@databricks/sdk-uc-rfa 0.0.0-dev → 0.1.0-dev.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,197 @@
1
+ // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
+
3
+ import {VERSION as AUTH_VERSION} from '@databricks/sdk-auth';
4
+ import {createDefault} from '@databricks/sdk-core/clientinfo';
5
+ import type {Logger} from '@databricks/sdk-core/logger';
6
+ import {NoOpLogger} from '@databricks/sdk-core/logger';
7
+ import type {CallOptions} from '@databricks/sdk-options/call';
8
+ import type {ClientOptions} from '@databricks/sdk-options/client';
9
+ import type {HttpClient} from '@databricks/sdk-core/http';
10
+ import {newHttpClient} from './transport';
11
+ import {
12
+ buildHttpRequest,
13
+ executeCall,
14
+ executeHttpCall,
15
+ marshalRequest,
16
+ parseResponse,
17
+ } from './utils';
18
+ import pkgJson from '../../package.json' with {type: 'json'};
19
+ import type {
20
+ AccessRequestDestinations,
21
+ BatchCreateAccessRequestsRequest,
22
+ BatchCreateAccessRequestsResponse,
23
+ GetAccessRequestDestinationsRequest,
24
+ UpdateAccessRequestDestinationsRequest,
25
+ } from './model';
26
+ import {
27
+ marshalAccessRequestDestinationsSchema,
28
+ marshalBatchCreateAccessRequestsRequestSchema,
29
+ unmarshalAccessRequestDestinationsSchema,
30
+ unmarshalBatchCreateAccessRequestsResponseSchema,
31
+ } from './model';
32
+
33
+ // Package identity segment for this client to be used in the User-Agent header.
34
+ const PACKAGE_SEGMENT = {
35
+ key: 'sdk-js-' + pkgJson.name.replace(/^@[^/]+\/sdk-/, ''),
36
+ value: pkgJson.version,
37
+ };
38
+
39
+ export class RfaClient {
40
+ private readonly host: string;
41
+ // Workspace ID used to route workspace-level calls on unified hosts (SPOG).
42
+ // When set, workspace-level methods send X-Databricks-Org-Id on every
43
+ // request.
44
+ private readonly workspaceId: string | undefined;
45
+ private readonly httpClient: HttpClient;
46
+ private readonly logger: Logger;
47
+ // User-Agent header value. Composed once at construction from
48
+ // createDefault() merged with this package's identity and the active
49
+ // credential's name.
50
+ private readonly userAgent: string;
51
+
52
+ constructor(options: ClientOptions) {
53
+ if (options.host === undefined) {
54
+ throw new Error('Host is required.');
55
+ }
56
+ this.host = options.host.replace(/\/$/, '');
57
+ this.workspaceId = options.workspaceId;
58
+ this.logger = options.logger ?? new NoOpLogger();
59
+ const info = createDefault()
60
+ .with(PACKAGE_SEGMENT)
61
+ .with({key: 'sdk-js-auth', value: AUTH_VERSION})
62
+ .with({key: 'auth', value: options.credentials?.name() ?? 'default'});
63
+ this.userAgent = info.toString();
64
+ this.httpClient = newHttpClient(options);
65
+ }
66
+
67
+ /**
68
+ * Creates access requests for Unity Catalog permissions for a specified principal on a securable object.
69
+ * This Batch API can take in multiple principals, securable objects,
70
+ * and permissions as the input and returns the access request destinations for each.
71
+ * Principals must be unique across the API call.
72
+ *
73
+ * The supported securable types are: "metastore", "catalog", "schema", "table",
74
+ * "external_location", "connection", "credential", "function", "registered_model", and "volume".
