the credential. */
444
- updatedBy?: string | undefined;
445
- /**
446
- * Whether this credential is the current metastore's root storage credential.
447
- * Only applicable when purpose is **STORAGE**.
448
- */
449
- usedForManagedStorage?: boolean | undefined;
450
- /** The full name of the credential. */
451
- fullName?: string | undefined;
452
- /**
453
- * Whether the current securable is accessible from all workspaces or a
454
- * specific set of workspaces.
455
- */
456
- isolationMode?: IsolationMode | undefined;
457
- }
458
-
459
- export interface CredentialInfo {
460
- /**
461
- * The credential name. The name must be unique among storage and service
462
- * credentials within the metastore.
463
- */
464
- name?: string | undefined;
465
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
466
- credential?:
467
- | {
468
- $case: 'awsIamRole';
469
- /** The AWS IAM role configuration. */
470
- awsIamRole: AwsIamRole;
471
- }
472
- | {
473
- $case: 'azureServicePrincipal';
474
- /** The Azure service principal configuration. */
475
- azureServicePrincipal: AzureServicePrincipal;
476
- }
477
- | {
478
- $case: 'gcpServiceAccountKey';
479
- gcpServiceAccountKey: GcpServiceAccountKey;
480
- }
481
- | {
482
- $case: 'azureManagedIdentity';
483
- /** The Azure managed identity configuration. */
484
- azureManagedIdentity: AzureManagedIdentity;
485
- }
486
- | {
487
- $case: 'databricksGcpServiceAccount';
488
- /** The <Databricks> managed GCP service account configuration. */
489
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
490
- }
491
- | {
492
- $case: 'cloudflareApiToken';
493
- /** The Cloudflare API token configuration. */
494
- cloudflareApiToken: CloudflareApiToken;
495
- }
496
- | undefined;
497
- /** Comment associated with the credential. */
498
- comment?: string | undefined;
499
- /**
500
- * Whether the credential is usable only for read operations. Only applicable
501
- * when purpose is **STORAGE**.
502
- */
503
- readOnly?: boolean | undefined;
504
- /** Username of current owner of credential. */
505
- owner?: string | undefined;
506
- /** The unique identifier of the credential. */
507
- id?: string | undefined;
508
- /** Unique identifier of the parent metastore. */
509
- metastoreId?: string | undefined;
510
- /** Time at which this credential was created, in epoch milliseconds. */
511
- createdAt?: bigint | undefined;
512
- /** Username of credential creator. */
513
- createdBy?: string | undefined;
514
- /** Time at which this credential was last modified, in epoch milliseconds. */
515
- updatedAt?: bigint | undefined;
516
- /** Username of user who last modified the credential. */
517
- updatedBy?: string | undefined;
518
- /**
519
- * Whether this credential is the current metastore's root storage credential.
520
- * Only applicable when purpose is **STORAGE**.
521
- */
522
- usedForManagedStorage?: boolean | undefined;
523
- /** The full name of the credential. */
524
- fullName?: string | undefined;
525
- /**
526
- * Whether the current securable is accessible from all workspaces or a
527
- * specific set of workspaces.
528
- */
529
- isolationMode?: IsolationMode | undefined;
530
- }
531
-
532
- export interface Credentials {
533
- /** <Databricks> credential configuration ID. */
534
- credentialsId?: string | undefined;
535
- /** The <Databricks> account ID that hosts the credential. */
536
- accountId?: string | undefined;
537
- /** (-- NOTE(austin) This oneof is a future-looking definition when we add other clouds --) */
538
- cloudCredentials?:
539
- | {$case: 'awsCredentials'; awsCredentials: AwsCredentials}
540
- | undefined;
541
- /** The human-readable name of the credential configuration object. */
542
- credentialsName?: string | undefined;
543
- /** Time in epoch milliseconds when the credential was created. */
544
- creationTime?: bigint | undefined;
545
- }
546
-
547
- /**
548
- * GCP long-lived credential.
549
- * <Databricks>-created Google Cloud Storage service account.
550
- */
551
- export interface DatabricksGcpServiceAccount {
552
- /** The email of the service account. */
553
- email?: string | undefined;
554
- /** The ID that represents the private key for this Service Account */
555
- privateKeyId?: string | undefined;
556
- /** The <Databricks> internal ID that represents this managed identity. */
557
- credentialId?: string | undefined;
558
- }
559
-
560
- export interface DeleteCredentialRequest {
561
- /** Name of the credential. */
562
- nameArg?: string | undefined;
563
- /**
564
- * Force an update even if there are dependent services (when purpose is
565
- * **SERVICE**) or dependent external locations and external tables (when
566
- * purpose is **STORAGE**).
567
- */
568
- force?: boolean | undefined;
569
- }
570
-
571
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
572
- export interface DeleteCredentialResponse {}
573
-
574
- export interface DeleteCredentialsRequest {
575
- /** Databricks Account API credential configuration ID */
576
- credentialsId?: string | undefined;
577
- accountId?: string | undefined;
578
- }
579
-
580
- export interface DeleteStorageCredentialRequest {
581
- /** Name of the storage credential. */
582
- nameArg?: string | undefined;
583
- /**
584
- * Force an update even if there are dependent external locations or external
585
- * tables (when purpose is **STORAGE**) or dependent services (when purpose is
586
- * **SERVICE**).
587
- */
588
- force?: boolean | undefined;
589
- }
590
-
591
- // eslint-disable-next-line @typescript-eslint/no-empty-object-type
592
- export interface DeleteStorageCredentialResponse {}
593
-
594
- /**
595
- * GCP temporary credentials for API authentication.
596
- * Read more at https://developers.google.com/identity/protocols/oauth2/service-account
597
- */
598
- export interface GcpOauthToken {
599
- oauthToken?: string | undefined;
600
- }
601
-
602
- /**
603
- * GCP long-lived credential.
604
- * GCP Service Account.
605
- */
606
- export interface GcpServiceAccountKey {
607
- /** The email of the service account. */
608
- email?: string | undefined;
609
- /** The ID of the service account's private key. */
610
- privateKeyId?: string | undefined;
611
- /** The service account's RSA private key. */
612
- privateKey?: string | undefined;
613
- }
614
-
615
- export interface GenerateTemporaryPathCredentialRequest {
616
- /** URL for path-based access. */
617
- url?: string | undefined;
618
- /** The operation being performed on the path. */
619
- operation?: PathOperation | undefined;
620
- /**
621
- * Optional. When set to true, the service will not validate that the generated
622
- * credentials can perform write operations, therefore no new paths will be created
623
- * and the response will not contain valid credentials. Defaults to false.
624
- */
625
- dryRun?: boolean | undefined;
626
- }
627
-
628
- export interface GenerateTemporaryPathCredentialResponse {
629
- /** The temporary credential. */
630
- credentials?:
631
- | {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
632
- | {
633
- $case: 'azureUserDelegationSas';
634
- azureUserDelegationSas: AzureUserDelegationSas;
635
- }
636
- | {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
637
- | {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
638
- | {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
639
- | undefined;
640
- /**
641
- * Server time when the credential will expire, in epoch milliseconds.
642
- * The API client is advised to cache the credential given this expiration time.
643
- */
644
- expirationTime?: bigint | undefined;
645
- /** The URL of the storage path accessible by the temporary credential. */
646
- url?: string | undefined;
647
- }
648
-
649
- export interface GenerateTemporaryServiceCredentialRequest {
650
- /** The name of the service credential used to generate a temporary credential */
651
- credentialName?: string | undefined;
652
- options?:
653
- | {
654
- $case: 'azureOptions';
655
- azureOptions: GenerateTemporaryServiceCredentialRequest_AzureOptions;
656
- }
657
- | {
658
- $case: 'gcpOptions';
659
- gcpOptions: GenerateTemporaryServiceCredentialRequest_GcpOptions;
660
- }
661
- | undefined;
662
- }
663
-
664
- /** The Azure cloud options to customize the requested temporary credential */
665
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
666
- export interface GenerateTemporaryServiceCredentialRequest_AzureOptions {
667
- /**
668
- * The resources to which the temporary Azure credential should apply. These resources
669
- * are the scopes that are passed to the token provider (see https://learn.microsoft.com/python/api/azure-core/azure.core.credentials.tokencredential?view=azure-python)
670
- */
671
- resources?: string[] | undefined;
672
- }
673
-
674
- /** The GCP cloud options to customize the requested temporary credential */
675
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
676
- export interface GenerateTemporaryServiceCredentialRequest_GcpOptions {
677
- /**
678
- * The scopes to which the temporary GCP credential should apply. These resources
679
- * are the scopes that are passed to the token provider (see
680
- * https://google-auth.readthedocs.io/en/latest/reference/google.auth.html#google.auth.credentials.Credentials)
681
- */
682
- scopes?: string[] | undefined;
683
- }
684
-
685
- export interface GenerateTemporaryTableCredentialRequest {
686
- /** UUID of the table to read or write. */
687
- tableId?: string | undefined;
688
- /**
689
- * The operation performed against the table data, either READ or READ_WRITE. If READ_WRITE is specified,
690
- * the credentials returned will have write permissions, otherwise, it will be read only.
691
- */
692
- operation?: TableOperation | undefined;
693
- }
694
-
695
- export interface GenerateTemporaryTableCredentialResponse {
696
- /** The temporary credential. */
697
- credentials?:
698
- | {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
699
- | {
700
- $case: 'azureUserDelegationSas';
701
- azureUserDelegationSas: AzureUserDelegationSas;
702
- }
703
- | {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
704
- | {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
705
- | {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
706
- | undefined;
707
- /**
708
- * Server time when the credential will expire, in epoch milliseconds.
709
- * The API client is advised to cache the credential given this expiration time.
710
- */
711
- expirationTime?: bigint | undefined;
712
- /** The URL of the storage path accessible by the temporary credential. */
713
- url?: string | undefined;
714
- }
715
-
716
- /** Generate volume credentials RPC */
717
- export interface GenerateTemporaryVolumeCredentialRequest {
718
- /** Id of the volume to read or write. */
719
- volumeId?: string | undefined;
720
- /**
721
- * The operation performed against the volume data, either READ_VOLUME or WRITE_VOLUME. If WRITE_VOLUME is specified,
722
- * the credentials returned will have write permissions, otherwise, it will be read only.
723
- */
724
- operation?: VolumeOperation | undefined;
725
- }
726
-
727
- export interface GenerateTemporaryVolumeCredentialResponse {
728
- /** The temporary credential. */
729
- credentials?:
730
- | {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
731
- | {
732
- $case: 'azureUserDelegationSas';
733
- azureUserDelegationSas: AzureUserDelegationSas;
734
- }
735
- | {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
736
- | {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
737
- | {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
738
- | undefined;
739
- /**
740
- * Server time when the credential will expire, in epoch milliseconds.
741
- * The API client is advised to cache the credential given this expiration time.
742
- */
743
- expirationTime?: bigint | undefined;
744
- /** The URL of the storage path accessible by the temporary credential. */
745
- url?: string | undefined;
746
- }
747
-
748
- export interface GetCredentialRequest {
749
- /** Name of the credential. */
750
- nameArg?: string | undefined;
751
- }
752
-
753
- export interface GetCredentialsRequest {
754
- /** Credential configuration ID */
755
- credentialsId?: string | undefined;
756
- accountId?: string | undefined;
757
- }
758
-
759
- /**
760
- * TODO(UC-1710): The legacy /storage-credentials API is being deprecated.
761
- * Please use the new consolidated /credentials API instead.
