@pulumi/databricks 1.92.0-alpha.1778394392 → 1.92.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (453) hide show
  1. package/accessControlRuleSet.d.ts +1 -1
  2. package/accessControlRuleSet.d.ts.map +1 -1
  3. package/aibiDashboardEmbeddingAccessPolicySetting.d.ts +1 -1
  4. package/aibiDashboardEmbeddingAccessPolicySetting.d.ts.map +1 -1
  5. package/aibiDashboardEmbeddingApprovedDomainsSetting.d.ts +1 -1
  6. package/aibiDashboardEmbeddingApprovedDomainsSetting.d.ts.map +1 -1
  7. package/alert.d.ts +1 -1
  8. package/alert.d.ts.map +1 -1
  9. package/alertV2.d.ts +4 -4
  10. package/alertV2.d.ts.map +1 -1
  11. package/app.d.ts +2 -0
  12. package/app.d.ts.map +1 -1
  13. package/app.js +2 -0
  14. package/app.js.map +1 -1
  15. package/appSpace.d.ts +1 -1
  16. package/appSpace.d.ts.map +1 -1
  17. package/appsSettingsCustomTemplate.d.ts +1 -1
  18. package/appsSettingsCustomTemplate.d.ts.map +1 -1
  19. package/artifactAllowlist.d.ts +1 -1
  20. package/artifactAllowlist.d.ts.map +1 -1
  21. package/automaticClusterUpdateWorkspaceSetting.d.ts +1 -1
  22. package/automaticClusterUpdateWorkspaceSetting.d.ts.map +1 -1
  23. package/catalog.d.ts +1 -1
  24. package/catalog.d.ts.map +1 -1
  25. package/catalogWorkspaceBinding.d.ts +1 -1
  26. package/catalogWorkspaceBinding.d.ts.map +1 -1
  27. package/cluster.d.ts +1 -1
  28. package/cluster.d.ts.map +1 -1
  29. package/clusterPolicy.d.ts +1 -1
  30. package/clusterPolicy.d.ts.map +1 -1
  31. package/complianceSecurityProfileWorkspaceSetting.d.ts +1 -1
  32. package/complianceSecurityProfileWorkspaceSetting.d.ts.map +1 -1
  33. package/config/vars.d.ts +0 -1
  34. package/config/vars.d.ts.map +1 -1
  35. package/config/vars.js +0 -6
  36. package/config/vars.js.map +1 -1
  37. package/connection.d.ts +1 -1
  38. package/connection.d.ts.map +1 -1
  39. package/credential.d.ts +1 -1
  40. package/credential.d.ts.map +1 -1
  41. package/dashboard.d.ts +1 -1
  42. package/dashboard.d.ts.map +1 -1
  43. package/dataClassificationCatalogConfig.d.ts +1 -1
  44. package/dataClassificationCatalogConfig.d.ts.map +1 -1
  45. package/dataQualityMonitor.d.ts +1 -1
  46. package/dataQualityMonitor.d.ts.map +1 -1
  47. package/dataQualityRefresh.d.ts +1 -1
  48. package/dataQualityRefresh.d.ts.map +1 -1
  49. package/databaseDatabaseCatalog.d.ts +1 -1
  50. package/databaseDatabaseCatalog.d.ts.map +1 -1
  51. package/databaseInstance.d.ts +7 -4
  52. package/databaseInstance.d.ts.map +1 -1
  53. package/databaseInstance.js.map +1 -1
  54. package/databaseSyncedDatabaseTable.d.ts +1 -1
  55. package/databaseSyncedDatabaseTable.d.ts.map +1 -1
  56. package/dbfsFile.d.ts +1 -1
  57. package/dbfsFile.d.ts.map +1 -1
  58. package/defaultNamespaceSetting.d.ts +1 -1
  59. package/defaultNamespaceSetting.d.ts.map +1 -1
  60. package/directory.d.ts +1 -1
  61. package/directory.d.ts.map +1 -1
  62. package/disableLegacyAccessSetting.d.ts +1 -1
  63. package/disableLegacyAccessSetting.d.ts.map +1 -1
  64. package/disableLegacyDbfsSetting.d.ts +1 -1
  65. package/disableLegacyDbfsSetting.d.ts.map +1 -1
  66. package/disableLegacyFeaturesSetting.d.ts +10 -1
  67. package/disableLegacyFeaturesSetting.d.ts.map +1 -1
  68. package/disableLegacyFeaturesSetting.js.map +1 -1
  69. package/disasterRecoveryFailoverGroup.d.ts +187 -0
  70. package/disasterRecoveryFailoverGroup.d.ts.map +1 -0
  71. package/disasterRecoveryFailoverGroup.js +114 -0
  72. package/disasterRecoveryFailoverGroup.js.map +1 -0
  73. package/disasterRecoveryStableUrl.d.ts +109 -0
  74. package/disasterRecoveryStableUrl.d.ts.map +1 -0
  75. package/disasterRecoveryStableUrl.js +92 -0
  76. package/disasterRecoveryStableUrl.js.map +1 -0
  77. package/enhancedSecurityMonitoringWorkspaceSetting.d.ts +1 -1
  78. package/enhancedSecurityMonitoringWorkspaceSetting.d.ts.map +1 -1
  79. package/entitlements.d.ts +1 -1
  80. package/entitlements.d.ts.map +1 -1
  81. package/entityTagAssignment.d.ts +1 -1
  82. package/entityTagAssignment.d.ts.map +1 -1
  83. package/environmentsDefaultWorkspaceBaseEnvironment.d.ts +2 -2
  84. package/environmentsDefaultWorkspaceBaseEnvironment.d.ts.map +1 -1
  85. package/environmentsDefaultWorkspaceBaseEnvironment.js +1 -1
  86. package/environmentsWorkspaceBaseEnvironment.d.ts +2 -2
  87. package/environmentsWorkspaceBaseEnvironment.d.ts.map +1 -1
  88. package/environmentsWorkspaceBaseEnvironment.js +1 -1
  89. package/externalLocation.d.ts +1 -1
  90. package/externalLocation.d.ts.map +1 -1
  91. package/externalMetadata.d.ts +1 -1
  92. package/externalMetadata.d.ts.map +1 -1
  93. package/featureEngineeringFeature.d.ts +1 -1
  94. package/featureEngineeringFeature.d.ts.map +1 -1
  95. package/featureEngineeringKafkaConfig.d.ts +1 -1
  96. package/featureEngineeringKafkaConfig.d.ts.map +1 -1
  97. package/featureEngineeringMaterializedFeature.d.ts +1 -1
  98. package/featureEngineeringMaterializedFeature.d.ts.map +1 -1
  99. package/file.d.ts +1 -1
  100. package/file.d.ts.map +1 -1
  101. package/getCatalog.d.ts +1 -1
  102. package/getCatalog.d.ts.map +1 -1
  103. package/getCatalogs.d.ts +1 -1
  104. package/getCatalogs.d.ts.map +1 -1
  105. package/getCluster.d.ts +1 -1
  106. package/getCluster.d.ts.map +1 -1
  107. package/getClusterPolicy.d.ts +1 -1
  108. package/getClusterPolicy.d.ts.map +1 -1
  109. package/getClusters.d.ts +1 -1
  110. package/getClusters.d.ts.map +1 -1
  111. package/getCurrentConfig.d.ts +1 -1
  112. package/getCurrentConfig.d.ts.map +1 -1
  113. package/getCurrentMetastore.d.ts +1 -1
  114. package/getCurrentMetastore.d.ts.map +1 -1
  115. package/getCurrentUser.d.ts +1 -1
  116. package/getCurrentUser.d.ts.map +1 -1
  117. package/getDbfsFile.d.ts +1 -1
  118. package/getDbfsFile.d.ts.map +1 -1
  119. package/getDbfsFilePaths.d.ts +1 -1
  120. package/getDbfsFilePaths.d.ts.map +1 -1
  121. package/getDirectory.d.ts +1 -1
  122. package/getDirectory.d.ts.map +1 -1
  123. package/getDisasterRecoveryFailoverGroup.d.ts +87 -0
  124. package/getDisasterRecoveryFailoverGroup.d.ts.map +1 -0
  125. package/getDisasterRecoveryFailoverGroup.js +51 -0
  126. package/getDisasterRecoveryFailoverGroup.js.map +1 -0
  127. package/getDisasterRecoveryFailoverGroups.d.ts +51 -0
  128. package/getDisasterRecoveryFailoverGroups.d.ts.map +1 -0
  129. package/getDisasterRecoveryFailoverGroups.js +53 -0
  130. package/getDisasterRecoveryFailoverGroups.js.map +1 -0
  131. package/getDisasterRecoveryStableUrl.d.ts +57 -0
  132. package/getDisasterRecoveryStableUrl.d.ts.map +1 -0
  133. package/getDisasterRecoveryStableUrl.js +51 -0
  134. package/getDisasterRecoveryStableUrl.js.map +1 -0
  135. package/getDisasterRecoveryStableUrls.d.ts +49 -0
  136. package/getDisasterRecoveryStableUrls.d.ts.map +1 -0
  137. package/getDisasterRecoveryStableUrls.js +53 -0
  138. package/getDisasterRecoveryStableUrls.js.map +1 -0
  139. package/getEnvironmentsDefaultWorkspaceBaseEnvironment.d.ts +2 -2
  140. package/getEnvironmentsDefaultWorkspaceBaseEnvironment.js +2 -2
  141. package/getEnvironmentsWorkspaceBaseEnvironment.d.ts +2 -2
  142. package/getEnvironmentsWorkspaceBaseEnvironment.js +2 -2
  143. package/getEnvironmentsWorkspaceBaseEnvironments.d.ts +2 -2
  144. package/getEnvironmentsWorkspaceBaseEnvironments.js +2 -2
  145. package/getExternalLocation.d.ts +1 -1
  146. package/getExternalLocation.d.ts.map +1 -1
  147. package/getExternalLocations.d.ts +1 -1
  148. package/getExternalLocations.d.ts.map +1 -1
  149. package/getGroup.d.ts +1 -1
  150. package/getGroup.d.ts.map +1 -1
  151. package/getInstancePool.d.ts +1 -1
  152. package/getInstancePool.d.ts.map +1 -1
  153. package/getInstanceProfiles.d.ts +1 -1
  154. package/getInstanceProfiles.d.ts.map +1 -1
  155. package/getJob.d.ts +1 -1
  156. package/getJob.d.ts.map +1 -1
  157. package/getJobs.d.ts +1 -1
  158. package/getJobs.d.ts.map +1 -1
  159. package/getMlflowExperiment.d.ts +1 -1
  160. package/getMlflowExperiment.d.ts.map +1 -1
  161. package/getMlflowModel.d.ts +1 -1
  162. package/getMlflowModel.d.ts.map +1 -1
  163. package/getMlflowModels.d.ts +1 -1
  164. package/getMlflowModels.d.ts.map +1 -1
  165. package/getMwsCredentials.d.ts +10 -3
  166. package/getMwsCredentials.d.ts.map +1 -1
  167. package/getMwsCredentials.js.map +1 -1
  168. package/getMwsWorkspaces.d.ts +10 -3
  169. package/getMwsWorkspaces.d.ts.map +1 -1
  170. package/getMwsWorkspaces.js.map +1 -1
  171. package/getNodeType.d.ts +1 -1
  172. package/getNodeType.d.ts.map +1 -1
  173. package/getNotebook.d.ts +1 -1
  174. package/getNotebook.d.ts.map +1 -1
  175. package/getNotebookPaths.d.ts +1 -1
  176. package/getNotebookPaths.d.ts.map +1 -1
  177. package/getPipelines.d.ts +1 -1
  178. package/getPipelines.d.ts.map +1 -1
  179. package/getPostgresCatalog.d.ts +32 -0
  180. package/getPostgresCatalog.d.ts.map +1 -1
  181. package/getPostgresCatalog.js +32 -0
  182. package/getPostgresCatalog.js.map +1 -1
  183. package/getPostgresSyncedTable.d.ts +32 -0
  184. package/getPostgresSyncedTable.d.ts.map +1 -1
  185. package/getPostgresSyncedTable.js +32 -0
  186. package/getPostgresSyncedTable.js.map +1 -1
  187. package/getSchema.d.ts +1 -1
  188. package/getSchema.d.ts.map +1 -1
  189. package/getSchemas.d.ts +1 -1
  190. package/getSchemas.d.ts.map +1 -1
  191. package/getSecretUc.d.ts +125 -0
  192. package/getSecretUc.d.ts.map +1 -0
  193. package/getSecretUc.js +53 -0
  194. package/getSecretUc.js.map +1 -0
  195. package/getSecretUcs.d.ts +99 -0
  196. package/getSecretUcs.d.ts.map +1 -0
  197. package/getSecretUcs.js +61 -0
  198. package/getSecretUcs.js.map +1 -0
  199. package/getServicePrincipal.d.ts +4 -1
  200. package/getServicePrincipal.d.ts.map +1 -1
  201. package/getServicePrincipal.js +2 -0
  202. package/getServicePrincipal.js.map +1 -1
  203. package/getServicePrincipals.d.ts +4 -1
  204. package/getServicePrincipals.d.ts.map +1 -1
  205. package/getServicePrincipals.js +2 -0
  206. package/getServicePrincipals.js.map +1 -1
  207. package/getSparkVersion.d.ts +1 -1
  208. package/getSparkVersion.d.ts.map +1 -1
  209. package/getSqlWarehouse.d.ts +1 -1
  210. package/getSqlWarehouse.d.ts.map +1 -1
  211. package/getSqlWarehouses.d.ts +1 -1
  212. package/getSqlWarehouses.d.ts.map +1 -1
  213. package/getStorageCredential.d.ts +1 -1
  214. package/getStorageCredential.d.ts.map +1 -1
  215. package/getStorageCredentials.d.ts +1 -1
  216. package/getStorageCredentials.d.ts.map +1 -1
  217. package/getSupervisorAgent.d.ts +87 -0
  218. package/getSupervisorAgent.d.ts.map +1 -0
  219. package/getSupervisorAgent.js +53 -0
  220. package/getSupervisorAgent.js.map +1 -0
  221. package/getSupervisorAgentTool.d.ts +90 -0
  222. package/getSupervisorAgentTool.d.ts.map +1 -0
  223. package/getSupervisorAgentTool.js +53 -0
  224. package/getSupervisorAgentTool.js.map +1 -0
  225. package/getSupervisorAgentTools.d.ts +55 -0
  226. package/getSupervisorAgentTools.d.ts.map +1 -0
  227. package/getSupervisorAgentTools.js +55 -0
  228. package/getSupervisorAgentTools.js.map +1 -0
  229. package/getSupervisorAgents.d.ts +54 -0
  230. package/getSupervisorAgents.d.ts.map +1 -0
  231. package/getSupervisorAgents.js +55 -0
  232. package/getSupervisorAgents.js.map +1 -0
  233. package/getTable.d.ts +1 -1
  234. package/getTable.d.ts.map +1 -1
  235. package/getTables.d.ts +1 -1
  236. package/getTables.d.ts.map +1 -1
  237. package/getUser.d.ts +1 -1
  238. package/getUser.d.ts.map +1 -1
  239. package/getViews.d.ts +1 -1
  240. package/getViews.d.ts.map +1 -1
  241. package/getVolume.d.ts +1 -1
  242. package/getVolume.d.ts.map +1 -1
  243. package/getZones.d.ts +1 -1
  244. package/getZones.d.ts.map +1 -1
  245. package/gitCredential.d.ts +1 -1
  246. package/gitCredential.d.ts.map +1 -1
  247. package/globalInitScript.d.ts +1 -1
  248. package/globalInitScript.d.ts.map +1 -1
  249. package/grant.d.ts +1 -1
  250. package/grant.d.ts.map +1 -1
  251. package/grants.d.ts +1 -1
  252. package/grants.d.ts.map +1 -1
  253. package/group.d.ts +1 -1
  254. package/group.d.ts.map +1 -1
  255. package/groupInstanceProfile.d.ts +1 -1
  256. package/groupInstanceProfile.d.ts.map +1 -1
  257. package/groupMember.d.ts +1 -1
  258. package/groupMember.d.ts.map +1 -1
  259. package/groupRole.d.ts +1 -1
  260. package/groupRole.d.ts.map +1 -1
  261. package/index.d.ts +45 -0
  262. package/index.d.ts.map +1 -1
  263. package/index.js +65 -9
  264. package/index.js.map +1 -1
  265. package/instancePool.d.ts +1 -1
  266. package/instancePool.d.ts.map +1 -1
  267. package/instanceProfile.d.ts +1 -1
  268. package/instanceProfile.d.ts.map +1 -1
  269. package/ipAccessList.d.ts +1 -1
  270. package/ipAccessList.d.ts.map +1 -1
  271. package/job.d.ts +1 -1
  272. package/job.d.ts.map +1 -1
  273. package/knowledgeAssistant.d.ts +1 -1
  274. package/knowledgeAssistant.d.ts.map +1 -1
  275. package/knowledgeAssistantKnowledgeSource.d.ts +1 -1
  276. package/knowledgeAssistantKnowledgeSource.d.ts.map +1 -1
  277. package/lakehouseMonitor.d.ts +1 -1
  278. package/lakehouseMonitor.d.ts.map +1 -1
  279. package/library.d.ts +4 -2
  280. package/library.d.ts.map +1 -1
  281. package/library.js +4 -2
  282. package/library.js.map +1 -1
  283. package/materializedFeaturesFeatureTag.d.ts +1 -1
  284. package/materializedFeaturesFeatureTag.d.ts.map +1 -1
  285. package/metastore.d.ts +1 -1
  286. package/metastore.d.ts.map +1 -1
  287. package/metastoreAssignment.d.ts +1 -1
  288. package/metastoreAssignment.d.ts.map +1 -1
  289. package/metastoreDataAccess.d.ts +1 -1
  290. package/metastoreDataAccess.d.ts.map +1 -1
  291. package/metastoreProvider.d.ts +1 -1
  292. package/metastoreProvider.d.ts.map +1 -1
  293. package/mlflowExperiment.d.ts +1 -1
  294. package/mlflowExperiment.d.ts.map +1 -1
  295. package/mlflowModel.d.ts +1 -1
  296. package/mlflowModel.d.ts.map +1 -1
  297. package/mlflowWebhook.d.ts +1 -1
  298. package/mlflowWebhook.d.ts.map +1 -1
  299. package/modelServing.d.ts +1 -1
  300. package/modelServing.d.ts.map +1 -1
  301. package/modelServingProvisionedThroughput.d.ts +1 -1
  302. package/modelServingProvisionedThroughput.d.ts.map +1 -1
  303. package/mount.d.ts +1 -1
  304. package/mount.d.ts.map +1 -1
  305. package/mwsWorkspaces.d.ts +3 -3
  306. package/notebook.d.ts +1 -1
  307. package/notebook.d.ts.map +1 -1
  308. package/notificationDestination.d.ts +1 -1
  309. package/notificationDestination.d.ts.map +1 -1
  310. package/oboToken.d.ts +1 -1
  311. package/oboToken.d.ts.map +1 -1
  312. package/onlineStore.d.ts +1 -1
  313. package/onlineStore.d.ts.map +1 -1
  314. package/onlineTable.d.ts +1 -1
  315. package/onlineTable.d.ts.map +1 -1
  316. package/package.json +2 -2
  317. package/permissionAssignment.d.ts +1 -1
  318. package/permissionAssignment.d.ts.map +1 -1
  319. package/permissions.d.ts +1 -1
  320. package/permissions.d.ts.map +1 -1
  321. package/pipeline.d.ts +1 -1
  322. package/pipeline.d.ts.map +1 -1
  323. package/policyInfo.d.ts +1 -1
  324. package/policyInfo.d.ts.map +1 -1
  325. package/postgresBranch.d.ts +3 -3
  326. package/postgresBranch.d.ts.map +1 -1
  327. package/postgresBranch.js +2 -2
  328. package/postgresCatalog.d.ts +50 -1
  329. package/postgresCatalog.d.ts.map +1 -1
  330. package/postgresCatalog.js +49 -0
  331. package/postgresCatalog.js.map +1 -1
  332. package/postgresDatabase.d.ts +1 -1
  333. package/postgresDatabase.d.ts.map +1 -1
  334. package/postgresEndpoint.d.ts +4 -4
  335. package/postgresEndpoint.d.ts.map +1 -1
  336. package/postgresEndpoint.js +3 -3
  337. package/postgresProject.d.ts +2 -2
  338. package/postgresProject.d.ts.map +1 -1
  339. package/postgresProject.js +1 -1
  340. package/postgresRole.d.ts +1 -1
  341. package/postgresRole.d.ts.map +1 -1
  342. package/postgresSyncedTable.d.ts +95 -1
  343. package/postgresSyncedTable.d.ts.map +1 -1
  344. package/postgresSyncedTable.js +94 -0
  345. package/postgresSyncedTable.js.map +1 -1
  346. package/provider.d.ts +0 -1
  347. package/provider.d.ts.map +1 -1
  348. package/provider.js +0 -1
  349. package/provider.js.map +1 -1
  350. package/qualityMonitor.d.ts +3 -1
  351. package/qualityMonitor.d.ts.map +1 -1
  352. package/qualityMonitor.js +3 -1
  353. package/qualityMonitor.js.map +1 -1
  354. package/qualityMonitorV2.d.ts +1 -1
  355. package/qualityMonitorV2.d.ts.map +1 -1
  356. package/query.d.ts +1 -1
  357. package/query.d.ts.map +1 -1
  358. package/recipient.d.ts +1 -1
  359. package/recipient.d.ts.map +1 -1
  360. package/registeredModel.d.ts +1 -1
  361. package/registeredModel.d.ts.map +1 -1
  362. package/repo.d.ts +1 -1
  363. package/repo.d.ts.map +1 -1
  364. package/restrictWorkspaceAdminsSetting.d.ts +1 -1
  365. package/restrictWorkspaceAdminsSetting.d.ts.map +1 -1
  366. package/rfaAccessRequestDestinations.d.ts +1 -1
  367. package/rfaAccessRequestDestinations.d.ts.map +1 -1
  368. package/schema.d.ts +1 -1
  369. package/schema.d.ts.map +1 -1
  370. package/secret.d.ts +1 -1
  371. package/secret.d.ts.map +1 -1
  372. package/secretAcl.d.ts +1 -1
  373. package/secretAcl.d.ts.map +1 -1
  374. package/secretScope.d.ts +1 -1
  375. package/secretScope.d.ts.map +1 -1
  376. package/secretUc.d.ts +266 -0
  377. package/secretUc.d.ts.map +1 -0
  378. package/secretUc.js +142 -0
  379. package/secretUc.js.map +1 -0
  380. package/servicePrincipal.d.ts +1 -1
  381. package/servicePrincipal.d.ts.map +1 -1
  382. package/servicePrincipalRole.d.ts +1 -1
  383. package/servicePrincipalRole.d.ts.map +1 -1
  384. package/servicePrincipalSecret.d.ts +1 -1
  385. package/servicePrincipalSecret.d.ts.map +1 -1
  386. package/share.d.ts +2 -0
  387. package/share.d.ts.map +1 -1
  388. package/share.js +2 -0
  389. package/share.js.map +1 -1
  390. package/sqlAlert.d.ts +1 -1
  391. package/sqlAlert.d.ts.map +1 -1
  392. package/sqlDashboard.d.ts +1 -1
  393. package/sqlDashboard.d.ts.map +1 -1
  394. package/sqlEndpoint.d.ts +1 -1
  395. package/sqlEndpoint.d.ts.map +1 -1
  396. package/sqlGlobalConfig.d.ts +1 -1
  397. package/sqlGlobalConfig.d.ts.map +1 -1
  398. package/sqlPermissions.d.ts +1 -1
  399. package/sqlPermissions.d.ts.map +1 -1
  400. package/sqlQuery.d.ts +1 -1
  401. package/sqlQuery.d.ts.map +1 -1
  402. package/sqlTable.d.ts +1 -1
  403. package/sqlTable.d.ts.map +1 -1
  404. package/sqlVisualization.d.ts +1 -1
  405. package/sqlVisualization.d.ts.map +1 -1
  406. package/sqlWidget.d.ts +1 -1
  407. package/sqlWidget.d.ts.map +1 -1
  408. package/storageCredential.d.ts +1 -1
  409. package/storageCredential.d.ts.map +1 -1
  410. package/supervisorAgent.d.ts +140 -0
  411. package/supervisorAgent.d.ts.map +1 -0
  412. package/supervisorAgent.js +96 -0
  413. package/supervisorAgent.js.map +1 -0
  414. package/supervisorAgentTool.d.ts +133 -0
  415. package/supervisorAgentTool.d.ts.map +1 -0
  416. package/supervisorAgentTool.js +106 -0
  417. package/supervisorAgentTool.js.map +1 -0
  418. package/systemSchema.d.ts +1 -1
  419. package/systemSchema.d.ts.map +1 -1
  420. package/table.d.ts +1 -1
  421. package/table.d.ts.map +1 -1
  422. package/tagPolicy.d.ts +1 -1
  423. package/tagPolicy.d.ts.map +1 -1
  424. package/token.d.ts +1 -1
  425. package/token.d.ts.map +1 -1
  426. package/types/input.d.ts +1091 -416
  427. package/types/input.d.ts.map +1 -1
  428. package/types/output.d.ts +3215 -351
  429. package/types/output.d.ts.map +1 -1
  430. package/user.d.ts +1 -1
  431. package/user.d.ts.map +1 -1
  432. package/userInstanceProfile.d.ts +1 -1
  433. package/userInstanceProfile.d.ts.map +1 -1
  434. package/userRole.d.ts +1 -1
  435. package/userRole.d.ts.map +1 -1
  436. package/vectorSearchEndpoint.d.ts +1 -1
  437. package/vectorSearchEndpoint.d.ts.map +1 -1
  438. package/vectorSearchIndex.d.ts +1 -1
  439. package/vectorSearchIndex.d.ts.map +1 -1
  440. package/volume.d.ts +1 -1
  441. package/volume.d.ts.map +1 -1
  442. package/warehousesDefaultWarehouseOverride.d.ts +1 -1
  443. package/warehousesDefaultWarehouseOverride.d.ts.map +1 -1
  444. package/workspaceBinding.d.ts +1 -1
  445. package/workspaceBinding.d.ts.map +1 -1
  446. package/workspaceConf.d.ts +1 -1
  447. package/workspaceConf.d.ts.map +1 -1
  448. package/workspaceEntityTagAssignment.d.ts +1 -1
  449. package/workspaceEntityTagAssignment.d.ts.map +1 -1
  450. package/workspaceFile.d.ts +1 -1
  451. package/workspaceFile.d.ts.map +1 -1
  452. package/workspaceSettingV2.d.ts +1 -1
  453. package/workspaceSettingV2.d.ts.map +1 -1
package/types/output.d.ts CHANGED
@@ -89,6 +89,12 @@ export interface AccountNetworkPolicyEgressNetworkAccess {
89
89
  * List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
90
90
  */
91
91
  allowedStorageDestinations?: outputs.AccountNetworkPolicyEgressNetworkAccessAllowedStorageDestination[];
92
+ /**
93
+ * List of internet destinations that serverless workloads are blocked from accessing.
