databricks-sdk 0.53.0__py3-none-any.whl → 0.55.0__py3-none-any.whl

databricks/sdk/service/iam.py

@@ -385,7 +385,10 @@ class GrantRule:
     """Role that is assigned to the list of principals."""
 
     principals: Optional[List[str]] = None
-    """Principals this grant rule applies to."""
+    """Principals this grant rule applies to. A principal can be a user (for end users), a service
+    principal (for applications and compute workloads), or an account group. Each principal has its
+    own identifier format: * users/<USERNAME> * groups/<GROUP_NAME> *
+    servicePrincipals/<SERVICE_PRINCIPAL_APPLICATION_ID>"""
 
     def as_dict(self) -> dict:
         """Serializes the GrantRule into a dictionary suitable for use as a JSON request body."""
@@ -1327,6 +1330,7 @@ class PermissionLevel(Enum):
 
     CAN_ATTACH_TO = "CAN_ATTACH_TO"
     CAN_BIND = "CAN_BIND"
+    CAN_CREATE = "CAN_CREATE"
     CAN_EDIT = "CAN_EDIT"
     CAN_EDIT_METADATA = "CAN_EDIT_METADATA"
     CAN_MANAGE = "CAN_MANAGE"
@@ -1334,6 +1338,7 @@ class PermissionLevel(Enum):
     CAN_MANAGE_RUN = "CAN_MANAGE_RUN"
     CAN_MANAGE_STAGING_VERSIONS = "CAN_MANAGE_STAGING_VERSIONS"
     CAN_MONITOR = "CAN_MONITOR"
+    CAN_MONITOR_ONLY = "CAN_MONITOR_ONLY"
     CAN_QUERY = "CAN_QUERY"
     CAN_READ = "CAN_READ"
     CAN_RESTART = "CAN_RESTART"
@@ -1410,50 +1415,6 @@ class PermissionsDescription:
         )
 
 
-@dataclass
-class PermissionsRequest:
-    access_control_list: Optional[List[AccessControlRequest]] = None
-
-    request_object_id: Optional[str] = None
-    """The id of the request object."""
-
-    request_object_type: Optional[str] = None
-    """The type of the request object. Can be one of the following: alerts, authorization, clusters,
-    cluster-policies, dashboards, dbsql-dashboards, directories, experiments, files, instance-pools,
-    jobs, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, or warehouses."""
-
-    def as_dict(self) -> dict:
-        """Serializes the PermissionsRequest into a dictionary suitable for use as a JSON request body."""
-        body = {}
-        if self.access_control_list:
-            body["access_control_list"] = [v.as_dict() for v in self.access_control_list]
-        if self.request_object_id is not None:
-            body["request_object_id"] = self.request_object_id
-        if self.request_object_type is not None:
-            body["request_object_type"] = self.request_object_type
-        return body
-
-    def as_shallow_dict(self) -> dict:
-        """Serializes the PermissionsRequest into a shallow dictionary of its immediate attributes."""
-        body = {}
-        if self.access_control_list:
-            body["access_control_list"] = self.access_control_list
-        if self.request_object_id is not None:
-            body["request_object_id"] = self.request_object_id
-        if self.request_object_type is not None:
-            body["request_object_type"] = self.request_object_type
-        return body
-
-    @classmethod
-    def from_dict(cls, d: Dict[str, Any]) -> PermissionsRequest:
-        """Deserializes the PermissionsRequest from a dictionary."""
-        return cls(
-            access_control_list=_repeated_dict(d, "access_control_list", AccessControlRequest),
-            request_object_id=d.get("request_object_id", None),
-            request_object_type=d.get("request_object_type", None),
-        )
-
-
 @dataclass
 class PrincipalOutput:
     """Information about the principal assigned to the workspace."""
@@ -1619,13 +1580,19 @@ class Role:
 
 @dataclass
 class RuleSetResponse:
-    etag: Optional[str] = None
-    """Identifies the version of the rule set returned."""
+    name: str
+    """Name of the rule set."""
 
-    grant_rules: Optional[List[GrantRule]] = None
+    etag: str
+    """Identifies the version of the rule set returned. Etag used for versioning. The response is at
+    least as fresh as the eTag provided. Etag is used for optimistic concurrency control as a way to
+    help prevent simultaneous updates of a rule set from overwriting each other. It is strongly
+    suggested that systems make use of the etag in the read -> modify -> write pattern to perform
+    rule set updates in order to avoid race conditions that is get an etag from a GET rule set
+    request, and pass it with the PUT update request to identify the rule set version you are
+    updating."""
 