762
- * See https://github.com/databricks-eng/universe/pull/857047#discussion_r1924779791 for an example of a case when that wasn't possible.
763
- */
764
- export interface GetStorageCredentialRequest {
765
- /** Name of the storage credential. */
766
- nameArg?: string | undefined;
767
- }
768
-
769
- export interface ListCredentialsPublicRequest {
770
- accountId?: string | undefined;
771
- }
772
-
773
- /**
774
- * ListCredentialsRequest is used to list credentials in the metastore.
775
- * Returns an array of credentials (as CredentialInfo objects). The array is
776
- * limited to the credentials that the caller has permission to access. If the
777
- * caller is a metastore admin, retrieval of credentials is unrestricted.
778
- *
779
- * There is no guarantee of a specific ordering of the elements in the array.
780
- */
781
- export interface ListCredentialsRequest {
782
- /**
783
- * Whether to include credentials not bound to the workspace.
784
- * Effective only if the user has permission to update the credential–workspace binding.
785
- */
786
- includeUnbound?: boolean | undefined;
787
- /**
788
- * Maximum number of credentials to return.
789
- * - If not set, the default max page size is used.
790
- * - When set to a value greater than 0, the page length is the minimum of
791
- * this value and a server-configured value.
792
- * - When set to 0, the page length is set to a server-configured value
793
- * (recommended).
794
- * - When set to a value less than 0, an invalid parameter error is
795
- * returned.
796
- */
797
- maxResults?: number | undefined;
798
- /** Opaque token to retrieve the next page of results. */
799
- pageToken?: string | undefined;
800
- }
801
-
802
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
803
- export interface ListCredentialsRequest_Response {
804
- credentials?: CredentialInfo[] | undefined;
805
- /**
806
- * Opaque token to retrieve the next page of results. Absent if there are no
807
- * more pages.
808
- * __page_token__ should be set to this value for the next request (for the
809
- * next page of results).
810
- */
811
- nextPageToken?: string | undefined;
812
- }
813
-
814
- export interface ListCredentialsResponse {
815
- credentials?: Credentials[] | undefined;
816
- }
817
-
818
- export interface ListStorageCredentialsRequest {
819
- /**
820
- * Whether to include credentials not bound to the workspace.
821
- * Effective only if the user has permission to update the credential–workspace binding.
822
- */
823
- includeUnbound?: boolean | undefined;
824
- /**
825
- * Maximum number of storage credentials to return.
826
- * If not set, all the storage credentials are returned (not recommended).
827
- * - when set to a value greater than 0, the page length is the minimum of
828
- * this value and a server configured value;
829
- * - when set to 0, the page length is set to a server configured value
830
- * (recommended);
831
- * - when set to a value less than 0, an invalid parameter error is returned;
832
- */
833
- maxResults?: number | undefined;
834
- /** Opaque pagination token to go to next page based on previous query. */
835
- pageToken?: string | undefined;
836
- }
837
-
838
- export interface ListStorageCredentialsResponse {
839
- storageCredentials?: StorageCredentialInfo[] | undefined;
840
- /**
841
- * Opaque token to retrieve the next page of results. Absent if there are no
842
- * more pages.
843
- * __page_token__ should be set to this value for the next request (for the
844
- * next page of results).
845
- */
846
- nextPageToken?: string | undefined;
847
- }
848
-
849
- /**
850
- * R2 temporary credentials for API authentication.
851
- * Read more at https://developers.cloudflare.com/r2/api/s3/tokens/.
852
- */
853
- export interface R2Credentials {
854
- /** The access key ID that identifies the temporary credentials. */
855
- accessKeyId?: string | undefined;
856
- /** The secret access key associated with the access key. */
857
- secretAccessKey?: string | undefined;
858
- /** The generated JWT that users must pass to use the temporary credentials. */
859
- sessionToken?: string | undefined;
860
- }
861
-
862
- export interface StorageCredentialInfo {
863
- /**
864
- * The credential name. The name must be unique among storage and service
865
- * credentials within the metastore.
866
- */
867
- name?: string | undefined;
868
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
869
- credential?:
870
- | {
871
- $case: 'awsIamRole';
872
- /** The AWS IAM role configuration. */
873
- awsIamRole: AwsIamRole;
874
- }
875
- | {
876
- $case: 'azureServicePrincipal';
877
- /** The Azure service principal configuration. */
878
- azureServicePrincipal: AzureServicePrincipal;
879
- }
880
- | {
881
- $case: 'gcpServiceAccountKey';
882
- gcpServiceAccountKey: GcpServiceAccountKey;
883
- }
884
- | {
885
- $case: 'azureManagedIdentity';
886
- /** The Azure managed identity configuration. */
887
- azureManagedIdentity: AzureManagedIdentity;
888
- }
889
- | {
890
- $case: 'databricksGcpServiceAccount';
891
- /** The <Databricks> managed GCP service account configuration. */
892
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
893
- }
894
- | {
895
- $case: 'cloudflareApiToken';
896
- /** The Cloudflare API token configuration. */
897
- cloudflareApiToken: CloudflareApiToken;
898
- }
899
- | undefined;
900
- /** Comment associated with the credential. */
901
- comment?: string | undefined;
902
- /**
903
- * Whether the credential is usable only for read operations. Only applicable
904
- * when purpose is **STORAGE**.
905
- */
906
- readOnly?: boolean | undefined;
907
- /** Username of current owner of credential. */
908
- owner?: string | undefined;
909
- /** The unique identifier of the credential. */
910
- id?: string | undefined;
911
- /** Unique identifier of the parent metastore. */
912
- metastoreId?: string | undefined;
913
- /** Time at which this credential was created, in epoch milliseconds. */
914
- createdAt?: bigint | undefined;
915
- /** Username of credential creator. */
916
- createdBy?: string | undefined;
917
- /** Time at which this credential was last modified, in epoch milliseconds. */
918
- updatedAt?: bigint | undefined;
919
- /** Username of user who last modified the credential. */
920
- updatedBy?: string | undefined;
921
- /**
922
- * Whether this credential is the current metastore's root storage credential.
923
- * Only applicable when purpose is **STORAGE**.
924
- */
925
- usedForManagedStorage?: boolean | undefined;
926
- /** The full name of the credential. */
927
- fullName?: string | undefined;
928
- /**
929
- * Whether the current securable is accessible from all workspaces or a
930
- * specific set of workspaces.
931
- */
932
- isolationMode?: IsolationMode | undefined;
933
- }
934
-
935
- /**
936
- * AWS temporary credentials for API authentication.
937
- * Read more at https://docs.aws.amazon.com/STS/latest/APIReference/API_Credentials.html.
938
- */
939
- export interface TemporaryAwsCredentials {
940
- /** The access key ID that identifies the temporary credentials. */
941
- accessKeyId?: string | undefined;
942
- /** The secret access key that can be used to sign AWS API requests. */
943
- secretAccessKey?: string | undefined;
944
- /** The token that users must pass to AWS API to use the temporary credentials. */
945
- sessionToken?: string | undefined;
946
- /**
947
- * The Amazon Resource Name (ARN) of the S3 access point for
948
- * temporary credentials related the external location.
949
- */
950
- accessPoint?: string | undefined;
951
- }
952
-
953
- export interface TemporaryCredentials {
954
- /** The temporary credential. */
955
- credentials?:
956
- | {$case: 'awsTempCredentials'; awsTempCredentials: TemporaryAwsCredentials}
957
- | {
958
- $case: 'azureUserDelegationSas';
959
- azureUserDelegationSas: AzureUserDelegationSas;
960
- }
961
- | {$case: 'gcpOauthToken'; gcpOauthToken: GcpOauthToken}
962
- | {$case: 'azureAad'; azureAad: AzureActiveDirectoryToken}
963
- | {$case: 'r2TempCredentials'; r2TempCredentials: R2Credentials}
964
- | undefined;
965
- /**
966
- * Server time when the credential will expire, in epoch milliseconds.
967
- * The API client is advised to cache the credential given this expiration time.
968
- */
969
- expirationTime?: bigint | undefined;
970
- /** The URL of the storage path accessible by the temporary credential. */
971
- url?: string | undefined;
972
- }
973
-
974
- export interface UpdateAccountsStorageCredential {
975
- /**
976
- * The credential name. The name must be unique among storage and service
977
- * credentials within the metastore.
978
- */
979
- name?: string | undefined;
980
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
981
- credential?:
982
- | {
983
- $case: 'awsIamRole';
984
- /** The AWS IAM role configuration. */
985
- awsIamRole: AwsIamRole;
986
- }
987
- | {
988
- $case: 'azureServicePrincipal';
989
- /** The Azure service principal configuration. */
990
- azureServicePrincipal: AzureServicePrincipal;
991
- }
992
- | {
993
- $case: 'gcpServiceAccountKey';
994
- gcpServiceAccountKey: GcpServiceAccountKey;
995
- }
996
- | {
997
- $case: 'azureManagedIdentity';
998
- /** The Azure managed identity configuration. */
999
- azureManagedIdentity: AzureManagedIdentity;
1000
- }
1001
- | {
1002
- $case: 'databricksGcpServiceAccount';
1003
- /** The <Databricks> managed GCP service account configuration. */
1004
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1005
- }
1006
- | {
1007
- $case: 'cloudflareApiToken';
1008
- /** The Cloudflare API token configuration. */
1009
- cloudflareApiToken: CloudflareApiToken;
1010
- }
1011
- | undefined;
1012
- /** Comment associated with the credential. */
1013
- comment?: string | undefined;
1014
- /**
1015
- * Whether the credential is usable only for read operations. Only applicable
1016
- * when purpose is **STORAGE**.
1017
- */
1018
- readOnly?: boolean | undefined;
1019
- /** Username of current owner of credential. */
1020
- owner?: string | undefined;
1021
- /** The unique identifier of the credential. */
1022
- id?: string | undefined;
1023
- /** Unique identifier of the parent metastore. */
1024
- metastoreId?: string | undefined;
1025
- /** Time at which this credential was created, in epoch milliseconds. */
1026
- createdAt?: bigint | undefined;
1027
- /** Username of credential creator. */
1028
- createdBy?: string | undefined;
1029
- /** Time at which this credential was last modified, in epoch milliseconds. */
1030
- updatedAt?: bigint | undefined;
1031
- /** Username of user who last modified the credential. */
1032
- updatedBy?: string | undefined;
1033
- /**
1034
- * Whether this credential is the current metastore's root storage credential.
1035
- * Only applicable when purpose is **STORAGE**.
1036
- */
1037
- usedForManagedStorage?: boolean | undefined;
1038
- /** The full name of the credential. */
1039
- fullName?: string | undefined;
1040
- /**
1041
- * Whether the current securable is accessible from all workspaces or a
1042
- * specific set of workspaces.
1043
- */
1044
- isolationMode?: IsolationMode | undefined;
1045
- }
1046
-
1047
- export interface UpdateCredentialRequest {
1048
- /** Name of the credential. */
1049
- nameArg?: string | undefined;
1050
- /** New name of credential. */
1051
- newName?: string | undefined;
1052
- /** Supply true to this argument to skip validation of the updated credential. */
1053
- skipValidation?: boolean | undefined;
1054
- /**
1055
- * Force an update even if there are dependent services (when purpose is
1056
- * **SERVICE**) or dependent external locations and external tables (when
1057
- * purpose is **STORAGE**).
1058
- */
1059
- force?: boolean | undefined;
1060
- /**
1061
- * The credential name. The name must be unique among storage and service
1062
- * credentials within the metastore.