75
+ */
76
+ async batchCreateAccessRequests(
77
+ req: BatchCreateAccessRequestsRequest,
78
+ options?: CallOptions
79
+ ): Promise<BatchCreateAccessRequestsResponse> {
80
+ const url = `${this.host}/api/3.0/rfa/requests`;
81
+ const body = marshalRequest(
82
+ req,
83
+ marshalBatchCreateAccessRequestsRequestSchema
84
+ );
85
+ let resp: BatchCreateAccessRequestsResponse | undefined;
86
+ const call = async (callSignal?: AbortSignal): Promise<void> => {
87
+ const headers = new Headers({'Content-Type': 'application/json'});
88
+ if (this.workspaceId !== undefined) {
89
+ headers.set('X-Databricks-Org-Id', this.workspaceId);
90
+ }
91
+ headers.set('User-Agent', this.userAgent);
92
+ const httpReq = buildHttpRequest('POST', url, headers, callSignal, body);
93
+ const respBody = await executeHttpCall({
94
+ request: httpReq,
95
+ httpClient: this.httpClient,
96
+ logger: this.logger,
97
+ });
98
+ resp = parseResponse(
99
+ respBody,
100
+ unmarshalBatchCreateAccessRequestsResponseSchema
101
+ );
102
+ };
103
+ await executeCall(call, options);
104
+ if (resp === undefined) {
105
+ throw new Error('operation completed without a result.');
106
+ }
107
+ return resp;
108
+ }
109
+
110
+ /**
111
+ * Gets an array of access request destinations for the specified securable.
112
+ * Any caller can see URL destinations or the destinations on the metastore.
113
+ * Otherwise, only those with **BROWSE** permissions on the securable can see destinations.
114
+ *
115
+ * The supported securable types are: "metastore", "catalog", "schema", "table",
116
+ * "external_location", "connection", "credential", "function", "registered_model", and "volume".
117
+ */
118
+ async getAccessRequestDestinations(
119
+ req: GetAccessRequestDestinationsRequest,
120
+ options?: CallOptions
121
+ ): Promise<AccessRequestDestinations> {
122
+ const url = `${this.host}/api/3.0/rfa/destinations/${req.securableType ?? ''}/${req.fullName ?? ''}`;
123
+ let resp: AccessRequestDestinations | undefined;
124
+ const call = async (callSignal?: AbortSignal): Promise<void> => {
125
+ const headers = new Headers();
126
+ if (this.workspaceId !== undefined) {
127
+ headers.set('X-Databricks-Org-Id', this.workspaceId);
128
+ }
129
+ headers.set('User-Agent', this.userAgent);
130
+ const httpReq = buildHttpRequest('GET', url, headers, callSignal);
131
+ const respBody = await executeHttpCall({
132
+ request: httpReq,
133
+ httpClient: this.httpClient,
134
+ logger: this.logger,
135
+ });
136
+ resp = parseResponse(respBody, unmarshalAccessRequestDestinationsSchema);
137
+ };
138
+ await executeCall(call, options);
139
+ if (resp === undefined) {
140
+ throw new Error('operation completed without a result.');
141
+ }
142
+ return resp;
143
+ }
144
+
145
+ /**
146
+ * Updates the access request destinations for the given securable.
147
+ * The caller must be a metastore admin, the owner of the securable, or a user that has the **MANAGE** privilege on the securable in order to assign destinations.
148
+ * Destinations cannot be updated for securables underneath schemas (tables, volumes, functions, and models). For these securable types, destinations are inherited from the parent securable.
149
+ * A maximum of 5 emails and 5 external notification destinations (Slack, Microsoft Teams, and Generic Webhook destinations) can be assigned to a securable.
150
+ * If a URL destination is assigned, no other destinations can be set.
151
+ *
152
+ * The supported securable types are: "metastore", "catalog", "schema", "table",
153
+ * "external_location", "connection", "credential", "function", "registered_model", and "volume".