-    name: Optional[str] = None
-    """Name of the rule set."""
+    grant_rules: Optional[List[GrantRule]] = None
 
     def as_dict(self) -> dict:
         """Serializes the RuleSetResponse into a dictionary suitable for use as a JSON request body."""
@@ -1663,8 +1630,13 @@ class RuleSetUpdateRequest:
     """Name of the rule set."""
 
     etag: str
-    """The expected etag of the rule set to update. The update will fail if the value does not match
-    the value that is stored in account access control service."""
+    """Identifies the version of the rule set returned. Etag used for versioning. The response is at
+    least as fresh as the eTag provided. Etag is used for optimistic concurrency control as a way to
+    help prevent simultaneous updates of a rule set from overwriting each other. It is strongly
+    suggested that systems make use of the etag in the read -> modify -> write pattern to perform
+    rule set updates in order to avoid race conditions that is get an etag from a GET rule set
+    request, and pass it with the PUT update request to identify the rule set version you are
+    updating."""
 
     grant_rules: Optional[List[GrantRule]] = None
 
@@ -1795,6 +1767,94 @@ class ServicePrincipalSchema(Enum):
     URN_IETF_PARAMS_SCIM_SCHEMAS_CORE_2_0_SERVICE_PRINCIPAL = "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
 
 
+@dataclass
+class SetObjectPermissions:
+    access_control_list: Optional[List[AccessControlRequest]] = None
+
+    request_object_id: Optional[str] = None
+    """The id of the request object."""
+
+    request_object_type: Optional[str] = None
+    """The type of the request object. Can be one of the following: alerts, authorization, clusters,
+    cluster-policies, dashboards, dbsql-dashboards, directories, experiments, files, instance-pools,
+    jobs, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, or warehouses."""
+
+    def as_dict(self) -> dict:
+        """Serializes the SetObjectPermissions into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.access_control_list:
+            body["access_control_list"] = [v.as_dict() for v in self.access_control_list]
+        if self.request_object_id is not None:
+            body["request_object_id"] = self.request_object_id
+        if self.request_object_type is not None:
+            body["request_object_type"] = self.request_object_type
+        return body
+
+    def as_shallow_dict(self) -> dict:
+        """Serializes the SetObjectPermissions into a shallow dictionary of its immediate attributes."""
+        body = {}
+        if self.access_control_list:
+            body["access_control_list"] = self.access_control_list
+        if self.request_object_id is not None:
+            body["request_object_id"] = self.request_object_id
+        if self.request_object_type is not None:
+            body["request_object_type"] = self.request_object_type
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, Any]) -> SetObjectPermissions:
+        """Deserializes the SetObjectPermissions from a dictionary."""
+        return cls(
+            access_control_list=_repeated_dict(d, "access_control_list", AccessControlRequest),
+            request_object_id=d.get("request_object_id", None),
+            request_object_type=d.get("request_object_type", None),
+        )
+
+
+@dataclass
+class UpdateObjectPermissions:
+    access_control_list: Optional[List[AccessControlRequest]] = None
+
+    request_object_id: Optional[str] = None
+    """The id of the request object."""
+
+    request_object_type: Optional[str] = None
+    """The type of the request object. Can be one of the following: alerts, authorization, clusters,
+    cluster-policies, dashboards, dbsql-dashboards, directories, experiments, files, instance-pools,
+    jobs, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, or warehouses."""
+
+    def as_dict(self) -> dict:
+        """Serializes the UpdateObjectPermissions into a dictionary suitable for use as a JSON request body."""
+        body = {}
+        if self.access_control_list:
+            body["access_control_list"] = [v.as_dict() for v in self.access_control_list]
+        if self.request_object_id is not None:
+            body["request_object_id"] = self.request_object_id
+        if self.request_object_type is not None:
+            body["request_object_type"] = self.request_object_type
+        return body
+
+    def as_shallow_dict(self) -> dict:
+        """Serializes the UpdateObjectPermissions into a shallow dictionary of its immediate attributes."""
+        body = {}
+        if self.access_control_list:
+            body["access_control_list"] = self.access_control_list
+        if self.request_object_id is not None:
+            body["request_object_id"] = self.request_object_id
+        if self.request_object_type is not None:
+            body["request_object_type"] = self.request_object_type
+        return body
+
+    @classmethod
+    def from_dict(cls, d: Dict[str, Any]) -> UpdateObjectPermissions:
+        """Deserializes the UpdateObjectPermissions from a dictionary."""
+        return cls(
+            access_control_list=_repeated_dict(d, "access_control_list", AccessControlRequest),
+            request_object_id=d.get("request_object_id", None),
+            request_object_type=d.get("request_object_type", None),
+        )
+
+
 @dataclass
 class UpdateResponse:
     def as_dict(self) -> dict:
@@ -2111,6 +2171,11 @@ class AccountAccessControlAPI:
         :param resource: str
           The resource name for which assignable roles will be listed.
 