1063
- */
1064
- name?: string | undefined;
1065
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
1066
- credential?:
1067
- | {
1068
- $case: 'awsIamRole';
1069
- /** The AWS IAM role configuration. */
1070
- awsIamRole: AwsIamRole;
1071
- }
1072
- | {
1073
- $case: 'azureServicePrincipal';
1074
- /** The Azure service principal configuration. */
1075
- azureServicePrincipal: AzureServicePrincipal;
1076
- }
1077
- | {
1078
- $case: 'gcpServiceAccountKey';
1079
- gcpServiceAccountKey: GcpServiceAccountKey;
1080
- }
1081
- | {
1082
- $case: 'azureManagedIdentity';
1083
- /** The Azure managed identity configuration. */
1084
- azureManagedIdentity: AzureManagedIdentity;
1085
- }
1086
- | {
1087
- $case: 'databricksGcpServiceAccount';
1088
- /** The <Databricks> managed GCP service account configuration. */
1089
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1090
- }
1091
- | {
1092
- $case: 'cloudflareApiToken';
1093
- /** The Cloudflare API token configuration. */
1094
- cloudflareApiToken: CloudflareApiToken;
1095
- }
1096
- | undefined;
1097
- /** Comment associated with the credential. */
1098
- comment?: string | undefined;
1099
- /**
1100
- * Whether the credential is usable only for read operations. Only applicable
1101
- * when purpose is **STORAGE**.
1102
- */
1103
- readOnly?: boolean | undefined;
1104
- /** Username of current owner of credential. */
1105
- owner?: string | undefined;
1106
- /** The unique identifier of the credential. */
1107
- id?: string | undefined;
1108
- /** Unique identifier of the parent metastore. */
1109
- metastoreId?: string | undefined;
1110
- /** Time at which this credential was created, in epoch milliseconds. */
1111
- createdAt?: bigint | undefined;
1112
- /** Username of credential creator. */
1113
- createdBy?: string | undefined;
1114
- /** Time at which this credential was last modified, in epoch milliseconds. */
1115
- updatedAt?: bigint | undefined;
1116
- /** Username of user who last modified the credential. */
1117
- updatedBy?: string | undefined;
1118
- /**
1119
- * Whether this credential is the current metastore's root storage credential.
1120
- * Only applicable when purpose is **STORAGE**.
1121
- */
1122
- usedForManagedStorage?: boolean | undefined;
1123
- /** The full name of the credential. */
1124
- fullName?: string | undefined;
1125
- /**
1126
- * Whether the current securable is accessible from all workspaces or a
1127
- * specific set of workspaces.
1128
- */
1129
- isolationMode?: IsolationMode | undefined;
1130
- }
1131
-
1132
- export interface UpdateStorageCredentialRequest {
1133
- /** Name of the storage credential. */
1134
- nameArg?: string | undefined;
1135
- /** New name for the storage credential. */
1136
- newName?: string | undefined;
1137
- /** Supplying true to this argument skips validation of the updated credential. */
1138
- skipValidation?: boolean | undefined;
1139
- /**
1140
- * Force update even if there are dependent external locations or external
1141
- * tables.
1142
- */
1143
- force?: boolean | undefined;
1144
- /**
1145
- * The credential name. The name must be unique among storage and service
1146
- * credentials within the metastore.
1147
- */
1148
- name?: string | undefined;
1149
- /** (--[Create:REQ, Update:OPT] The long-lived cloud credential.--) */
1150
- credential?:
1151
- | {
1152
- $case: 'awsIamRole';
1153
- /** The AWS IAM role configuration. */
1154
- awsIamRole: AwsIamRole;
1155
- }
1156
- | {
1157
- $case: 'azureServicePrincipal';
1158
- /** The Azure service principal configuration. */
1159
- azureServicePrincipal: AzureServicePrincipal;
1160
- }
1161
- | {
1162
- $case: 'gcpServiceAccountKey';
1163
- gcpServiceAccountKey: GcpServiceAccountKey;
1164
- }
1165
- | {
1166
- $case: 'azureManagedIdentity';
1167
- /** The Azure managed identity configuration. */
1168
- azureManagedIdentity: AzureManagedIdentity;
1169
- }
1170
- | {
1171
- $case: 'databricksGcpServiceAccount';
1172
- /** The <Databricks> managed GCP service account configuration. */
1173
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1174
- }
1175
- | {
1176
- $case: 'cloudflareApiToken';
1177
- /** The Cloudflare API token configuration. */
1178
- cloudflareApiToken: CloudflareApiToken;
1179
- }
1180
- | undefined;
1181
- /** Comment associated with the credential. */
1182
- comment?: string | undefined;
1183
- /**
1184
- * Whether the credential is usable only for read operations. Only applicable
1185
- * when purpose is **STORAGE**.
1186
- */
1187
- readOnly?: boolean | undefined;
1188
- /** Username of current owner of credential. */
1189
- owner?: string | undefined;
1190
- /** The unique identifier of the credential. */
1191
- id?: string | undefined;
1192
- /** Unique identifier of the parent metastore. */
1193
- metastoreId?: string | undefined;
1194
- /** Time at which this credential was created, in epoch milliseconds. */
1195
- createdAt?: bigint | undefined;
1196
- /** Username of credential creator. */
1197
- createdBy?: string | undefined;
1198
- /** Time at which this credential was last modified, in epoch milliseconds. */
1199
- updatedAt?: bigint | undefined;
1200
- /** Username of user who last modified the credential. */
1201
- updatedBy?: string | undefined;
1202
- /**
1203
- * Whether this credential is the current metastore's root storage credential.
1204
- * Only applicable when purpose is **STORAGE**.
1205
- */
1206
- usedForManagedStorage?: boolean | undefined;
1207
- /** The full name of the credential. */
1208
- fullName?: string | undefined;
1209
- /**
1210
- * Whether the current securable is accessible from all workspaces or a
1211
- * specific set of workspaces.
1212
- */
1213
- isolationMode?: IsolationMode | undefined;
1214
- }
1215
-
1216
- /** Next ID: 18 */
1217
- export interface ValidateCredentialRequest {
1218
- credential?:
1219
- | {
1220
- $case: 'credentialName';
1221
- /**
1222
- * Required. The name of an existing credential or long-lived cloud
1223
- * credential to validate.
1224
- */
1225
- credentialName: string;
1226
- }
1227
- | {$case: 'awsIamRole'; awsIamRole: AwsIamRole}
1228
- | {
1229
- $case: 'azureManagedIdentity';
1230
- azureManagedIdentity: AzureManagedIdentity;
1231
- }
1232
- | {
1233
- $case: 'databricksGcpServiceAccount';
1234
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1235
- }
1236
- | undefined;
1237
- /**
1238
- * The name of an existing external location to validate. Only applicable for
1239
- * storage credentials (purpose is
1240
- * **STORAGE**.)
1241
- */
1242
- externalLocationName?: string | undefined;
1243
- /**
1244
- * The external location url to validate. Only applicable when purpose is
1245
- * **STORAGE**.
1246
- */
1247
- url?: string | undefined;
1248
- /**
1249
- * Whether the credential is only usable for read operations. Only applicable
1250
- * for storage credentials (purpose is
1251
- * **STORAGE**.)
1252
- */
1253
- readOnly?: boolean | undefined;
1254
- }
1255
-
1256
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1257
- export interface ValidateCredentialRequest_ValidationResult {
1258
- /** The results of the tested operation. */
1259
- result?: ValidateCredentialRequest_Result | undefined;
1260
- /** Error message would exist when the result does not equal to **PASS**. */
1261
- message?: string | undefined;
1262
- }
1263
-
1264
- export interface ValidateCredentialResponse {
1265
- /** The results of the validation check. */
1266
- results?: ValidateCredentialRequest_ValidationResult[] | undefined;
1267
- /**
1268
- * Whether the tested location is a directory in cloud storage. Only
1269
- * applicable for when purpose is **STORAGE**.
1270
- */
1271
- isDir?: boolean | undefined;
1272
- }
1273
-
1274
- export interface ValidateStorageCredentialRequest {
1275
- credential?:
1276
- | {
1277
- $case: 'storageCredentialName';
1278
- /**
1279
- * Required. The name of an existing credential or long-lived cloud
1280
- * credential to validate.