94
+ * These destinations are enforced when restriction mode is RESTRICTED_ACCESS or DRY_RUN.
95
+ * Currently supports DNS_NAME type only; IP_RANGE support is planned
96
+ */
97
+ blockedInternetDestinations?: outputs.AccountNetworkPolicyEgressNetworkAccessBlockedInternetDestination[];
92
98
  /**
93
99
  * Optional. When policyEnforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES
94
100
  */
@@ -118,6 +124,13 @@ export interface AccountNetworkPolicyEgressNetworkAccessAllowedStorageDestinatio
118
124
  */
119
125
  storageDestinationType?: string;
120
126
  }
127
+ export interface AccountNetworkPolicyEgressNetworkAccessBlockedInternetDestination {
128
+ destination?: string;
129
+ /**
130
+ * The type of internet destination. Currently only DNS_NAME is supported. Possible values are: `DNS_NAME`
131
+ */
132
+ internetDestinationType?: string;
133
+ }
121
134
  export interface AccountNetworkPolicyEgressNetworkAccessPolicyEnforcement {
122
135
  /**
123
136
  * When empty, it means dry run for all products.
@@ -132,11 +145,164 @@ export interface AccountNetworkPolicyEgressNetworkAccessPolicyEnforcement {
132
145
  enforcementMode?: string;
133
146
  }
134
147
  export interface AccountNetworkPolicyIngress {
148
+ /**
149
+ * The network policy restrictions for private access to the workspace.
150
+ * Configures how registered private endpoints are allowed or denied access
151
+ */
152
+ privateAccess?: outputs.AccountNetworkPolicyIngressPrivateAccess;
153
+ /**
154
+ * The network policy restrictions for public access to the workspace.
155
+ * Configures how public internet traffic is allowed or denied access
156
+ */
135
157
  publicAccess?: outputs.AccountNetworkPolicyIngressPublicAccess;
136
158
  }
137
159
  export interface AccountNetworkPolicyIngressDryRun {
160
+ /**
161
+ * The network policy restrictions for private access to the workspace.
162
+ * Configures how registered private endpoints are allowed or denied access
163
+ */
164
+ privateAccess?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccess;
165
+ /**
166
+ * The network policy restrictions for public access to the workspace.
167
+ * Configures how public internet traffic is allowed or denied access
168
+ */
138
169
  publicAccess?: outputs.AccountNetworkPolicyIngressDryRunPublicAccess;
139
170
  }
171
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccess {
172
+ allowRules?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRule[];
173
+ denyRules?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRule[];
174
+ restrictionMode: string;
175
+ }
176
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRule {
177
+ authentication?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthentication;
178
+ destination?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestination;
179
+ label?: string;
180
+ origin?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOrigin;
181
+ }
182
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthentication {
183
+ /**
184
+ * Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
185
+ */
186
+ identities?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity[];
187
+ /**
188
+ * Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
189
+ */
190
+ identityType?: string;
191
+ }
192
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity {
193
+ principalId?: string;
194
+ /**
195
+ * Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
196
+ */
197
+ principalType?: string;
198
+ }
199
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestination {
200
+ accountApi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountApi;
201
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne;
202
+ accountUi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountUi;
203
+ allDestinations?: boolean;
204
+ appsRuntime?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime;
205
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime;
206
+ workspaceApi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi;
207
+ workspaceUi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi;
208
+ }
209
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountApi {
210
+ scopeQualifier?: string;
211
+ scopes?: string[];
212
+ }
213
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne {
214
+ allDestinations?: boolean;
215
+ }
216
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountUi {
217
+ allDestinations?: boolean;
218
+ }
219
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime {
220
+ allDestinations?: boolean;
221
+ }
222
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime {
223
+ allDestinations?: boolean;
224
+ }
225
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi {
226
+ scopeQualifier?: string;
227
+ scopes?: string[];
228
+ }
229
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi {
230
+ allDestinations?: boolean;
231
+ }
232
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOrigin {
233
+ allPrivateAccess?: boolean;
234
+ allRegisteredEndpoints?: boolean;
235
+ azureWorkspacePrivateLink?: boolean;
236
+ endpoints?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOriginEndpoints;
237
+ }
238
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOriginEndpoints {
239
+ endpointIds?: string[];
240
+ }
241
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRule {
242
+ authentication?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthentication;
243
+ destination?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestination;
244
+ label?: string;
245
+ origin?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOrigin;
246
+ }
247
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthentication {
248
+ /**
249
+ * Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
250
+ */
251
+ identities?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity[];
252
+ /**
253
+ * Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
254
+ */
255
+ identityType?: string;
256
+ }
257
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity {
258
+ principalId?: string;
259
+ /**
260
+ * Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
261
+ */
262
+ principalType?: string;
263
+ }
264
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestination {
265
+ accountApi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountApi;
266
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne;
267
+ accountUi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountUi;
268
+ allDestinations?: boolean;
269
+ appsRuntime?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime;
270
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime;
271
+ workspaceApi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi;
272
+ workspaceUi?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi;
273
+ }
274
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountApi {
275
+ scopeQualifier?: string;
276
+ scopes?: string[];
277
+ }
278
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne {
279
+ allDestinations?: boolean;
280
+ }
281
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountUi {
282
+ allDestinations?: boolean;
283
+ }
284
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime {
285
+ allDestinations?: boolean;
286
+ }
287
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime {
288
+ allDestinations?: boolean;
289
+ }
290
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi {
291
+ scopeQualifier?: string;
292
+ scopes?: string[];
293
+ }
294
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi {
295
+ allDestinations?: boolean;
296
+ }
297
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOrigin {
298
+ allPrivateAccess?: boolean;
299
+ allRegisteredEndpoints?: boolean;
300
+ azureWorkspacePrivateLink?: boolean;
301
+ endpoints?: outputs.AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOriginEndpoints;
302
+ }
303
+ export interface AccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOriginEndpoints {
304
+ endpointIds?: string[];
305
+ }
140
306
  export interface AccountNetworkPolicyIngressDryRunPublicAccess {
141
307
  allowRules?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRule[];
142
308
  denyRules?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRule[];
@@ -145,10 +311,6 @@ export interface AccountNetworkPolicyIngressDryRunPublicAccess {
145
311
  export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRule {
146
312
  authentication?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentication;
147
313
  destination?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination;
148
- /**
149
- * User-provided name for this ingress rule. Helps identify which rule
150
- * caused a request to be denied or dry-run denied
151
- */
152
314
  label?: string;
153
315
  origin?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOrigin;
154
316
  }
@@ -170,14 +332,33 @@ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentic
170
332
  principalType?: string;
171
333
  }
172
334
  export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination {
335
+ accountApi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountApi;
336
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne;
337
+ accountUi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountUi;
173
338
  allDestinations?: boolean;
339
+ appsRuntime?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime;
340
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime;
174
341
  workspaceApi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi;
175
- /**
176
- * Workspace destinations
177
- */
178
342
  workspaceUi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi;
179
343
  }
344
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountApi {
345
+ scopeQualifier?: string;
346
+ scopes?: string[];
347
+ }
348
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne {
349
+ allDestinations?: boolean;
350
+ }
351
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountUi {
352
+ allDestinations?: boolean;
353
+ }
354
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime {
355
+ allDestinations?: boolean;
356
+ }
357
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime {
358
+ allDestinations?: boolean;
359
+ }
180
360
  export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi {
361
+ scopeQualifier?: string;
181
362
  scopes?: string[];
182
363
  }
183
364
  export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi {
@@ -212,10 +393,6 @@ export interface AccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginInc
212
393
  export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRule {
213
394
  authentication?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentication;
214
395
  destination?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination;
215
- /**
216
- * User-provided name for this ingress rule. Helps identify which rule
217
- * caused a request to be denied or dry-run denied
218
- */
219
396
  label?: string;
220
397
  origin?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOrigin;
221
398
  }
@@ -237,14 +414,33 @@ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentica
237
414
  principalType?: string;
238
415
  }
239
416
  export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination {
417
+ accountApi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountApi;
418
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne;
419
+ accountUi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountUi;
240
420
  allDestinations?: boolean;
421
+ appsRuntime?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime;
422
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime;
241
423
  workspaceApi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi;
242
- /**
243
- * Workspace destinations
244
- */
245
424
  workspaceUi?: outputs.AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi;
246
425
  }
426
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountApi {
427
+ scopeQualifier?: string;
428
+ scopes?: string[];
429
+ }
430
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne {
431
+ allDestinations?: boolean;
432
+ }
433
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountUi {
434
+ allDestinations?: boolean;
435
+ }
436
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime {
437
+ allDestinations?: boolean;
438
+ }
439
+ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime {
440
+ allDestinations?: boolean;
441
+ }
247
442
  export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi {
443
+ scopeQualifier?: string;
248
444
  scopes?: string[];
249
445
  }
250
446
  export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi {
@@ -276,6 +472,141 @@ export interface AccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginIncl
276
472
  */
277
473
  ipRanges?: string[];
278
474
  }
475
+ export interface AccountNetworkPolicyIngressPrivateAccess {
476
+ allowRules?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRule[];
477
+ denyRules?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRule[];
478
+ restrictionMode: string;
479
+ }
480
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRule {
481
+ authentication?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleAuthentication;
482
+ destination?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestination;
483
+ label?: string;
484
+ origin?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleOrigin;
485
+ }
486
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleAuthentication {
487
+ /**
488
+ * Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
489
+ */
490
+ identities?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleAuthenticationIdentity[];
491
+ /**
492
+ * Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
493
+ */
494
+ identityType?: string;
495
+ }
496
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleAuthenticationIdentity {
497
+ principalId?: string;
498
+ /**
499
+ * Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
500
+ */
501
+ principalType?: string;
502
+ }
503
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestination {
504
+ accountApi?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountApi;
505
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne;
506
+ accountUi?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountUi;
507
+ allDestinations?: boolean;
508
+ appsRuntime?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAppsRuntime;
509
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationLakebaseRuntime;
510
+ workspaceApi?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceApi;
511
+ workspaceUi?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceUi;
512
+ }
513
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountApi {
514
+ scopeQualifier?: string;
515
+ scopes?: string[];
516
+ }
517
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne {
518
+ allDestinations?: boolean;
519
+ }
520
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountUi {
521
+ allDestinations?: boolean;
522
+ }
523
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAppsRuntime {
524
+ allDestinations?: boolean;
525
+ }
526
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationLakebaseRuntime {
527
+ allDestinations?: boolean;
528
+ }
529
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceApi {
530
+ scopeQualifier?: string;
531
+ scopes?: string[];
532
+ }
533
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceUi {
534
+ allDestinations?: boolean;
535
+ }
536
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleOrigin {
537
+ allPrivateAccess?: boolean;
538
+ allRegisteredEndpoints?: boolean;
539
+ azureWorkspacePrivateLink?: boolean;
540
+ endpoints?: outputs.AccountNetworkPolicyIngressPrivateAccessAllowRuleOriginEndpoints;
541
+ }
542
+ export interface AccountNetworkPolicyIngressPrivateAccessAllowRuleOriginEndpoints {
543
+ endpointIds?: string[];
544
+ }
545
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRule {
546
+ authentication?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleAuthentication;
547
+ destination?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestination;
548
+ label?: string;
549
+ origin?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleOrigin;
550
+ }
551
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleAuthentication {
552
+ /**
553
+ * Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
554
+ */
555
+ identities?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleAuthenticationIdentity[];
556
+ /**
557
+ * Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
558
+ */
559
+ identityType?: string;
560
+ }
561
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleAuthenticationIdentity {
562
+ principalId?: string;
563
+ /**
564
+ * Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
565
+ */
566
+ principalType?: string;
567
+ }
568
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestination {
569
+ accountApi?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountApi;
570
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne;
571
+ accountUi?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountUi;
572
+ allDestinations?: boolean;
573
+ appsRuntime?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAppsRuntime;
574
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationLakebaseRuntime;
575
+ workspaceApi?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceApi;
576
+ workspaceUi?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceUi;
577
+ }
578
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountApi {
579
+ scopeQualifier?: string;
580
+ scopes?: string[];
581
+ }
582
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne {
583
+ allDestinations?: boolean;
584
+ }
585
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountUi {
586
+ allDestinations?: boolean;
587
+ }
588
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAppsRuntime {
589
+ allDestinations?: boolean;
590
+ }
591
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationLakebaseRuntime {
592
+ allDestinations?: boolean;
593
+ }
594
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceApi {
595
+ scopeQualifier?: string;
596
+ scopes?: string[];
597
+ }
598
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceUi {
599
+ allDestinations?: boolean;
600
+ }
601
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleOrigin {
602
+ allPrivateAccess?: boolean;
603
+ allRegisteredEndpoints?: boolean;
604
+ azureWorkspacePrivateLink?: boolean;
605
+ endpoints?: outputs.AccountNetworkPolicyIngressPrivateAccessDenyRuleOriginEndpoints;
606
+ }
607
+ export interface AccountNetworkPolicyIngressPrivateAccessDenyRuleOriginEndpoints {
608
+ endpointIds?: string[];
609
+ }
279
610
  export interface AccountNetworkPolicyIngressPublicAccess {
280
611
  allowRules?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRule[];
281
612
  denyRules?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRule[];
@@ -284,10 +615,6 @@ export interface AccountNetworkPolicyIngressPublicAccess {
284
615
  export interface AccountNetworkPolicyIngressPublicAccessAllowRule {
285
616
  authentication?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleAuthentication;
286
617
  destination?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestination;
287
- /**
288
- * User-provided name for this ingress rule. Helps identify which rule
289
- * caused a request to be denied or dry-run denied
290
- */
291
618
  label?: string;
292
619
  origin?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleOrigin;
293
620
  }
@@ -309,14 +636,33 @@ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleAuthenticationI
309
636
  principalType?: string;
310
637
  }
311
638
  export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestination {
639
+ accountApi?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountApi;
640
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountDatabricksOne;
641
+ accountUi?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountUi;
312
642
  allDestinations?: boolean;
643
+ appsRuntime?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAppsRuntime;
644
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationLakebaseRuntime;
313
645
  workspaceApi?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceApi;
314
- /**
315
- * Workspace destinations
316
- */
317
646
  workspaceUi?: outputs.AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceUi;
318
647
  }
648
+ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountApi {
649
+ scopeQualifier?: string;
650
+ scopes?: string[];
651
+ }
652
+ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountDatabricksOne {
653
+ allDestinations?: boolean;
654
+ }
655
+ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountUi {
656
+ allDestinations?: boolean;
657
+ }
658
+ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAppsRuntime {
659
+ allDestinations?: boolean;
660
+ }
661
+ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationLakebaseRuntime {
662
+ allDestinations?: boolean;
663
+ }
319
664
  export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceApi {
665
+ scopeQualifier?: string;
320
666
  scopes?: string[];
321
667
  }
322
668
  export interface AccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceUi {
@@ -351,10 +697,6 @@ export interface AccountNetworkPolicyIngressPublicAccessAllowRuleOriginIncludedI
351
697
  export interface AccountNetworkPolicyIngressPublicAccessDenyRule {
352
698
  authentication?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleAuthentication;
353
699
  destination?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestination;
354
- /**
355
- * User-provided name for this ingress rule. Helps identify which rule
356
- * caused a request to be denied or dry-run denied
357
- */
358
700
  label?: string;
359
701
  origin?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleOrigin;
360
702
  }
@@ -376,14 +718,33 @@ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleAuthenticationId
376
718
  principalType?: string;
377
719
  }
378
720
  export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestination {
721
+ accountApi?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountApi;
722
+ accountDatabricksOne?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountDatabricksOne;
723
+ accountUi?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountUi;
379
724
  allDestinations?: boolean;
725
+ appsRuntime?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAppsRuntime;
726
+ lakebaseRuntime?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationLakebaseRuntime;
380
727
  workspaceApi?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceApi;
381
- /**
382
- * Workspace destinations
383
- */
384
728
  workspaceUi?: outputs.AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceUi;
385
729
  }
730
+ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountApi {
731
+ scopeQualifier?: string;
732
+ scopes?: string[];
733
+ }
734
+ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountDatabricksOne {
735
+ allDestinations?: boolean;
736
+ }
737
+ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountUi {
738
+ allDestinations?: boolean;
739
+ }
740
+ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAppsRuntime {
741
+ allDestinations?: boolean;
742
+ }
743
+ export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationLakebaseRuntime {
744
+ allDestinations?: boolean;
745
+ }
386
746
  export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceApi {
747
+ scopeQualifier?: string;
387
748
  scopes?: string[];
388
749
  }
389
750
  export interface AccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceUi {
@@ -1633,6 +1994,7 @@ export interface ClusterGcpAttributes {
1633
1994
  * Boot disk size in GB
1634
1995
  */
1635
1996
  bootDiskSize?: number;
1997
+ confidentialComputeType?: string;
1636
1998
  /**
1637
1999
  * The first `firstOnDemand` nodes of the cluster will be placed on on-demand instances. If this value is greater than 0, the cluster driver node will be placed on an on-demand instance. If this value is greater than or equal to the current cluster size, all nodes will be placed on on-demand instances. If this value is less than the current cluster size, `firstOnDemand` nodes will be placed on on-demand instances, and the remainder will be placed on availability instances. This value does not affect cluster size and cannot be mutated over the lifetime of a cluster.
1638
2000
  */
@@ -1771,7 +2133,7 @@ export interface ClusterPolicyLibrary {
1771
2133
  /**
1772
2134
  * Configure the provider for management through account provider. This block consists of the following fields:
1773
2135
  */
1774
- providerConfig?: outputs.ClusterPolicyLibraryProviderConfig;
2136
+ providerConfig: outputs.ClusterPolicyLibraryProviderConfig;
1775
2137
  pypi?: outputs.ClusterPolicyLibraryPypi;
1776
2138
  requirements?: string;
1777
2139
  whl?: string;
@@ -1966,7 +2328,8 @@ export interface DataClassificationCatalogConfigAutoTagConfig {
1966
2328
  */
1967
2329
  autoTaggingMode: string;
1968
2330
  /**
1969
- * The Classification Tag (e.g., "class.name", "class.location")
2331
+ * The Classification Tag. For built-in classes this is a system tag (e.g., "class.name",
2332
+ * "class.location"); for custom classes it is a user-defined governance tag key
1970
2333
  */
1971
2334
  classificationTag: string;
1972
2335
  }
@@ -2545,8 +2908,77 @@ export interface DisableLegacyFeaturesSettingDisableLegacyFeatures {
2545
2908
  value: boolean;
2546
2909
  }
2547
2910
  export interface DisableLegacyFeaturesSettingProviderConfig {
2911
+ /**
2912
+ * @deprecated workspace_id is ignored for account-only resources.