154
+ */
155
+ async updateAccessRequestDestinations(
156
+ req: UpdateAccessRequestDestinationsRequest,
157
+ options?: CallOptions
158
+ ): Promise<AccessRequestDestinations> {
159
+ const url = `${this.host}/api/3.0/rfa/destinations`;
160
+ const params = new URLSearchParams();
161
+ if (req.updateMask !== undefined) {
162
+ params.append('update_mask', req.updateMask.toString());
163
+ }
164
+ const query = params.toString();
165
+ const fullUrl = query !== '' ? `${url}?${query}` : url;
166
+ const body = marshalRequest(
167
+ req.accessRequestDestinations,
168
+ marshalAccessRequestDestinationsSchema
169
+ );
170
+ let resp: AccessRequestDestinations | undefined;
171
+ const call = async (callSignal?: AbortSignal): Promise<void> => {
172
+ const headers = new Headers({'Content-Type': 'application/json'});
173
+ if (this.workspaceId !== undefined) {
174
+ headers.set('X-Databricks-Org-Id', this.workspaceId);
175
+ }
176
+ headers.set('User-Agent', this.userAgent);
177
+ const httpReq = buildHttpRequest(
178
+ 'PATCH',
179
+ fullUrl,
180
+ headers,
181
+ callSignal,
182
+ body
183
+ );
184
+ const respBody = await executeHttpCall({
185
+ request: httpReq,
186
+ httpClient: this.httpClient,
187
+ logger: this.logger,
188
+ });
189
+ resp = parseResponse(respBody, unmarshalAccessRequestDestinationsSchema);
190
+ };
191
+ await executeCall(call, options);
192
+ if (resp === undefined) {
193
+ throw new Error('operation completed without a result.');
194
+ }
195
+ return resp;
196
+ }
197
+ }
@@ -0,0 +1,26 @@
1
+ // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
+
3
+ export {RfaClient} from './client';
4
+
5
+ export {
6
+ DestinationType,
7
+ PrincipalType,
8
+ SecurableType,
9
+ SpecialDestination,
10
+ } from './model';
11
+
12
+ export type {
13
+ AccessRequestDestinations,
14
+ BatchCreateAccessRequestsRequest,
15
+ BatchCreateAccessRequestsResponse,
16
+ CreateAccessRequest,
17
+ CreateAccessRequestResponse,
18
+ GetAccessRequestDestinationsRequest,
19
+ NotificationDestination,
20
+ Principal,
21
+ Securable,
22
+ SecurablePermissions,
23
+ UpdateAccessRequestDestinationsRequest,
24
+ } from './model';
25
+
26
+ export {accessRequestDestinationsFieldMask} from './model';
@@ -0,0 +1,384 @@
1
+ // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
+
3
+ import {FieldMask} from '@databricks/sdk-core/wkt';
4
+ import type {FieldMaskSchema} from '@databricks/sdk-core/wkt';
5
+ import {z} from 'zod';
6
+
7
+ export enum DestinationType {
8
+ DESTINATION_TYPE_UNSPECIFIED = 'DESTINATION_TYPE_UNSPECIFIED',
9
+ EMAIL = 'EMAIL',
10
+ SLACK = 'SLACK',
11
+ GENERIC_WEBHOOK = 'GENERIC_WEBHOOK',
12
+ MICROSOFT_TEAMS = 'MICROSOFT_TEAMS',
13
+ URL = 'URL',
14
+ }
15
+
16
+ export enum PrincipalType {
17
+ PRINCIPAL_TYPE_UNSPECIFIED = 'PRINCIPAL_TYPE_UNSPECIFIED',
18
+ USER_PRINCIPAL = 'USER_PRINCIPAL',
19
+ GROUP_PRINCIPAL = 'GROUP_PRINCIPAL',
20
+ SERVICE_PRINCIPAL = 'SERVICE_PRINCIPAL',
21
+ }
22
+
23
+ /** The type of Unity Catalog securable. */
24
+ export enum SecurableType {
25
+ CATALOG = 'CATALOG',
26
+ SCHEMA = 'SCHEMA',
27
+ TABLE = 'TABLE',
28
+ STORAGE_CREDENTIAL = 'STORAGE_CREDENTIAL',
29
+ EXTERNAL_LOCATION = 'EXTERNAL_LOCATION',
30
+ FUNCTION = 'FUNCTION',
31
+ SHARE = 'SHARE',
32
+ PROVIDER = 'PROVIDER',
33
+ RECIPIENT = 'RECIPIENT',
34
+ CLEAN_ROOM = 'CLEAN_ROOM',
35
+ METASTORE = 'METASTORE',
36
+ PIPELINE = 'PIPELINE',
37
+ VOLUME = 'VOLUME',
38
+ CONNECTION = 'CONNECTION',
39
+ CREDENTIAL = 'CREDENTIAL',
40
+ EXTERNAL_METADATA = 'EXTERNAL_METADATA',
41
+ /** TODO: [UC-2980] Staging tables aren't full-fleged securables yet. */
42
+ STAGING_TABLE = 'STAGING_TABLE',
43
+ }
44
+
45
+ export enum SpecialDestination {
46
+ SPECIAL_DESTINATION_UNSPECIFIED = 'SPECIAL_DESTINATION_UNSPECIFIED',
47
+ SPECIAL_DESTINATION_CATALOG_OWNER = 'SPECIAL_DESTINATION_CATALOG_OWNER',
48
+ SPECIAL_DESTINATION_EXTERNAL_LOCATION_OWNER = 'SPECIAL_DESTINATION_EXTERNAL_LOCATION_OWNER',
49
+ SPECIAL_DESTINATION_CONNECTION_OWNER = 'SPECIAL_DESTINATION_CONNECTION_OWNER',
50
+ SPECIAL_DESTINATION_CREDENTIAL_OWNER = 'SPECIAL_DESTINATION_CREDENTIAL_OWNER',
51
+ SPECIAL_DESTINATION_METASTORE_OWNER = 'SPECIAL_DESTINATION_METASTORE_OWNER',
52
+ }
53
+
54
+ export interface AccessRequestDestinations {
55
+ /** The access request destinations for the securable. */
56
+ destinations?: NotificationDestination[] | undefined;
57
+ /** The securable for which the access request destinations are being modified or read. */
58
+ securable?: Securable | undefined;
59
+ /**
60
+ * Indicates whether any destinations are hidden from the caller due to a lack of permissions.