1281
- */
1282
- storageCredentialName: string;
1283
- }
1284
- | {
1285
- $case: 'awsIamRole';
1286
- /** The AWS IAM role configuration. */
1287
- awsIamRole: AwsIamRole;
1288
- }
1289
- | {
1290
- $case: 'azureServicePrincipal';
1291
- /** The Azure service principal configuration. */
1292
- azureServicePrincipal: AzureServicePrincipal;
1293
- }
1294
- | {
1295
- $case: 'azureManagedIdentity';
1296
- /** The Azure managed identity configuration. */
1297
- azureManagedIdentity: AzureManagedIdentity;
1298
- }
1299
- | {
1300
- $case: 'databricksGcpServiceAccount';
1301
- /** The <Databricks> created GCP service account configuration. */
1302
- databricksGcpServiceAccount: DatabricksGcpServiceAccount;
1303
- }
1304
- | {
1305
- $case: 'cloudflareApiToken';
1306
- /** The Cloudflare API token configuration. */
1307
- cloudflareApiToken: CloudflareApiToken;
1308
- }
1309
- | undefined;
1310
- /** The name of an existing external location to validate. */
1311
- externalLocationName?: string | undefined;
1312
- /** The external location url to validate. */
1313
- url?: string | undefined;
1314
- /** Whether the storage credential is only usable for read operations. */
1315
- readOnly?: boolean | undefined;
1316
- }
1317
-
1318
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1319
- export interface ValidateStorageCredentialRequest_ValidationResult {
1320
- /** The operation tested. */
1321
- operation?: ValidateStorageCredentialRequest_FileOperation | undefined;
1322
- /** The results of the tested operation. */
1323
- result?: ValidateStorageCredentialRequest_Result | undefined;
1324
- /** Error message would exist when the result does not equal to **PASS**. */
1325
- message?: string | undefined;
1326
- }
1327
-
1328
- export interface ValidateStorageCredentialResponse {
1329
- /** Whether the tested location is a directory in cloud storage. */
1330
- isDir?: boolean | undefined;
1331
- /** The results of the validation check. */
1332
- results?: ValidateStorageCredentialRequest_ValidationResult[] | undefined;
1333
- }
1334
-
1335
- export const unmarshalAccountsCreateStorageCredentialResponseSchema: z.ZodType<AccountsCreateStorageCredentialResponse> =
1336
- z
1337
- .object({
1338
- credential_info: z
1339
- .lazy(() => unmarshalStorageCredentialInfoSchema)
1340
- .optional(),
1341
- })
1342
- .transform(d => ({
1343
- credentialInfo: d.credential_info,
1344
- }));
1345
-
1346
- export const unmarshalAccountsDeleteStorageCredentialResponseSchema: z.ZodType<AccountsDeleteStorageCredentialResponse> =
1347
- z.object({});
1348
-
1349
- export const unmarshalAccountsGetStorageCredentialResponseSchema: z.ZodType<AccountsGetStorageCredentialResponse> =
1350
- z
1351
- .object({
1352
- credential_info: z
1353
- .lazy(() => unmarshalStorageCredentialInfoSchema)
1354
- .optional(),
1355
- })
1356
- .transform(d => ({
1357
- credentialInfo: d.credential_info,
1358
- }));
1359
-
1360
- export const unmarshalAccountsListStorageCredentialsResponseSchema: z.ZodType<AccountsListStorageCredentialsResponse> =
1361
- z
1362
- .object({
1363
- storage_credentials: z
1364
- .array(z.lazy(() => unmarshalStorageCredentialInfoSchema))
1365
- .optional(),
1366
- })
1367
- .transform(d => ({
1368
- storageCredentials: d.storage_credentials,
1369
- }));
1370
-
1371
- export const unmarshalAccountsUpdateStorageCredentialResponseSchema: z.ZodType<AccountsUpdateStorageCredentialResponse> =
1372
- z
1373
- .object({
1374
- credential_info: z
1375
- .lazy(() => unmarshalStorageCredentialInfoSchema)
1376
- .optional(),
1377
- })
1378
- .transform(d => ({
1379
- credentialInfo: d.credential_info,
1380
- }));
1381
-
1382
- export const unmarshalAwsCredentialsSchema: z.ZodType<AwsCredentials> = z
1383
- .object({
1384
- sts_role: z.lazy(() => unmarshalAwsCredentials_StsRoleSchema).optional(),
1385
- })
1386
- .transform(d => ({
1387
- creds:
1388
- d.sts_role !== undefined
1389
- ? {$case: 'stsRole' as const, stsRole: d.sts_role}
1390
- : undefined,
1391
- }));
1392
-
1393
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1394
- export const unmarshalAwsCredentials_StsRoleSchema: z.ZodType<AwsCredentials_StsRole> =
1395
- z
1396
- .object({
1397
- role_arn: z.string().optional(),
1398
- })
1399
- .transform(d => ({
1400
- roleArn: d.role_arn,
1401
- }));
1402
-
1403
- export const unmarshalAwsIamRoleSchema: z.ZodType<AwsIamRole> = z
1404
- .object({
1405
- role_arn: z.string().optional(),
1406
- unity_catalog_iam_arn: z.string().optional(),
1407
- external_id: z.string().optional(),
1408
- })
1409
- .transform(d => ({
1410
- roleArn: d.role_arn,
1411
- unityCatalogIamArn: d.unity_catalog_iam_arn,
1412
- externalId: d.external_id,
1413
- }));
1414
-
1415
- export const unmarshalAzureActiveDirectoryTokenSchema: z.ZodType<AzureActiveDirectoryToken> =
1416
- z
1417
- .object({
1418
- aad_token: z.string().optional(),
1419
- })
1420
- .transform(d => ({
1421
- aadToken: d.aad_token,
1422
- }));
1423
-
1424
- export const unmarshalAzureManagedIdentitySchema: z.ZodType<AzureManagedIdentity> =
1425
- z
1426
- .object({
1427
- access_connector_id: z.string().optional(),
1428
- managed_identity_id: z.string().optional(),
1429
- credential_id: z.string().optional(),
1430
- })
1431
- .transform(d => ({
1432
- accessConnectorId: d.access_connector_id,
1433
- managedIdentityId: d.managed_identity_id,
1434
- credentialId: d.credential_id,
1435
- }));
1436
-
1437
- export const unmarshalAzureServicePrincipalSchema: z.ZodType<AzureServicePrincipal> =
1438
- z
1439
- .object({
1440
- directory_id: z.string().optional(),
1441
- application_id: z.string().optional(),
1442
- client_secret: z.string().optional(),
1443
- })
1444
- .transform(d => ({
1445
- directoryId: d.directory_id,
1446
- applicationId: d.application_id,
1447
- clientSecret: d.client_secret,
1448
- }));
1449
-
1450
- export const unmarshalAzureUserDelegationSasSchema: z.ZodType<AzureUserDelegationSas> =
1451
- z
1452
- .object({
1453
- sas_token: z.string().optional(),
1454
- })
1455
- .transform(d => ({
1456
- sasToken: d.sas_token,
1457
- }));
1458
-
1459
- export const unmarshalCloudflareApiTokenSchema: z.ZodType<CloudflareApiToken> =
1460
- z
1461
- .object({
1462
- access_key_id: z.string().optional(),
1463
- secret_access_key: z.string().optional(),
1464
- account_id: z.string().optional(),
1465
- })
1466
- .transform(d => ({
1467
- accessKeyId: d.access_key_id,
1468
- secretAccessKey: d.secret_access_key,
1469
- accountId: d.account_id,
1470
- }));
1471
-
1472
- export const unmarshalCredentialInfoSchema: z.ZodType<CredentialInfo> = z
1473
- .object({
1474
- name: z.string().optional(),
1475
- aws_iam_role: z.lazy(() => unmarshalAwsIamRoleSchema).optional(),
1476
- azure_service_principal: z
1477
- .lazy(() => unmarshalAzureServicePrincipalSchema)
1478
- .optional(),
1479
- gcp_service_account_key: z
1480
- .lazy(() => unmarshalGcpServiceAccountKeySchema)
1481
- .optional(),
1482
- azure_managed_identity: z
1483
- .lazy(() => unmarshalAzureManagedIdentitySchema)
1484
- .optional(),
1485
- databricks_gcp_service_account: z
1486
- .lazy(() => unmarshalDatabricksGcpServiceAccountSchema)
1487
- .optional(),
1488
- cloudflare_api_token: z
1489
- .lazy(() => unmarshalCloudflareApiTokenSchema)
1490
- .optional(),
1491
- comment: z.string().optional(),
1492
- read_only: z.boolean().optional(),
1493
- owner: z.string().optional(),
1494
- id: z.string().optional(),
1495
- metastore_id: z.string().optional(),
1496
- created_at: z
1497
- .union([z.number(), z.bigint()])
1498
- .transform(v => BigInt(v))
1499
- .optional(),
1500
- created_by: z.string().optional(),
1501
- updated_at: z
1502
- .union([z.number(), z.bigint()])
1503
- .transform(v => BigInt(v))
1504
- .optional(),
1505
- updated_by: z.string().optional(),
1506
- used_for_managed_storage: z.boolean().optional(),
1507
- full_name: z.string().optional(),
1508
- isolation_mode: z.enum(IsolationMode).optional(),
1509
- })
1510
- .transform(d => ({
1511
- name: d.name,
1512
- credential:
1513
- d.aws_iam_role !== undefined
1514
- ? {$case: 'awsIamRole' as const, awsIamRole: d.aws_iam_role}
1515
- : d.azure_service_principal !== undefined
1516
- ? {
1517
- $case: 'azureServicePrincipal' as const,
1518
- azureServicePrincipal: d.azure_service_principal,
1519
- }
1520
- : d.gcp_service_account_key !== undefined
1521
- ? {
1522
- $case: 'gcpServiceAccountKey' as const,
1523
- gcpServiceAccountKey: d.gcp_service_account_key,
1524
- }
1525
- : d.azure_managed_identity !== undefined
1526
- ? {
1527
- $case: 'azureManagedIdentity' as const,
1528
- azureManagedIdentity: d.azure_managed_identity,
1529
- }
1530
- : d.databricks_gcp_service_account !== undefined
1531
- ? {
1532
- $case: 'databricksGcpServiceAccount' as const,
1533
- databricksGcpServiceAccount:
1534
- d.databricks_gcp_service_account,
1535
- }
1536
- : d.cloudflare_api_token !== undefined
1537
- ? {
1538
- $case: 'cloudflareApiToken' as const,
1539
- cloudflareApiToken: d.cloudflare_api_token,
1540
- }
1541
- : undefined,
1542
- comment: d.comment,
1543
- readOnly: d.read_only,
1544
- owner: d.owner,
1545
- id: d.id,
1546
- metastoreId: d.metastore_id,
1547
- createdAt: d.created_at,
1548
- createdBy: d.created_by,
1549
- updatedAt: d.updated_at,
1550
- updatedBy: d.updated_by,
1551
- usedForManagedStorage: d.used_for_managed_storage,
1552
- fullName: d.full_name,
1553
- isolationMode: d.isolation_mode,
1554
- }));
1555
-
1556
- export const unmarshalCredentialsSchema: z.ZodType<Credentials> = z
1557
- .object({
1558
- credentials_id: z.string().optional(),
1559
- account_id: z.string().optional(),
1560
- aws_credentials: z.lazy(() => unmarshalAwsCredentialsSchema).optional(),
1561
- credentials_name: z.string().optional(),
1562
- creation_time: z
1563
- .union([z.number(), z.bigint()])
1564
- .transform(v => BigInt(v))
1565
- .optional(),
1566
- })
1567
- .transform(d => ({
1568
- credentialsId: d.credentials_id,
1569
- accountId: d.account_id,
1570
- cloudCredentials:
1571
- d.aws_credentials !== undefined
1572
- ? {$case: 'awsCredentials' as const, awsCredentials: d.aws_credentials}
