diff --git a/NEXT_CHANGELOG.md b/NEXT_CHANGELOG.md index 0a3bf2bffb8..ddfd94b6160 100644 --- a/NEXT_CHANGELOG.md +++ b/NEXT_CHANGELOG.md @@ -7,6 +7,7 @@ ### CLI ### Bundles +* Add documentation for the common bundle resource fields `permissions`, `lifecycle`, and `grants` in the JSON schema, so they surface in editor completions and the docs. * `bundle run` now prints the modern job run URL (`/jobs//runs/`) so that non-admin users permitted to view the run are taken to the run instead of the workspace homepage. * Fix missing field descriptions in the bundle JSON schema for fields whose upstream API docs arrived after the field was first annotated (e.g. `vector_search_endpoints.*.target_qps`); stale placeholder markers no longer hide them ([#5588](https://github.com/databricks/cli/pull/5588)). * Fix `bundle deploy --plan` dropping a `postgres_role`'s `role_id`, which caused the role to be recreated on the next deploy ([#5672](https://github.com/databricks/cli/pull/5672)). diff --git a/bundle/internal/schema/annotations.yml b/bundle/internal/schema/annotations.yml index 3adb9e9e740..c8a8353012f 100644 --- a/bundle/internal/schema/annotations.yml +++ b/bundle/internal/schema/annotations.yml @@ -282,10 +282,24 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "schedule": "description": |- PLACEHOLDER @@ -340,7 +354,7 @@ resources: The source_code_path within git_source specifies the relative path to the app code within the repository. "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "oauth2_app_client_id": "description": |- PLACEHOLDER @@ -349,20 +363,34 @@ resources: PLACEHOLDER "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "resources": "$fields": "app": @@ -476,10 +504,24 @@ resources: "$fields": "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "managed_encryption_settings": "$fields": "azure_encryption_settings": @@ -530,7 +572,7 @@ resources: "$fields": "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "$fields": "prevent_destroy": "description": |- @@ -540,20 +582,34 @@ resources: Lifecycle setting to deploy the resource in started mode. Only supported for apps, clusters, and sql_warehouses in direct deployment mode. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "dashboards": "description": |- The dashboard definitions for the bundle, where each key is the name of the dashboard. @@ -605,7 +661,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "lifecycle_state": "description": |- The state of the dashboard resource. Used for tracking trashed status. @@ -621,20 +677,34 @@ resources: This field is excluded in List Dashboards responses. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - The name of the group that has the permission set in level. + The name of the group granted the permission level. "level": "description": |- - The allowed permission for user, group, service principal defined for this permission. + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - The name of the service principal that has the permission set in level. + The name of the service principal granted the permission level. "user_name": "description": |- - The name of the user that has the permission set in level. + The name of the user granted the permission level. "serialized_dashboard": "description": |- The contents of the dashboard in serialized string form. @@ -659,7 +729,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "uid": "description": |- PLACEHOLDER @@ -669,10 +739,24 @@ resources: "$fields": "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "experiments": "description": |- The experiment definitions for the bundle, where each key is the name of the experiment. @@ -697,23 +781,37 @@ resources: "$fields": "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "external_locations": "description": |- PLACEHOLDER @@ -753,10 +851,24 @@ resources: AWS_SSE_S3 "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "genie_spaces": "description": |- PLACEHOLDER @@ -772,13 +884,27 @@ resources: Local path to a `.geniespace.json` file holding the serialized Genie space definition. The contents are inlined into `serialized_space` at deploy time. Mutually exclusive with an inline `serialized_space`. "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "parent_path": "description": |- Workspace folder under which to create the Genie space. Immutable: changing this field recreates the resource. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "serialized_space": "description": |- Serialized Genie space body. May be provided inline as a JSON string (or YAML that will be marshalled to JSON) or referenced via `file_path`. To round-trip an existing space into a bundle, use `databricks bundle generate genie-space`. @@ -850,27 +976,41 @@ resources: Contains the Azure Data Lake Storage destination path "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "$fields": "prevent_destroy": "description": |- Lifecycle setting to prevent the resource from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "run_as": "$fields": "service_principal_name": @@ -984,23 +1124,37 @@ resources: PLACEHOLDER "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "models": "description": |- The model definitions for the bundle, where each key is the name of the model. @@ -1012,23 +1166,37 @@ resources: "$fields": "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "pipelines": "description": |- The pipeline definitions for the bundle, where each key is