2913
+ */
2548
2914
  workspaceId: string;
2549
2915
  }
2916
+ export interface DisasterRecoveryFailoverGroupUnityCatalogAssets {
2917
+ /**
2918
+ * UC catalogs to replicate
2919
+ */
2920
+ catalogs: outputs.DisasterRecoveryFailoverGroupUnityCatalogAssetsCatalog[];
2921
+ /**
2922
+ * The workspace set whose workspaces will be used for data replication
2923
+ * of all UC catalogs' underlying storage
2924
+ */
2925
+ dataReplicationWorkspaceSet: string;
2926
+ /**
2927
+ * Location mappings - storage URI per region for each location
2928
+ */
2929
+ locationMappings?: outputs.DisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMapping[];
2930
+ }
2931
+ export interface DisasterRecoveryFailoverGroupUnityCatalogAssetsCatalog {
2932
+ /**
2933
+ * (string) - Fully qualified resource name in the format
2934
+ * accounts/{account_id}/failover-groups/{failover_group_id}
2935
+ */
2936
+ name: string;
2937
+ }
2938
+ export interface DisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMapping {
2939
+ /**
2940
+ * (string) - Fully qualified resource name in the format
2941
+ * accounts/{account_id}/failover-groups/{failover_group_id}
2942
+ */
2943
+ name: string;
2944
+ /**
2945
+ * URI for each region. Each entry maps a region name to a storage URI
2946
+ */
2947
+ uriByRegions: outputs.DisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion[];
2948
+ }
2949
+ export interface DisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion {
2950
+ /**
2951
+ * The region name
2952
+ */
2953
+ region: string;
2954
+ /**
2955
+ * The storage URI for this region
2956
+ */
2957
+ uri: string;
2958
+ }
2959
+ export interface DisasterRecoveryFailoverGroupWorkspaceSet {
2960
+ /**
2961
+ * (string) - Fully qualified resource name in the format
2962
+ * accounts/{account_id}/failover-groups/{failover_group_id}
2963
+ */
2964
+ name: string;
2965
+ /**
2966
+ * Whether to enable control plane DR (notebooks, jobs, clusters, etc.) for this set.
2967
+ * Requires all workspaces in the set to be Mission Critical tier
2968
+ */
2969
+ replicateWorkspaceAssets: boolean;
2970
+ /**
2971
+ * Resource names of stable URLs associated with this workspace set.
2972
+ * Format: accounts/{account_id}/stable-urls/{stable_url_id}.
2973
+ * The referenced stable URLs must already exist (via CreateStableUrl)
2974
+ */
2975
+ stableUrlNames?: string[];
2976
+ /**
2977
+ * Workspace IDs in this set. The system derives and validates regions.
2978
+ * EA: exactly 2 workspaces (one per region)
2979
+ */
2980
+ workspaceIds: string[];
2981
+ }
2550
2982
  export interface EndpointAzurePrivateEndpointInfo {
2551
2983
  /**
2552
2984
  * The name of the Private Endpoint in the Azure subscription
@@ -3071,8 +3503,13 @@ export interface FeatureEngineeringKafkaConfigAuthConfig {
3071
3503
  }
3072
3504
  export interface FeatureEngineeringKafkaConfigBackfillSource {
3073
3505
  /**
3074
- * The Delta table source containing the historic data to backfill.
3075
- * Only the delta table name is used for backfill, the entity columns and timeseries column are ignored as they are defined by the associated KafkaSource
3506
+ * The full three-part name (catalog, schema, name) of the Delta table containing the historical data to backfill
3507
+ */
3508
+ deltaTableName?: string;
3509
+ /**
3510
+ * Deprecated: Use deltaTableName instead. Kept for backwards compatibility.
3511
+ * The Delta table source containing the historical data to backfill.
3512
+ * Only the delta table name is used for backfill, other fields are ignored
3076
3513
  */
3077
3514
  deltaTableSource?: outputs.FeatureEngineeringKafkaConfigBackfillSourceDeltaTableSource;
3078
3515
  }
@@ -3329,6 +3766,12 @@ export interface GetAccountNetworkPoliciesItemEgressNetworkAccess {
3329
3766
  * (list of EgressNetworkPolicyNetworkAccessPolicyStorageDestination) - List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
3330
3767
  */
3331
3768
  allowedStorageDestinations?: outputs.GetAccountNetworkPoliciesItemEgressNetworkAccessAllowedStorageDestination[];
3769
+ /**
3770
+ * (list of EgressNetworkPolicyNetworkAccessPolicyInternetDestination) - List of internet destinations that serverless workloads are blocked from accessing.
3771
+ * These destinations are enforced when restriction mode is RESTRICTED_ACCESS or DRY_RUN.
3772
+ * Currently supports DNS_NAME type only; IP_RANGE support is planned
3773
+ */
3774
+ blockedInternetDestinations?: outputs.GetAccountNetworkPoliciesItemEgressNetworkAccessBlockedInternetDestination[];
3332
3775
  /**
3333
3776
  * (EgressNetworkPolicyNetworkAccessPolicyPolicyEnforcement) - Optional. When policyEnforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES
3334
3777
  */
@@ -3370,12 +3813,22 @@ export interface GetAccountNetworkPoliciesItemEgressNetworkAccessAllowedStorageD
3370
3813
  */
3371
3814
  storageDestinationType?: string;
3372
3815
  }
3373
- export interface GetAccountNetworkPoliciesItemEgressNetworkAccessPolicyEnforcement {
3816
+ export interface GetAccountNetworkPoliciesItemEgressNetworkAccessBlockedInternetDestination {
3374
3817
  /**
3375
- * (list of string) - When empty, it means dry run for all products.
3376
- * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode
3818
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3377
3819
  */
3378
- dryRunModeProductFilters?: string[];
3820
+ destination?: string;
3821
+ /**
3822
+ * (string) - The type of internet destination. Currently only DNS_NAME is supported. Possible values are: `DNS_NAME`
3823
+ */
3824
+ internetDestinationType?: string;
3825
+ }
3826
+ export interface GetAccountNetworkPoliciesItemEgressNetworkAccessPolicyEnforcement {
3827
+ /**
3828
+ * (list of string) - When empty, it means dry run for all products.
3829
+ * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode
3830
+ */
3831
+ dryRunModeProductFilters?: string[];
3379
3832
  /**
3380
3833
  * (string) - The mode of policy enforcement. ENFORCED blocks traffic that violates policy,
3381
3834
  * while DRY_RUN only logs violations without blocking. When not specified,
@@ -3385,60 +3838,71 @@ export interface GetAccountNetworkPoliciesItemEgressNetworkAccessPolicyEnforceme
3385
3838
  }
3386
3839
  export interface GetAccountNetworkPoliciesItemIngress {
3387
3840
  /**
3388
- * (CustomerFacingIngressNetworkPolicyPublicAccess)
3841
+ * (CustomerFacingIngressNetworkPolicyPrivateAccess) - The network policy restrictions for private access to the workspace.
3842
+ * Configures how registered private endpoints are allowed or denied access
3843
+ */
3844
+ privateAccess?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccess;
3845
+ /**
3846
+ * (CustomerFacingIngressNetworkPolicyPublicAccess) - The network policy restrictions for public access to the workspace.
3847
+ * Configures how public internet traffic is allowed or denied access
3389
3848
  */
3390
3849
  publicAccess?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccess;
3391
3850
  }
3392
3851
  export interface GetAccountNetworkPoliciesItemIngressDryRun {
3393
3852
  /**
3394
- * (CustomerFacingIngressNetworkPolicyPublicAccess)
3853
+ * (CustomerFacingIngressNetworkPolicyPrivateAccess) - The network policy restrictions for private access to the workspace.
3854
+ * Configures how registered private endpoints are allowed or denied access
3855
+ */
3856
+ privateAccess?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccess;
3857
+ /**
3858
+ * (CustomerFacingIngressNetworkPolicyPublicAccess) - The network policy restrictions for public access to the workspace.
3859
+ * Configures how public internet traffic is allowed or denied access
3395
3860
  */
3396
3861
  publicAccess?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccess;
3397
3862
  }
3398
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccess {
3863
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccess {
3399
3864
  /**
3400
3865
  * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3401
3866
  */
3402
- allowRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRule[];
3867
+ allowRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRule[];
3403
3868
  /**
3404
3869
  * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3405
3870
  */
3406
- denyRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRule[];
3871
+ denyRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRule[];
3407
3872
  /**
3408
3873
  * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
3409
3874
  */
3410
3875
  restrictionMode: string;
3411
3876
  }
3412
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRule {
3877
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRule {
3413
3878
  /**
3414
3879
  * (CustomerFacingIngressNetworkPolicyAuthentication)
3415
3880
  */
3416
- authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthentication;
3881
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleAuthentication;
3417
3882
  /**
3418
3883
  * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3419
3884
  */
3420
- destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestination;
3885
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestination;
3421
3886
  /**
3422
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3423
- * caused a request to be denied or dry-run denied
3887
+ * (string) - The label for this ingress rule
3424
3888
  */
3425
3889
  label?: string;
3426
3890
  /**
3427
3891
  * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3428
3892
  */
3429
- origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOrigin;
3893
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleOrigin;
3430
3894
  }
3431
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthentication {
3895
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleAuthentication {
3432
3896
  /**
3433
3897
  * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3434
3898
  */
3435
- identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthenticationIdentity[];
3899
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity[];
3436
3900
  /**
3437
3901
  * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
3438
3902
  */
3439
3903
  identityType?: string;
3440
3904
  }
3441
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthenticationIdentity {
3905
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity {
3442
3906
  /**
3443
3907
  * (integer)
3444
3908
  */
@@ -3448,88 +3912,143 @@ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRule
3448
3912
  */
3449
3913
  principalType?: string;
3450
3914
  }
3451
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestination {
3915
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestination {
3916
+ /**
3917
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
3918
+ */
3919
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountApi;
3920
+ /**
3921
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
3922
+ */
3923
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne;
3924
+ /**
3925
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
3926
+ */
3927
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountUi;
3452
3928
  /**
3453
3929
  * (boolean) - Must be set to true
3454
3930
  */
3455
3931
  allDestinations?: boolean;
3932
+ /**
3933
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
3934
+ */
3935
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime;
3936
+ /**
3937
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
3938
+ */
3939
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime;
3456
3940
  /**
3457
3941
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
3458
3942
  */
3459
- workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi;
3943
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi;
3460
3944
  /**
3461
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
3945
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
3462
3946
  */
3463
- workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi;
3947
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi;
3464
3948
  }
3465
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi {
3949
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountApi {
3950
+ /**
3951
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
3952
+ */
3953
+ scopeQualifier?: string;
3466
3954
  /**
3467
3955
  * (list of string)
3468
3956
  */
3469
3957
  scopes?: string[];
3470
3958
  }
3471
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi {
3959
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne {
3472
3960
  /**
3473
3961
  * (boolean) - Must be set to true
3474
3962
  */
3475
3963
  allDestinations?: boolean;
3476
3964
  }
3477
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOrigin {
3965
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAccountUi {
3478
3966
  /**
3479
- * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
3967
+ * (boolean) - Must be set to true
3480
3968
  */
3481
- allIpRanges?: boolean;
3969
+ allDestinations?: boolean;
3970
+ }
3971
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime {
3482
3972
  /**
3483
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
3973
+ * (boolean) - Must be set to true
3484
3974
  */
3485
- excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges;
3975
+ allDestinations?: boolean;
3976
+ }
3977
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime {
3486
3978
  /**
3487
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
3979
+ * (boolean) - Must be set to true
3488
3980
  */
3489
- includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges;
3981
+ allDestinations?: boolean;
3490
3982
  }
3491
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges {
3983
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi {
3492
3984
  /**
3493
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3985
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
3494
3986
  */
3495
- ipRanges?: string[];
3987
+ scopeQualifier?: string;
3988
+ /**
3989
+ * (list of string)
3990
+ */
3991
+ scopes?: string[];
3496
3992
  }
3497
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges {
3993
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi {
3498
3994
  /**
3499
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3995
+ * (boolean) - Must be set to true
3500
3996
  */
3501
- ipRanges?: string[];
3997
+ allDestinations?: boolean;
3502
3998
  }
3503
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRule {
3999
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleOrigin {
4000
+ /**
4001
+ * (boolean)
4002
+ */
4003
+ allPrivateAccess?: boolean;
4004
+ /**
4005
+ * (boolean)
4006
+ */
4007
+ allRegisteredEndpoints?: boolean;
4008
+ /**
4009
+ * (boolean)
4010
+ */
4011
+ azureWorkspacePrivateLink?: boolean;
4012
+ /**
4013
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
4014
+ */
4015
+ endpoints?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleOriginEndpoints;
4016
+ }
4017
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessAllowRuleOriginEndpoints {
4018
+ /**
4019
+ * (list of string)
4020
+ */
4021
+ endpointIds?: string[];
4022
+ }
4023
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRule {
3504
4024
  /**
3505
4025
  * (CustomerFacingIngressNetworkPolicyAuthentication)
3506
4026
  */
3507
- authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthentication;
4027
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleAuthentication;
3508
4028
  /**
3509
4029
  * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3510
4030
  */
3511
- destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestination;
4031
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestination;
3512
4032
  /**
3513
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3514
- * caused a request to be denied or dry-run denied
4033
+ * (string) - The label for this ingress rule
3515
4034
  */
3516
4035
  label?: string;
3517
4036
  /**
3518
4037
  * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3519
4038
  */
3520
- origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOrigin;
4039
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleOrigin;
3521
4040
  }
3522
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthentication {
4041
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleAuthentication {
3523
4042
  /**
3524
4043
  * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3525
4044
  */
3526
- identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthenticationIdentity[];
4045
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity[];
3527
4046
  /**
3528
4047
  * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
3529
4048
  */
3530
4049
  identityType?: string;
3531
4050
  }
3532
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthenticationIdentity {
4051
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity {
3533
4052
  /**
3534
4053
  * (integer)
3535
4054
  */
@@ -3539,102 +4058,157 @@ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleA
3539
4058
  */
3540
4059
  principalType?: string;
3541
4060
  }
3542
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestination {
4061
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestination {
4062
+ /**
4063
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4064
+ */
4065
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountApi;
4066
+ /**
4067
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4068
+ */
4069
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne;
4070
+ /**
4071
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4072
+ */
4073
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountUi;
3543
4074
  /**
3544
4075
  * (boolean) - Must be set to true
3545
4076
  */
3546
4077
  allDestinations?: boolean;
4078
+ /**
4079
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
4080
+ */
4081
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime;
4082
+ /**
4083
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4084
+ */
4085
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime;
3547
4086
  /**
3548
4087
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
3549
4088
  */
3550
- workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi;
4089
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi;
3551
4090
  /**
3552
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
4091
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
3553
4092
  */
3554
- workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi;
4093
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi;
3555
4094
  }
3556
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi {
4095
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountApi {
4096
+ /**
4097
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4098
+ */
4099
+ scopeQualifier?: string;
3557
4100
  /**
3558
4101
  * (list of string)
3559
4102
  */
3560
4103
  scopes?: string[];
3561
4104
  }
3562
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi {
4105
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne {
3563
4106
  /**
3564
4107
  * (boolean) - Must be set to true
3565
4108
  */
3566
4109
  allDestinations?: boolean;
3567
4110
  }
3568
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOrigin {
4111
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAccountUi {
3569
4112
  /**
3570
- * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
4113
+ * (boolean) - Must be set to true
3571
4114
  */
3572
- allIpRanges?: boolean;
4115
+ allDestinations?: boolean;
4116
+ }
4117
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime {
3573
4118
  /**
3574
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
4119
+ * (boolean) - Must be set to true
3575
4120
  */
3576
- excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges;
4121
+ allDestinations?: boolean;
4122
+ }
4123
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime {
3577
4124
  /**
3578
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
4125
+ * (boolean) - Must be set to true
3579
4126
  */
3580
- includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges;
4127
+ allDestinations?: boolean;
3581
4128
  }
3582
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges {
4129
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi {
3583
4130
  /**
3584
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4131
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
3585
4132
  */
3586
- ipRanges?: string[];
4133
+ scopeQualifier?: string;
4134
+ /**
4135
+ * (list of string)
4136
+ */
4137
+ scopes?: string[];
3587
4138
  }
3588
- export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges {
4139
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi {
3589
4140
  /**
3590
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4141
+ * (boolean) - Must be set to true
3591
4142
  */
3592
- ipRanges?: string[];
4143
+ allDestinations?: boolean;
3593
4144
  }
3594
- export interface GetAccountNetworkPoliciesItemIngressPublicAccess {
4145
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleOrigin {
4146
+ /**
4147
+ * (boolean)
4148
+ */
4149
+ allPrivateAccess?: boolean;
4150
+ /**
4151
+ * (boolean)
4152
+ */
4153
+ allRegisteredEndpoints?: boolean;
4154
+ /**
4155
+ * (boolean)
4156
+ */
4157
+ azureWorkspacePrivateLink?: boolean;
4158
+ /**
4159
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
4160
+ */
4161
+ endpoints?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleOriginEndpoints;
4162
+ }
4163
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPrivateAccessDenyRuleOriginEndpoints {
4164
+ /**
4165
+ * (list of string)
4166
+ */
4167
+ endpointIds?: string[];
4168
+ }
4169
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccess {
3595
4170
  /**
3596
4171
  * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3597
4172
  */
3598
- allowRules?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRule[];
4173
+ allowRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRule[];
3599
4174
  /**
3600
4175
  * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3601
4176
  */
3602
- denyRules?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRule[];
4177
+ denyRules?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRule[];
3603
4178
  /**
3604
4179
  * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
3605
4180
  */
3606
4181
  restrictionMode: string;
3607
4182
  }
3608
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRule {
4183
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRule {
3609
4184
  /**
3610
4185
  * (CustomerFacingIngressNetworkPolicyAuthentication)
3611
4186
  */
3612
- authentication?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthentication;
4187
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthentication;
3613
4188
  /**
3614
4189
  * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3615
4190
  */
3616
- destination?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestination;
4191
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestination;
3617
4192
  /**
3618
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3619
- * caused a request to be denied or dry-run denied
4193
+ * (string) - The label for this ingress rule
3620
4194
  */
3621
4195
  label?: string;
3622
4196
  /**
3623
4197
  * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3624
4198
  */
3625
- origin?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOrigin;
4199
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOrigin;
3626
4200
  }
3627
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthentication {
4201
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthentication {
3628
4202
  /**
3629
4203
  * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3630
4204
  */
3631
- identities?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthenticationIdentity[];
4205
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthenticationIdentity[];
3632
4206
  /**
3633
4207
  * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
3634
4208
  */
3635
4209
  identityType?: string;
3636
4210
  }
3637
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthenticationIdentity {
4211
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleAuthenticationIdentity {
3638
4212
  /**
3639
4213
  * (integer)
3640
4214
  */
@@ -3644,33 +4218,91 @@ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthen
3644
4218
  */
3645
4219
  principalType?: string;
3646
4220
  }
3647
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestination {
4221
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestination {
4222
+ /**
4223
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4224
+ */
4225
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountApi;
4226
+ /**
4227
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4228
+ */
4229
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne;
4230
+ /**
4231
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4232
+ */
4233
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountUi;
3648
4234
  /**
3649
4235
  * (boolean) - Must be set to true
3650
4236
  */
3651
4237
  allDestinations?: boolean;
4238
+ /**
4239
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
4240
+ */
4241
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime;
4242
+ /**
4243
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4244
+ */
4245
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime;
3652
4246
  /**
3653
4247
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
3654
4248
  */
3655
- workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceApi;
4249
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi;
3656
4250
  /**
3657
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
4251
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
3658
4252
  */
3659
- workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceUi;
4253
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi;
3660
4254
  }
3661
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceApi {
4255
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountApi {
4256
+ /**
4257
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4258
+ */
4259
+ scopeQualifier?: string;
3662
4260
  /**
3663
4261
  * (list of string)
3664
4262
  */
3665
4263
  scopes?: string[];
3666
4264
  }
3667
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceUi {
4265
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne {
3668
4266
  /**
3669
4267
  * (boolean) - Must be set to true
3670
4268
  */
3671
4269
  allDestinations?: boolean;
3672
4270
  }
3673
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOrigin {
4271
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAccountUi {
4272
+ /**
4273
+ * (boolean) - Must be set to true
4274
+ */
4275
+ allDestinations?: boolean;
4276
+ }
4277
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime {
4278
+ /**
4279
+ * (boolean) - Must be set to true
4280
+ */
4281
+ allDestinations?: boolean;
4282
+ }
4283
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime {
4284
+ /**
4285
+ * (boolean) - Must be set to true
4286
+ */
4287
+ allDestinations?: boolean;
4288
+ }
4289
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi {
4290
+ /**
4291
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4292
+ */
4293
+ scopeQualifier?: string;
4294
+ /**
4295
+ * (list of string)
4296
+ */
4297
+ scopes?: string[];
4298
+ }
4299
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi {
4300
+ /**
4301
+ * (boolean) - Must be set to true
4302
+ */
4303
+ allDestinations?: boolean;
4304
+ }
4305
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOrigin {
3674
4306
  /**
3675
4307
  * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
3676
4308
  */
@@ -3678,54 +4310,53 @@ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOrigin
3678
4310
  /**
3679
4311
  * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
3680
4312
  */
3681
- excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginExcludedIpRanges;
4313
+ excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges;
3682
4314
  /**
3683
4315
  * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
3684
4316
  */
3685
- includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginIncludedIpRanges;
4317
+ includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges;
3686
4318
  }
3687
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginExcludedIpRanges {
4319
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges {
3688
4320
  /**
3689
4321
  * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3690
4322
  */
3691
4323
  ipRanges?: string[];
3692
4324
  }
3693
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginIncludedIpRanges {
4325
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges {
3694
4326
  /**
3695
4327
  * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3696
4328
  */
3697
4329
  ipRanges?: string[];
3698
4330
  }
3699
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRule {
4331
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRule {
3700
4332
  /**
3701
4333
  * (CustomerFacingIngressNetworkPolicyAuthentication)
3702
4334
  */
3703
- authentication?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthentication;
4335
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthentication;
3704
4336
  /**
3705
4337
  * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3706
4338
  */
3707
- destination?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestination;
4339
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestination;
3708
4340
  /**
3709
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3710
- * caused a request to be denied or dry-run denied
4341
+ * (string) - The label for this ingress rule
3711
4342
  */
3712
4343
  label?: string;
3713
4344
  /**
3714
4345
  * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3715
4346
  */
3716
- origin?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOrigin;
4347