1573
- : undefined,
1574
- credentialsName: d.credentials_name,
1575
- creationTime: d.creation_time,
1576
- }));
1577
-
1578
- export const unmarshalDatabricksGcpServiceAccountSchema: z.ZodType<DatabricksGcpServiceAccount> =
1579
- z
1580
- .object({
1581
- email: z.string().optional(),
1582
- private_key_id: z.string().optional(),
1583
- credential_id: z.string().optional(),
1584
- })
1585
- .transform(d => ({
1586
- email: d.email,
1587
- privateKeyId: d.private_key_id,
1588
- credentialId: d.credential_id,
1589
- }));
1590
-
1591
- export const unmarshalDeleteCredentialResponseSchema: z.ZodType<DeleteCredentialResponse> =
1592
- z.object({});
1593
-
1594
- export const unmarshalDeleteStorageCredentialResponseSchema: z.ZodType<DeleteStorageCredentialResponse> =
1595
- z.object({});
1596
-
1597
- export const unmarshalGcpOauthTokenSchema: z.ZodType<GcpOauthToken> = z
1598
- .object({
1599
- oauth_token: z.string().optional(),
1600
- })
1601
- .transform(d => ({
1602
- oauthToken: d.oauth_token,
1603
- }));
1604
-
1605
- export const unmarshalGcpServiceAccountKeySchema: z.ZodType<GcpServiceAccountKey> =
1606
- z
1607
- .object({
1608
- email: z.string().optional(),
1609
- private_key_id: z.string().optional(),
1610
- private_key: z.string().optional(),
1611
- })
1612
- .transform(d => ({
1613
- email: d.email,
1614
- privateKeyId: d.private_key_id,
1615
- privateKey: d.private_key,
1616
- }));
1617
-
1618
- export const unmarshalGenerateTemporaryPathCredentialResponseSchema: z.ZodType<GenerateTemporaryPathCredentialResponse> =
1619
- z
1620
- .object({
1621
- aws_temp_credentials: z
1622
- .lazy(() => unmarshalTemporaryAwsCredentialsSchema)
1623
- .optional(),
1624
- azure_user_delegation_sas: z
1625
- .lazy(() => unmarshalAzureUserDelegationSasSchema)
1626
- .optional(),
1627
- gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
1628
- azure_aad: z
1629
- .lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
1630
- .optional(),
1631
- r2_temp_credentials: z
1632
- .lazy(() => unmarshalR2CredentialsSchema)
1633
- .optional(),
1634
- expiration_time: z
1635
- .union([z.number(), z.bigint()])
1636
- .transform(v => BigInt(v))
1637
- .optional(),
1638
- url: z.string().optional(),
1639
- })
1640
- .transform(d => ({
1641
- credentials:
1642
- d.aws_temp_credentials !== undefined
1643
- ? {
1644
- $case: 'awsTempCredentials' as const,
1645
- awsTempCredentials: d.aws_temp_credentials,
1646
- }
1647
- : d.azure_user_delegation_sas !== undefined
1648
- ? {
1649
- $case: 'azureUserDelegationSas' as const,
1650
- azureUserDelegationSas: d.azure_user_delegation_sas,
1651
- }
1652
- : d.gcp_oauth_token !== undefined
1653
- ? {
1654
- $case: 'gcpOauthToken' as const,
1655
- gcpOauthToken: d.gcp_oauth_token,
1656
- }
1657
- : d.azure_aad !== undefined
1658
- ? {$case: 'azureAad' as const, azureAad: d.azure_aad}
1659
- : d.r2_temp_credentials !== undefined
1660
- ? {
1661
- $case: 'r2TempCredentials' as const,
1662
- r2TempCredentials: d.r2_temp_credentials,
1663
- }
1664
- : undefined,
1665
- expirationTime: d.expiration_time,
1666
- url: d.url,
1667
- }));
1668
-
1669
- export const unmarshalGenerateTemporaryTableCredentialResponseSchema: z.ZodType<GenerateTemporaryTableCredentialResponse> =
1670
- z
1671
- .object({
1672
- aws_temp_credentials: z
1673
- .lazy(() => unmarshalTemporaryAwsCredentialsSchema)
1674
- .optional(),
1675
- azure_user_delegation_sas: z
1676
- .lazy(() => unmarshalAzureUserDelegationSasSchema)
1677
- .optional(),
1678
- gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
1679
- azure_aad: z
1680
- .lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
1681
- .optional(),
1682
- r2_temp_credentials: z
1683
- .lazy(() => unmarshalR2CredentialsSchema)
1684
- .optional(),
1685
- expiration_time: z
1686
- .union([z.number(), z.bigint()])
1687
- .transform(v => BigInt(v))
1688
- .optional(),
1689
- url: z.string().optional(),
1690
- })
1691
- .transform(d => ({
1692
- credentials:
1693
- d.aws_temp_credentials !== undefined
1694
- ? {
1695
- $case: 'awsTempCredentials' as const,
1696
- awsTempCredentials: d.aws_temp_credentials,
1697
- }
1698
- : d.azure_user_delegation_sas !== undefined
1699
- ? {
1700
- $case: 'azureUserDelegationSas' as const,
1701
- azureUserDelegationSas: d.azure_user_delegation_sas,
1702
- }
1703
- : d.gcp_oauth_token !== undefined
1704
- ? {
1705
- $case: 'gcpOauthToken' as const,
1706
- gcpOauthToken: d.gcp_oauth_token,
1707
- }
1708
- : d.azure_aad !== undefined
1709
- ? {$case: 'azureAad' as const, azureAad: d.azure_aad}
1710
- : d.r2_temp_credentials !== undefined
1711
- ? {
1712
- $case: 'r2TempCredentials' as const,
1713
- r2TempCredentials: d.r2_temp_credentials,
1714
- }
1715
- : undefined,
1716
- expirationTime: d.expiration_time,
1717
- url: d.url,
1718
- }));
1719
-
1720
- export const unmarshalGenerateTemporaryVolumeCredentialResponseSchema: z.ZodType<GenerateTemporaryVolumeCredentialResponse> =
1721
- z
1722
- .object({
1723
- aws_temp_credentials: z
1724
- .lazy(() => unmarshalTemporaryAwsCredentialsSchema)
1725
- .optional(),
1726
- azure_user_delegation_sas: z
1727
- .lazy(() => unmarshalAzureUserDelegationSasSchema)
1728
- .optional(),
1729
- gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
1730
- azure_aad: z
1731
- .lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
1732
- .optional(),
1733
- r2_temp_credentials: z
1734
- .lazy(() => unmarshalR2CredentialsSchema)
1735
- .optional(),
1736
- expiration_time: z
1737
- .union([z.number(), z.bigint()])
1738
- .transform(v => BigInt(v))
1739
- .optional(),
1740
- url: z.string().optional(),
1741
- })
1742
- .transform(d => ({
1743
- credentials:
1744
- d.aws_temp_credentials !== undefined
1745
- ? {
1746
- $case: 'awsTempCredentials' as const,
1747
- awsTempCredentials: d.aws_temp_credentials,
1748
- }
1749
- : d.azure_user_delegation_sas !== undefined
1750
- ? {
1751
- $case: 'azureUserDelegationSas' as const,
1752
- azureUserDelegationSas: d.azure_user_delegation_sas,
1753
- }
1754
- : d.gcp_oauth_token !== undefined
1755
- ? {
1756
- $case: 'gcpOauthToken' as const,
1757
- gcpOauthToken: d.gcp_oauth_token,
1758
- }
1759
- : d.azure_aad !== undefined
1760
- ? {$case: 'azureAad' as const, azureAad: d.azure_aad}
1761
- : d.r2_temp_credentials !== undefined
1762
- ? {
1763
- $case: 'r2TempCredentials' as const,
1764
- r2TempCredentials: d.r2_temp_credentials,
1765
- }
1766
- : undefined,
1767
- expirationTime: d.expiration_time,
1768
- url: d.url,
1769
- }));
1770
-
1771
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1772
- export const unmarshalListCredentialsRequest_ResponseSchema: z.ZodType<ListCredentialsRequest_Response> =
1773
- z
1774
- .object({
1775
- credentials: z
1776
- .array(z.lazy(() => unmarshalCredentialInfoSchema))
1777
- .optional(),
1778
- next_page_token: z.string().optional(),
1779
- })
1780
- .transform(d => ({
1781
- credentials: d.credentials,
1782
- nextPageToken: d.next_page_token,
1783
- }));
1784
-
1785
- export const unmarshalListStorageCredentialsResponseSchema: z.ZodType<ListStorageCredentialsResponse> =
1786
- z
1787
- .object({
1788
- storage_credentials: z
1789
- .array(z.lazy(() => unmarshalStorageCredentialInfoSchema))
1790
- .optional(),
1791
- next_page_token: z.string().optional(),
1792
- })
1793
- .transform(d => ({
1794
- storageCredentials: d.storage_credentials,
1795
- nextPageToken: d.next_page_token,
1796
- }));
1797
-
1798
- export const unmarshalR2CredentialsSchema: z.ZodType<R2Credentials> = z
1799
- .object({
1800
- access_key_id: z.string().optional(),
1801
- secret_access_key: z.string().optional(),
1802
- session_token: z.string().optional(),
1803
- })
1804
- .transform(d => ({
1805
- accessKeyId: d.access_key_id,
1806
- secretAccessKey: d.secret_access_key,
1807
- sessionToken: d.session_token,
1808
- }));
1809
-
1810
- export const unmarshalStorageCredentialInfoSchema: z.ZodType<StorageCredentialInfo> =
1811
- z
1812
- .object({
1813
- name: z.string().optional(),
1814
- aws_iam_role: z.lazy(() => unmarshalAwsIamRoleSchema).optional(),
1815
- azure_service_principal: z
1816
- .lazy(() => unmarshalAzureServicePrincipalSchema)
1817
- .optional(),
1818
- gcp_service_account_key: z
1819
- .lazy(() => unmarshalGcpServiceAccountKeySchema)
1820
- .optional(),
1821
- azure_managed_identity: z
1822
- .lazy(() => unmarshalAzureManagedIdentitySchema)
1823
- .optional(),
1824
- databricks_gcp_service_account: z
1825
- .lazy(() => unmarshalDatabricksGcpServiceAccountSchema)
1826
- .optional(),
1827
- cloudflare_api_token: z
1828
- .lazy(() => unmarshalCloudflareApiTokenSchema)
1829
- .optional(),
1830
- comment: z.string().optional(),
1831
- read_only: z.boolean().optional(),
1832
- owner: z.string().optional(),
1833
- id: z.string().optional(),
1834
- metastore_id: z.string().optional(),
1835
- created_at: z
1836
- .union([z.number(), z.bigint()])
1837
- .transform(v => BigInt(v))
1838
- .optional(),
1839
- created_by: z.string().optional(),
1840
- updated_at: z
1841
- .union([z.number(), z.bigint()])
1842
- .transform(v => BigInt(v))
1843
- .optional(),
1844
- updated_by: z.string().optional(),
1845
- used_for_managed_storage: z.boolean().optional(),
1846
- full_name: z.string().optional(),
1847
- isolation_mode: z.enum(IsolationMode).optional(),
1848
- })
1849
- .transform(d => ({
1850
- name: d.name,
1851
- credential:
1852
- d.aws_iam_role !== undefined
1853
- ? {$case: 'awsIamRole' as const, awsIamRole: d.aws_iam_role}
1854
- : d.azure_service_principal !== undefined
1855
- ? {
1856
- $case: 'azureServicePrincipal' as const,
1857
- azureServicePrincipal: d.azure_service_principal,
1858
- }
1859
- : d.gcp_service_account_key !== undefined
1860
- ? {
1861
- $case: 'gcpServiceAccountKey' as const,
1862
- gcpServiceAccountKey: d.gcp_service_account_key,
1863
- }
1864
- : d.azure_managed_identity !== undefined
1865
- ? {
1866
- $case: 'azureManagedIdentity' as const,
1867
- azureManagedIdentity: d.azure_managed_identity,
1868
- }
1869
- : d.databricks_gcp_service_account !== undefined
1870
- ? {