61
+ * This value is true if the caller does not have permission to see all destinations.
62
+ */
63
+ areAnyDestinationsHidden?: boolean | undefined;
64
+ /**
65
+ * The source securable from which the destinations are inherited. Either the same value as securable (if destination
66
+ * is set directly on the securable) or the nearest parent securable with destinations set.
67
+ */
68
+ destinationSourceSecurable?: Securable | undefined;
69
+ /** The type of the securable. Redundant with the type in the securable object, but necessary for Terraform integration */
70
+ securableType?: string | undefined;
71
+ /** The full name of the securable. Redundant with the name in the securable object, but necessary for Terraform integration */
72
+ fullName?: string | undefined;
73
+ }
74
+
75
+ export interface BatchCreateAccessRequestsRequest {
76
+ /**
77
+ * A list of individual access requests, where each request corresponds to
78
+ * a set of permissions being requested on a list of securables for a specified principal.
79
+ *
80
+ * At most 30 requests per API call.
81
+ */
82
+ requests?: CreateAccessRequest[] | undefined;
83
+ }
84
+
85
+ export interface BatchCreateAccessRequestsResponse {
86
+ /** The access request destinations for each securable object the principal requested. */
87
+ responses?: CreateAccessRequestResponse[] | undefined;
88
+ }
89
+
90
+ export interface CreateAccessRequest {
91
+ /**
92
+ * Optional. The principal this request is for.
93
+ * Empty `behalf_of` defaults to the requester's identity.
94
+ *
95
+ * Principals must be unique across the API call.
96
+ */
97
+ behalfOf?: Principal | undefined;
98
+ /**
99
+ * Optional. Comment associated with the request.
100
+ *
101
+ * At most 200 characters, can only contain lowercase/uppercase
102
+ * letters (a-z, A-Z), numbers (0-9), punctuation, and spaces.
103
+ */
104
+ comment?: string | undefined;
105
+ /**
106
+ * List of securables and their corresponding requested UC privileges.
107
+ *
108
+ * At most 30 securables can be requested for a principal per batched call.
109
+ * Each securable can only be requested once per principal.
110
+ */
111
+ securablePermissions?: SecurablePermissions[] | undefined;
112
+ }
113
+
114
+ export interface CreateAccessRequestResponse {
115
+ /** The principal the request was made on behalf of. */
116
+ behalfOf?: Principal | undefined;
117
+ /** The access request destinations for all the securables the principal requested. */
118
+ requestDestinations?: AccessRequestDestinations[] | undefined;
119
+ }
120
+
121
+ export interface GetAccessRequestDestinationsRequest {
122
+ /** The type of the securable. */
123
+ securableType?: string | undefined;
124
+ /** The full name of the securable. */
125
+ fullName?: string | undefined;
126
+ }
127
+
128
+ export interface NotificationDestination {
129
+ /**
130
+ * The identifier for the destination. This is the email address for EMAIL destinations, the URL for URL destinations,
131
+ * or the unique <Databricks> notification destination ID for all other external destinations.
132
+ */
133
+ destinationId?: string | undefined;
134
+ /** The type of the destination. */
135
+ destinationType?: DestinationType | undefined;
136
+ /**
137
+ * This field is used to denote whether the destination is the email of the owner of the securable object.