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOrigin;
3717
4348
  }
3718
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthentication {
4349
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthentication {
3719
4350
  /**
3720
4351
  * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3721
4352
  */
3722
- identities?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthenticationIdentity[];
4353
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthenticationIdentity[];
3723
4354
  /**
3724
4355
  * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
3725
4356
  */
3726
4357
  identityType?: string;
3727
4358
  }
3728
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthenticationIdentity {
4359
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleAuthenticationIdentity {
3729
4360
  /**
3730
4361
  * (integer)
3731
4362
  */
@@ -3735,33 +4366,1432 @@ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthent
3735
4366
  */
3736
4367
  principalType?: string;
3737
4368
  }
3738
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestination {
4369
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestination {
4370
+ /**
4371
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4372
+ */
4373
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountApi;
4374
+ /**
4375
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4376
+ */
4377
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne;
4378
+ /**
4379
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4380
+ */
4381
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountUi;
3739
4382
  /**
3740
4383
  * (boolean) - Must be set to true
3741
4384
  */
3742
4385
  allDestinations?: boolean;
3743
4386
  /**
3744
- * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4387
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
3745
4388
  */
3746
- workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceApi;
4389
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime;
3747
4390
  /**
3748
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
4391
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4392
+ */
4393
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime;
4394
+ /**
4395
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4396
+ */
4397
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi;
4398
+ /**
4399
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4400
+ */
4401
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi;
4402
+ }
4403
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountApi {
4404
+ /**
4405
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4406
+ */
4407
+ scopeQualifier?: string;
4408
+ /**
4409
+ * (list of string)
4410
+ */
4411
+ scopes?: string[];
4412
+ }
4413
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne {
4414
+ /**
4415
+ * (boolean) - Must be set to true
4416
+ */
4417
+ allDestinations?: boolean;
4418
+ }
4419
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAccountUi {
4420
+ /**
4421
+ * (boolean) - Must be set to true
4422
+ */
4423
+ allDestinations?: boolean;
4424
+ }
4425
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime {
4426
+ /**
4427
+ * (boolean) - Must be set to true
4428
+ */
4429
+ allDestinations?: boolean;
4430
+ }
4431
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime {
4432
+ /**
4433
+ * (boolean) - Must be set to true
4434
+ */
4435
+ allDestinations?: boolean;
4436
+ }
4437
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi {
4438
+ /**
4439
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4440
+ */
4441
+ scopeQualifier?: string;
4442
+ /**
4443
+ * (list of string)
4444
+ */
4445
+ scopes?: string[];
4446
+ }
4447
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi {
4448
+ /**
4449
+ * (boolean) - Must be set to true
4450
+ */
4451
+ allDestinations?: boolean;
4452
+ }
4453
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOrigin {
4454
+ /**
4455
+ * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
4456
+ */
4457
+ allIpRanges?: boolean;
4458
+ /**
4459
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
4460
+ */
4461
+ excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges;
4462
+ /**
4463
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
4464
+ */
4465
+ includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges;
4466
+ }
4467
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges {
4468
+ /**
4469
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4470
+ */
4471
+ ipRanges?: string[];
4472
+ }
4473
+ export interface GetAccountNetworkPoliciesItemIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges {
4474
+ /**
4475
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4476
+ */
4477
+ ipRanges?: string[];
4478
+ }
4479
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccess {
4480
+ /**
4481
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
4482
+ */
4483
+ allowRules?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRule[];
4484
+ /**
4485
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
4486
+ */
4487
+ denyRules?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRule[];
4488
+ /**
4489
+ * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
4490
+ */
4491
+ restrictionMode: string;
4492
+ }
4493
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRule {
4494
+ /**
4495
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
4496
+ */
4497
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleAuthentication;
4498
+ /**
4499
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
4500
+ */
4501
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestination;
4502
+ /**
4503
+ * (string) - The label for this ingress rule
4504
+ */
4505
+ label?: string;
4506
+ /**
4507
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
4508
+ */
4509
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleOrigin;
4510
+ }
4511
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleAuthentication {
4512
+ /**
4513
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
4514
+ */
4515
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleAuthenticationIdentity[];
4516
+ /**
4517
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
4518
+ */
4519
+ identityType?: string;
4520
+ }
4521
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleAuthenticationIdentity {
4522
+ /**
4523
+ * (integer)
4524
+ */
4525
+ principalId?: number;
4526
+ /**
4527
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
4528
+ */
4529
+ principalType?: string;
4530
+ }
4531
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestination {
4532
+ /**
4533
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4534
+ */
4535
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountApi;
4536
+ /**
4537
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4538
+ */
4539
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne;
4540
+ /**
4541
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4542
+ */
4543
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountUi;
4544
+ /**
4545
+ * (boolean) - Must be set to true
4546
+ */
4547
+ allDestinations?: boolean;
4548
+ /**
4549
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
4550
+ */
4551
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAppsRuntime;
4552
+ /**
4553
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4554
+ */
4555
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationLakebaseRuntime;
4556
+ /**
4557
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4558
+ */
4559
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationWorkspaceApi;
4560
+ /**
4561
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4562
+ */
4563
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationWorkspaceUi;
4564
+ }
4565
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountApi {
4566
+ /**
4567
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4568
+ */
4569
+ scopeQualifier?: string;
4570
+ /**
4571
+ * (list of string)
4572
+ */
4573
+ scopes?: string[];
4574
+ }
4575
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne {
4576
+ /**
4577
+ * (boolean) - Must be set to true
4578
+ */
4579
+ allDestinations?: boolean;
4580
+ }
4581
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAccountUi {
4582
+ /**
4583
+ * (boolean) - Must be set to true
4584
+ */
4585
+ allDestinations?: boolean;
4586
+ }
4587
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationAppsRuntime {
4588
+ /**
4589
+ * (boolean) - Must be set to true
4590
+ */
4591
+ allDestinations?: boolean;
4592
+ }
4593
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationLakebaseRuntime {
4594
+ /**
4595
+ * (boolean) - Must be set to true
4596
+ */
4597
+ allDestinations?: boolean;
4598
+ }
4599
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationWorkspaceApi {
4600
+ /**
4601
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4602
+ */
4603
+ scopeQualifier?: string;
4604
+ /**
4605
+ * (list of string)
4606
+ */
4607
+ scopes?: string[];
4608
+ }
4609
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleDestinationWorkspaceUi {
4610
+ /**
4611
+ * (boolean) - Must be set to true
4612
+ */
4613
+ allDestinations?: boolean;
4614
+ }
4615
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleOrigin {
4616
+ /**
4617
+ * (boolean)
4618
+ */
4619
+ allPrivateAccess?: boolean;
4620
+ /**
4621
+ * (boolean)
4622
+ */
4623
+ allRegisteredEndpoints?: boolean;
4624
+ /**
4625
+ * (boolean)
4626
+ */
4627
+ azureWorkspacePrivateLink?: boolean;
4628
+ /**
4629
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
4630
+ */
4631
+ endpoints?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleOriginEndpoints;
4632
+ }
4633
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessAllowRuleOriginEndpoints {
4634
+ /**
4635
+ * (list of string)
4636
+ */
4637
+ endpointIds?: string[];
4638
+ }
4639
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRule {
4640
+ /**
4641
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
4642
+ */
4643
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleAuthentication;
4644
+ /**
4645
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
4646
+ */
4647
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestination;
4648
+ /**
4649
+ * (string) - The label for this ingress rule
4650
+ */
4651
+ label?: string;
4652
+ /**
4653
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
4654
+ */
4655
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleOrigin;
4656
+ }
4657
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleAuthentication {
4658
+ /**
4659
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
4660
+ */
4661
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleAuthenticationIdentity[];
4662
+ /**
4663
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
4664
+ */
4665
+ identityType?: string;
4666
+ }
4667
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleAuthenticationIdentity {
4668
+ /**
4669
+ * (integer)
4670
+ */
4671
+ principalId?: number;
4672
+ /**
4673
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
4674
+ */
4675
+ principalType?: string;
4676
+ }
4677
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestination {
4678
+ /**
4679
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4680
+ */
4681
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountApi;
4682
+ /**
4683
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4684
+ */
4685
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne;
4686
+ /**
4687
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4688
+ */
4689
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountUi;
4690
+ /**
4691
+ * (boolean) - Must be set to true
4692
+ */
4693
+ allDestinations?: boolean;
4694
+ /**
4695
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
4696
+ */
4697
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAppsRuntime;
4698
+ /**
4699
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4700
+ */
4701
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationLakebaseRuntime;
4702
+ /**
4703
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4704
+ */
4705
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationWorkspaceApi;
4706
+ /**
4707
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4708
+ */
4709
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationWorkspaceUi;
4710
+ }
4711
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountApi {
4712
+ /**
4713
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4714
+ */
4715
+ scopeQualifier?: string;
4716
+ /**
4717
+ * (list of string)
4718
+ */
4719
+ scopes?: string[];
4720
+ }
4721
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne {
4722
+ /**
4723
+ * (boolean) - Must be set to true
4724
+ */
4725
+ allDestinations?: boolean;
4726
+ }
4727
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAccountUi {
4728
+ /**
4729
+ * (boolean) - Must be set to true
4730
+ */
4731
+ allDestinations?: boolean;
4732
+ }
4733
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationAppsRuntime {
4734
+ /**
4735
+ * (boolean) - Must be set to true
4736
+ */
4737
+ allDestinations?: boolean;
4738
+ }
4739
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationLakebaseRuntime {
4740
+ /**
4741
+ * (boolean) - Must be set to true
4742
+ */
4743
+ allDestinations?: boolean;
4744
+ }
4745
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationWorkspaceApi {
4746
+ /**
4747
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4748
+ */
4749
+ scopeQualifier?: string;
4750
+ /**
4751
+ * (list of string)
4752
+ */
4753
+ scopes?: string[];
4754
+ }
4755
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleDestinationWorkspaceUi {
4756
+ /**
4757
+ * (boolean) - Must be set to true
4758
+ */
4759
+ allDestinations?: boolean;
4760
+ }
4761
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleOrigin {
4762
+ /**
4763
+ * (boolean)
4764
+ */
4765
+ allPrivateAccess?: boolean;
4766
+ /**
4767
+ * (boolean)
4768
+ */
4769
+ allRegisteredEndpoints?: boolean;
4770
+ /**
4771
+ * (boolean)
4772
+ */
4773
+ azureWorkspacePrivateLink?: boolean;
4774
+ /**
4775
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
4776
+ */
4777
+ endpoints?: outputs.GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleOriginEndpoints;
4778
+ }
4779
+ export interface GetAccountNetworkPoliciesItemIngressPrivateAccessDenyRuleOriginEndpoints {
4780
+ /**
4781
+ * (list of string)
4782
+ */
4783
+ endpointIds?: string[];
4784
+ }
4785
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccess {
4786
+ /**
4787
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
4788
+ */
4789
+ allowRules?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRule[];
4790
+ /**
4791
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
4792
+ */
4793
+ denyRules?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRule[];
4794
+ /**
4795
+ * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
4796
+ */
4797
+ restrictionMode: string;
4798
+ }
4799
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRule {
4800
+ /**
4801
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
4802
+ */
4803
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthentication;
4804
+ /**
4805
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
4806
+ */
4807
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestination;
4808
+ /**
4809
+ * (string) - The label for this ingress rule
4810
+ */
4811
+ label?: string;
4812
+ /**
4813
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
4814
+ */
4815
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOrigin;
4816
+ }
4817
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthentication {
4818
+ /**
4819
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
4820
+ */
4821
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthenticationIdentity[];
4822
+ /**
4823
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
4824
+ */
4825
+ identityType?: string;
4826
+ }
4827
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleAuthenticationIdentity {
4828
+ /**
4829
+ * (integer)
4830
+ */
4831
+ principalId?: number;
4832
+ /**
4833
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
4834
+ */
4835
+ principalType?: string;
4836
+ }
4837
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestination {
4838
+ /**
4839
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4840
+ */
4841
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountApi;
4842
+ /**
4843
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4844
+ */
4845
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountDatabricksOne;
4846
+ /**
4847
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4848
+ */
4849
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountUi;
4850
+ /**
4851
+ * (boolean) - Must be set to true
4852
+ */
4853
+ allDestinations?: boolean;
4854
+ /**
4855
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
4856
+ */
4857
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAppsRuntime;
4858
+ /**
4859
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
4860
+ */
4861
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationLakebaseRuntime;
4862
+ /**
4863
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4864
+ */
4865
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceApi;
4866
+ /**
4867
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4868
+ */
4869
+ workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceUi;
4870
+ }
4871
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountApi {
4872
+ /**
4873
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4874
+ */
4875
+ scopeQualifier?: string;
4876
+ /**
4877
+ * (list of string)
4878
+ */
4879
+ scopes?: string[];
4880
+ }
4881
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountDatabricksOne {
4882
+ /**
4883
+ * (boolean) - Must be set to true
4884
+ */
4885
+ allDestinations?: boolean;
4886
+ }
4887
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAccountUi {
4888
+ /**
4889
+ * (boolean) - Must be set to true
4890
+ */
4891
+ allDestinations?: boolean;
4892
+ }
4893
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationAppsRuntime {
4894
+ /**
4895
+ * (boolean) - Must be set to true
4896
+ */
4897
+ allDestinations?: boolean;
4898
+ }
4899
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationLakebaseRuntime {
4900
+ /**
4901
+ * (boolean) - Must be set to true
4902
+ */
4903
+ allDestinations?: boolean;
4904
+ }
4905
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceApi {
4906
+ /**
4907
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4908
+ */
4909
+ scopeQualifier?: string;
4910
+ /**
4911
+ * (list of string)
4912
+ */
4913
+ scopes?: string[];
4914
+ }
4915
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleDestinationWorkspaceUi {
4916
+ /**
4917
+ * (boolean) - Must be set to true
4918
+ */
4919
+ allDestinations?: boolean;
4920
+ }
4921
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOrigin {
4922
+ /**
4923
+ * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
4924
+ */
4925
+ allIpRanges?: boolean;
4926
+ /**
4927
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
4928
+ */
4929
+ excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginExcludedIpRanges;
4930
+ /**
4931
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
4932
+ */
4933
+ includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginIncludedIpRanges;
4934
+ }
4935
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginExcludedIpRanges {
4936
+ /**
4937
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4938
+ */
4939
+ ipRanges?: string[];
4940
+ }
4941
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessAllowRuleOriginIncludedIpRanges {
4942
+ /**
4943
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
4944
+ */
4945
+ ipRanges?: string[];
4946
+ }
4947
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRule {
4948
+ /**
4949
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
4950
+ */
4951
+ authentication?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthentication;
4952
+ /**
4953
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
4954
+ */
4955
+ destination?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestination;
4956
+ /**
4957
+ * (string) - The label for this ingress rule
4958
+ */
4959
+ label?: string;
4960
+ /**
4961
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
4962
+ */
4963
+ origin?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOrigin;
4964
+ }
4965
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthentication {
4966
+ /**
4967
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
4968
+ */
4969
+ identities?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthenticationIdentity[];
4970
+ /**
4971
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
4972
+ */
4973
+ identityType?: string;
4974
+ }
4975
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleAuthenticationIdentity {
4976
+ /**
4977
+ * (integer)
4978
+ */
4979
+ principalId?: number;
4980
+ /**
4981
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
4982
+ */
4983
+ principalType?: string;
4984
+ }
4985
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestination {
4986
+ /**
4987
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
4988
+ */
4989
+ accountApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountApi;
4990
+ /**
4991
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
4992
+ */
4993
+ accountDatabricksOne?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountDatabricksOne;
4994
+ /**
4995
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
4996
+ */
4997
+ accountUi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountUi;
4998
+ /**
4999
+ * (boolean) - Must be set to true
5000
+ */
5001
+ allDestinations?: boolean;
5002
+ /**
5003
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
5004
+ */
5005
+ appsRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAppsRuntime;
5006
+ /**
5007
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
5008
+ */
5009
+ lakebaseRuntime?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationLakebaseRuntime;
5010
+ /**
5011
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5012
+ */
5013
+ workspaceApi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceApi;
5014
+ /**
5015
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
3749
5016
  */
3750
5017
  workspaceUi?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceUi;
3751
5018
  }
3752
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceApi {
5019
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountApi {
5020
+ /**
5021
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5022
+ */
5023
+ scopeQualifier?: string;
5024
+ /**
5025
+ * (list of string)
5026
+ */
5027
+ scopes?: string[];
5028
+ }
5029
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountDatabricksOne {
5030
+ /**
5031
+ * (boolean) - Must be set to true
5032
+ */
5033
+ allDestinations?: boolean;
5034
+ }
5035
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAccountUi {
5036
+ /**
5037
+ * (boolean) - Must be set to true
5038
+ */
5039
+ allDestinations?: boolean;
5040
+ }
5041
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationAppsRuntime {
5042
+ /**
5043
+ * (boolean) - Must be set to true
5044
+ */
5045
+ allDestinations?: boolean;
5046
+ }
5047
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationLakebaseRuntime {
5048
+ /**
5049
+ * (boolean) - Must be set to true
5050
+ */
5051
+ allDestinations?: boolean;
5052
+ }
5053
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceApi {
5054
+ /**
5055
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5056
+ */
5057
+ scopeQualifier?: string;
5058
+ /**
5059
+ * (list of string)
5060
+ */
5061
+ scopes?: string[];
5062
+ }
5063
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceUi {
5064
+ /**
5065
+ * (boolean) - Must be set to true
5066
+ */
5067
+ allDestinations?: boolean;
5068
+ }
5069
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOrigin {
5070
+ /**
5071
+ * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
5072
+ */
5073
+ allIpRanges?: boolean;
5074
+ /**
5075
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
5076
+ */
5077
+ excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginExcludedIpRanges;
5078
+ /**
5079
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
5080
+ */
5081
+ includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginIncludedIpRanges;
5082
+ }
5083
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginExcludedIpRanges {
5084
+ /**
5085
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5086
+ */
5087
+ ipRanges?: string[];
5088
+ }
5089
+ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginIncludedIpRanges {
5090
+ /**
5091
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5092
+ */
5093
+ ipRanges?: string[];
5094
+ }
5095
+ export interface GetAccountNetworkPolicyEgress {
5096
+ /**
5097
+ * (EgressNetworkPolicyNetworkAccessPolicy) - The access policy enforced for egress traffic to the internet
5098
+ */
5099
+ networkAccess?: outputs.GetAccountNetworkPolicyEgressNetworkAccess;
5100
+ }
5101
+ export interface GetAccountNetworkPolicyEgressNetworkAccess {
5102
+ /**
5103
+ * (list of EgressNetworkPolicyNetworkAccessPolicyInternetDestination) - List of internet destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
5104
+ */
5105
+ allowedInternetDestinations?: outputs.GetAccountNetworkPolicyEgressNetworkAccessAllowedInternetDestination[];
5106
+ /**
5107
+ * (list of EgressNetworkPolicyNetworkAccessPolicyStorageDestination) - List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
5108
+ */
5109
+ allowedStorageDestinations?: outputs.GetAccountNetworkPolicyEgressNetworkAccessAllowedStorageDestination[];
5110
+ /**
5111
+ * (list of EgressNetworkPolicyNetworkAccessPolicyInternetDestination) - List of internet destinations that serverless workloads are blocked from accessing.
5112
+ * These destinations are enforced when restriction mode is RESTRICTED_ACCESS or DRY_RUN.
5113
+ * Currently supports DNS_NAME type only; IP_RANGE support is planned
5114
+ */
5115
+ blockedInternetDestinations?: outputs.GetAccountNetworkPolicyEgressNetworkAccessBlockedInternetDestination[];
5116
+ /**
5117
+ * (EgressNetworkPolicyNetworkAccessPolicyPolicyEnforcement) - Optional. When policyEnforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES
5118
+ */
5119
+ policyEnforcement?: outputs.GetAccountNetworkPolicyEgressNetworkAccessPolicyEnforcement;
5120
+ /**
5121
+ * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
5122
+ */
5123
+ restrictionMode: string;
5124
+ }
5125
+ export interface GetAccountNetworkPolicyEgressNetworkAccessAllowedInternetDestination {
5126
+ /**
5127
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5128
+ */
5129
+ destination?: string;
5130
+ /**
5131
+ * (string) - The type of internet destination. Currently only DNS_NAME is supported. Possible values are: `DNS_NAME`
5132
+ */
5133
+ internetDestinationType?: string;
5134
+ }
5135
+ export interface GetAccountNetworkPolicyEgressNetworkAccessAllowedStorageDestination {
5136
+ /**
5137
+ * (string) - The Azure storage account name
5138
+ */
5139
+ azureStorageAccount?: string;
5140
+ /**
5141
+ * (string) - The Azure storage service type (blob, dfs, etc.)
5142
+ */
5143
+ azureStorageService?: string;
5144
+ /**
5145
+ * (string)
5146
+ */
5147
+ bucketName?: string;
5148
+ /**
5149
+ * (string)
5150
+ */
5151
+ region?: string;
5152
+ /**
5153
+ * (string) - The type of storage destination. Possible values are: `AWS_S3`, `AZURE_STORAGE`, `GOOGLE_CLOUD_STORAGE`
5154
+ */
5155
+ storageDestinationType?: string;
5156
+ }
5157
+ export interface GetAccountNetworkPolicyEgressNetworkAccessBlockedInternetDestination {
5158
+ /**
5159
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5160
+ */
5161
+ destination?: string;
5162
+ /**
5163
+ * (string) - The type of internet destination. Currently only DNS_NAME is supported. Possible values are: `DNS_NAME`
5164
+ */
5165
+ internetDestinationType?: string;
5166
+ }
5167
+ export interface GetAccountNetworkPolicyEgressNetworkAccessPolicyEnforcement {
5168
+ /**
5169
+ * (list of string) - When empty, it means dry run for all products.
5170
+ * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode
5171
+ */
5172
+ dryRunModeProductFilters?: string[];
5173
+ /**
5174
+ * (string) - The mode of policy enforcement. ENFORCED blocks traffic that violates policy,
5175
+ * while DRY_RUN only logs violations without blocking. When not specified,
5176
+ * defaults to ENFORCED. Possible values are: `DRY_RUN`, `ENFORCED`
5177
+ */
5178
+ enforcementMode?: string;
5179
+ }
5180
+ export interface GetAccountNetworkPolicyIngress {
5181
+ /**
5182
+ * (CustomerFacingIngressNetworkPolicyPrivateAccess) - The network policy restrictions for private access to the workspace.
5183
+ * Configures how registered private endpoints are allowed or denied access
5184
+ */
5185
+ privateAccess?: outputs.GetAccountNetworkPolicyIngressPrivateAccess;
5186
+ /**
5187
+ * (CustomerFacingIngressNetworkPolicyPublicAccess) - The network policy restrictions for public access to the workspace.
5188
+ * Configures how public internet traffic is allowed or denied access
5189
+ */
5190
+ publicAccess?: outputs.GetAccountNetworkPolicyIngressPublicAccess;
5191
+ }
5192
+ export interface GetAccountNetworkPolicyIngressDryRun {
5193
+ /**
5194
+ * (CustomerFacingIngressNetworkPolicyPrivateAccess) - The network policy restrictions for private access to the workspace.
5195
+ * Configures how registered private endpoints are allowed or denied access
5196
+ */
5197
+ privateAccess?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccess;
5198
+ /**
5199
+ * (CustomerFacingIngressNetworkPolicyPublicAccess) - The network policy restrictions for public access to the workspace.