1871
- $case: 'databricksGcpServiceAccount' as const,
1872
- databricksGcpServiceAccount:
1873
- d.databricks_gcp_service_account,
1874
- }
1875
- : d.cloudflare_api_token !== undefined
1876
- ? {
1877
- $case: 'cloudflareApiToken' as const,
1878
- cloudflareApiToken: d.cloudflare_api_token,
1879
- }
1880
- : undefined,
1881
- comment: d.comment,
1882
- readOnly: d.read_only,
1883
- owner: d.owner,
1884
- id: d.id,
1885
- metastoreId: d.metastore_id,
1886
- createdAt: d.created_at,
1887
- createdBy: d.created_by,
1888
- updatedAt: d.updated_at,
1889
- updatedBy: d.updated_by,
1890
- usedForManagedStorage: d.used_for_managed_storage,
1891
- fullName: d.full_name,
1892
- isolationMode: d.isolation_mode,
1893
- }));
1894
-
1895
- export const unmarshalTemporaryAwsCredentialsSchema: z.ZodType<TemporaryAwsCredentials> =
1896
- z
1897
- .object({
1898
- access_key_id: z.string().optional(),
1899
- secret_access_key: z.string().optional(),
1900
- session_token: z.string().optional(),
1901
- access_point: z.string().optional(),
1902
- })
1903
- .transform(d => ({
1904
- accessKeyId: d.access_key_id,
1905
- secretAccessKey: d.secret_access_key,
1906
- sessionToken: d.session_token,
1907
- accessPoint: d.access_point,
1908
- }));
1909
-
1910
- export const unmarshalTemporaryCredentialsSchema: z.ZodType<TemporaryCredentials> =
1911
- z
1912
- .object({
1913
- aws_temp_credentials: z
1914
- .lazy(() => unmarshalTemporaryAwsCredentialsSchema)
1915
- .optional(),
1916
- azure_user_delegation_sas: z
1917
- .lazy(() => unmarshalAzureUserDelegationSasSchema)
1918
- .optional(),
1919
- gcp_oauth_token: z.lazy(() => unmarshalGcpOauthTokenSchema).optional(),
1920
- azure_aad: z
1921
- .lazy(() => unmarshalAzureActiveDirectoryTokenSchema)
1922
- .optional(),
1923
- r2_temp_credentials: z
1924
- .lazy(() => unmarshalR2CredentialsSchema)
1925
- .optional(),
1926
- expiration_time: z
1927
- .union([z.number(), z.bigint()])
1928
- .transform(v => BigInt(v))
1929
- .optional(),
1930
- url: z.string().optional(),
1931
- })
1932
- .transform(d => ({
1933
- credentials:
1934
- d.aws_temp_credentials !== undefined
1935
- ? {
1936
- $case: 'awsTempCredentials' as const,
1937
- awsTempCredentials: d.aws_temp_credentials,
1938
- }
1939
- : d.azure_user_delegation_sas !== undefined
1940
- ? {
1941
- $case: 'azureUserDelegationSas' as const,
1942
- azureUserDelegationSas: d.azure_user_delegation_sas,
1943
- }
1944
- : d.gcp_oauth_token !== undefined
1945
- ? {
1946
- $case: 'gcpOauthToken' as const,
1947
- gcpOauthToken: d.gcp_oauth_token,
1948
- }
1949
- : d.azure_aad !== undefined
1950
- ? {$case: 'azureAad' as const, azureAad: d.azure_aad}
1951
- : d.r2_temp_credentials !== undefined
1952
- ? {
1953
- $case: 'r2TempCredentials' as const,
1954
- r2TempCredentials: d.r2_temp_credentials,
1955
- }
1956
- : undefined,
1957
- expirationTime: d.expiration_time,
1958
- url: d.url,
1959
- }));
1960
-
1961
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1962
- export const unmarshalValidateCredentialRequest_ValidationResultSchema: z.ZodType<ValidateCredentialRequest_ValidationResult> =
1963
- z
1964
- .object({
1965
- result: z.enum(ValidateCredentialRequest_Result).optional(),
1966
- message: z.string().optional(),
1967
- })
1968
- .transform(d => ({
1969
- result: d.result,
1970
- message: d.message,
1971
- }));
1972
-
1973
- export const unmarshalValidateCredentialResponseSchema: z.ZodType<ValidateCredentialResponse> =
1974
- z
1975
- .object({
1976
- results: z
1977
- .array(
1978
- z.lazy(
1979
- () => unmarshalValidateCredentialRequest_ValidationResultSchema
1980
- )
1981
- )
1982
- .optional(),
1983
- isDir: z.boolean().optional(),
1984
- })
1985
- .transform(d => ({
1986
- results: d.results,
1987
- isDir: d.isDir,
1988
- }));
1989
-
1990
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
1991
- export const unmarshalValidateStorageCredentialRequest_ValidationResultSchema: z.ZodType<ValidateStorageCredentialRequest_ValidationResult> =
1992
- z
1993
- .object({
1994
- operation: z
1995
- .enum(ValidateStorageCredentialRequest_FileOperation)
1996
- .optional(),
1997
- result: z.enum(ValidateStorageCredentialRequest_Result).optional(),
1998
- message: z.string().optional(),
1999
- })
2000
- .transform(d => ({
2001
- operation: d.operation,
2002
- result: d.result,
2003
- message: d.message,
2004
- }));
2005
-
2006
- export const unmarshalValidateStorageCredentialResponseSchema: z.ZodType<ValidateStorageCredentialResponse> =
2007
- z
2008
- .object({
2009
- isDir: z.boolean().optional(),
2010
- results: z
2011
- .array(
2012
- z.lazy(
2013
- () =>
2014
- unmarshalValidateStorageCredentialRequest_ValidationResultSchema
2015
- )
2016
- )
2017
- .optional(),
2018
- })
2019
- .transform(d => ({
2020
- isDir: d.isDir,
2021
- results: d.results,
2022
- }));
2023
-
2024
- export const marshalAccountsCreateStorageCredentialRequestSchema: z.ZodType = z
2025
- .object({
2026
- accountId: z.string().optional(),
2027
- metastoreId: z.string().optional(),
2028
- credentialInfo: z
2029
- .lazy(() => marshalCreateAccountsStorageCredentialSchema)
2030
- .optional(),
2031
- skipValidation: z.boolean().optional(),
2032
- })
2033
- .transform(d => ({
2034
- account_id: d.accountId,
2035
- metastore_id: d.metastoreId,
2036
- credential_info: d.credentialInfo,
2037
- skip_validation: d.skipValidation,
2038
- }));
2039
-
2040
- export const marshalAccountsUpdateStorageCredentialRequestSchema: z.ZodType = z
2041
- .object({
2042
- accountId: z.string().optional(),
2043
- metastoreId: z.string().optional(),
2044
- nameArg: z.string().optional(),
2045
- credentialInfo: z
2046
- .lazy(() => marshalUpdateAccountsStorageCredentialSchema)
2047
- .optional(),
2048
- skipValidation: z.boolean().optional(),
2049
- })
2050
- .transform(d => ({
2051
- account_id: d.accountId,
2052
- metastore_id: d.metastoreId,
2053
- name_arg: d.nameArg,
2054
- credential_info: d.credentialInfo,
2055
- skip_validation: d.skipValidation,
2056
- }));
2057
-
2058
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2059
- export const marshalAwsCredentials_StsRoleSchema: z.ZodType = z
2060
- .object({
2061
- roleArn: z.string().optional(),
2062
- })
2063
- .transform(d => ({
2064
- role_arn: d.roleArn,
2065
- }));
2066
-
2067
- export const marshalAwsIamRoleSchema: z.ZodType = z
2068
- .object({
2069
- roleArn: z.string().optional(),
2070
- unityCatalogIamArn: z.string().optional(),
2071
- externalId: z.string().optional(),
2072
- })
2073
- .transform(d => ({
2074
- role_arn: d.roleArn,
2075
- unity_catalog_iam_arn: d.unityCatalogIamArn,
2076
- external_id: d.externalId,
2077
- }));
2078
-
2079
- export const marshalAzureManagedIdentitySchema: z.ZodType = z
2080
- .object({
2081
- accessConnectorId: z.string().optional(),
2082
- managedIdentityId: z.string().optional(),
2083
- credentialId: z.string().optional(),
2084
- })
2085
- .transform(d => ({
2086
- access_connector_id: d.accessConnectorId,
2087
- managed_identity_id: d.managedIdentityId,
2088
- credential_id: d.credentialId,
2089
- }));
2090
-
2091
- export const marshalAzureServicePrincipalSchema: z.ZodType = z
2092
- .object({
2093
- directoryId: z.string().optional(),
2094
- applicationId: z.string().optional(),
2095
- clientSecret: z.string().optional(),
2096
- })
2097
- .transform(d => ({
2098
- directory_id: d.directoryId,
2099
- application_id: d.applicationId,
2100
- client_secret: d.clientSecret,
2101
- }));
2102
-
2103
- export const marshalCloudflareApiTokenSchema: z.ZodType = z
2104
- .object({
2105
- accessKeyId: z.string().optional(),
2106
- secretAccessKey: z.string().optional(),
2107
- accountId: z.string().optional(),
2108
- })
2109
- .transform(d => ({
2110
- access_key_id: d.accessKeyId,
2111
- secret_access_key: d.secretAccessKey,
2112
- account_id: d.accountId,
2113
- }));
2114
-
2115
- export const marshalCreateAccountsStorageCredentialSchema: z.ZodType = z
2116
- .object({
2117
- name: z.string().optional(),
2118
- credential: z
2119
- .discriminatedUnion('$case', [
2120
- z.object({
2121
- $case: z.literal('awsIamRole'),
2122
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2123
- }),
2124
- z.object({
2125
- $case: z.literal('azureServicePrincipal'),
2126
- azureServicePrincipal: z.lazy(
2127
- () => marshalAzureServicePrincipalSchema
2128
- ),
2129
- }),
2130
- z.object({
2131
- $case: z.literal('gcpServiceAccountKey'),
2132
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2133
- }),
2134
- z.object({
2135
- $case: z.literal('azureManagedIdentity'),
2136
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2137
- }),
2138
- z.object({
2139
- $case: z.literal('databricksGcpServiceAccount'),
2140
- databricksGcpServiceAccount: z.lazy(
2141
- () => marshalDatabricksGcpServiceAccountSchema
2142
- ),
2143
- }),
2144
- z.object({
2145
- $case: z.literal('cloudflareApiToken'),
2146
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2147
- }),
2148
- ])
2149
- .optional(),
2150
- comment: z.string().optional(),
2151
- readOnly: z.boolean().optional(),
2152
- owner: z.string().optional(),
2153
- id: z.string().optional(),
2154
- metastoreId: z.string().optional(),
2155
- createdAt: z.bigint().optional(),
2156
- createdBy: z.string().optional(),
2157
- updatedAt: z.bigint().optional(),
2158
- updatedBy: z.string().optional(),
2159
- usedForManagedStorage: z.boolean().optional(),
2160
- fullName: z.string().optional(),
2161
- isolationMode: z.enum(IsolationMode).optional(),
2162
- })
2163
- .transform(d => ({
2164
- name: d.name,
2165
- ...(d.credential?.$case === 'awsIamRole' && {
2166
- aws_iam_role: d.credential.awsIamRole,
2167
- }),
2168
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2169
- azure_service_principal: d.credential.azureServicePrincipal,
2170
- }),
2171
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2172
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2173
- }),
2174
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2175
- azure_managed_identity: d.credential.azureManagedIdentity,
2176
- }),
2177
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2178