138
+ * The special destination cannot be assigned to a securable and only represents the default destination of the securable.
139
+ * The securable types that support default special destinations are: "catalog", "external_location", "connection", "credential", and "metastore".
140
+ * The **destination_type** of a **special_destination** is always EMAIL.
141
+ */
142
+ specialDestination?: SpecialDestination | undefined;
143
+ }
144
+
145
+ export interface Principal {
146
+ /** <Databricks> user, group or service principal ID. */
147
+ id?: string | undefined;
148
+ principalType?: PrincipalType | undefined;
149
+ }
150
+
151
+ /**
152
+ * Generic definition of a securable, which is uniquely defined in a metastore
153
+ * by its type and full name.
154
+ */
155
+ export interface Securable {
156
+ /**
157
+ * Required. The type of securable (catalog/schema/table).
158
+ * Optional if resource_name is present.
159
+ */
160
+ type?: SecurableType | undefined;
161
+ /**
162
+ * Required. The full name of the catalog/schema/table.
163
+ * Optional if resource_name is present.
164
+ */
165
+ fullName?: string | undefined;
166
+ /**
167
+ * Optional. The name of the Share object that contains the securable when the securable is
168
+ * getting shared in D2D Delta Sharing.
169
+ */
170
+ providerShare?: string | undefined;
171
+ }
172
+
173
+ export interface SecurablePermissions {
174
+ /** The securable for which the access request destinations are being requested. */
175
+ securable?: Securable | undefined;
176
+ /** List of requested Unity Catalog permissions. */
177
+ permissions?: string[] | undefined;
178
+ }
179
+
180
+ export interface UpdateAccessRequestDestinationsRequest {
181
+ /**
182
+ * The access request destinations to assign to the securable.
183
+ * For each destination, a **destination_id** and **destination_type** must be defined.
184
+ */
185
+ accessRequestDestinations?: AccessRequestDestinations | undefined;
186
+ updateMask?: FieldMask<AccessRequestDestinations> | undefined;
187
+ }
188
+
189
+ export const unmarshalAccessRequestDestinationsSchema: z.ZodType<AccessRequestDestinations> =
190
+ z
191
+ .object({
192
+ destinations: z
193
+ .array(z.lazy(() => unmarshalNotificationDestinationSchema))
194
+ .optional(),
195
+ securable: z.lazy(() => unmarshalSecurableSchema).optional(),
196
+ are_any_destinations_hidden: z.boolean().optional(),
197
+ destination_source_securable: z
198
+ .lazy(() => unmarshalSecurableSchema)
199
+ .optional(),
200
+ securable_type: z.string().optional(),
201
+ full_name: z.string().optional(),
202
+ })
203
+ .transform(d => ({
204
+ destinations: d.destinations,
205
+ securable: d.securable,
206
+ areAnyDestinationsHidden: d.are_any_destinations_hidden,
207
+ destinationSourceSecurable: d.destination_source_securable,
208
+ securableType: d.securable_type,
209
+ fullName: d.full_name,
210
+ }));
211
+
212
+ export const unmarshalBatchCreateAccessRequestsResponseSchema: z.ZodType<BatchCreateAccessRequestsResponse> =
213
+ z
214
+ .object({
215
+ responses: z
216
+ .array(z.lazy(() => unmarshalCreateAccessRequestResponseSchema))
217
+ .optional(),
218
+ })
219
+ .transform(d => ({
220
+ responses: d.responses,
221
+ }));
222
+
223
+ export const unmarshalCreateAccessRequestResponseSchema: z.ZodType<CreateAccessRequestResponse> =
224
+ z
225
+ .object({
226
+ behalf_of: z.lazy(() => unmarshalPrincipalSchema).optional(),
227
+ request_destinations: z
228
+ .array(z.lazy(() => unmarshalAccessRequestDestinationsSchema))
229
+ .optional(),
230
+ })
231
+ .transform(d => ({
232
+ behalfOf: d.behalf_of,
233
+ requestDestinations: d.request_destinations,
234
+ }));
235
+
236
+ export const unmarshalNotificationDestinationSchema: z.ZodType<NotificationDestination> =