5200
+ * Configures how public internet traffic is allowed or denied access
5201
+ */
5202
+ publicAccess?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccess;
5203
+ }
5204
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccess {
5205
+ /**
5206
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5207
+ */
5208
+ allowRules?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRule[];
5209
+ /**
5210
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5211
+ */
5212
+ denyRules?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRule[];
5213
+ /**
5214
+ * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
5215
+ */
5216
+ restrictionMode: string;
5217
+ }
5218
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRule {
5219
+ /**
5220
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
5221
+ */
5222
+ authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthentication;
5223
+ /**
5224
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5225
+ */
5226
+ destination?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestination;
5227
+ /**
5228
+ * (string) - The label for this ingress rule
5229
+ */
5230
+ label?: string;
5231
+ /**
5232
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
5233
+ */
5234
+ origin?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOrigin;
5235
+ }
5236
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthentication {
5237
+ /**
5238
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
5239
+ */
5240
+ identities?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity[];
5241
+ /**
5242
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
5243
+ */
5244
+ identityType?: string;
5245
+ }
5246
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleAuthenticationIdentity {
5247
+ /**
5248
+ * (integer)
5249
+ */
5250
+ principalId?: number;
5251
+ /**
5252
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
5253
+ */
5254
+ principalType?: string;
5255
+ }
5256
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestination {
5257
+ /**
5258
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
5259
+ */
5260
+ accountApi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountApi;
5261
+ /**
5262
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
5263
+ */
5264
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne;
5265
+ /**
5266
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
5267
+ */
5268
+ accountUi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountUi;
5269
+ /**
5270
+ * (boolean) - Must be set to true
5271
+ */
5272
+ allDestinations?: boolean;
5273
+ /**
5274
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
5275
+ */
5276
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime;
5277
+ /**
5278
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
5279
+ */
5280
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime;
5281
+ /**
5282
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5283
+ */
5284
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi;
5285
+ /**
5286
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
5287
+ */
5288
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi;
5289
+ }
5290
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountApi {
5291
+ /**
5292
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5293
+ */
5294
+ scopeQualifier?: string;
5295
+ /**
5296
+ * (list of string)
5297
+ */
5298
+ scopes?: string[];
5299
+ }
5300
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountDatabricksOne {
5301
+ /**
5302
+ * (boolean) - Must be set to true
5303
+ */
5304
+ allDestinations?: boolean;
5305
+ }
5306
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAccountUi {
5307
+ /**
5308
+ * (boolean) - Must be set to true
5309
+ */
5310
+ allDestinations?: boolean;
5311
+ }
5312
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationAppsRuntime {
5313
+ /**
5314
+ * (boolean) - Must be set to true
5315
+ */
5316
+ allDestinations?: boolean;
5317
+ }
5318
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationLakebaseRuntime {
5319
+ /**
5320
+ * (boolean) - Must be set to true
5321
+ */
5322
+ allDestinations?: boolean;
5323
+ }
5324
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceApi {
5325
+ /**
5326
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5327
+ */
5328
+ scopeQualifier?: string;
5329
+ /**
5330
+ * (list of string)
5331
+ */
5332
+ scopes?: string[];
5333
+ }
5334
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleDestinationWorkspaceUi {
5335
+ /**
5336
+ * (boolean) - Must be set to true
5337
+ */
5338
+ allDestinations?: boolean;
5339
+ }
5340
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOrigin {
5341
+ /**
5342
+ * (boolean)
5343
+ */
5344
+ allPrivateAccess?: boolean;
5345
+ /**
5346
+ * (boolean)
5347
+ */
5348
+ allRegisteredEndpoints?: boolean;
5349
+ /**
5350
+ * (boolean)
5351
+ */
5352
+ azureWorkspacePrivateLink?: boolean;
5353
+ /**
5354
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
5355
+ */
5356
+ endpoints?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOriginEndpoints;
5357
+ }
5358
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessAllowRuleOriginEndpoints {
5359
+ /**
5360
+ * (list of string)
5361
+ */
5362
+ endpointIds?: string[];
5363
+ }
5364
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRule {
5365
+ /**
5366
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
5367
+ */
5368
+ authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthentication;
5369
+ /**
5370
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5371
+ */
5372
+ destination?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestination;
5373
+ /**
5374
+ * (string) - The label for this ingress rule
5375
+ */
5376
+ label?: string;
5377
+ /**
5378
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
5379
+ */
5380
+ origin?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOrigin;
5381
+ }
5382
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthentication {
5383
+ /**
5384
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
5385
+ */
5386
+ identities?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity[];
5387
+ /**
5388
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
5389
+ */
5390
+ identityType?: string;
5391
+ }
5392
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleAuthenticationIdentity {
5393
+ /**
5394
+ * (integer)
5395
+ */
5396
+ principalId?: number;
5397
+ /**
5398
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
5399
+ */
5400
+ principalType?: string;
5401
+ }
5402
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestination {
5403
+ /**
5404
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
5405
+ */
5406
+ accountApi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountApi;
5407
+ /**
5408
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
5409
+ */
5410
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne;
5411
+ /**
5412
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
5413
+ */
5414
+ accountUi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountUi;
5415
+ /**
5416
+ * (boolean) - Must be set to true
5417
+ */
5418
+ allDestinations?: boolean;
5419
+ /**
5420
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
5421
+ */
5422
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime;
5423
+ /**
5424
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
5425
+ */
5426
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime;
5427
+ /**
5428
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5429
+ */
5430
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi;
5431
+ /**
5432
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
5433
+ */
5434
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi;
5435
+ }
5436
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountApi {
5437
+ /**
5438
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5439
+ */
5440
+ scopeQualifier?: string;
5441
+ /**
5442
+ * (list of string)
5443
+ */
5444
+ scopes?: string[];
5445
+ }
5446
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountDatabricksOne {
5447
+ /**
5448
+ * (boolean) - Must be set to true
5449
+ */
5450
+ allDestinations?: boolean;
5451
+ }
5452
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAccountUi {
5453
+ /**
5454
+ * (boolean) - Must be set to true
5455
+ */
5456
+ allDestinations?: boolean;
5457
+ }
5458
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationAppsRuntime {
5459
+ /**
5460
+ * (boolean) - Must be set to true
5461
+ */
5462
+ allDestinations?: boolean;
5463
+ }
5464
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationLakebaseRuntime {
5465
+ /**
5466
+ * (boolean) - Must be set to true
5467
+ */
5468
+ allDestinations?: boolean;
5469
+ }
5470
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceApi {
5471
+ /**
5472
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5473
+ */
5474
+ scopeQualifier?: string;
5475
+ /**
5476
+ * (list of string)
5477
+ */
5478
+ scopes?: string[];
5479
+ }
5480
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleDestinationWorkspaceUi {
5481
+ /**
5482
+ * (boolean) - Must be set to true
5483
+ */
5484
+ allDestinations?: boolean;
5485
+ }
5486
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOrigin {
5487
+ /**
5488
+ * (boolean)
5489
+ */
5490
+ allPrivateAccess?: boolean;
5491
+ /**
5492
+ * (boolean)
5493
+ */
5494
+ allRegisteredEndpoints?: boolean;
5495
+ /**
5496
+ * (boolean)
5497
+ */
5498
+ azureWorkspacePrivateLink?: boolean;
5499
+ /**
5500
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
5501
+ */
5502
+ endpoints?: outputs.GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOriginEndpoints;
5503
+ }
5504
+ export interface GetAccountNetworkPolicyIngressDryRunPrivateAccessDenyRuleOriginEndpoints {
5505
+ /**
5506
+ * (list of string)
5507
+ */
5508
+ endpointIds?: string[];
5509
+ }
5510
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccess {
5511
+ /**
5512
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5513
+ */
5514
+ allowRules?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRule[];
5515
+ /**
5516
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5517
+ */
5518
+ denyRules?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRule[];
5519
+ /**
5520
+ * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
5521
+ */
5522
+ restrictionMode: string;
5523
+ }
5524
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRule {
5525
+ /**
5526
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
5527
+ */
5528
+ authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentication;
5529
+ /**
5530
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5531
+ */
5532
+ destination?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination;
5533
+ /**
5534
+ * (string) - The label for this ingress rule
5535
+ */
5536
+ label?: string;
5537
+ /**
5538
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
5539
+ */
5540
+ origin?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOrigin;
5541
+ }
5542
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentication {
5543
+ /**
5544
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
5545
+ */
5546
+ identities?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthenticationIdentity[];
5547
+ /**
5548
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
5549
+ */
5550
+ identityType?: string;
5551
+ }
5552
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthenticationIdentity {
5553
+ /**
5554
+ * (integer)
5555
+ */
5556
+ principalId?: number;
5557
+ /**
5558
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
5559
+ */
5560
+ principalType?: string;
5561
+ }
5562
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination {
5563
+ /**
5564
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
5565
+ */
5566
+ accountApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountApi;
5567
+ /**
5568
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
5569
+ */
5570
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne;
5571
+ /**
5572
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
5573
+ */
5574
+ accountUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountUi;
5575
+ /**
5576
+ * (boolean) - Must be set to true
5577
+ */
5578
+ allDestinations?: boolean;
5579
+ /**
5580
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
5581
+ */
5582
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime;
5583
+ /**
5584
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
5585
+ */
5586
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime;
5587
+ /**
5588
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5589
+ */
5590
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi;
5591
+ /**
5592
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
5593
+ */
5594
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi;
5595
+ }
5596
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountApi {
5597
+ /**
5598
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5599
+ */
5600
+ scopeQualifier?: string;
5601
+ /**
5602
+ * (list of string)
5603
+ */
5604
+ scopes?: string[];
5605
+ }
5606
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountDatabricksOne {
5607
+ /**
5608
+ * (boolean) - Must be set to true
5609
+ */
5610
+ allDestinations?: boolean;
5611
+ }
5612
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAccountUi {
5613
+ /**
5614
+ * (boolean) - Must be set to true
5615
+ */
5616
+ allDestinations?: boolean;
5617
+ }
5618
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationAppsRuntime {
5619
+ /**
5620
+ * (boolean) - Must be set to true
5621
+ */
5622
+ allDestinations?: boolean;
5623
+ }
5624
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationLakebaseRuntime {
5625
+ /**
5626
+ * (boolean) - Must be set to true
5627
+ */
5628
+ allDestinations?: boolean;
5629
+ }
5630
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi {
5631
+ /**
5632
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5633
+ */
5634
+ scopeQualifier?: string;
5635
+ /**
5636
+ * (list of string)
5637
+ */
5638
+ scopes?: string[];
5639
+ }
5640
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi {
5641
+ /**
5642
+ * (boolean) - Must be set to true
5643
+ */
5644
+ allDestinations?: boolean;
5645
+ }
5646
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOrigin {
5647
+ /**
5648
+ * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
5649
+ */
5650
+ allIpRanges?: boolean;
5651
+ /**
5652
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
5653
+ */
5654
+ excludedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges;
5655
+ /**
5656
+ * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
5657
+ */
5658
+ includedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges;
5659
+ }
5660
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges {
5661
+ /**
5662
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5663
+ */
5664
+ ipRanges?: string[];
5665
+ }
5666
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges {
5667
+ /**
5668
+ * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5669
+ */
5670
+ ipRanges?: string[];
5671
+ }
5672
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRule {
5673
+ /**
5674
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
5675
+ */
5676
+ authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentication;
5677
+ /**
5678
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5679
+ */
5680
+ destination?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination;
5681
+ /**
5682
+ * (string) - The label for this ingress rule
5683
+ */
5684
+ label?: string;
5685
+ /**
5686
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
5687
+ */
5688
+ origin?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOrigin;
5689
+ }
5690
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentication {
5691
+ /**
5692
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
5693
+ */
5694
+ identities?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthenticationIdentity[];
5695
+ /**
5696
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
5697
+ */
5698
+ identityType?: string;
5699
+ }
5700
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthenticationIdentity {
5701
+ /**
5702
+ * (integer)
5703
+ */
5704
+ principalId?: number;
5705
+ /**
5706
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
5707
+ */
5708
+ principalType?: string;
5709
+ }
5710
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination {
5711
+ /**
5712
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
5713
+ */
5714
+ accountApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountApi;
5715
+ /**
5716
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
5717
+ */
5718
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne;
5719
+ /**
5720
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
5721
+ */
5722
+ accountUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountUi;
5723
+ /**
5724
+ * (boolean) - Must be set to true
5725
+ */
5726
+ allDestinations?: boolean;
5727
+ /**
5728
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
5729
+ */
5730
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime;
5731
+ /**
5732
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
5733
+ */
5734
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime;
5735
+ /**
5736
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5737
+ */
5738
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi;
5739
+ /**
5740
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
5741
+ */
5742
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi;
5743
+ }
5744
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountApi {
5745
+ /**
5746
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5747
+ */
5748
+ scopeQualifier?: string;
5749
+ /**
5750
+ * (list of string)
5751
+ */
5752
+ scopes?: string[];
5753
+ }
5754
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountDatabricksOne {
5755
+ /**
5756
+ * (boolean) - Must be set to true
5757
+ */
5758
+ allDestinations?: boolean;
5759
+ }
5760
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAccountUi {
5761
+ /**
5762
+ * (boolean) - Must be set to true
5763
+ */
5764
+ allDestinations?: boolean;
5765
+ }
5766
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationAppsRuntime {
5767
+ /**
5768
+ * (boolean) - Must be set to true
5769
+ */
5770
+ allDestinations?: boolean;
5771
+ }
5772
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationLakebaseRuntime {
5773
+ /**
5774
+ * (boolean) - Must be set to true
5775
+ */
5776
+ allDestinations?: boolean;
5777
+ }
5778
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi {
5779
+ /**
5780
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
5781
+ */
5782
+ scopeQualifier?: string;
3753
5783
  /**
3754
5784
  * (list of string)
3755
5785
  */
3756
5786
  scopes?: string[];
3757
5787
  }
3758
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleDestinationWorkspaceUi {
5788
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi {
3759
5789
  /**
3760
5790
  * (boolean) - Must be set to true
3761
5791
  */
3762
5792
  allDestinations?: boolean;
3763
5793
  }
3764
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOrigin {
5794
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOrigin {
3765
5795
  /**
3766
5796
  * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
3767
5797
  */
@@ -3769,240 +5799,213 @@ export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOrigin
3769
5799
  /**
3770
5800
  * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
3771
5801
  */
3772
- excludedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginExcludedIpRanges;
5802
+ excludedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges;
3773
5803
  /**
3774
5804
  * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
3775
5805
  */
3776
- includedIpRanges?: outputs.GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginIncludedIpRanges;
5806
+ includedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges;
3777
5807
  }
3778
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginExcludedIpRanges {
5808
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges {
3779
5809
  /**
3780
5810
  * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3781
5811
  */
3782
5812
  ipRanges?: string[];
3783
5813
  }
3784
- export interface GetAccountNetworkPoliciesItemIngressPublicAccessDenyRuleOriginIncludedIpRanges {
5814
+ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges {
3785
5815
  /**
3786
5816
  * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
3787
5817
  */
3788
5818
  ipRanges?: string[];
3789
5819
  }
3790
- export interface GetAccountNetworkPolicyEgress {
3791
- /**
3792
- * (EgressNetworkPolicyNetworkAccessPolicy) - The access policy enforced for egress traffic to the internet
3793
- */
3794
- networkAccess?: outputs.GetAccountNetworkPolicyEgressNetworkAccess;
3795
- }
3796
- export interface GetAccountNetworkPolicyEgressNetworkAccess {
5820
+ export interface GetAccountNetworkPolicyIngressPrivateAccess {
3797
5821
  /**
3798
- * (list of EgressNetworkPolicyNetworkAccessPolicyInternetDestination) - List of internet destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
3799
- */
3800
- allowedInternetDestinations?: outputs.GetAccountNetworkPolicyEgressNetworkAccessAllowedInternetDestination[];
3801
- /**
3802
- * (list of EgressNetworkPolicyNetworkAccessPolicyStorageDestination) - List of storage destinations that serverless workloads are allowed to access when in RESTRICTED_ACCESS mode
5822
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3803
5823
  */
3804
- allowedStorageDestinations?: outputs.GetAccountNetworkPolicyEgressNetworkAccessAllowedStorageDestination[];
5824
+ allowRules?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRule[];
3805
5825
  /**
3806
- * (EgressNetworkPolicyNetworkAccessPolicyPolicyEnforcement) - Optional. When policyEnforcement is not provided, we default to ENFORCE_MODE_ALL_SERVICES
5826
+ * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
3807
5827
  */
3808
- policyEnforcement?: outputs.GetAccountNetworkPolicyEgressNetworkAccessPolicyEnforcement;
5828
+ denyRules?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRule[];
3809
5829
  /**
3810
5830
  * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
3811
5831
  */
3812
5832
  restrictionMode: string;
3813
5833
  }
3814
- export interface GetAccountNetworkPolicyEgressNetworkAccessAllowedInternetDestination {
3815
- /**
3816
- * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3817
- */
3818
- destination?: string;
5834
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRule {
3819
5835
  /**
3820
- * (string) - The type of internet destination. Currently only DNS_NAME is supported. Possible values are: `DNS_NAME`
5836
+ * (CustomerFacingIngressNetworkPolicyAuthentication)
3821
5837
  */
3822
- internetDestinationType?: string;
3823
- }
3824
- export interface GetAccountNetworkPolicyEgressNetworkAccessAllowedStorageDestination {
5838
+ authentication?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleAuthentication;
3825
5839
  /**
3826
- * (string) - The Azure storage account name
5840
+ * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3827
5841
  */
3828
- azureStorageAccount?: string;
5842
+ destination?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestination;
3829
5843
  /**
3830
- * (string) - The Azure storage service type (blob, dfs, etc.)
5844
+ * (string) - The label for this ingress rule
3831
5845
  */
3832
- azureStorageService?: string;
5846
+ label?: string;
3833
5847
  /**
3834
- * (string)
5848
+ * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3835
5849
  */
3836
- bucketName?: string;
5850
+ origin?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleOrigin;
5851
+ }
5852
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleAuthentication {
3837
5853
  /**
3838
- * (string)
5854
+ * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3839
5855
  */
3840
- region?: string;
5856
+ identities?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleAuthenticationIdentity[];
3841
5857
  /**
3842
- * (string) - The type of storage destination. Possible values are: `AWS_S3`, `AZURE_STORAGE`, `GOOGLE_CLOUD_STORAGE`
5858
+ * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
3843
5859
  */
3844
- storageDestinationType?: string;
5860
+ identityType?: string;
3845
5861
  }
3846
- export interface GetAccountNetworkPolicyEgressNetworkAccessPolicyEnforcement {
3847
- /**
3848
- * (list of string) - When empty, it means dry run for all products.