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2179
- }),
2180
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2181
- cloudflare_api_token: d.credential.cloudflareApiToken,
2182
- }),
2183
- comment: d.comment,
2184
- read_only: d.readOnly,
2185
- owner: d.owner,
2186
- id: d.id,
2187
- metastore_id: d.metastoreId,
2188
- created_at: d.createdAt,
2189
- created_by: d.createdBy,
2190
- updated_at: d.updatedAt,
2191
- updated_by: d.updatedBy,
2192
- used_for_managed_storage: d.usedForManagedStorage,
2193
- full_name: d.fullName,
2194
- isolation_mode: d.isolationMode,
2195
- }));
2196
-
2197
- export const marshalCreateCredentialAwsCredentialsSchema: z.ZodType = z
2198
- .object({
2199
- creds: z
2200
- .discriminatedUnion('$case', [
2201
- z.object({
2202
- $case: z.literal('stsRole'),
2203
- stsRole: z.lazy(() => marshalAwsCredentials_StsRoleSchema),
2204
- }),
2205
- ])
2206
- .optional(),
2207
- })
2208
- .transform(d => ({
2209
- ...(d.creds?.$case === 'stsRole' && {sts_role: d.creds.stsRole}),
2210
- }));
2211
-
2212
- export const marshalCreateCredentialRequestSchema: z.ZodType = z
2213
- .object({
2214
- skipValidation: z.boolean().optional(),
2215
- name: z.string().optional(),
2216
- credential: z
2217
- .discriminatedUnion('$case', [
2218
- z.object({
2219
- $case: z.literal('awsIamRole'),
2220
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2221
- }),
2222
- z.object({
2223
- $case: z.literal('azureServicePrincipal'),
2224
- azureServicePrincipal: z.lazy(
2225
- () => marshalAzureServicePrincipalSchema
2226
- ),
2227
- }),
2228
- z.object({
2229
- $case: z.literal('gcpServiceAccountKey'),
2230
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2231
- }),
2232
- z.object({
2233
- $case: z.literal('azureManagedIdentity'),
2234
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2235
- }),
2236
- z.object({
2237
- $case: z.literal('databricksGcpServiceAccount'),
2238
- databricksGcpServiceAccount: z.lazy(
2239
- () => marshalDatabricksGcpServiceAccountSchema
2240
- ),
2241
- }),
2242
- z.object({
2243
- $case: z.literal('cloudflareApiToken'),
2244
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2245
- }),
2246
- ])
2247
- .optional(),
2248
- comment: z.string().optional(),
2249
- readOnly: z.boolean().optional(),
2250
- owner: z.string().optional(),
2251
- id: z.string().optional(),
2252
- metastoreId: z.string().optional(),
2253
- createdAt: z.bigint().optional(),
2254
- createdBy: z.string().optional(),
2255
- updatedAt: z.bigint().optional(),
2256
- updatedBy: z.string().optional(),
2257
- usedForManagedStorage: z.boolean().optional(),
2258
- fullName: z.string().optional(),
2259
- isolationMode: z.enum(IsolationMode).optional(),
2260
- })
2261
- .transform(d => ({
2262
- skip_validation: d.skipValidation,
2263
- name: d.name,
2264
- ...(d.credential?.$case === 'awsIamRole' && {
2265
- aws_iam_role: d.credential.awsIamRole,
2266
- }),
2267
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2268
- azure_service_principal: d.credential.azureServicePrincipal,
2269
- }),
2270
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2271
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2272
- }),
2273
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2274
- azure_managed_identity: d.credential.azureManagedIdentity,
2275
- }),
2276
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2277
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2278
- }),
2279
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2280
- cloudflare_api_token: d.credential.cloudflareApiToken,
2281
- }),
2282
- comment: d.comment,
2283
- read_only: d.readOnly,
2284
- owner: d.owner,
2285
- id: d.id,
2286
- metastore_id: d.metastoreId,
2287
- created_at: d.createdAt,
2288
- created_by: d.createdBy,
2289
- updated_at: d.updatedAt,
2290
- updated_by: d.updatedBy,
2291
- used_for_managed_storage: d.usedForManagedStorage,
2292
- full_name: d.fullName,
2293
- isolation_mode: d.isolationMode,
2294
- }));
2295
-
2296
- export const marshalCreateCredentialsRequestSchema: z.ZodType = z
2297
- .object({
2298
- accountId: z.string().optional(),
2299
- credentialsName: z.string().optional(),
2300
- cloudCredentials: z
2301
- .discriminatedUnion('$case', [
2302
- z.object({
2303
- $case: z.literal('awsCredentials'),
2304
- awsCredentials: z.lazy(
2305
- () => marshalCreateCredentialAwsCredentialsSchema
2306
- ),
2307
- }),
2308
- ])
2309
- .optional(),
2310
- })
2311
- .transform(d => ({
2312
- account_id: d.accountId,
2313
- credentials_name: d.credentialsName,
2314
- ...(d.cloudCredentials?.$case === 'awsCredentials' && {
2315
- aws_credentials: d.cloudCredentials.awsCredentials,
2316
- }),
2317
- }));
2318
-
2319
- export const marshalCreateStorageCredentialRequestSchema: z.ZodType = z
2320
- .object({
2321
- skipValidation: z.boolean().optional(),
2322
- name: z.string().optional(),
2323
- credential: z
2324
- .discriminatedUnion('$case', [
2325
- z.object({
2326
- $case: z.literal('awsIamRole'),
2327
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2328
- }),
2329
- z.object({
2330
- $case: z.literal('azureServicePrincipal'),
2331
- azureServicePrincipal: z.lazy(
2332
- () => marshalAzureServicePrincipalSchema
2333
- ),
2334
- }),
2335
- z.object({
2336
- $case: z.literal('gcpServiceAccountKey'),
2337
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2338
- }),
2339
- z.object({
2340
- $case: z.literal('azureManagedIdentity'),
2341
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2342
- }),
2343
- z.object({
2344
- $case: z.literal('databricksGcpServiceAccount'),
2345
- databricksGcpServiceAccount: z.lazy(
2346
- () => marshalDatabricksGcpServiceAccountSchema
2347
- ),
2348
- }),
2349
- z.object({
2350
- $case: z.literal('cloudflareApiToken'),
2351
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2352
- }),
2353
- ])
2354
- .optional(),
2355
- comment: z.string().optional(),
2356
- readOnly: z.boolean().optional(),
2357
- owner: z.string().optional(),
2358
- id: z.string().optional(),
2359
- metastoreId: z.string().optional(),
2360
- createdAt: z.bigint().optional(),
2361
- createdBy: z.string().optional(),
2362
- updatedAt: z.bigint().optional(),
2363
- updatedBy: z.string().optional(),
2364
- usedForManagedStorage: z.boolean().optional(),
2365
- fullName: z.string().optional(),
2366
- isolationMode: z.enum(IsolationMode).optional(),
2367
- })
2368
- .transform(d => ({
2369
- skip_validation: d.skipValidation,
2370
- name: d.name,
2371
- ...(d.credential?.$case === 'awsIamRole' && {
2372
- aws_iam_role: d.credential.awsIamRole,
2373
- }),
2374
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2375
- azure_service_principal: d.credential.azureServicePrincipal,
2376
- }),
2377
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2378
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2379
- }),
2380
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2381
- azure_managed_identity: d.credential.azureManagedIdentity,
2382
- }),
2383
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2384
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2385
- }),
2386
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2387
- cloudflare_api_token: d.credential.cloudflareApiToken,
2388
- }),
2389
- comment: d.comment,
2390
- read_only: d.readOnly,
2391
- owner: d.owner,
2392
- id: d.id,
2393
- metastore_id: d.metastoreId,
2394
- created_at: d.createdAt,
2395
- created_by: d.createdBy,
2396
- updated_at: d.updatedAt,
2397
- updated_by: d.updatedBy,
2398
- used_for_managed_storage: d.usedForManagedStorage,
2399
- full_name: d.fullName,
2400
- isolation_mode: d.isolationMode,
2401
- }));
2402
-
2403
- export const marshalDatabricksGcpServiceAccountSchema: z.ZodType = z
2404
- .object({
2405
- email: z.string().optional(),
2406
- privateKeyId: z.string().optional(),
2407
- credentialId: z.string().optional(),
2408
- })
2409
- .transform(d => ({
2410
- email: d.email,
2411
- private_key_id: d.privateKeyId,
2412
- credential_id: d.credentialId,
2413
- }));
2414
-
2415
- export const marshalGcpServiceAccountKeySchema: z.ZodType = z
2416
- .object({
2417
- email: z.string().optional(),
2418
- privateKeyId: z.string().optional(),
2419
- privateKey: z.string().optional(),
2420
- })
2421
- .transform(d => ({
2422
- email: d.email,
2423
- private_key_id: d.privateKeyId,
2424
- private_key: d.privateKey,
2425
- }));
2426
-
2427
- export const marshalGenerateTemporaryPathCredentialRequestSchema: z.ZodType = z
2428
- .object({
2429
- url: z.string().optional(),
2430
- operation: z.enum(PathOperation).optional(),
2431
- dryRun: z.boolean().optional(),
2432
- })
2433
- .transform(d => ({
2434
- url: d.url,
2435
- operation: d.operation,
2436
- dry_run: d.dryRun,
2437
- }));
2438
-
2439
- export const marshalGenerateTemporaryServiceCredentialRequestSchema: z.ZodType =
2440
- z
2441
- .object({
2442
- credentialName: z.string().optional(),
2443
- options: z
2444
- .discriminatedUnion('$case', [
2445
- z.object({
2446
- $case: z.literal('azureOptions'),
2447
- azureOptions: z.lazy(
2448
- () =>
2449
- marshalGenerateTemporaryServiceCredentialRequest_AzureOptionsSchema
2450
- ),
2451
- }),
2452
- z.object({
2453
- $case: z.literal('gcpOptions'),
2454
- gcpOptions: z.lazy(
2455
- () =>
2456
- marshalGenerateTemporaryServiceCredentialRequest_GcpOptionsSchema
2457
- ),
2458
- }),
2459
- ])
2460
- .optional(),
2461
- })
2462
- .transform(d => ({
2463
- credential_name: d.credentialName,
2464
- ...(d.options?.$case === 'azureOptions' && {
2465
- azure_options: d.options.azureOptions,
2466
- }),
2467
- ...(d.options?.$case === 'gcpOptions' && {
2468
- gcp_options: d.options.gcpOptions,
2469
- }),
2470
- }));
2471
-
2472
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2473
- export const marshalGenerateTemporaryServiceCredentialRequest_AzureOptionsSchema: z.ZodType =
2474
- z
2475
- .object({
2476
- resources: z.array(z.string()).optional(),
2477
- })
2478
- .transform(d => ({
2479
- resources: d.resources,
2480
- }));
2481
-
2482
- // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name.