237
+ z
238
+ .object({
239
+ destination_id: z.string().optional(),
240
+ destination_type: z.enum(DestinationType).optional(),
241
+ special_destination: z.enum(SpecialDestination).optional(),
242
+ })
243
+ .transform(d => ({
244
+ destinationId: d.destination_id,
245
+ destinationType: d.destination_type,
246
+ specialDestination: d.special_destination,
247
+ }));
248
+
249
+ export const unmarshalPrincipalSchema: z.ZodType<Principal> = z
250
+ .object({
251
+ id: z.string().optional(),
252
+ principal_type: z.enum(PrincipalType).optional(),
253
+ })
254
+ .transform(d => ({
255
+ id: d.id,
256
+ principalType: d.principal_type,
257
+ }));
258
+
259
+ export const unmarshalSecurableSchema: z.ZodType<Securable> = z
260
+ .object({
261
+ type: z.enum(SecurableType).optional(),
262
+ full_name: z.string().optional(),
263
+ provider_share: z.string().optional(),
264
+ })
265
+ .transform(d => ({
266
+ type: d.type,
267
+ fullName: d.full_name,
268
+ providerShare: d.provider_share,
269
+ }));
270
+
271
+ export const marshalAccessRequestDestinationsSchema: z.ZodType = z
272
+ .object({
273
+ destinations: z
274
+ .array(z.lazy(() => marshalNotificationDestinationSchema))
275
+ .optional(),
276
+ securable: z.lazy(() => marshalSecurableSchema).optional(),
277
+ areAnyDestinationsHidden: z.boolean().optional(),
278
+ destinationSourceSecurable: z.lazy(() => marshalSecurableSchema).optional(),
279
+ securableType: z.string().optional(),
280
+ fullName: z.string().optional(),
281
+ })
282
+ .transform(d => ({
283
+ destinations: d.destinations,
284
+ securable: d.securable,
285
+ are_any_destinations_hidden: d.areAnyDestinationsHidden,
286
+ destination_source_securable: d.destinationSourceSecurable,
287
+ securable_type: d.securableType,
288
+ full_name: d.fullName,
289
+ }));
290
+
291
+ export const marshalBatchCreateAccessRequestsRequestSchema: z.ZodType = z
292
+ .object({
293
+ requests: z
294
+ .array(z.lazy(() => marshalCreateAccessRequestSchema))
295
+ .optional(),
296
+ })
297
+ .transform(d => ({
298
+ requests: d.requests,
299
+ }));
300
+
301
+ export const marshalCreateAccessRequestSchema: z.ZodType = z
302
+ .object({
303
+ behalfOf: z.lazy(() => marshalPrincipalSchema).optional(),
304
+ comment: z.string().optional(),
305
+ securablePermissions: z
306
+ .array(z.lazy(() => marshalSecurablePermissionsSchema))
307
+ .optional(),
308
+ })
309
+ .transform(d => ({
310
+ behalf_of: d.behalfOf,
311
+ comment: d.comment,
312
+ securable_permissions: d.securablePermissions,
313
+ }));
314
+
315
+ export const marshalNotificationDestinationSchema: z.ZodType = z
316
+ .object({
317
+ destinationId: z.string().optional(),
318
+ destinationType: z.enum(DestinationType).optional(),
319
+ specialDestination: z.enum(SpecialDestination).optional(),
320
+ })
321
+ .transform(d => ({
322
+ destination_id: d.destinationId,
323
+ destination_type: d.destinationType,
324
+ special_destination: d.specialDestination,
325
+ }));
326
+
327
+ export const marshalPrincipalSchema: z.ZodType = z
328
+ .object({
329
+ id: z.string().optional(),
330
+ principalType: z.enum(PrincipalType).optional(),
331
+ })
332
+ .transform(d => ({
333
+ id: d.id,
334
+ principal_type: d.principalType,
335
+ }));
336
+
337
+ export const marshalSecurableSchema: z.ZodType = z
338
+ .object({
339
+ type: z.enum(SecurableType).optional(),
340
+ fullName: z.string().optional(),
341
+ providerShare: z.string().optional(),
342
+ })
343
+ .transform(d => ({
344
+ type: d.type,
345
+ full_name: d.fullName,
346
+ provider_share: d.providerShare,
347
+ }));
348
+
349
+ export const marshalSecurablePermissionsSchema: z.ZodType = z
350
+ .object({
351