3849
- * When non-empty, it means dry run for specific products and for the other products, they will run in enforced mode
3850
- */
3851
- dryRunModeProductFilters?: string[];
5862
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleAuthenticationIdentity {
3852
5863
  /**
3853
- * (string) - The mode of policy enforcement. ENFORCED blocks traffic that violates policy,
3854
- * while DRY_RUN only logs violations without blocking. When not specified,
3855
- * defaults to ENFORCED. Possible values are: `DRY_RUN`, `ENFORCED`
5864
+ * (integer)
3856
5865
  */
3857
- enforcementMode?: string;
3858
- }
3859
- export interface GetAccountNetworkPolicyIngress {
5866
+ principalId?: number;
3860
5867
  /**
3861
- * (CustomerFacingIngressNetworkPolicyPublicAccess)
5868
+ * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
3862
5869
  */
3863
- publicAccess?: outputs.GetAccountNetworkPolicyIngressPublicAccess;
5870
+ principalType?: string;
3864
5871
  }
3865
- export interface GetAccountNetworkPolicyIngressDryRun {
5872
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestination {
3866
5873
  /**
3867
- * (CustomerFacingIngressNetworkPolicyPublicAccess)
5874
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
3868
5875
  */
3869
- publicAccess?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccess;
3870
- }
3871
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccess {
5876
+ accountApi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountApi;
3872
5877
  /**
3873
- * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5878
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
3874
5879
  */
3875
- allowRules?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRule[];
5880
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne;
3876
5881
  /**
3877
- * (list of CustomerFacingIngressNetworkPolicyPublicIngressRule)
5882
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
3878
5883
  */
3879
- denyRules?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRule[];
5884
+ accountUi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountUi;
3880
5885
  /**
3881
- * (string) - The restriction mode that controls how serverless workloads can access the internet. Possible values are: `FULL_ACCESS`, `RESTRICTED_ACCESS`
5886
+ * (boolean) - Must be set to true
3882
5887
  */
3883
- restrictionMode: string;
3884
- }
3885
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRule {
5888
+ allDestinations?: boolean;
3886
5889
  /**
3887
- * (CustomerFacingIngressNetworkPolicyAuthentication)
5890
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
3888
5891
  */
3889
- authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentication;
5892
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAppsRuntime;
3890
5893
  /**
3891
- * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
5894
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
3892
5895
  */
3893
- destination?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination;
5896
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationLakebaseRuntime;
3894
5897
  /**
3895
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3896
- * caused a request to be denied or dry-run denied
5898
+ * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
3897
5899
  */
3898
- label?: string;
5900
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceApi;
3899
5901
  /**
3900
- * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
5902
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
3901
5903
  */
3902
- origin?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOrigin;
5904
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceUi;
3903
5905
  }
3904
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthentication {
5906
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountApi {
3905
5907
  /**
3906
- * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
5908
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
3907
5909
  */
3908
- identities?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthenticationIdentity[];
5910
+ scopeQualifier?: string;
3909
5911
  /**
3910
- * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
5912
+ * (list of string)
3911
5913
  */
3912
- identityType?: string;
5914
+ scopes?: string[];
3913
5915
  }
3914
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleAuthenticationIdentity {
5916
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountDatabricksOne {
3915
5917
  /**
3916
- * (integer)
5918
+ * (boolean) - Must be set to true
3917
5919
  */
3918
- principalId?: number;
5920
+ allDestinations?: boolean;
5921
+ }
5922
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAccountUi {
3919
5923
  /**
3920
- * (string) - Possible values are: `PRINCIPAL_TYPE_SERVICE_PRINCIPAL`, `PRINCIPAL_TYPE_USER`
5924
+ * (boolean) - Must be set to true
3921
5925
  */
3922
- principalType?: string;
5926
+ allDestinations?: boolean;
3923
5927
  }
3924
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestination {
5928
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationAppsRuntime {
3925
5929
  /**
3926
5930
  * (boolean) - Must be set to true
3927
5931
  */
3928
5932
  allDestinations?: boolean;
5933
+ }
5934
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationLakebaseRuntime {
3929
5935
  /**
3930
- * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
5936
+ * (boolean) - Must be set to true
3931
5937
  */
3932
- workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi;
5938
+ allDestinations?: boolean;
5939
+ }
5940
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceApi {
3933
5941
  /**
3934
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
5942
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
3935
5943
  */
3936
- workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi;
3937
- }
3938
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceApi {
5944
+ scopeQualifier?: string;
3939
5945
  /**
3940
5946
  * (list of string)
3941
5947
  */
3942
5948
  scopes?: string[];
3943
5949
  }
3944
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleDestinationWorkspaceUi {
5950
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleDestinationWorkspaceUi {
3945
5951
  /**
3946
5952
  * (boolean) - Must be set to true
3947
5953
  */
3948
5954
  allDestinations?: boolean;
3949
5955
  }
3950
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOrigin {
5956
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleOrigin {
3951
5957
  /**
3952
- * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
5958
+ * (boolean)
3953
5959
  */
3954
- allIpRanges?: boolean;
5960
+ allPrivateAccess?: boolean;
3955
5961
  /**
3956
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
5962
+ * (boolean)
3957
5963
  */
3958
- excludedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges;
5964
+ allRegisteredEndpoints?: boolean;
3959
5965
  /**
3960
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
5966
+ * (boolean)
3961
5967
  */
3962
- includedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges;
3963
- }
3964
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginExcludedIpRanges {
5968
+ azureWorkspacePrivateLink?: boolean;
3965
5969
  /**
3966
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5970
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
3967
5971
  */
3968
- ipRanges?: string[];
5972
+ endpoints?: outputs.GetAccountNetworkPolicyIngressPrivateAccessAllowRuleOriginEndpoints;
3969
5973
  }
3970
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessAllowRuleOriginIncludedIpRanges {
5974
+ export interface GetAccountNetworkPolicyIngressPrivateAccessAllowRuleOriginEndpoints {
3971
5975
  /**
3972
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
5976
+ * (list of string)
3973
5977
  */
3974
- ipRanges?: string[];
5978
+ endpointIds?: string[];
3975
5979
  }
3976
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRule {
5980
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRule {
3977
5981
  /**
3978
5982
  * (CustomerFacingIngressNetworkPolicyAuthentication)
3979
5983
  */
3980
- authentication?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentication;
5984
+ authentication?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleAuthentication;
3981
5985
  /**
3982
5986
  * (string) - The internet destination to which access will be allowed. Format dependent on the destination type
3983
5987
  */
3984
- destination?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination;
5988
+ destination?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestination;
3985
5989
  /**
3986
- * (string) - User-provided name for this ingress rule. Helps identify which rule
3987
- * caused a request to be denied or dry-run denied
5990
+ * (string) - The label for this ingress rule
3988
5991
  */
3989
5992
  label?: string;
3990
5993
  /**
3991
5994
  * (CustomerFacingIngressNetworkPolicyPublicRequestOrigin)
3992
5995
  */
3993
- origin?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOrigin;
5996
+ origin?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleOrigin;
3994
5997
  }
3995
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthentication {
5998
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleAuthentication {
3996
5999
  /**
3997
6000
  * (list of CustomerFacingIngressNetworkPolicyAuthenticationIdentity) - Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES
3998
6001
  */
3999
- identities?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthenticationIdentity[];
6002
+ identities?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleAuthenticationIdentity[];
4000
6003
  /**
4001
6004
  * (string) - Possible values are: `IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS`, `IDENTITY_TYPE_ALL_USERS`, `IDENTITY_TYPE_SELECTED_IDENTITIES`
4002
6005
  */
4003
6006
  identityType?: string;
4004
6007
  }
4005
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthenticationIdentity {
6008
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleAuthenticationIdentity {
4006
6009
  /**
4007
6010
  * (integer)
4008
6011
  */
@@ -4012,57 +6015,113 @@ export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleAuthent
4012
6015
  */
4013
6016
  principalType?: string;
4014
6017
  }
4015
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestination {
6018
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestination {
6019
+ /**
6020
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
6021
+ */
6022
+ accountApi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountApi;
6023
+ /**
6024
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
6025
+ */
6026
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne;
6027
+ /**
6028
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
6029
+ */
6030
+ accountUi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountUi;
4016
6031
  /**
4017
6032
  * (boolean) - Must be set to true
4018
6033
  */
4019
6034
  allDestinations?: boolean;
6035
+ /**
6036
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
6037
+ */
6038
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAppsRuntime;
6039
+ /**
6040
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
6041
+ */
6042
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationLakebaseRuntime;
4020
6043
  /**
4021
6044
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4022
6045
  */
4023
- workspaceApi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi;
6046
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceApi;
4024
6047
  /**
4025
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
6048
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4026
6049
  */
4027
- workspaceUi?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi;
6050
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceUi;
4028
6051
  }
4029
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceApi {
6052
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountApi {
6053
+ /**
6054
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
6055
+ */
6056
+ scopeQualifier?: string;
4030
6057
  /**
4031
6058
  * (list of string)
4032
6059
  */
4033
6060
  scopes?: string[];
4034
6061
  }
4035
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleDestinationWorkspaceUi {
6062
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountDatabricksOne {
4036
6063
  /**
4037
6064
  * (boolean) - Must be set to true
4038
6065
  */
4039
6066
  allDestinations?: boolean;
4040
6067
  }
4041
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOrigin {
6068
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAccountUi {
4042
6069
  /**
4043
- * (boolean) - Matches all IPv4 and IPv6 ranges (both public and private)
6070
+ * (boolean) - Must be set to true
4044
6071
  */
4045
- allIpRanges?: boolean;
6072
+ allDestinations?: boolean;
6073
+ }
6074
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationAppsRuntime {
4046
6075
  /**
4047
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Excluded means: all public IP ranges except this one
6076
+ * (boolean) - Must be set to true
4048
6077
  */
4049
- excludedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges;
6078
+ allDestinations?: boolean;
6079
+ }
6080
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationLakebaseRuntime {
4050
6081
  /**
4051
- * (CustomerFacingIngressNetworkPolicyIpRanges) - Will not allow IP ranges with private IPs
6082
+ * (boolean) - Must be set to true
4052
6083
  */
4053
- includedIpRanges?: outputs.GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges;
6084
+ allDestinations?: boolean;
4054
6085
  }
4055
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginExcludedIpRanges {
6086
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceApi {
4056
6087
  /**
4057
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
6088
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
4058
6089
  */
4059
- ipRanges?: string[];
6090
+ scopeQualifier?: string;
6091
+ /**
6092
+ * (list of string)
6093
+ */
6094
+ scopes?: string[];
4060
6095
  }
4061
- export interface GetAccountNetworkPolicyIngressDryRunPublicAccessDenyRuleOriginIncludedIpRanges {
6096
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleDestinationWorkspaceUi {
4062
6097
  /**
4063
- * (list of string) - We only support IPv4 and IPv4 CIDR notation for now
6098
+ * (boolean) - Must be set to true
4064
6099
  */
4065
- ipRanges?: string[];
6100
+ allDestinations?: boolean;
6101
+ }
6102
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleOrigin {
6103
+ /**
6104
+ * (boolean)
6105
+ */
6106
+ allPrivateAccess?: boolean;
6107
+ /**
6108
+ * (boolean)
6109
+ */
6110
+ allRegisteredEndpoints?: boolean;
6111
+ /**
6112
+ * (boolean)
6113
+ */
6114
+ azureWorkspacePrivateLink?: boolean;
6115
+ /**
6116
+ * (CustomerFacingIngressNetworkPolicyEndpoints)
6117
+ */
6118
+ endpoints?: outputs.GetAccountNetworkPolicyIngressPrivateAccessDenyRuleOriginEndpoints;
6119
+ }
6120
+ export interface GetAccountNetworkPolicyIngressPrivateAccessDenyRuleOriginEndpoints {
6121
+ /**
6122
+ * (list of string)
6123
+ */
6124
+ endpointIds?: string[];
4066
6125
  }
4067
6126
  export interface GetAccountNetworkPolicyIngressPublicAccess {
4068
6127
  /**
@@ -4088,8 +6147,7 @@ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRule {
4088
6147
  */
4089
6148
  destination?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestination;
4090
6149
  /**
4091
- * (string) - User-provided name for this ingress rule. Helps identify which rule
4092
- * caused a request to be denied or dry-run denied
6150
+ * (string) - The label for this ingress rule
4093
6151
  */
4094
6152
  label?: string;
4095
6153
  /**
@@ -4118,20 +6176,78 @@ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleAuthenticati
4118
6176
  principalType?: string;
4119
6177
  }
4120
6178
  export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestination {
6179
+ /**
6180
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
6181
+ */
6182
+ accountApi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountApi;
6183
+ /**
6184
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
6185
+ */
6186
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountDatabricksOne;
6187
+ /**
6188
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
6189
+ */
6190
+ accountUi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountUi;
4121
6191
  /**
4122
6192
  * (boolean) - Must be set to true
4123
6193
  */
4124
6194
  allDestinations?: boolean;
6195
+ /**
6196
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
6197
+ */
6198
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAppsRuntime;
6199
+ /**
6200
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
6201
+ */
6202
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationLakebaseRuntime;
4125
6203
  /**
4126
6204
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4127
6205
  */
4128
- workspaceApi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceApi;
6206
+ workspaceApi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceApi;
6207
+ /**
6208
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
6209
+ */
6210
+ workspaceUi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceUi;
6211
+ }
6212
+ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountApi {
6213
+ /**
6214
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
6215
+ */
6216
+ scopeQualifier?: string;
6217
+ /**
6218
+ * (list of string)
6219
+ */
6220
+ scopes?: string[];
6221
+ }
6222
+ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountDatabricksOne {
6223
+ /**
6224
+ * (boolean) - Must be set to true
6225
+ */
6226
+ allDestinations?: boolean;
6227
+ }
6228
+ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAccountUi {
6229
+ /**
6230
+ * (boolean) - Must be set to true
6231
+ */
6232
+ allDestinations?: boolean;
6233
+ }
6234
+ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationAppsRuntime {
6235
+ /**
6236
+ * (boolean) - Must be set to true
6237
+ */
6238
+ allDestinations?: boolean;
6239
+ }
6240
+ export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationLakebaseRuntime {
4129
6241
  /**
4130
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
6242
+ * (boolean) - Must be set to true
4131
6243
  */
4132
- workspaceUi?: outputs.GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceUi;
6244
+ allDestinations?: boolean;
4133
6245
  }
4134
6246
  export interface GetAccountNetworkPolicyIngressPublicAccessAllowRuleDestinationWorkspaceApi {
6247
+ /**
6248
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
6249
+ */
6250
+ scopeQualifier?: string;
4135
6251
  /**
4136
6252
  * (list of string)
4137
6253
  */
@@ -4179,8 +6295,7 @@ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRule {
4179
6295
  */
4180
6296
  destination?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestination;
4181
6297
  /**
4182
- * (string) - User-provided name for this ingress rule. Helps identify which rule
4183
- * caused a request to be denied or dry-run denied
6298
+ * (string) - The label for this ingress rule
4184
6299
  */
4185
6300
  label?: string;
4186
6301
  /**
@@ -4209,20 +6324,78 @@ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleAuthenticatio
4209
6324
  principalType?: string;
4210
6325
  }
4211
6326
  export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestination {
6327
+ /**
6328
+ * (CustomerFacingIngressNetworkPolicyAccountApiDestination)
6329
+ */
6330
+ accountApi?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountApi;
6331
+ /**
6332
+ * (CustomerFacingIngressNetworkPolicyAccountDatabricksOneDestination)
6333
+ */
6334
+ accountDatabricksOne?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountDatabricksOne;
6335
+ /**
6336
+ * (CustomerFacingIngressNetworkPolicyAccountUiDestination)
6337
+ */
6338
+ accountUi?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountUi;
4212
6339
  /**
4213
6340
  * (boolean) - Must be set to true
4214
6341
  */
4215
6342
  allDestinations?: boolean;
6343
+ /**
6344
+ * (CustomerFacingIngressNetworkPolicyAppsRuntimeDestination)
6345
+ */
6346
+ appsRuntime?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAppsRuntime;
6347
+ /**
6348
+ * (CustomerFacingIngressNetworkPolicyLakebaseRuntimeDestination)
6349
+ */
6350
+ lakebaseRuntime?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationLakebaseRuntime;
4216
6351
  /**
4217
6352
  * (CustomerFacingIngressNetworkPolicyWorkspaceApiDestination)
4218
6353
  */
4219
6354
  workspaceApi?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceApi;
4220
6355
  /**
4221
- * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination) - Workspace destinations
6356
+ * (CustomerFacingIngressNetworkPolicyWorkspaceUiDestination)
4222
6357
  */
4223
6358
  workspaceUi?: outputs.GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceUi;
4224
6359
  }
6360
+ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountApi {
6361
+ /**
6362
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
6363
+ */
6364
+ scopeQualifier?: string;
6365
+ /**
6366
+ * (list of string)
6367
+ */
6368
+ scopes?: string[];
6369
+ }
6370
+ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountDatabricksOne {
6371
+ /**
6372
+ * (boolean) - Must be set to true
6373
+ */
6374
+ allDestinations?: boolean;
6375
+ }
6376
+ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAccountUi {
6377
+ /**
6378
+ * (boolean) - Must be set to true
6379
+ */
6380
+ allDestinations?: boolean;
6381
+ }
6382
+ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationAppsRuntime {
6383
+ /**
6384
+ * (boolean) - Must be set to true
6385
+ */
6386
+ allDestinations?: boolean;
6387
+ }
6388
+ export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationLakebaseRuntime {
6389
+ /**
6390
+ * (boolean) - Must be set to true
6391
+ */
6392
+ allDestinations?: boolean;
6393
+ }
4225
6394
  export interface GetAccountNetworkPolicyIngressPublicAccessDenyRuleDestinationWorkspaceApi {
6395
+ /**
6396
+ * (string) - Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. Possible values are: `API_SCOPE_QUALIFIER_ALL`, `API_SCOPE_QUALIFIER_READ`
6397
+ */
6398
+ scopeQualifier?: string;
4226
6399
  /**
4227
6400
  * (list of string)
4228
6401
  */
@@ -4973,6 +7146,7 @@ export interface GetAppApp {
4973
7146
  servicePrincipalName: string;
4974
7147
  space?: string;
4975
7148
  telemetryExportDestinations?: outputs.GetAppAppTelemetryExportDestination[];
7149
+ thumbnailUrl: string;
4976
7150
  /**
4977
7151
  * The update time of the app.
4978
7152
  */
@@ -5837,6 +8011,7 @@ export interface GetAppsApp {
5837
8011
  servicePrincipalName: string;
5838
8012
  space?: string;
5839
8013
  telemetryExportDestinations?: outputs.GetAppsAppTelemetryExportDestination[];
8014
+ thumbnailUrl: string;
5840
8015
  /**
5841
8016
  * The update time of the app.
5842
8017
  */
@@ -6805,6 +8980,7 @@ export interface GetClusterClusterInfoExecutorNodeAwsAttributes {
6805
8980
  export interface GetClusterClusterInfoGcpAttributes {
6806
8981
  availability?: string;
6807
8982
  bootDiskSize?: number;
8983
+ confidentialComputeType?: string;
6808
8984
  firstOnDemand?: number;
6809
8985
  googleServiceAccount?: string;
6810
8986
  localSsdCount?: number;
@@ -6915,7 +9091,7 @@ export interface GetClusterClusterInfoSpec {
6915
9091
  /**
6916
9092
  * Configure the provider for management through account provider. This block consists of the following fields:
6917
9093
  */
6918
- providerConfig?: outputs.GetClusterClusterInfoSpecProviderConfig;
9094
+ providerConfig: outputs.GetClusterClusterInfoSpecProviderConfig;
6919
9095
  remoteDiskThroughput?: number;
6920
9096
  /**
6921
9097
  * The type of runtime of the cluster
@@ -7019,6 +9195,7 @@ export interface GetClusterClusterInfoSpecDriverNodeTypeFlexibility {
7019
9195
  export interface GetClusterClusterInfoSpecGcpAttributes {
7020
9196
  availability?: string;
7021
9197
  bootDiskSize?: number;
9198
+ confidentialComputeType?: string;
7022
9199
  firstOnDemand?: number;
7023
9200
  googleServiceAccount?: string;
7024
9201
  localSsdCount?: number;
@@ -7075,7 +9252,7 @@ export interface GetClusterClusterInfoSpecLibrary {
7075
9252
  /**
7076
9253
  * Configure the provider for management through account provider. This block consists of the following fields:
7077
9254
  */
7078
- providerConfig?: outputs.GetClusterClusterInfoSpecLibraryProviderConfig;
9255
+ providerConfig: outputs.GetClusterClusterInfoSpecLibraryProviderConfig;
7079
9256
  pypi?: outputs.GetClusterClusterInfoSpecLibraryPypi;
7080
9257
  requirements?: string;
7081
9258
  whl?: string;
@@ -7288,7 +9465,8 @@ export interface GetDataClassificationCatalogConfigAutoTagConfig {
7288
9465
  */
7289
9466
  autoTaggingMode: string;
7290
9467
  /**
7291
- * (string) - The Classification Tag (e.g., "class.name", "class.location")
9468
+ * (string) - The Classification Tag. For built-in classes this is a system tag (e.g., "class.name",
9469
+ * "class.location"); for custom classes it is a user-defined governance tag key
7292
9470
  */
7293
9471
  classificationTag: string;
7294
9472
  }
@@ -8726,6 +10904,204 @@ export interface GetDirectoryProviderConfig {
8726
10904
  */
8727
10905
  workspaceId: string;
8728
10906
  }
10907
+ export interface GetDisasterRecoveryFailoverGroupUnityCatalogAssets {
10908
+ /**
10909
+ * (list of UcCatalog) - UC catalogs to replicate
10910
+ */
10911
+ catalogs: outputs.GetDisasterRecoveryFailoverGroupUnityCatalogAssetsCatalog[];
10912
+ /**
10913
+ * (string) - The workspace set whose workspaces will be used for data replication
10914
+ * of all UC catalogs' underlying storage
10915
+ */
10916
+ dataReplicationWorkspaceSet: string;
10917
+ /**
10918
+ * (list of LocationMapping) - Location mappings - storage URI per region for each location
10919
+ */
10920
+ locationMappings?: outputs.GetDisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMapping[];
10921
+ }
10922
+ export interface GetDisasterRecoveryFailoverGroupUnityCatalogAssetsCatalog {
10923
+ /**
10924
+ * Fully qualified resource name in the format
10925
+ * accounts/{account_id}/failover-groups/{failover_group_id}
10926
+ */
10927
+ name: string;
10928
+ }
10929
+ export interface GetDisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMapping {
10930
+ /**
10931
+ * Fully qualified resource name in the format
10932
+ * accounts/{account_id}/failover-groups/{failover_group_id}
10933
+ */
10934
+ name: string;
10935
+ /**
10936
+ * (list of LocationMappingEntry) - URI for each region. Each entry maps a region name to a storage URI
10937
+ */
10938
+ uriByRegions: outputs.GetDisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion[];
10939
+ }
10940
+ export interface GetDisasterRecoveryFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion {
10941
+ /**
10942
+ * (string) - The region name
10943
+ */
10944
+ region: string;
10945
+ /**
10946
+ * (string) - The storage URI for this region
10947
+ */
10948
+ uri: string;
10949
+ }
10950
+ export interface GetDisasterRecoveryFailoverGroupWorkspaceSet {
10951
+ /**
10952
+ * Fully qualified resource name in the format
10953
+ * accounts/{account_id}/failover-groups/{failover_group_id}
10954
+ */
10955
+ name: string;
10956
+ /**
10957
+ * (boolean) - Whether to enable control plane DR (notebooks, jobs, clusters, etc.) for this set.
10958
+ * Requires all workspaces in the set to be Mission Critical tier
10959
+ */
10960
+ replicateWorkspaceAssets: boolean;
10961
+ /**
10962
+ * (list of string) - Resource names of stable URLs associated with this workspace set.
10963
+ * Format: accounts/{account_id}/stable-urls/{stable_url_id}.
10964
+ * The referenced stable URLs must already exist (via CreateStableUrl)
10965
+ */
10966
+ stableUrlNames?: string[];
10967
+ /**
10968
+ * (list of string) - Workspace IDs in this set. The system derives and validates regions.
10969
+ * EA: exactly 2 workspaces (one per region)
10970
+ */
10971
+ workspaceIds: string[];
10972
+ }
10973
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroup {
10974
+ /**
10975
+ * (string) - Time at which this failover group was created
10976
+ */
10977
+ createTime: string;
10978
+ /**
10979
+ * (string) - Current effective primary region. Replication flows FROM workspaces in this region.
10980
+ * Changes after a successful failover
10981
+ */
10982
+ effectivePrimaryRegion: string;
10983
+ /**
10984
+ * (string) - Opaque version string for optimistic locking. Server-generated, returned in responses.
10985
+ * Must be provided on Update requests to prevent concurrent modifications
10986
+ */
10987
+ etag: string;
10988
+ /**
10989
+ * (string) - Initial primary region. Used only in Create requests to set the starting
10990
+ * primary region. Not returned in responses
10991
+ */
10992
+ initialPrimaryRegion: string;
10993
+ /**
10994
+ * (string) - Resource name for this workspace set
10995
+ */
10996
+ name: string;
10997
+ /**
10998
+ * (list of string) - List of all regions participating in this failover group
10999
+ */
11000
+ regions: string[];
11001
+ /**
11002
+ * (string) - The latest point in time to which data has been replicated
11003
+ */
11004
+ replicationPoint: string;
11005
+ /**
11006
+ * (string) - Aggregate state of the failover group. Possible values are: `ACTIVE`, `CREATING`, `CREATION_FAILED`, `DELETING`, `DELETION_FAILED`, `FAILING_OVER`, `FAILOVER_FAILED`, `INITIAL_REPLICATION`
11007
+ */
11008
+ state: string;
11009
+ /**
11010
+ * (UcReplicationConfig) - Unity Catalog replication configuration
11011
+ */
11012
+ unityCatalogAssets: outputs.GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssets;
11013
+ /**
11014
+ * (string) - Time at which this failover group was last modified
11015
+ */
11016
+ updateTime: string;
11017
+ /**
11018
+ * (list of WorkspaceSet) - Workspace sets, each containing workspaces that replicate to each other
11019
+ */
11020
+ workspaceSets: outputs.GetDisasterRecoveryFailoverGroupsFailoverGroupWorkspaceSet[];
11021
+ }
11022
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssets {
11023
+ /**
11024
+ * (list of UcCatalog) - UC catalogs to replicate
11025
+ */
11026
+ catalogs: outputs.GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsCatalog[];
11027
+ /**
11028
+ * (string) - The workspace set whose workspaces will be used for data replication
11029
+ * of all UC catalogs' underlying storage
11030
+ */
11031
+ dataReplicationWorkspaceSet: string;
11032
+ /**
11033
+ * (list of LocationMapping) - Location mappings - storage URI per region for each location
11034
+ */
11035
+ locationMappings?: outputs.GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsLocationMapping[];
11036
+ }
11037
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsCatalog {
11038
+ /**
11039
+ * (string) - Resource name for this workspace set
11040
+ */
11041
+ name: string;
11042
+ }
11043
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsLocationMapping {
11044
+ /**
11045
+ * (string) - Resource name for this workspace set
11046
+ */
11047
+ name: string;
11048
+ /**
11049
+ * (list of LocationMappingEntry) - URI for each region. Each entry maps a region name to a storage URI
11050
+ */
11051
+ uriByRegions: outputs.GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion[];
11052
+ }
11053
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroupUnityCatalogAssetsLocationMappingUriByRegion {
11054
+ /**
11055
+ * (string) - The region name
11056
+ */
11057
+ region: string;
11058
+ /**
11059
+ * (string) - The storage URI for this region
11060
+ */
11061
+ uri: string;
11062
+ }
11063
+ export interface GetDisasterRecoveryFailoverGroupsFailoverGroupWorkspaceSet {
11064
+ /**
11065
+ * (string) - Resource name for this workspace set
11066
+ */
11067
+ name: string;
11068
+ /**
11069
+ * (boolean) - Whether to enable control plane DR (notebooks, jobs, clusters, etc.) for this set.