2483
- export const marshalGenerateTemporaryServiceCredentialRequest_GcpOptionsSchema: z.ZodType =
2484
- z
2485
- .object({
2486
- scopes: z.array(z.string()).optional(),
2487
- })
2488
- .transform(d => ({
2489
- scopes: d.scopes,
2490
- }));
2491
-
2492
- export const marshalGenerateTemporaryTableCredentialRequestSchema: z.ZodType = z
2493
- .object({
2494
- tableId: z.string().optional(),
2495
- operation: z.enum(TableOperation).optional(),
2496
- })
2497
- .transform(d => ({
2498
- table_id: d.tableId,
2499
- operation: d.operation,
2500
- }));
2501
-
2502
- export const marshalGenerateTemporaryVolumeCredentialRequestSchema: z.ZodType =
2503
- z
2504
- .object({
2505
- volumeId: z.string().optional(),
2506
- operation: z.enum(VolumeOperation).optional(),
2507
- })
2508
- .transform(d => ({
2509
- volume_id: d.volumeId,
2510
- operation: d.operation,
2511
- }));
2512
-
2513
- export const marshalUpdateAccountsStorageCredentialSchema: z.ZodType = z
2514
- .object({
2515
- name: z.string().optional(),
2516
- credential: z
2517
- .discriminatedUnion('$case', [
2518
- z.object({
2519
- $case: z.literal('awsIamRole'),
2520
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2521
- }),
2522
- z.object({
2523
- $case: z.literal('azureServicePrincipal'),
2524
- azureServicePrincipal: z.lazy(
2525
- () => marshalAzureServicePrincipalSchema
2526
- ),
2527
- }),
2528
- z.object({
2529
- $case: z.literal('gcpServiceAccountKey'),
2530
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2531
- }),
2532
- z.object({
2533
- $case: z.literal('azureManagedIdentity'),
2534
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2535
- }),
2536
- z.object({
2537
- $case: z.literal('databricksGcpServiceAccount'),
2538
- databricksGcpServiceAccount: z.lazy(
2539
- () => marshalDatabricksGcpServiceAccountSchema
2540
- ),
2541
- }),
2542
- z.object({
2543
- $case: z.literal('cloudflareApiToken'),
2544
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2545
- }),
2546
- ])
2547
- .optional(),
2548
- comment: z.string().optional(),
2549
- readOnly: z.boolean().optional(),
2550
- owner: z.string().optional(),
2551
- id: z.string().optional(),
2552
- metastoreId: z.string().optional(),
2553
- createdAt: z.bigint().optional(),
2554
- createdBy: z.string().optional(),
2555
- updatedAt: z.bigint().optional(),
2556
- updatedBy: z.string().optional(),
2557
- usedForManagedStorage: z.boolean().optional(),
2558
- fullName: z.string().optional(),
2559
- isolationMode: z.enum(IsolationMode).optional(),
2560
- })
2561
- .transform(d => ({
2562
- name: d.name,
2563
- ...(d.credential?.$case === 'awsIamRole' && {
2564
- aws_iam_role: d.credential.awsIamRole,
2565
- }),
2566
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2567
- azure_service_principal: d.credential.azureServicePrincipal,
2568
- }),
2569
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2570
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2571
- }),
2572
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2573
- azure_managed_identity: d.credential.azureManagedIdentity,
2574
- }),
2575
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2576
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2577
- }),
2578
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2579
- cloudflare_api_token: d.credential.cloudflareApiToken,
2580
- }),
2581
- comment: d.comment,
2582
- read_only: d.readOnly,
2583
- owner: d.owner,
2584
- id: d.id,
2585
- metastore_id: d.metastoreId,
2586
- created_at: d.createdAt,
2587
- created_by: d.createdBy,
2588
- updated_at: d.updatedAt,
2589
- updated_by: d.updatedBy,
2590
- used_for_managed_storage: d.usedForManagedStorage,
2591
- full_name: d.fullName,
2592
- isolation_mode: d.isolationMode,
2593
- }));
2594
-
2595
- export const marshalUpdateCredentialRequestSchema: z.ZodType = z
2596
- .object({
2597
- nameArg: z.string().optional(),
2598
- newName: z.string().optional(),
2599
- skipValidation: z.boolean().optional(),
2600
- force: z.boolean().optional(),
2601
- name: z.string().optional(),
2602
- credential: z
2603
- .discriminatedUnion('$case', [
2604
- z.object({
2605
- $case: z.literal('awsIamRole'),
2606
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2607
- }),
2608
- z.object({
2609
- $case: z.literal('azureServicePrincipal'),
2610
- azureServicePrincipal: z.lazy(
2611
- () => marshalAzureServicePrincipalSchema
2612
- ),
2613
- }),
2614
- z.object({
2615
- $case: z.literal('gcpServiceAccountKey'),
2616
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2617
- }),
2618
- z.object({
2619
- $case: z.literal('azureManagedIdentity'),
2620
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2621
- }),
2622
- z.object({
2623
- $case: z.literal('databricksGcpServiceAccount'),
2624
- databricksGcpServiceAccount: z.lazy(
2625
- () => marshalDatabricksGcpServiceAccountSchema
2626
- ),
2627
- }),
2628
- z.object({
2629
- $case: z.literal('cloudflareApiToken'),
2630
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2631
- }),
2632
- ])
2633
- .optional(),
2634
- comment: z.string().optional(),
2635
- readOnly: z.boolean().optional(),
2636
- owner: z.string().optional(),
2637
- id: z.string().optional(),
2638
- metastoreId: z.string().optional(),
2639
- createdAt: z.bigint().optional(),
2640
- createdBy: z.string().optional(),
2641
- updatedAt: z.bigint().optional(),
2642
- updatedBy: z.string().optional(),
2643
- usedForManagedStorage: z.boolean().optional(),
2644
- fullName: z.string().optional(),
2645
- isolationMode: z.enum(IsolationMode).optional(),
2646
- })
2647
- .transform(d => ({
2648
- name_arg: d.nameArg,
2649
- new_name: d.newName,
2650
- skip_validation: d.skipValidation,
2651
- force: d.force,
2652
- name: d.name,
2653
- ...(d.credential?.$case === 'awsIamRole' && {
2654
- aws_iam_role: d.credential.awsIamRole,
2655
- }),
2656
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2657
- azure_service_principal: d.credential.azureServicePrincipal,
2658
- }),
2659
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2660
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2661
- }),
2662
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2663
- azure_managed_identity: d.credential.azureManagedIdentity,
2664
- }),
2665
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2666
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2667
- }),
2668
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2669
- cloudflare_api_token: d.credential.cloudflareApiToken,
2670
- }),
2671
- comment: d.comment,
2672
- read_only: d.readOnly,
2673
- owner: d.owner,
2674
- id: d.id,
2675
- metastore_id: d.metastoreId,
2676
- created_at: d.createdAt,
2677
- created_by: d.createdBy,
2678
- updated_at: d.updatedAt,
2679
- updated_by: d.updatedBy,
2680
- used_for_managed_storage: d.usedForManagedStorage,
2681
- full_name: d.fullName,
2682
- isolation_mode: d.isolationMode,
2683
- }));
2684
-
2685
- export const marshalUpdateStorageCredentialRequestSchema: z.ZodType = z
2686
- .object({
2687
- nameArg: z.string().optional(),
2688
- newName: z.string().optional(),
2689
- skipValidation: z.boolean().optional(),
2690
- force: z.boolean().optional(),
2691
- name: z.string().optional(),
2692
- credential: z
2693
- .discriminatedUnion('$case', [
2694
- z.object({
2695
- $case: z.literal('awsIamRole'),
2696
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2697
- }),
2698
- z.object({
2699
- $case: z.literal('azureServicePrincipal'),
2700
- azureServicePrincipal: z.lazy(
2701
- () => marshalAzureServicePrincipalSchema
2702
- ),
2703
- }),
2704
- z.object({
2705
- $case: z.literal('gcpServiceAccountKey'),
2706
- gcpServiceAccountKey: z.lazy(() => marshalGcpServiceAccountKeySchema),
2707
- }),
2708
- z.object({
2709
- $case: z.literal('azureManagedIdentity'),
2710
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2711
- }),
2712
- z.object({
2713
- $case: z.literal('databricksGcpServiceAccount'),
2714
- databricksGcpServiceAccount: z.lazy(
2715
- () => marshalDatabricksGcpServiceAccountSchema
2716
- ),
2717
- }),
2718
- z.object({
2719
- $case: z.literal('cloudflareApiToken'),
2720
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2721
- }),
2722
- ])
2723
- .optional(),
2724
- comment: z.string().optional(),
2725
- readOnly: z.boolean().optional(),
2726
- owner: z.string().optional(),
2727
- id: z.string().optional(),
2728
- metastoreId: z.string().optional(),
2729
- createdAt: z.bigint().optional(),
2730
- createdBy: z.string().optional(),
2731
- updatedAt: z.bigint().optional(),
2732
- updatedBy: z.string().optional(),
2733
- usedForManagedStorage: z.boolean().optional(),
2734
- fullName: z.string().optional(),
2735
- isolationMode: z.enum(IsolationMode).optional(),
2736
- })
2737
- .transform(d => ({
2738
- name_arg: d.nameArg,
2739
- new_name: d.newName,
2740
- skip_validation: d.skipValidation,
2741
- force: d.force,
2742
- name: d.name,
2743
- ...(d.credential?.$case === 'awsIamRole' && {
2744
- aws_iam_role: d.credential.awsIamRole,
2745
- }),
2746
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2747
- azure_service_principal: d.credential.azureServicePrincipal,
2748
- }),
2749
- ...(d.credential?.$case === 'gcpServiceAccountKey' && {
2750
- gcp_service_account_key: d.credential.gcpServiceAccountKey,
2751
- }),
2752
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2753
- azure_managed_identity: d.credential.azureManagedIdentity,
2754
- }),
2755
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2756
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2757
- }),
2758
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2759
- cloudflare_api_token: d.credential.cloudflareApiToken,
2760
- }),
2761
- comment: d.comment,
2762
- read_only: d.readOnly,
2763
- owner: d.owner,
2764
- id: d.id,
2765
- metastore_id: d.metastoreId,
2766
- created_at: d.createdAt,
2767
- created_by: d.createdBy,
2768
- updated_at: d.updatedAt,
2769
- updated_by: d.updatedBy,
2770
- used_for_managed_storage: d.usedForManagedStorage,
2771
- full_name: d.fullName,
2772
- isolation_mode: d.isolationMode,
2773
- }));
2774
-
2775
- export const marshalValidateCredentialRequestSchema: z.ZodType = z
2776
- .object({
2777
- credential: z
2778
- .discriminatedUnion('$case', [
2779
- z.object({
2780
- $case: z.literal('credentialName'),
2781
- credentialName: z.string(),
2782
- }),
2783
- z.object({
2784
- $case: z.literal('awsIamRole'),
2785
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2786
- }),
2787
- z.object({
2788
- $case: z.literal('azureManagedIdentity'),
2789
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2790
- }),
2791
- z.object({
2792
- $case: z.literal('databricksGcpServiceAccount'),
2793
- databricksGcpServiceAccount: z.lazy(
2794
- () => marshalDatabricksGcpServiceAccountSchema
2795
- ),
2796
- }),
2797
- ])
2798
- .optional(),
2799
- externalLocationName: z.string().optional(),
2800
- url: z.string().optional(),
2801
- readOnly: z.boolean().optional(),
2802
- })
2803
- .transform(d => ({
2804
- ...(d.credential?.$case === 'credentialName' && {
2805
- credential_name: d.credential.credentialName,
2806
- }),
2807
- ...(d.credential?.$case === 'awsIamRole' && {
2808
- aws_iam_role: d.credential.awsIamRole,
2809
- }),
2810
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2811
- azure_managed_identity: d.credential.azureManagedIdentity,
2812
- }),
2813
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2814
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2815
- }),
2816
- external_location_name: d.externalLocationName,
2817
- url: d.url,
2818
- read_only: d.readOnly,
2819
- }));
2820
-
2821
- export const marshalValidateStorageCredentialRequestSchema: z.ZodType = z
2822
- .object({
2823
- credential: z
2824
- .discriminatedUnion('$case', [
2825
- z.object({
2826
- $case: z.literal('storageCredentialName'),
2827
- storageCredentialName: z.string(),
2828
- }),
2829
- z.object({
2830
- $case: z.literal('awsIamRole'),
2831
- awsIamRole: z.lazy(() => marshalAwsIamRoleSchema),
2832
- }),
2833
- z.object({
2834
- $case: z.literal('azureServicePrincipal'),
2835
- azureServicePrincipal: z.lazy(
2836
- () => marshalAzureServicePrincipalSchema
2837
- ),
2838
- }),
2839
- z.object({
2840
- $case: z.literal('azureManagedIdentity'),
2841
- azureManagedIdentity: z.lazy(() => marshalAzureManagedIdentitySchema),
2842
- }),
2843
- z.object({
2844
- $case: z.literal('databricksGcpServiceAccount'),
2845
- databricksGcpServiceAccount: z.lazy(
2846
- () => marshalDatabricksGcpServiceAccountSchema
2847
- ),
2848
- }),
2849
- z.object({
2850
- $case: z.literal('cloudflareApiToken'),
2851
- cloudflareApiToken: z.lazy(() => marshalCloudflareApiTokenSchema),
2852
- }),
2853
- ])
2854
- .optional(),
2855
- externalLocationName: z.string().optional(),
2856
- url: z.string().optional(),
2857
- readOnly: z.boolean().optional(),
2858
- })
2859
- .transform(d => ({
2860
- ...(d.credential?.$case === 'storageCredentialName' && {
2861
- storage_credential_name: d.credential.storageCredentialName,
2862
- }),
2863
- ...(d.credential?.$case === 'awsIamRole' && {
2864
- aws_iam_role: d.credential.awsIamRole,
2865
- }),
2866
- ...(d.credential?.$case === 'azureServicePrincipal' && {
2867
- azure_service_principal: d.credential.azureServicePrincipal,
2868
- }),
2869
- ...(d.credential?.$case === 'azureManagedIdentity' && {
2870
- azure_managed_identity: d.credential.azureManagedIdentity,
2871
- }),
2872
- ...(d.credential?.$case === 'databricksGcpServiceAccount' && {
2873
- databricks_gcp_service_account: d.credential.databricksGcpServiceAccount,
2874
- }),
2875
- ...(d.credential?.$case === 'cloudflareApiToken' && {
2876
- cloudflare_api_token: d.credential.cloudflareApiToken,
2877
- }),
2878
- external_location_name: d.externalLocationName,
2879
- url: d.url,
2880
- read_only: d.readOnly,
2881
- }));