the name of the pipeline. @@ -1116,23 +1284,37 @@ resources: This field is deprecated "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "trigger": "deprecation_message": |- Use continuous instead @@ -1165,7 +1347,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "no_expiry": "description": |- PLACEHOLDER @@ -1202,7 +1384,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "postgres_database": "description": |- PLACEHOLDER @@ -1215,7 +1397,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "parent": "description": |- PLACEHOLDER @@ -1249,7 +1431,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "no_suspension": "description": |- PLACEHOLDER @@ -1292,10 +1474,24 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "pg_version": "description": |- PLACEHOLDER @@ -1330,7 +1526,7 @@ resources: The type of the Databricks managed identity that this Role represents. Leave empty to create a regular Postgres role not associated with a Databricks identity. "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "membership_roles": "description": |- Standard roles that this role is a member of. @@ -1361,7 +1557,7 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "new_pipeline_spec": "description": |- PLACEHOLDER @@ -1425,7 +1621,7 @@ resources: Granularities for aggregating data into time windows based on their timestamp. Valid values are 5 minutes, 30 minutes, 1 hour, 1 day, n weeks, 1 month, or 1 year. "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "table_name": "description": |- PLACEHOLDER @@ -1461,10 +1657,24 @@ resources: "$fields": "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "schemas": "description": |- The schema definitions for the bundle, where each key is the name of the schema. @@ -1519,10 +1729,24 @@ resources: "$fields": "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "secret_scopes": "description": |- The secret scope definitions for the bundle, where each key is the name of the secret scope. @@ -1537,7 +1761,7 @@ resources: The metadata for the secret scope if the `backend_type` is `AZURE_KEYVAULT` "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "name": "description": |- Scope name requested by the user. Scope names are unique. @@ -1547,10 +1771,10 @@ resources: "$fields": "group_name": "description": |- - The name of the group that has the permission set in level. This field translates to a `principal` field in secret scope ACL. + The name of the group granted the permission level. This field translates to a `principal` field in secret scope ACL. "level": "description": |- - The allowed permission for user, group, service principal defined for this permission. + The permission level to apply. The allowed levels depend on the resource type. "$type": "enum": - |- @@ -1564,7 +1788,7 @@ resources: The application ID of an active service principal. This field translates to a `principal` field in secret scope ACL. "user_name": "description": |- - The name of the user that has the permission set in level. This field translates to a `principal` field in secret scope ACL. + The name of the user granted the permission level. This field translates to a `principal` field in secret scope ACL. "sql_warehouses": "description": |- The SQL warehouse definitions for the bundle, where each key is the name of the warehouse. @@ -1586,23 +1810,37 @@ resources: Defaults to true. "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "$fields": "group_name": "description": |- - PLACEHOLDER + The name of the group granted the permission level. "level": "description": |- - PLACEHOLDER + The permission level to apply. The allowed levels depend on the resource type. "service_principal_name": "description": |- - PLACEHOLDER + The name of the service principal granted the permission level. "user_name": "description": |- - PLACEHOLDER + The name of the user granted the permission level. "tags": "$fields": "custom_tags": @@ -1628,27 +1866,55 @@ resources: PLACEHOLDER "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "vector_search_endpoints": "description": |- PLACEHOLDER "$fields": "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "permissions": "description": |- - PLACEHOLDER + The permissions to apply to this resource. + "markdown_description": |- + A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping. + + See [\_](/dev-tools/bundles/settings.md#permissions) and [\_](/dev-tools/bundles/permissions.md). + "markdown_examples": |- + ```yaml + permissions: + - level: CAN_VIEW + group_name: test-group + - level: CAN_MANAGE + user_name: someone@example.com + - level: CAN_RUN + service_principal_name: 123456-abcdef + ``` "vector_search_indexes": "description": |- PLACEHOLDER "$fields": "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - PLACEHOLDER + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. "volumes": "description": |- The volume definitions for the bundle, where each key is the name of the volume. @@ -1677,10 +1943,24 @@ resources: "$fields": "grants": "description": |- - PLACEHOLDER + The Unity Catalog privileges to grant to principals on this securable. + "markdown_description": |- + A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal). + + See [\_](/data-governance/unity-catalog/manage-privileges/index.md). + "markdown_examples": |- + ```yaml + grants: + - principal: account users + privileges: + - SELECT + - principal: data-engineers + privileges: + - ALL_PRIVILEGES + ``` "lifecycle": "description": |- - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. run_as: "description": |- The identity to use when running Declarative Automation Bundles resources. diff --git a/bundle/schema/jsonschema.json b/bundle/schema/jsonschema.json index 1afe4321798..dc03d3c9d0b 100644 --- a/bundle/schema/jsonschema.json +++ b/bundle/schema/jsonschema.json @@ -99,6 +99,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "parent_path": { @@ -106,7 +107,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "query_text": { "description": "[Public Preview] Text of the query to be run.", @@ -186,7 +189,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/apps.GitSource" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.LifecycleWithStarted" }, "name": { @@ -194,7 +197,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.AppPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.AppPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "resources": { "description": "Resources for the app.", @@ -285,15 +290,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/apps.AppPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -326,9 +335,12 @@ "$ref": "#/$defs/int64" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "managed_encryption_settings": { @@ -458,7 +470,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/compute.Kind" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.LifecycleWithStarted" }, "node_type_id": { @@ -470,7 +482,9 @@ "$ref": "#/$defs/int" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.ClusterPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.ClusterPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "policy_id": { "description": "The ID of the cluster policy used to create the cluster if applicable.", @@ -536,15 +550,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/compute.ClusterPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -595,7 +613,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "lifecycle_state": { @@ -611,7 +629,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "serialized_dashboard": { "description": "The contents of the dashboard in serialized string form.\nThis field is excluded in List Dashboards responses.\nUse the [get dashboard API](https://docs.databricks.com/api/workspace/lakeview/get)\nto retrieve an example response, which includes the `serialized_dashboard` field.\nThis field provides the structure of the JSON string that represents the dashboard's\nlayout and components.", @@ -653,7 +673,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -697,7 +717,7 @@ "$ref": "#/$defs/bool" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -713,7 +733,9 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/database.DatabaseInstanceRef" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "retention_window_in_days": { "description": "[Public Preview] The retention window for the instance. This is the time window in days\nfor which the historical data is retained. The default value is 7 days.\nValid values are 2 to 35 days.", @@ -769,9 +791,12 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/catalog.FileEventQueue" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -821,6 +846,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "parent_path": { @@ -828,7 +854,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "serialized_space": { "description": "Serialized Genie space body. May be provided inline as a JSON string (or YAML that will be marshalled to JSON) or referenced via `file_path`. To round-trip an existing space into a bundle, use `databricks bundle generate genie-space`.", @@ -889,7 +917,7 @@ "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/jobs.JobCluster" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "max_concurrent_runs": { @@ -913,7 +941,9 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/jobs.PerformanceTarget" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.JobPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.JobPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "queue": { "description": "The queue settings of the job.", @@ -969,15 +999,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/jobs.JobPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1042,7 +1076,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -1050,7 +1084,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.MlflowExperimentPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.MlflowExperimentPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "tags": { "description": "A collection of tags to set on the experiment. Maximum tag size and number of tags per request\ndepends on the storage backend. All storage backends are guaranteed to support tag keys up\nto 250 bytes in size and tag values up to 5000 bytes in size. All storage backends are also\nguaranteed to support up to 20 tags per request.", @@ -1075,15 +1111,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/ml.ExperimentPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1108,7 +1148,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -1116,7 +1156,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.MlflowModelPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.MlflowModelPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "tags": { "description": "Additional metadata for registered model.", @@ -1141,15 +1183,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/ml.RegisteredModelPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1189,7 +1235,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/serving.EmailNotifications" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -1197,7 +1243,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.ModelServingEndpointPermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.ModelServingEndpointPermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "rate_limits": { "description": "Rate limits to be applied to the serving endpoint. NOTE: this field is deprecated, please use AI Gateway to manage rate limits.", @@ -1232,15 +1280,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/serving.ServingEndpointPermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1261,19 +1313,19 @@ "type": "object", "properties": { "group_name": { - "description": "The name of the group that has the permission set in level.", + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { - "description": "The allowed permission for user, group, service principal defined for this permission.", + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/iam.PermissionLevel" }, "service_principal_name": { - "description": "The name of the service principal that has the permission set in level.", + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { - "description": "The name of the user that has the permission set in level.", + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1360,7 +1412,7 @@ "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/pipelines.PipelineLibrary" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -1376,7 +1428,9 @@ "$ref": "#/$defs/map/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.PipelinePermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.PipelinePermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "photon": { "description": "Whether Photon is enabled for this pipeline.", @@ -1452,15 +1506,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/pipelines.PipelinePermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -1490,6 +1548,7 @@ "$ref": "#/$defs/bool" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "no_expiry": { @@ -1541,6 +1600,7 @@ "$ref": "#/$defs/bool" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "postgres_database": { @@ -1568,6 +1628,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "parent": { @@ -1616,6 +1677,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/postgres.EndpointGroupSpec" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "no_suspension": { @@ -1674,10 +1736,13 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/common/types/duration.Duration" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "pg_version": { "$ref": "#/$defs/int" @@ -1718,6 +1783,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/postgres.RoleIdentityType" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "membership_roles": { @@ -1767,6 +1833,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "new_pipeline_spec": { @@ -1836,7 +1903,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "notifications": { @@ -1923,10 +1990,12 @@ "$ref": "#/$defs/string" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "metastore_id": { @@ -1985,10 +2054,12 @@ "$ref": "#/$defs/int64" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -2031,7 +2102,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/workspace.AzureKeyVaultSecretScopeMetadata" }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -2060,11 +2131,11 @@ "type": "object", "properties": { "group_name": { - "description": "The name of the group that has the permission set in level. This field translates to a `principal` field in secret scope ACL.", + "description": "The name of the group granted the permission level. This field translates to a `principal` field in secret scope ACL.", "$ref": "#/$defs/string" }, "level": { - "description": "The allowed permission for user, group, service principal defined for this permission.", + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.SecretScopePermissionLevel" }, "service_principal_name": { @@ -2072,7 +2143,7 @@ "$ref": "#/$defs/string" }, "user_name": { - "description": "The name of the user that has the permission set in level. This field translates to a `principal` field in secret scope ACL.", + "description": "The name of the user granted the permission level. This field translates to a `principal` field in secret scope ACL.", "$ref": "#/$defs/string" } }, @@ -2140,7 +2211,7 @@ "deprecated": true }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.LifecycleWithStarted" }, "max_num_clusters": { @@ -2156,7 +2227,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.SqlWarehousePermission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.SqlWarehousePermission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "spot_instance_policy": { "description": "Configurations whether the endpoint should use spot instances.", @@ -2185,15 +2258,19 @@ "type": "object", "properties": { "group_name": { + "description": "The name of the group granted the permission level.", "$ref": "#/$defs/string" }, "level": { + "description": "The permission level to apply. The allowed levels depend on the resource type.", "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/sql.WarehousePermissionLevel" }, "service_principal_name": { + "description": "The name of the service principal granted the permission level.", "$ref": "#/$defs/string" }, "user_name": { + "description": "The name