+          Examples | Summary :--- | :--- `resource=accounts/<ACCOUNT_ID>` | A resource name for the account.
+          `resource=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>` | A resource name for the group.
+          `resource=accounts/<ACCOUNT_ID>/servicePrincipals/<SP_ID>` | A resource name for the service
+          principal.
+
         :returns: :class:`GetAssignableRolesForResourceResponse`
         """
 
@@ -2137,6 +2202,12 @@ class AccountAccessControlAPI:
 
         :param name: str
           The ruleset name associated with the request.
+
+          Examples | Summary :--- | :--- `name=accounts/<ACCOUNT_ID>/ruleSets/default` | A name for a rule set
+          on the account. `name=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>/ruleSets/default` | A name for a rule
+          set on the group.
+          `name=accounts/<ACCOUNT_ID>/servicePrincipals/<SERVICE_PRINCIPAL_APPLICATION_ID>/ruleSets/default` |
+          A name for a rule set on the service principal.
         :param etag: str
           Etag used for versioning. The response is at least as fresh as the eTag provided. Etag is used for
           optimistic concurrency control as a way to help prevent simultaneous updates of a rule set from
@@ -2145,6 +2216,10 @@ class AccountAccessControlAPI:
           etag from a GET rule set request, and pass it with the PUT update request to identify the rule set
           version you are updating.
 
+          Examples | Summary :--- | :--- `etag=` | An empty etag can only be used in GET to indicate no
+          freshness requirements. `etag=RENUAAABhSweA4NvVmmUYdiU717H3Tgy0UJdor3gE4a+mq/oj9NjAf8ZsQ==` | An
+          etag encoded a specific version of the rule set to get or to be updated.
+
         :returns: :class:`RuleSetResponse`
         """
 
@@ -2199,7 +2274,7 @@ class AccountAccessControlAPI:
 class AccountAccessControlProxyAPI:
     """These APIs manage access rules on resources in an account. Currently, only grant rules are supported. A
     grant rule specifies a role assigned to a set of principals. A list of rules attached to a resource is
-    called a rule set. A workspace must belong to an account for these APIs to work."""
+    called a rule set. A workspace must belong to an account for these APIs to work"""
 
     def __init__(self, api_client):
         self._api = api_client
@@ -2207,12 +2282,17 @@ class AccountAccessControlProxyAPI:
     def get_assignable_roles_for_resource(self, resource: str) -> GetAssignableRolesForResourceResponse:
         """Get assignable roles for a resource.
 
-        Gets all the roles that can be granted on an account-level resource. A role is grantable if the rule
+        Gets all the roles that can be granted on an account level resource. A role is grantable if the rule
         set on the resource can contain an access rule of the role.
 
         :param resource: str
           The resource name for which assignable roles will be listed.
 
+          Examples | Summary :--- | :--- `resource=accounts/<ACCOUNT_ID>` | A resource name for the account.
+          `resource=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>` | A resource name for the group.
+          `resource=accounts/<ACCOUNT_ID>/servicePrincipals/<SP_ID>` | A resource name for the service
+          principal.
+
         :returns: :class:`GetAssignableRolesForResourceResponse`
         """
 
@@ -2236,6 +2316,12 @@ class AccountAccessControlProxyAPI:
 
         :param name: str
           The ruleset name associated with the request.
+
+          Examples | Summary :--- | :--- `name=accounts/<ACCOUNT_ID>/ruleSets/default` | A name for a rule set
+          on the account. `name=accounts/<ACCOUNT_ID>/groups/<GROUP_ID>/ruleSets/default` | A name for a rule
+          set on the group.
+          `name=accounts/<ACCOUNT_ID>/servicePrincipals/<SERVICE_PRINCIPAL_APPLICATION_ID>/ruleSets/default` |
+          A name for a rule set on the service principal.
         :param etag: str
           Etag used for versioning. The response is at least as fresh as the eTag provided. Etag is used for
           optimistic concurrency control as a way to help prevent simultaneous updates of a rule set from
@@ -2244,6 +2330,10 @@ class AccountAccessControlProxyAPI:
           etag from a GET rule set request, and pass it with the PUT update request to identify the rule set
           version you are updating.
 