11070
+ * Requires all workspaces in the set to be Mission Critical tier
11071
+ */
11072
+ replicateWorkspaceAssets: boolean;
11073
+ /**
11074
+ * (list of string) - Resource names of stable URLs associated with this workspace set.
11075
+ * Format: accounts/{account_id}/stable-urls/{stable_url_id}.
11076
+ * The referenced stable URLs must already exist (via CreateStableUrl)
11077
+ */
11078
+ stableUrlNames?: string[];
11079
+ /**
11080
+ * (list of string) - Workspace IDs in this set. The system derives and validates regions.
11081
+ * EA: exactly 2 workspaces (one per region)
11082
+ */
11083
+ workspaceIds: string[];
11084
+ }
11085
+ export interface GetDisasterRecoveryStableUrlsStableUrl {
11086
+ /**
11087
+ * (string) - The workspace this stable URL is initially bound to. Used only in Create
11088
+ * requests to associate the stable URL with a workspace. Not returned in
11089
+ * responses. Mirrors FailoverGroup.initial_primary_region semantics
11090
+ */
11091
+ initialWorkspaceId: string;
11092
+ /**
11093
+ * (string) - Fully qualified resource name.
11094
+ * Format: accounts/{account_id}/stable-urls/{stable_url_id}
11095
+ */
11096
+ name: string;
11097
+ /**
11098
+ * (string) - The stable URL endpoint. Generated by the backend on creation and
11099
+ * immutable thereafter. For non-Private-Link workspaces this is
11100
+ * `https://<spog_host>/?c=<connection_id>`. For Private-Link workspaces
11101
+ * this is the per-connection hostname
11102
+ */
11103
+ url: string;
11104
+ }
8729
11105
  export interface GetEndpointAzurePrivateEndpointInfo {
8730
11106
  /**
8731
11107
  * (string) - The name of the Private Endpoint in the Azure subscription
@@ -10090,8 +12466,13 @@ export interface GetFeatureEngineeringKafkaConfigAuthConfig {
10090
12466
  }
10091
12467
  export interface GetFeatureEngineeringKafkaConfigBackfillSource {
10092
12468
  /**
10093
- * (DeltaTableSource) - The Delta table source containing the historic data to backfill.
10094
- * Only the delta table name is used for backfill, the entity columns and timeseries column are ignored as they are defined by the associated KafkaSource
12469
+ * (string) - The full three-part name (catalog, schema, name) of the Delta table containing the historical data to backfill
12470
+ */
12471
+ deltaTableName?: string;
12472
+ /**
12473
+ * (DeltaTableSource, deprecated) - Deprecated: Use deltaTableName instead. Kept for backwards compatibility.
12474
+ * The Delta table source containing the historical data to backfill.
12475
+ * Only the delta table name is used for backfill, other fields are ignored
10095
12476
  */
10096
12477
  deltaTableSource?: outputs.GetFeatureEngineeringKafkaConfigBackfillSourceDeltaTableSource;
10097
12478
  }
@@ -10211,8 +12592,13 @@ export interface GetFeatureEngineeringKafkaConfigsKafkaConfigAuthConfig {
10211
12592
  }
10212
12593
  export interface GetFeatureEngineeringKafkaConfigsKafkaConfigBackfillSource {
10213
12594
  /**
10214
- * (DeltaTableSource) - The Delta table source containing the historic data to backfill.
10215
- * Only the delta table name is used for backfill, the entity columns and timeseries column are ignored as they are defined by the associated KafkaSource
12595
+ * (string) - The full three-part name (catalog, schema, name) of the Delta table containing the historical data to backfill
12596
+ */
12597
+ deltaTableName?: string;
12598
+ /**
12599
+ * (DeltaTableSource, deprecated) - Deprecated: Use deltaTableName instead. Kept for backwards compatibility.
12600
+ * The Delta table source containing the historical data to backfill.
12601
+ * Only the delta table name is used for backfill, other fields are ignored
10216
12602
  */
10217
12603
  deltaTableSource?: outputs.GetFeatureEngineeringKafkaConfigsKafkaConfigBackfillSourceDeltaTableSource;
10218
12604
  }
@@ -11063,7 +13449,7 @@ export interface GetJobJobSettingsSettingsLibrary {
11063
13449
  /**
11064
13450
  * Configure the provider for management through account provider. This block consists of the following fields:
11065
13451
  */
11066
- providerConfig?: outputs.GetJobJobSettingsSettingsLibraryProviderConfig;
13452
+ providerConfig: outputs.GetJobJobSettingsSettingsLibraryProviderConfig;
11067
13453
  pypi?: outputs.GetJobJobSettingsSettingsLibraryPypi;
11068
13454
  requirements?: string;
11069
13455
  whl?: string;
@@ -11463,7 +13849,7 @@ export interface GetJobJobSettingsSettingsTaskForEachTaskTaskLibrary {
11463
13849
  /**
11464
13850
  * Configure the provider for management through account provider. This block consists of the following fields:
11465
13851
  */
11466
- providerConfig?: outputs.GetJobJobSettingsSettingsTaskForEachTaskTaskLibraryProviderConfig;
13852
+ providerConfig: outputs.GetJobJobSettingsSettingsTaskForEachTaskTaskLibraryProviderConfig;
11467
13853
  pypi?: outputs.GetJobJobSettingsSettingsTaskForEachTaskTaskLibraryPypi;
11468
13854
  requirements?: string;
11469
13855
  whl?: string;
@@ -11787,7 +14173,7 @@ export interface GetJobJobSettingsSettingsTaskLibrary {
11787
14173
  /**
11788
14174
  * Configure the provider for management through account provider. This block consists of the following fields:
11789
14175
  */
11790
- providerConfig?: outputs.GetJobJobSettingsSettingsTaskLibraryProviderConfig;
14176
+ providerConfig: outputs.GetJobJobSettingsSettingsTaskLibraryProviderConfig;
11791
14177
  pypi?: outputs.GetJobJobSettingsSettingsTaskLibraryPypi;
11792
14178
  requirements?: string;
11793
14179
  whl?: string;
@@ -12544,7 +14930,9 @@ export interface GetMlflowModelsProviderConfig {
12544
14930
  }
12545
14931
  export interface GetMwsCredentialsProviderConfig {
12546
14932
  /**
12547
- * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
14933
+ * Ignored. This data source always operates against the account configured on the provider.
14934
+ *
14935
+ * @deprecated workspace_id is ignored for account-only resources.
12548
14936
  */
12549
14937
  workspaceId: string;
12550
14938
  }
@@ -12681,7 +15069,9 @@ export interface GetMwsNetworkConnectivityConfigEgressConfigTargetRulesAzurePriv
12681
15069
  }
12682
15070
  export interface GetMwsWorkspacesProviderConfig {
12683
15071
  /**
12684
- * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
15072
+ * Ignored. This data source always operates against the account configured on the provider.
15073
+ *
15074
+ * @deprecated workspace_id is ignored for account-only resources.
12685
15075
  */
12686
15076
  workspaceId: string;
12687
15077
  }
@@ -14980,94 +17370,197 @@ export interface GetRfaAccessRequestDestinationsSecurable {
14980
17370
  */
14981
17371
  type?: string;
14982
17372
  }
14983
- export interface GetSchemaProviderConfig {
17373
+ export interface GetSchemaProviderConfig {
17374
+ /**
17375
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
17376
+ */
17377
+ workspaceId: string;
17378
+ }
17379
+ export interface GetSchemaSchemaInfo {
17380
+ /**
17381
+ * indicates whether the principal is limited to retrieving metadata for the schema through the BROWSE privilege.
17382
+ */
17383
+ browseOnly?: boolean;
17384
+ /**
17385
+ * the name of the catalog where the schema is.
17386
+ */
17387
+ catalogName?: string;
17388
+ /**
17389
+ * the type of the parent catalog.
17390
+ */
17391
+ catalogType?: string;
17392
+ /**
17393
+ * the comment attached to the volume
17394
+ */
17395
+ comment?: string;
17396
+ /**
17397
+ * time at which this schema was created, in epoch milliseconds.
17398
+ */
17399
+ createdAt?: number;
17400
+ /**
17401
+ * username of schema creator.
17402
+ */
17403
+ createdBy?: string;
17404
+ /**
17405
+ * information about actual state of predictive optimization.
17406
+ */
17407
+ effectivePredictiveOptimizationFlag?: outputs.GetSchemaSchemaInfoEffectivePredictiveOptimizationFlag;
17408
+ /**
17409
+ * whether predictive optimization should be enabled for this object and objects under it.
17410
+ */
17411
+ enablePredictiveOptimization?: string;
17412
+ /**
17413
+ * the two-level (fully qualified) name of the schema
17414
+ */
17415
+ fullName?: string;
17416
+ /**
17417
+ * the unique identifier of the metastore
17418
+ */
17419
+ metastoreId?: string;
17420
+ /**
17421
+ * a fully qualified name of databricks_schema: *`catalog`.`schema`*
17422
+ */
17423
+ name?: string;
17424
+ /**
17425
+ * the identifier of the user who owns the schema
17426
+ */
17427
+ owner?: string;
17428
+ /**
17429
+ * map of properties set on the schema
17430
+ */
17431
+ properties?: {
17432
+ [key: string]: string;
17433
+ };
17434
+ /**
17435
+ * the unique identifier of the schema
17436
+ */
17437
+ schemaId?: string;
17438
+ /**
17439
+ * the storage location on the cloud.
17440
+ */
17441
+ storageLocation?: string;
17442
+ /**
17443
+ * storage root URL for managed tables within schema.
17444
+ */
17445
+ storageRoot?: string;
17446
+ /**
17447
+ * the timestamp of the last time changes were made to the schema
17448
+ */
17449
+ updatedAt?: number;
17450
+ /**
17451
+ * the identifier of the user who updated the schema last time
17452
+ */
17453
+ updatedBy?: string;
17454
+ }
17455
+ export interface GetSchemaSchemaInfoEffectivePredictiveOptimizationFlag {
17456
+ inheritedFromName?: string;
17457
+ inheritedFromType?: string;
17458
+ value: string;
17459
+ }
17460
+ export interface GetSchemasProviderConfig {
17461
+ /**
17462
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
17463
+ */
17464
+ workspaceId: string;
17465
+ }
17466
+ export interface GetSecretUcProviderConfig {
17467
+ /**
17468
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
17469
+ */
17470
+ workspaceId: string;
17471
+ }
17472
+ export interface GetSecretUcsProviderConfig {
14984
17473
  /**
14985
17474
  * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
14986
17475
  */
14987
17476
  workspaceId: string;
14988
17477
  }
14989
- export interface GetSchemaSchemaInfo {
17478
+ export interface GetSecretUcsSecret {
14990
17479
  /**
14991
- * indicates whether the principal is limited to retrieving metadata for the schema through the BROWSE privilege.
17480
+ * (boolean) - Indicates whether the principal is limited to retrieving metadata for the associated object
17481
+ * through the **BROWSE** privilege when **include_browse** is enabled in the request
14992
17482
  */
14993
- browseOnly?: boolean;
17483
+ browseOnly: boolean;
14994
17484
  /**
14995
- * the name of the catalog where the schema is.
17485
+ * The name of the catalog under which to list secrets. Both **catalog_name** and
17486
+ * **schema_name** must be specified together
14996
17487
  */
14997
- catalogName?: string;
17488
+ catalogName: string;
14998
17489
  /**
14999
- * the type of the parent catalog.
17490
+ * (string) - User-provided free-form text description of the secret
15000
17491
  */
15001
- catalogType?: string;
17492
+ comment: string;
15002
17493
  /**
15003
- * the comment attached to the volume
17494
+ * (string) - The time at which this secret was created
15004
17495
  */
15005
- comment?: string;
17496
+ createTime: string;
15006
17497
  /**
15007
- * time at which this schema was created, in epoch milliseconds.
17498
+ * (string) - The principal that created the secret
15008
17499
  */
15009
- createdAt?: number;
17500
+ createdBy: string;
15010
17501
  /**
15011
- * username of schema creator.
17502
+ * (string) - The effective owner of the secret, which may differ from the directly-set **owner** due to
17503
+ * inheritance
15012
17504
  */
15013
- createdBy?: string;
17505
+ effectiveOwner: string;
15014
17506
  /**
15015
- * information about actual state of predictive optimization.
17507
+ * (string) - The secret value. Only populated in responses when you have the **READ_SECRET**
17508
+ * privilege and **include_value** is set to true in the request. The maximum size is 60 KiB
15016
17509
  */
15017
- effectivePredictiveOptimizationFlag?: outputs.GetSchemaSchemaInfoEffectivePredictiveOptimizationFlag;
17510
+ effectiveValue: string;
15018
17511
  /**
15019
- * whether predictive optimization should be enabled for this object and objects under it.
17512
+ * (string) - User-provided expiration time of the secret. This field indicates when the secret should no
17513
+ * longer be used and may be displayed as a warning in the UI. It is purely informational and
17514
+ * does not trigger any automatic actions or affect the secret's lifecycle
15020
17515
  */
15021
- enablePredictiveOptimization?: string;
17516
+ expireTime: string;
15022
17517
  /**
15023
- * the two-level (fully qualified) name of the schema
17518
+ * (string)
15024
17519
  */
15025
- fullName?: string;
17520
+ externalSecretId: string;
15026
17521
  /**
15027
- * the unique identifier of the metastore
17522
+ * (string) - The three-level (fully qualified) name of the secret, in the form of **catalog_name.schema_name.secret_name**
15028
17523
  */
15029
- metastoreId?: string;
17524
+ fullName: string;
15030
17525
  /**
15031
- * a fully qualified name of databricks_schema: *`catalog`.`schema`*
17526
+ * (string) - Unique identifier of the metastore hosting the secret
15032
17527
  */
15033
- name?: string;
17528
+ metastoreId: string;
15034
17529
  /**
15035
- * the identifier of the user who owns the schema
17530
+ * (string) - The name of the secret, relative to its parent schema
15036
17531
  */
15037
- owner?: string;
17532
+ name: string;
15038
17533
  /**
15039
- * map of properties set on the schema
17534
+ * (string) - The owner of the secret. Defaults to the creating principal on creation. Can be updated to
17535
+ * transfer ownership of the secret to another principal
15040
17536
  */
15041
- properties?: {
15042
- [key: string]: string;
15043
- };
17537
+ owner: string;
15044
17538
  /**
15045
- * the unique identifier of the schema
17539
+ * Configure the provider for management through account provider.
15046
17540
  */
15047
- schemaId?: string;
17541
+ providerConfig?: outputs.GetSecretUcsSecretProviderConfig;
15048
17542
  /**
15049
- * the storage location on the cloud.
17543
+ * The name of the schema under which to list secrets. Both **catalog_name** and
17544
+ * **schema_name** must be specified together
15050
17545
  */
15051
- storageLocation?: string;
17546
+ schemaName: string;
15052
17547
  /**
15053
- * storage root URL for managed tables within schema.
17548
+ * (string) - The time at which this secret was last updated
15054
17549
  */
15055
- storageRoot?: string;
17550
+ updateTime: string;
15056
17551
  /**
15057
- * the timestamp of the last time changes were made to the schema
17552
+ * (string) - The principal that last updated the secret
15058
17553
  */
15059
- updatedAt?: number;
17554
+ updatedBy: string;
15060
17555
  /**
15061
- * the identifier of the user who updated the schema last time
17556
+ * (string) - The secret value to store. This field is input-only and is not returned in responses — use
17557
+ * the **effective_value** field (via GetSecret with **include_value** set to true) to read the
17558
+ * secret value. The maximum size is 60 KiB (pre-encryption). Accepted content includes
17559
+ * passwords, tokens, keys, and other sensitive credential data
15062
17560
  */
15063
- updatedBy?: string;
15064
- }
15065
- export interface GetSchemaSchemaInfoEffectivePredictiveOptimizationFlag {
15066
- inheritedFromName?: string;
15067
- inheritedFromType?: string;
15068
17561
  value: string;
15069
17562
  }
15070
- export interface GetSchemasProviderConfig {
17563
+ export interface GetSecretUcsSecretProviderConfig {
15071
17564
  /**
15072
17565
  * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
15073
17566
  */
@@ -15669,6 +18162,223 @@ export interface GetStorageCredentialsProviderConfig {
15669
18162
  */
15670
18163
  workspaceId: string;
15671
18164
  }
18165
+ export interface GetSupervisorAgentProviderConfig {
18166
+ /**
18167
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18168
+ */
18169
+ workspaceId: string;
18170
+ }
18171
+ export interface GetSupervisorAgentToolApp {
18172
+ /**
18173
+ * Full resource name:
18174
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
18175
+ */
18176
+ name: string;
18177
+ }
18178
+ export interface GetSupervisorAgentToolGenieSpace {
18179
+ /**
18180
+ * (string) - The ID of the genie space
18181
+ */
18182
+ id: string;
18183
+ }
18184
+ export interface GetSupervisorAgentToolKnowledgeAssistant {
18185
+ /**
18186
+ * (string) - The ID of the knowledge assistant
18187
+ */
18188
+ knowledgeAssistantId: string;
18189
+ /**
18190
+ * (string, deprecated) - Deprecated: use knowledgeAssistantId instead
18191
+ */
18192
+ servingEndpointName?: string;
18193
+ }
18194
+ export interface GetSupervisorAgentToolProviderConfig {
18195
+ /**
18196
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18197
+ */
18198
+ workspaceId: string;
18199
+ }
18200
+ export interface GetSupervisorAgentToolUcConnection {
18201
+ /**
18202
+ * Full resource name:
18203
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
18204
+ */
18205
+ name: string;
18206
+ }
18207
+ export interface GetSupervisorAgentToolUcFunction {
18208
+ /**
18209
+ * Full resource name:
18210
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
18211
+ */
18212
+ name: string;
18213
+ }
18214
+ export interface GetSupervisorAgentToolVolume {
18215
+ /**
18216
+ * Full resource name:
18217
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
18218
+ */
18219
+ name: string;
18220
+ }
18221
+ export interface GetSupervisorAgentToolsProviderConfig {
18222
+ /**
18223
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18224
+ */
18225
+ workspaceId: string;
18226
+ }
18227
+ export interface GetSupervisorAgentToolsTool {
18228
+ /**
18229
+ * (App)
18230
+ */
18231
+ app: outputs.GetSupervisorAgentToolsToolApp;
18232
+ /**
18233
+ * (string) - Description of what this tool does (user-facing)
18234
+ */
18235
+ description: string;
18236
+ /**
18237
+ * (GenieSpace)
18238
+ */
18239
+ genieSpace: outputs.GetSupervisorAgentToolsToolGenieSpace;
18240
+ /**
18241
+ * (string) - The ID of the genie space
18242
+ */
18243
+ id: string;
18244
+ /**
18245
+ * (KnowledgeAssistant)
18246
+ */
18247
+ knowledgeAssistant: outputs.GetSupervisorAgentToolsToolKnowledgeAssistant;
18248
+ /**
18249
+ * (string) - Full uc volume name
18250
+ */
18251
+ name: string;
18252
+ /**
18253
+ * Configure the provider for management through account provider.
18254
+ */
18255
+ providerConfig?: outputs.GetSupervisorAgentToolsToolProviderConfig;
18256
+ /**
18257
+ * (string) - User specified id of the Tool
18258
+ */
18259
+ toolId: string;
18260
+ /**
18261
+ * (string) - Tool type. Must be one of: "genieSpace", "knowledgeAssistant", "ucFunction", "ucConnection", "app", "volume", "lakeviewDashboard", "servingEndpoint", "ucTable", "vectorSearchIndex", "catalog", "schema", "supervisorAgent", "webSearch"
18262
+ */
18263
+ toolType: string;
18264
+ /**
18265
+ * (UcConnection)
18266
+ */
18267
+ ucConnection: outputs.GetSupervisorAgentToolsToolUcConnection;
18268
+ /**
18269
+ * (UcFunction)
18270
+ */
18271
+ ucFunction: outputs.GetSupervisorAgentToolsToolUcFunction;
18272
+ /**
18273
+ * (Volume)
18274
+ */
18275
+ volume: outputs.GetSupervisorAgentToolsToolVolume;
18276
+ }
18277
+ export interface GetSupervisorAgentToolsToolApp {
18278
+ /**
18279
+ * (string) - Full uc volume name
18280
+ */
18281
+ name: string;
18282
+ }
18283
+ export interface GetSupervisorAgentToolsToolGenieSpace {
18284
+ /**
18285
+ * (string) - The ID of the genie space
18286
+ */
18287
+ id: string;
18288
+ }
18289
+ export interface GetSupervisorAgentToolsToolKnowledgeAssistant {
18290
+ /**
18291
+ * (string) - The ID of the knowledge assistant
18292
+ */
18293
+ knowledgeAssistantId: string;
18294
+ /**
18295
+ * (string, deprecated) - Deprecated: use knowledgeAssistantId instead
18296
+ */
18297
+ servingEndpointName?: string;
18298
+ }
18299
+ export interface GetSupervisorAgentToolsToolProviderConfig {
18300
+ /**
18301
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18302
+ */
18303
+ workspaceId: string;
18304
+ }
18305
+ export interface GetSupervisorAgentToolsToolUcConnection {
18306
+ /**
18307
+ * (string) - Full uc volume name
18308
+ */
18309
+ name: string;
18310
+ }
18311
+ export interface GetSupervisorAgentToolsToolUcFunction {
18312
+ /**
18313
+ * (string) - Full uc volume name
18314
+ */
18315
+ name: string;
18316
+ }
18317
+ export interface GetSupervisorAgentToolsToolVolume {
18318
+ /**
18319
+ * (string) - Full uc volume name
18320
+ */
18321
+ name: string;
18322
+ }
18323
+ export interface GetSupervisorAgentsProviderConfig {
18324
+ /**
18325
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18326
+ */
18327
+ workspaceId: string;
18328
+ }
18329
+ export interface GetSupervisorAgentsSupervisorAgent {
18330
+ /**
18331
+ * (string) - Creation timestamp
18332
+ */
18333
+ createTime: string;
18334
+ /**
18335
+ * (string) - The creator of the Supervisor Agent
18336
+ */
18337
+ creator: string;
18338
+ /**
18339
+ * (string) - Description of what this agent can do (user-facing)
18340
+ */
18341
+ description: string;
18342
+ /**
18343
+ * (string) - The display name of the Supervisor Agent, unique at workspace level
18344
+ */
18345
+ displayName: string;
18346
+ /**
18347
+ * (string) - The name of the supervisor agent's serving endpoint
18348
+ */
18349
+ endpointName: string;
18350
+ /**
18351
+ * (string) - The MLflow experiment ID
18352
+ */
18353
+ experimentId: string;
18354
+ /**
18355
+ * (string, deprecated) - Deprecated: Use supervisorAgentId instead
18356
+ */
18357
+ id: string;
18358
+ /**
18359
+ * (string) - Optional natural-language instructions for the supervisor agent
18360
+ */
18361
+ instructions: string;
18362
+ /**
18363
+ * (string) - The resource name of the SupervisorAgent.