of the user granted the permission level.", "$ref": "#/$defs/string" } }, @@ -2218,6 +2295,7 @@ "$ref": "#/$defs/string" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "logical_database_name": { @@ -2258,6 +2336,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/vectorsearch.EndpointType" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -2265,7 +2344,9 @@ "$ref": "#/$defs/string" }, "permissions": { - "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission" + "description": "The permissions to apply to this resource.", + "$ref": "#/$defs/slice/github.com/databricks/cli/bundle/config/resources.Permission", + "markdownDescription": "A Sequence of permissions to apply to this resource, where each item grants a permission `level` to a single `user_name`, `group_name`, or `service_principal_name`. A principal cannot be set in both a resource's `permissions` and the top-level `permissions` mapping.\n\nSee [permissions](https://docs.databricks.com/dev-tools/bundles/settings.html#permissions) and [link](https://docs.databricks.com/dev-tools/bundles/permissions.html)." }, "target_qps": { "description": "[Public Preview] Target QPS for the endpoint. Mutually exclusive with num_replicas.\nThe actual replica count is calculated at index creation/sync time based on this value.\nBest-effort target; the system does not guarantee this QPS will be achieved.", @@ -2308,7 +2389,9 @@ "$ref": "#/$defs/string" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "index_subtype": { "description": "[Beta] The subtype of the index. Use `HYBRID` or `FULL_TEXT`. `VECTOR` is not supported.", @@ -2319,6 +2402,7 @@ "$ref": "#/$defs/github.com/databricks/databricks-sdk-go/service/vectorsearch.VectorIndexType" }, "lifecycle": { + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { @@ -2358,10 +2442,12 @@ "$ref": "#/$defs/string" }, "grants": { - "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment" + "description": "The Unity Catalog privileges to grant to principals on this securable.", + "$ref": "#/$defs/slice/github.com/databricks/databricks-sdk-go/service/catalog.PrivilegeAssignment", + "markdownDescription": "A Sequence of Unity Catalog privilege grants on this securable, where each item grants a set of `privileges` to a `principal` (a user, group, or service principal).\n\nSee [link](https://docs.databricks.com/data-governance/unity-catalog/manage-privileges/index.html)." }, "lifecycle": { - "description": "Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed.", + "description": "Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed.", "$ref": "#/$defs/github.com/databricks/cli/bundle/config/resources.Lifecycle" }, "name": { diff --git a/python/databricks/bundles/catalogs/_models/catalog.py b/python/databricks/bundles/catalogs/_models/catalog.py index b251da697b9..ffdda5725d9 100644 --- a/python/databricks/bundles/catalogs/_models/catalog.py +++ b/python/databricks/bundles/catalogs/_models/catalog.py @@ -49,8 +49,14 @@ class Catalog(Resource): """ grants: VariableOrList[PrivilegeAssignment] = field(default_factory=list) + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[Lifecycle] = None + """ + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. + """ managed_encryption_settings: VariableOrOptional[EncryptionSettings] = None """ @@ -116,8 +122,14 @@ class CatalogDict(TypedDict, total=False): """ grants: VariableOrList[PrivilegeAssignmentParam] + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[LifecycleParam] + """ + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. + """ managed_encryption_settings: VariableOrOptional[EncryptionSettingsParam] """ diff --git a/python/databricks/bundles/jobs/_models/job.py b/python/databricks/bundles/jobs/_models/job.py index 1fa13e5bb04..b34da5ce021 100644 --- a/python/databricks/bundles/jobs/_models/job.py +++ b/python/databricks/bundles/jobs/_models/job.py @@ -121,7 +121,7 @@ class Job(Resource): lifecycle: VariableOrOptional[Lifecycle] = None """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ max_concurrent_runs: VariableOrOptional[int] = None @@ -159,6 +159,9 @@ class Job(Resource): """ permissions: VariableOrList[JobPermission] = field(default_factory=list) + """ + The permissions to apply to this resource. + """ queue: VariableOrOptional[QueueSettings] = None """ @@ -274,7 +277,7 @@ class JobDict(TypedDict, total=False): lifecycle: VariableOrOptional[LifecycleParam] """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ max_concurrent_runs: VariableOrOptional[int] @@ -312,6 +315,9 @@ class JobDict(TypedDict, total=False): """ permissions: VariableOrList[JobPermissionParam] + """ + The permissions to apply to this resource. + """ queue: VariableOrOptional[QueueSettingsParam] """ diff --git a/python/databricks/bundles/jobs/_models/job_permission.py b/python/databricks/bundles/jobs/_models/job_permission.py index b2ab73cee05..adf805863cc 100644 --- a/python/databricks/bundles/jobs/_models/job_permission.py +++ b/python/databricks/bundles/jobs/_models/job_permission.py @@ -18,12 +18,24 @@ class JobPermission: """""" level: VariableOr[JobPermissionLevel] + """ + The permission level to apply. The allowed levels depend on the resource type. + """ group_name: VariableOrOptional[str] = None + """ + The name of the group granted the permission level. + """ service_principal_name: VariableOrOptional[str] = None + """ + The name of the service principal granted the permission level. + """ user_name: VariableOrOptional[str] = None + """ + The name of the user granted the permission level. + """ @classmethod def from_dict(cls, value: "JobPermissionDict") -> "Self": @@ -37,12 +49,24 @@ class JobPermissionDict(TypedDict, total=False): """""" level: VariableOr[JobPermissionLevelParam] + """ + The permission level to apply. The allowed levels depend on the resource type. + """ group_name: VariableOrOptional[str] + """ + The name of the group granted the permission level. + """ service_principal_name: VariableOrOptional[str] + """ + The name of the service principal granted the permission level. + """ user_name: VariableOrOptional[str] + """ + The name of the user granted the permission level. + """ JobPermissionParam = JobPermissionDict | JobPermission diff --git a/python/databricks/bundles/pipelines/_models/pipeline.py b/python/databricks/bundles/pipelines/_models/pipeline.py index 32f2e5c266a..6a972356157 100644 --- a/python/databricks/bundles/pipelines/_models/pipeline.py +++ b/python/databricks/bundles/pipelines/_models/pipeline.py @@ -144,7 +144,7 @@ class Pipeline(Resource): lifecycle: VariableOrOptional[Lifecycle] = None """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ name: VariableOrOptional[str] = None @@ -164,6 +164,9 @@ class Pipeline(Resource): """ permissions: VariableOrList[PipelinePermission] = field(default_factory=list) + """ + The permissions to apply to this resource. + """ photon: VariableOrOptional[bool] = None """ @@ -327,7 +330,7 @@ class PipelineDict(TypedDict, total=False): lifecycle: VariableOrOptional[LifecycleParam] """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ name: VariableOrOptional[str] @@ -347,6 +350,9 @@ class PipelineDict(TypedDict, total=False): """ permissions: VariableOrList[PipelinePermissionParam] + """ + The permissions to apply to this resource. + """ photon: VariableOrOptional[bool] """ diff --git a/python/databricks/bundles/pipelines/_models/pipeline_permission.py b/python/databricks/bundles/pipelines/_models/pipeline_permission.py index 0a3ed955386..66ef2cbcf91 100644 --- a/python/databricks/bundles/pipelines/_models/pipeline_permission.py +++ b/python/databricks/bundles/pipelines/_models/pipeline_permission.py @@ -18,12 +18,24 @@ class PipelinePermission: """""" level: VariableOr[PipelinePermissionLevel] + """ + The permission level to apply. The allowed levels depend on the resource type. + """ group_name: VariableOrOptional[str] = None + """ + The name of the group granted the permission level. + """ service_principal_name: VariableOrOptional[str] = None + """ + The name of the service principal granted the permission level. + """ user_name: VariableOrOptional[str] = None + """ + The name of the user granted the permission level. + """ @classmethod def from_dict(cls, value: "PipelinePermissionDict") -> "Self": @@ -37,12 +49,24 @@ class PipelinePermissionDict(TypedDict, total=False): """""" level: VariableOr[PipelinePermissionLevelParam] + """ + The permission level to apply. The allowed levels depend on the resource type. + """ group_name: VariableOrOptional[str] + """ + The name of the group granted the permission level. + """ service_principal_name: VariableOrOptional[str] + """ + The name of the service principal granted the permission level. + """ user_name: VariableOrOptional[str] + """ + The name of the user granted the permission level. + """ PipelinePermissionParam = PipelinePermissionDict | PipelinePermission diff --git a/python/databricks/bundles/schemas/_models/schema.py b/python/databricks/bundles/schemas/_models/schema.py index 9f095706d06..a25b3593305 100644 --- a/python/databricks/bundles/schemas/_models/schema.py +++ b/python/databricks/bundles/schemas/_models/schema.py @@ -45,10 +45,13 @@ class Schema(Resource): """ grants: VariableOrList[PrivilegeAssignment] = field(default_factory=list) + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[Lifecycle] = None """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ properties: VariableOrDict[str] = field(default_factory=dict) @@ -93,10 +96,13 @@ class SchemaDict(TypedDict, total=False): """ grants: VariableOrList[PrivilegeAssignmentParam] + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[LifecycleParam] """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ properties: VariableOrDict[str] diff --git a/python/databricks/bundles/volumes/_models/volume.py b/python/databricks/bundles/volumes/_models/volume.py index 55c6e350163..6599d6b7620 100644 --- a/python/databricks/bundles/volumes/_models/volume.py +++ b/python/databricks/bundles/volumes/_models/volume.py @@ -45,10 +45,13 @@ class Volume(Resource): """ grants: VariableOrList[PrivilegeAssignment] = field(default_factory=list) + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[Lifecycle] = None """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ storage_location: VariableOrOptional[str] = None @@ -95,10 +98,13 @@ class VolumeDict(TypedDict, total=False): """ grants: VariableOrList[PrivilegeAssignmentParam] + """ + The Unity Catalog privileges to grant to principals on this securable. + """ lifecycle: VariableOrOptional[LifecycleParam] """ - Lifecycle is a struct that contains the lifecycle settings for a resource. It controls the behavior of the resource when it is deployed or destroyed. + Settings that control the deployment lifecycle of the resource, such as preventing it from being destroyed. """ storage_location: VariableOrOptional[str]