+          Examples | Summary :--- | :--- `etag=` | An empty etag can only be used in GET to indicate no
+          freshness requirements. `etag=RENUAAABhSweA4NvVmmUYdiU717H3Tgy0UJdor3gE4a+mq/oj9NjAf8ZsQ==` | An
+          etag encoded a specific version of the rule set to get or to be updated.
+
         :returns: :class:`RuleSetResponse`
         """
 
@@ -2262,8 +2352,8 @@ class AccountAccessControlProxyAPI:
     def update_rule_set(self, name: str, rule_set: RuleSetUpdateRequest) -> RuleSetResponse:
         """Update a rule set.
 
-        Replace the rules of a rule set. First, use a GET rule set request to read the current version of the
-        rule set before modifying it. This pattern helps prevent conflicts between concurrent updates.
+        Replace the rules of a rule set. First, use get to read the current version of the rule set before
+        modifying it. This pattern helps prevent conflicts between concurrent updates.
 
         :param name: str
           Name of the rule set.
@@ -3552,51 +3642,24 @@ class PermissionMigrationAPI:
 
 class PermissionsAPI:
     """Permissions API are used to create read, write, edit, update and manage access for various users on
-    different objects and endpoints.
-
-    * **[Apps permissions](:service:apps)** — Manage which users can manage or use apps.
-
-    * **[Cluster permissions](:service:clusters)** — Manage which users can manage, restart, or attach to
-    clusters.
-
-    * **[Cluster policy permissions](:service:clusterpolicies)** — Manage which users can use cluster
-    policies.
-
-    * **[Delta Live Tables pipeline permissions](:service:pipelines)** — Manage which users can view,
-    manage, run, cancel, or own a Delta Live Tables pipeline.
-
-    * **[Job permissions](:service:jobs)** — Manage which users can view, manage, trigger, cancel, or own a
-    job.
-
-    * **[MLflow experiment permissions](:service:experiments)** — Manage which users can read, edit, or
-    manage MLflow experiments.
-
-    * **[MLflow registered model permissions](:service:modelregistry)** — Manage which users can read, edit,
-    or manage MLflow registered models.
-
-    * **[Password permissions](:service:users)** — Manage which users can use password login when SSO is
-    enabled.
-
-    * **[Instance Pool permissions](:service:instancepools)** — Manage which users can manage or attach to
-    pools.
-
-    * **[Repo permissions](repos)** — Manage which users can read, run, edit, or manage a repo.
-
-    * **[Serving endpoint permissions](:service:servingendpoints)** — Manage which users can view, query, or
-    manage a serving endpoint.
-
-    * **[SQL warehouse permissions](:service:warehouses)** — Manage which users can use or manage SQL
-    warehouses.
-
-    * **[Token permissions](:service:tokenmanagement)** — Manage which users can create or use tokens.
-
-    * **[Workspace object permissions](:service:workspace)** — Manage which users can read, run, edit, or
-    manage alerts, dbsql-dashboards, directories, files, notebooks and queries.
-
-    For the mapping of the required permissions for specific actions or abilities and other important
-    information, see [Access Control].
-
-    Note that to manage access control on service principals, use **[Account Access Control
+    different objects and endpoints. * **[Apps permissions](:service:apps)** — Manage which users can manage
+    or use apps. * **[Cluster permissions](:service:clusters)** — Manage which users can manage, restart, or
+    attach to clusters. * **[Cluster policy permissions](:service:clusterpolicies)** — Manage which users
+    can use cluster policies. * **[Delta Live Tables pipeline permissions](:service:pipelines)** — Manage
+    which users can view, manage, run, cancel, or own a Delta Live Tables pipeline. * **[Job
+    permissions](:service:jobs)** — Manage which users can view, manage, trigger, cancel, or own a job. *
+    **[MLflow experiment permissions](:service:experiments)** — Manage which users can read, edit, or manage
+    MLflow experiments. * **[MLflow registered model permissions](:service:modelregistry)** — Manage which
+    users can read, edit, or manage MLflow registered models. * **[Instance Pool
+    permissions](:service:instancepools)** — Manage which users can manage or attach to pools. * **[Repo
+    permissions](repos)** — Manage which users can read, run, edit, or manage a repo. * **[Serving endpoint
+    permissions](:service:servingendpoints)** — Manage which users can view, query, or manage a serving
+    endpoint. * **[SQL warehouse permissions](:service:warehouses)** — Manage which users can use or manage
+    SQL warehouses. * **[Token permissions](:service:tokenmanagement)** — Manage which users can create or
+    use tokens. * **[Workspace object permissions](:service:workspace)** — Manage which users can read, run,
+    edit, or manage alerts, dbsql-dashboards, directories, files, notebooks and queries. For the mapping of
+    the required permissions for specific actions or abilities and other important information, see [Access
+    Control]. Note that to manage access control on service principals, use **[Account Access Control
     Proxy](:service:accountaccesscontrolproxy)**.
 