18364
+ * Format: supervisor-agents/{supervisor_agent_id}
18365
+ */
18366
+ name: string;
18367
+ /**
18368
+ * Configure the provider for management through account provider.
18369
+ */
18370
+ providerConfig?: outputs.GetSupervisorAgentsSupervisorAgentProviderConfig;
18371
+ /**
18372
+ * (string) - The universally unique identifier (UUID) of the Supervisor Agent
18373
+ */
18374
+ supervisorAgentId: string;
18375
+ }
18376
+ export interface GetSupervisorAgentsSupervisorAgentProviderConfig {
18377
+ /**
18378
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
18379
+ */
18380
+ workspaceId: string;
18381
+ }
15672
18382
  export interface GetTableProviderConfig {
15673
18383
  /**
15674
18384
  * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
@@ -16812,7 +19522,7 @@ export interface JobJobClusterNewCluster {
16812
19522
  /**
16813
19523
  * Configure the provider for management through account provider. This block consists of the following fields:
16814
19524
  */
16815
- providerConfig?: outputs.JobJobClusterNewClusterProviderConfig;
19525
+ providerConfig: outputs.JobJobClusterNewClusterProviderConfig;
16816
19526
  remoteDiskThroughput?: number;
16817
19527
  runtimeEngine?: string;
16818
19528
  singleUserName?: string;
@@ -16904,6 +19614,7 @@ export interface JobJobClusterNewClusterDriverNodeTypeFlexibility {
16904
19614
  export interface JobJobClusterNewClusterGcpAttributes {
16905
19615
  availability?: string;
16906
19616
  bootDiskSize?: number;
19617
+ confidentialComputeType?: string;
16907
19618
  firstOnDemand?: number;
16908
19619
  googleServiceAccount?: string;
16909
19620
  localSsdCount?: number;
@@ -16963,7 +19674,7 @@ export interface JobJobClusterNewClusterLibrary {
16963
19674
  /**
16964
19675
  * Configure the provider for management through account provider. This block consists of the following fields:
16965
19676
  */
16966
- providerConfig?: outputs.JobJobClusterNewClusterLibraryProviderConfig;
19677
+ providerConfig: outputs.JobJobClusterNewClusterLibraryProviderConfig;
16967
19678
  pypi?: outputs.JobJobClusterNewClusterLibraryPypi;
16968
19679
  requirements?: string;
16969
19680
  whl?: string;
@@ -17014,7 +19725,7 @@ export interface JobLibrary {
17014
19725
  /**
17015
19726
  * Configure the provider for management through account provider. This block consists of the following fields:
17016
19727
  */
17017
- providerConfig?: outputs.JobLibraryProviderConfig;
19728
+ providerConfig: outputs.JobLibraryProviderConfig;
17018
19729
  pypi?: outputs.JobLibraryPypi;
17019
19730
  requirements?: string;
17020
19731
  whl?: string;
@@ -17073,7 +19784,7 @@ export interface JobNewCluster {
17073
19784
  /**
17074
19785
  * Configure the provider for management through account provider. This block consists of the following fields:
17075
19786
  */
17076
- providerConfig?: outputs.JobNewClusterProviderConfig;
19787
+ providerConfig: outputs.JobNewClusterProviderConfig;
17077
19788
  remoteDiskThroughput?: number;
17078
19789
  runtimeEngine?: string;
17079
19790
  singleUserName?: string;
@@ -17165,6 +19876,7 @@ export interface JobNewClusterDriverNodeTypeFlexibility {
17165
19876
  export interface JobNewClusterGcpAttributes {
17166
19877
  availability?: string;
17167
19878
  bootDiskSize?: number;
19879
+ confidentialComputeType?: string;
17168
19880
  firstOnDemand?: number;
17169
19881
  googleServiceAccount?: string;
17170
19882
  localSsdCount?: number;
@@ -17224,7 +19936,7 @@ export interface JobNewClusterLibrary {
17224
19936
  /**
17225
19937
  * Configure the provider for management through account provider. This block consists of the following fields:
17226
19938
  */
17227
- providerConfig?: outputs.JobNewClusterLibraryProviderConfig;
19939
+ providerConfig: outputs.JobNewClusterLibraryProviderConfig;
17228
19940
  pypi?: outputs.JobNewClusterLibraryPypi;
17229
19941
  requirements?: string;
17230
19942
  whl?: string;
@@ -18081,7 +20793,7 @@ export interface JobTaskForEachTaskTaskLibrary {
18081
20793
  /**
18082
20794
  * Configure the provider for management through account provider. This block consists of the following fields:
18083
20795
  */
18084
- providerConfig?: outputs.JobTaskForEachTaskTaskLibraryProviderConfig;
20796
+ providerConfig: outputs.JobTaskForEachTaskTaskLibraryProviderConfig;
18085
20797
  pypi?: outputs.JobTaskForEachTaskTaskLibraryPypi;
18086
20798
  requirements?: string;
18087
20799
  whl?: string;
@@ -18140,7 +20852,7 @@ export interface JobTaskForEachTaskTaskNewCluster {
18140
20852
  /**
18141
20853
  * Configure the provider for management through account provider. This block consists of the following fields:
18142
20854
  */
18143
- providerConfig?: outputs.JobTaskForEachTaskTaskNewClusterProviderConfig;
20855
+ providerConfig: outputs.JobTaskForEachTaskTaskNewClusterProviderConfig;
18144
20856
  remoteDiskThroughput?: number;
18145
20857
  runtimeEngine?: string;
18146
20858
  singleUserName?: string;
@@ -18232,6 +20944,7 @@ export interface JobTaskForEachTaskTaskNewClusterDriverNodeTypeFlexibility {
18232
20944
  export interface JobTaskForEachTaskTaskNewClusterGcpAttributes {
18233
20945
  availability?: string;
18234
20946
  bootDiskSize?: number;
20947
+ confidentialComputeType?: string;
18235
20948
  firstOnDemand?: number;
18236
20949
  googleServiceAccount?: string;
18237
20950
  localSsdCount?: number;
@@ -18291,7 +21004,7 @@ export interface JobTaskForEachTaskTaskNewClusterLibrary {
18291
21004
  /**
18292
21005
  * Configure the provider for management through account provider. This block consists of the following fields:
18293
21006
  */
18294
- providerConfig?: outputs.JobTaskForEachTaskTaskNewClusterLibraryProviderConfig;
21007
+ providerConfig: outputs.JobTaskForEachTaskTaskNewClusterLibraryProviderConfig;
18295
21008
  pypi?: outputs.JobTaskForEachTaskTaskNewClusterLibraryPypi;
18296
21009
  requirements?: string;
18297
21010
  whl?: string;
@@ -18769,7 +21482,7 @@ export interface JobTaskLibrary {
18769
21482
  /**
18770
21483
  * Configure the provider for management through account provider. This block consists of the following fields:
18771
21484
  */
18772
- providerConfig?: outputs.JobTaskLibraryProviderConfig;
21485
+ providerConfig: outputs.JobTaskLibraryProviderConfig;
18773
21486
  pypi?: outputs.JobTaskLibraryPypi;
18774
21487
  requirements?: string;
18775
21488
  whl?: string;
@@ -18829,7 +21542,7 @@ export interface JobTaskNewCluster {
18829
21542
  /**
18830
21543
  * Configure the provider for management through account provider. This block consists of the following fields:
18831
21544
  */
18832
- providerConfig?: outputs.JobTaskNewClusterProviderConfig;
21545
+ providerConfig: outputs.JobTaskNewClusterProviderConfig;
18833
21546
  remoteDiskThroughput?: number;
18834
21547
  runtimeEngine?: string;
18835
21548
  singleUserName?: string;
@@ -18921,6 +21634,7 @@ export interface JobTaskNewClusterDriverNodeTypeFlexibility {
18921
21634
  export interface JobTaskNewClusterGcpAttributes {
18922
21635
  availability?: string;
18923
21636
  bootDiskSize?: number;
21637
+ confidentialComputeType?: string;
18924
21638
  firstOnDemand?: number;
18925
21639
  googleServiceAccount?: string;
18926
21640
  localSsdCount?: number;
@@ -18980,7 +21694,7 @@ export interface JobTaskNewClusterLibrary {
18980
21694
  /**
18981
21695
  * Configure the provider for management through account provider. This block consists of the following fields:
18982
21696
  */
18983
- providerConfig?: outputs.JobTaskNewClusterLibraryProviderConfig;
21697
+ providerConfig: outputs.JobTaskNewClusterLibraryProviderConfig;
18984
21698
  pypi?: outputs.JobTaskNewClusterLibraryPypi;
18985
21699
  requirements?: string;
18986
21700
  whl?: string;
@@ -20755,11 +23469,11 @@ export interface MwsNetworksGcpNetworkInfo {
20755
23469
  */
20756
23470
  networkProjectId: string;
20757
23471
  /**
20758
- * @deprecated gcp_network_info.pod_ip_range_name is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.113.0/docs/guides/gcp-workspace#creating-a-vpc
23472
+ * @deprecated gcp_network_info.pod_ip_range_name is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.115.0/docs/guides/gcp-workspace#creating-a-vpc
20759
23473
  */
20760
23474
  podIpRangeName?: string;
20761
23475
  /**
20762
- * @deprecated gcp_network_info.service_ip_range_name is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.113.0/docs/guides/gcp-workspace#creating-a-vpc
23476
+ * @deprecated gcp_network_info.service_ip_range_name is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.115.0/docs/guides/gcp-workspace#creating-a-vpc
20763
23477
  */
20764
23478
  serviceIpRangeName?: string;
20765
23479
  /**
@@ -20820,11 +23534,11 @@ export interface MwsWorkspacesExternalCustomerInfo {
20820
23534
  }
20821
23535
  export interface MwsWorkspacesGcpManagedNetworkConfig {
20822
23536
  /**
20823
- * @deprecated gcp_managed_network_config.gke_cluster_pod_ip_range is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.113.0/docs/guides/gcp-workspace#creating-a-databricks-workspace
23537
+ * @deprecated gcp_managed_network_config.gke_cluster_pod_ip_range is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.115.0/docs/guides/gcp-workspace#creating-a-databricks-workspace
20824
23538
  */
20825
23539
  gkeClusterPodIpRange?: string;
20826
23540
  /**
20827
- * @deprecated gcp_managed_network_config.gke_cluster_service_ip_range is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.113.0/docs/guides/gcp-workspace#creating-a-databricks-workspace
23541
+ * @deprecated gcp_managed_network_config.gke_cluster_service_ip_range is deprecated and will be removed in a future release. For more information, review the documentation at https://registry.terraform.io/providers/databricks/databricks/1.115.0/docs/guides/gcp-workspace#creating-a-databricks-workspace
20828
23542
  */
20829
23543
  gkeClusterServiceIpRange?: string;
20830
23544
  subnetCidr: string;
@@ -21167,6 +23881,7 @@ export interface PipelineClusterClusterLogConfVolumes {
21167
23881
  }
21168
23882
  export interface PipelineClusterGcpAttributes {
21169
23883
  availability?: string;
23884
+ confidentialComputeType?: string;
21170
23885
  firstOnDemand?: number;
21171
23886
  googleServiceAccount?: string;
21172
23887
  localSsdCount?: number;
@@ -21381,10 +24096,19 @@ export interface PipelineIngestionDefinitionObjectSchema {
21381
24096
  tableConfiguration?: outputs.PipelineIngestionDefinitionObjectSchemaTableConfiguration;
21382
24097
  }
21383
24098
  export interface PipelineIngestionDefinitionObjectSchemaConnectorOptions {
24099
+ confluenceOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsConfluenceOptions;
21384
24100
  gdriveOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsGdriveOptions;
21385
24101
  googleAdsOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsGoogleAdsOptions;
24102
+ jiraOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsJiraOptions;
24103
+ metaAdsOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsMetaAdsOptions;
24104
+ outlookOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsOutlookOptions;
21386
24105
  sharepointOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsSharepointOptions;
24106
+ smartsheetOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsSmartsheetOptions;
21387
24107
  tiktokAdsOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsTiktokAdsOptions;
24108
+ zendeskSupportOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsZendeskSupportOptions;
24109
+ }
24110
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsConfluenceOptions {
24111
+ includeConfluenceSpaces?: string[];
21388
24112
  }
21389
24113
  export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsGdriveOptions {
21390
24114
  entityType?: string;
@@ -21419,6 +24143,31 @@ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsGoogleAd
21419
24143
  managerAccountId: string;
21420
24144
  syncStartDate?: string;
21421
24145
  }
24146
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsJiraOptions {
24147
+ includeJiraSpaces?: string[];
24148
+ }
24149
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsMetaAdsOptions {
24150
+ actionAttributionWindows?: string[];
24151
+ actionBreakdowns?: string[];
24152
+ actionReportTime?: string;
24153
+ breakdowns?: string[];
24154
+ customInsightsLookbackWindow?: number;
24155
+ level?: string;
24156
+ startDate?: string;
24157
+ timeIncrement?: string;
24158
+ }
24159
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsOutlookOptions {
24160
+ attachmentMode?: string;
24161
+ bodyFormat?: string;
24162
+ folderFilters?: string[];
24163
+ includeFolders?: string[];
24164
+ includeMailboxes?: string[];
24165
+ includeSenders?: string[];
24166
+ includeSubjects?: string[];
24167
+ senderFilters?: string[];
24168
+ startDate?: string;
24169
+ subjectFilters?: string[];
24170
+ }
21422
24171
  export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsSharepointOptions {
21423
24172
  entityType?: string;
21424
24173
  fileIngestionOptions?: outputs.PipelineIngestionDefinitionObjectSchemaConnectorOptionsSharepointOptionsFileIngestionOptions;
@@ -21447,6 +24196,9 @@ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsSharepoi
21447
24196
  modifiedBefore?: string;
21448
24197
  pathFilter?: string;
21449
24198
  }
24199
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsSmartsheetOptions {
24200
+ enforceSchema?: boolean;
24201
+ }
21450
24202
  export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsTiktokAdsOptions {
21451
24203
  dataLevel?: string;
21452
24204
  dimensions?: string[];
@@ -21456,6 +24208,9 @@ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsTiktokAd
21456
24208
  reportType?: string;
21457
24209
  syncStartDate?: string;
21458
24210
  }
24211
+ export interface PipelineIngestionDefinitionObjectSchemaConnectorOptionsZendeskSupportOptions {
24212
+ startDate?: string;
24213
+ }
21459
24214
  export interface PipelineIngestionDefinitionObjectSchemaTableConfiguration {
21460
24215
  autoFullRefreshPolicy?: outputs.PipelineIngestionDefinitionObjectSchemaTableConfigurationAutoFullRefreshPolicy;
21461
24216
  excludeColumns?: string[];
@@ -21499,10 +24254,19 @@ export interface PipelineIngestionDefinitionObjectTable {
21499
24254
  tableConfiguration?: outputs.PipelineIngestionDefinitionObjectTableTableConfiguration;
21500
24255
  }
21501
24256
  export interface PipelineIngestionDefinitionObjectTableConnectorOptions {
24257
+ confluenceOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsConfluenceOptions;
21502
24258
  gdriveOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsGdriveOptions;
21503
24259
  googleAdsOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsGoogleAdsOptions;
24260
+ jiraOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsJiraOptions;
24261
+ metaAdsOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsMetaAdsOptions;
24262
+ outlookOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsOutlookOptions;
21504
24263
  sharepointOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsSharepointOptions;
24264
+ smartsheetOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsSmartsheetOptions;
21505
24265
  tiktokAdsOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsTiktokAdsOptions;
24266
+ zendeskSupportOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsZendeskSupportOptions;
24267
+ }
24268
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsConfluenceOptions {
24269
+ includeConfluenceSpaces?: string[];
21506
24270
  }
21507
24271
  export interface PipelineIngestionDefinitionObjectTableConnectorOptionsGdriveOptions {
21508
24272
  entityType?: string;
@@ -21537,6 +24301,31 @@ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsGoogleAds
21537
24301
  managerAccountId: string;
21538
24302
  syncStartDate?: string;
21539
24303
  }
24304
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsJiraOptions {
24305
+ includeJiraSpaces?: string[];
24306
+ }
24307
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsMetaAdsOptions {
24308
+ actionAttributionWindows?: string[];
24309
+ actionBreakdowns?: string[];
24310
+ actionReportTime?: string;
24311
+ breakdowns?: string[];
24312
+ customInsightsLookbackWindow?: number;
24313
+ level?: string;
24314
+ startDate?: string;
24315
+ timeIncrement?: string;
24316
+ }
24317
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsOutlookOptions {
24318
+ attachmentMode?: string;
24319
+ bodyFormat?: string;
24320
+ folderFilters?: string[];
24321
+ includeFolders?: string[];
24322
+ includeMailboxes?: string[];
24323
+ includeSenders?: string[];
24324
+ includeSubjects?: string[];
24325
+ senderFilters?: string[];
24326
+ startDate?: string;
24327
+ subjectFilters?: string[];
24328
+ }
21540
24329
  export interface PipelineIngestionDefinitionObjectTableConnectorOptionsSharepointOptions {
21541
24330
  entityType?: string;
21542
24331
  fileIngestionOptions?: outputs.PipelineIngestionDefinitionObjectTableConnectorOptionsSharepointOptionsFileIngestionOptions;
@@ -21565,6 +24354,9 @@ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsSharepoin
21565
24354
  modifiedBefore?: string;
21566
24355
  pathFilter?: string;
21567
24356
  }
24357
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsSmartsheetOptions {
24358
+ enforceSchema?: boolean;
24359
+ }
21568
24360
  export interface PipelineIngestionDefinitionObjectTableConnectorOptionsTiktokAdsOptions {
21569
24361
  dataLevel?: string;
21570
24362
  dimensions?: string[];
@@ -21574,6 +24366,9 @@ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsTiktokAds
21574
24366
  reportType?: string;
21575
24367
  syncStartDate?: string;
21576
24368
  }
24369
+ export interface PipelineIngestionDefinitionObjectTableConnectorOptionsZendeskSupportOptions {
24370
+ startDate?: string;
24371
+ }
21577
24372
  export interface PipelineIngestionDefinitionObjectTableTableConfiguration {
21578
24373
  autoFullRefreshPolicy?: outputs.PipelineIngestionDefinitionObjectTableTableConfigurationAutoFullRefreshPolicy;
21579
24374
  excludeColumns?: string[];
@@ -21611,6 +24406,7 @@ export interface PipelineIngestionDefinitionSourceConfiguration {
21611
24406
  * The name of default catalog in Unity Catalog. *Change of this parameter forces recreation of the pipeline if you switch from `storage` to `catalog` or vice versa. If pipeline was already created with `catalog` set, the value could be changed.* (Conflicts with `storage`).
21612
24407
  */
21613
24408
  catalog?: outputs.PipelineIngestionDefinitionSourceConfigurationCatalog;
24409
+ googleAdsConfig?: outputs.PipelineIngestionDefinitionSourceConfigurationGoogleAdsConfig;
21614
24410
  }
21615
24411
  export interface PipelineIngestionDefinitionSourceConfigurationCatalog {
21616
24412
  postgres?: outputs.PipelineIngestionDefinitionSourceConfigurationCatalogPostgres;
@@ -21623,6 +24419,9 @@ export interface PipelineIngestionDefinitionSourceConfigurationCatalogPostgresSl
21623
24419
  publicationName?: string;
21624
24420
  slotName?: string;
21625
24421
  }
24422
+ export interface PipelineIngestionDefinitionSourceConfigurationGoogleAdsConfig {
24423
+ managerAccountId?: string;
24424
+ }
21626
24425
  export interface PipelineIngestionDefinitionTableConfiguration {
21627
24426
  autoFullRefreshPolicy?: outputs.PipelineIngestionDefinitionTableConfigurationAutoFullRefreshPolicy;
21628
24427
  excludeColumns?: string[];
@@ -22985,6 +25784,12 @@ export interface SecretScopeProviderConfig {
22985
25784
  */
22986
25785
  workspaceId: string;
22987
25786
  }
25787
+ export interface SecretUcProviderConfig {
25788
+ /**
25789
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
25790
+ */
25791
+ workspaceId: string;
25792
+ }
22988
25793
  export interface ServicePrincipalFederationPolicyOidcPolicy {
22989
25794
  /**
22990
25795
  * The allowed token audiences, as specified in the 'aud' claim of federated tokens.
@@ -23531,6 +26336,60 @@ export interface StorageCredentialProviderConfig {
23531
26336
  */
23532
26337
  workspaceId: string;
23533
26338
  }
26339
+ export interface SupervisorAgentProviderConfig {
26340
+ /**
26341
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
26342
+ */
26343
+ workspaceId: string;
26344
+ }
26345
+ export interface SupervisorAgentToolApp {
26346
+ /**
26347
+ * App name
26348
+ */
26349
+ name: string;
26350
+ }
26351
+ export interface SupervisorAgentToolGenieSpace {
26352
+ /**
26353
+ * (string, deprecated) - Deprecated: Use toolId instead
26354
+ */
26355
+ id: string;
26356
+ }
26357
+ export interface SupervisorAgentToolKnowledgeAssistant {
26358
+ /**
26359
+ * The ID of the knowledge assistant
26360
+ */
26361
+ knowledgeAssistantId: string;
26362
+ /**
26363
+ * Deprecated: use knowledgeAssistantId instead
26364
+ */
26365
+ servingEndpointName?: string;
26366
+ }
26367
+ export interface SupervisorAgentToolProviderConfig {
26368
+ /**
26369
+ * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
26370
+ */
26371
+ workspaceId: string;
26372
+ }
26373
+ export interface SupervisorAgentToolUcConnection {
26374
+ /**
26375
+ * (string) - Full resource name:
26376
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
26377
+ */
26378
+ name: string;
26379
+ }
26380
+ export interface SupervisorAgentToolUcFunction {
26381
+ /**
26382
+ * (string) - Full resource name:
26383
+ * supervisor-agents/{supervisor_agent_id}/tools/{tool_id}
26384
+ */
26385
+ name: string;
26386
+ }
26387
+ export interface SupervisorAgentToolVolume {
26388
+ /**
26389
+ * Full uc volume name
26390
+ */
26391
+ name: string;
26392
+ }
23534
26393
  export interface SystemSchemaProviderConfig {
23535
26394
  /**
23536
26395
  * Workspace ID which the resource belongs to. This workspace must be part of the account which the provider is configured with.
@@ -23594,13 +26453,18 @@ export interface VectorSearchEndpointProviderConfig {
23594
26453
  workspaceId: string;
23595
26454
  }
23596
26455
  export interface VectorSearchEndpointScalingInfo {
23597
- requestedMinQps?: number;
26456
+ requestedTargetQps?: number;
23598
26457
  /**
23599
26458
  * Current state of the endpoint. Currently following values are supported: `PROVISIONING`, `ONLINE`, and `OFFLINE`.
23600
26459
  */
23601
26460
  state?: string;
23602
26461
  }
23603
26462
  export interface VectorSearchIndexDeltaSyncIndexSpec {
26463
+ columnsToIndices?: string[];
26464
+ /**
26465
+ * list of columns to sync. If not specified, all columns are syncronized.
26466
+ */
26467
+ columnsToSyncs?: string[];
23604
26468
  /**
23605
26469
  * array of objects representing columns that contain the embedding source. Each entry consists of:
23606
26470
  */