+ securable: z.lazy(() => marshalSecurableSchema).optional(),
352
+ permissions: z.array(z.string()).optional(),
353
+ })
354
+ .transform(d => ({
355
+ securable: d.securable,
356
+ permissions: d.permissions,
357
+ }));
358
+
359
+ const accessRequestDestinationsFieldMaskSchema: FieldMaskSchema = {
360
+ areAnyDestinationsHidden: {wire: 'are_any_destinations_hidden'},
361
+ destinationSourceSecurable: {
362
+ wire: 'destination_source_securable',
363
+ children: () => securableFieldMaskSchema,
364
+ },
365
+ destinations: {wire: 'destinations'},
366
+ fullName: {wire: 'full_name'},
367
+ securable: {wire: 'securable', children: () => securableFieldMaskSchema},
368
+ securableType: {wire: 'securable_type'},
369
+ };
370
+
371
+ export function accessRequestDestinationsFieldMask(
372
+ ...paths: string[]
373
+ ): FieldMask<AccessRequestDestinations> {
374
+ return FieldMask.build<AccessRequestDestinations>(
375
+ paths,
376
+ accessRequestDestinationsFieldMaskSchema
377
+ );
378
+ }
379
+
380
+ const securableFieldMaskSchema: FieldMaskSchema = {
381
+ fullName: {wire: 'full_name'},
382
+ providerShare: {wire: 'provider_share'},
383
+ type: {wire: 'type'},
384
+ };
@@ -0,0 +1,73 @@
1
+ // Code generated from API definition by Databricks SDK Generator. DO NOT EDIT.
2
+
3
+ import type {Credentials} from '@databricks/sdk-auth';
4
+ import {defaultCredentials} from '@databricks/sdk-auth/credentials';
5
+ import type {
6
+ HttpClient,
7
+ HttpRequest,
8
+ HttpResponse,
9
+ } from '@databricks/sdk-core/http';
10
+ import {newFetchHttpClient} from '@databricks/sdk-core/http';
11
+ import type {ClientOptions} from '@databricks/sdk-options/client';
12
+
13
+ /** Creates a new HTTP client with the given options. */
14
+ export function newHttpClient(options?: ClientOptions): HttpClient {
15
+ const opts = options ?? {};
16
+
17
+ // If an HTTP client is provided, use it as-is. Throw if other options are
18
+ // also set, since they would be silently ignored.
19
+ if (opts.httpClient !== undefined) {
20
+ if (opts.credentials !== undefined || opts.timeout !== undefined) {
21
+ throw new Error(
22
+ 'httpClient cannot be combined with credentials or timeout'
23
+ );
24
+ }
25
+ return opts.httpClient;
26
+ }
27
+
28
+ const credentials = opts.credentials ?? defaultCredentials();
29
+
30
+ const base = newFetchHttpClient();
31
+ let client: HttpClient = new AuthHttpClient(base, credentials);
32
+
33
+ if (opts.timeout !== undefined) {
34
+ client = new TimeoutHttpClient(client, opts.timeout);
35
+ }
36
+
37
+ return client;
38
+ }
39
+
40
+ /** Wraps an HttpClient and adds authentication headers to requests. */
41
+ class AuthHttpClient implements HttpClient {
42
+ constructor(
43
+ private readonly base: HttpClient,
44
+ private readonly credentials: Credentials
45
+ ) {}
46
+
47
+ async send(request: HttpRequest): Promise<HttpResponse> {
48
+ const authHeaders = await this.credentials.authHeaders();
49
+ // Do not modify the original request.
50
+ const headers = new Headers(request.headers);
51
+ for (const h of authHeaders) {
52
+ headers.set(h.key, h.value);
53
+ }
54
+ return this.base.send({...request, headers});
55
+ }
56
+ }
57
+
58
+ /** Wraps an HttpClient and applies a default timeout to requests. */
59
+ class TimeoutHttpClient implements HttpClient {
60
+ constructor(
61
+ private readonly base: HttpClient,
62
+ private readonly timeout: number
63
+ ) {}
64
+
65
+ async send(request: HttpRequest): Promise<HttpResponse> {
66
+ const timeoutSignal = AbortSignal.timeout(this.timeout);
67
+ const signal =
68
+ request.signal !== undefined
69
+ ? AbortSignal.any([request.signal, timeoutSignal])
70
+ : timeoutSignal;
71
+ return this.base.send({...request, signal});
72
+ }
73
+ }