     [Access Control]: https://docs.databricks.com/security/auth-authz/access-control/index.html"""
@@ -3633,9 +3696,10 @@ class PermissionsAPI:
         Gets the permission levels that a user can have on an object.
 
         :param request_object_type: str
-          <needs content>
+          The type of the request object. Can be one of the following: alerts, authorization, clusters,
+          cluster-policies, dashboards, dbsql-dashboards, directories, experiments, files, instance-pools,
+          jobs, notebooks, pipelines, queries, registered-models, repos, serving-endpoints, or warehouses.
         :param request_object_id: str
-          <needs content>
 
         :returns: :class:`GetPermissionLevelsResponse`
         """

databricks/sdk/service/jobs.py

@@ -807,7 +807,7 @@ class ComputeConfig:
     num_gpus: int
     """Number of GPUs."""
 
-    gpu_node_pool_id: str
+    gpu_node_pool_id: Optional[str] = None
     """IDof the GPU pool to use."""
 
     gpu_type: Optional[str] = None
@@ -2708,9 +2708,7 @@ class JobEnvironment:
 
     spec: Optional[compute.Environment] = None
     """The environment entity used to preserve serverless environment side panel, jobs' environment for
-    non-notebook task, and DLT's environment for classic and serverless pipelines. (Note: DLT uses a
-    copied version of the Environment proto below, at
-    //spark/pipelines/api/protos/copied/libraries-environments-copy.proto) In this minimal
+    non-notebook task, and DLT's environment for classic and serverless pipelines. In this minimal
     environment spec, only pip dependencies are supported."""
 
     def as_dict(self) -> dict:
@@ -8469,7 +8467,8 @@ class TaskNotificationSettings:
 
 class TerminationCodeCode(Enum):
     """The code indicates why the run was terminated. Additional codes might be introduced in future
-    releases. * `SUCCESS`: The run was completed successfully. * `USER_CANCELED`: The run was
+    releases. * `SUCCESS`: The run was completed successfully. * `SUCCESS_WITH_FAILURES`: The run
+    was completed successfully but some child runs failed. * `USER_CANCELED`: The run was
     successfully canceled during execution by a user. * `CANCELED`: The run was canceled during
     execution by the Databricks platform; for example, if the maximum run duration was exceeded. *
     `SKIPPED`: Run was never executed, for example, if the upstream task run failed, the dependency
@@ -8525,6 +8524,7 @@ class TerminationCodeCode(Enum):
     SKIPPED = "SKIPPED"
     STORAGE_ACCESS_ERROR = "STORAGE_ACCESS_ERROR"
     SUCCESS = "SUCCESS"
+    SUCCESS_WITH_FAILURES = "SUCCESS_WITH_FAILURES"
     UNAUTHORIZED_ERROR = "UNAUTHORIZED_ERROR"
     USER_CANCELED = "USER_CANCELED"
     WORKSPACE_RUN_LIMIT_EXCEEDED = "WORKSPACE_RUN_LIMIT_EXCEEDED"
@@ -8534,7 +8534,8 @@ class TerminationCodeCode(Enum):
 class TerminationDetails:
     code: Optional[TerminationCodeCode] = None
     """The code indicates why the run was terminated. Additional codes might be introduced in future
-    releases. * `SUCCESS`: The run was completed successfully. * `USER_CANCELED`: The run was
+    releases. * `SUCCESS`: The run was completed successfully. * `SUCCESS_WITH_FAILURES`: The run
+    was completed successfully but some child runs failed. * `USER_CANCELED`: The run was
     successfully canceled during execution by a user. * `CANCELED`: The run was canceled during
     execution by the Databricks platform; for example, if the maximum run duration was exceeded. *
     `SKIPPED`: Run was never executed, for example, if the upstream task run failed, the dependency