-
Notifications
You must be signed in to change notification settings - Fork 3
/
partner-connect-2.0.yaml
1031 lines (1028 loc) · 37.5 KB
/
partner-connect-2.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
openapi: 3.0.0
servers:
- url: https://domainnameofpartner/
description: Base address for the api server
info:
version: "2.1.1"
title: Partner Connect API
description: |
# Introduction
Partner Connect API is a service that partners implement and host to enable integration with Databricks Partner Connect (https://databricks.com/partnerconnect).
The API will be invoked by Databricks to enable Databricks to provision resources and establish a connection with the partner product.
The Partner Connect API is hosted by the partner. The partner has full flexibility on the exact domain name and API path to use for the endpoint.
# Authentication
Partner connect currently supports basic auth using the Authorization header. The partner will provide an API key for Databricks to use.
<SecurityDefinitions />
tags:
- name: connection
description: The connection resource is used to manage Databricks connection partners provision.
- name: account
description: The account resource is used to manage accounts partners provision.
- name: datasource
description: The datasource resource represents connectors that the partners support for the integration.
paths:
'/connect':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
post:
tags:
- connection
operationId: connect
description:
"The Connect API is used to sign-in or sign-up a user with a partner with Databricks resources pre-configured."
requestBody:
description: The connection payload.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConnectRequest'
responses:
'200':
$ref: '#/components/responses/ConnectionResponse'
'201':
$ref: '#/components/responses/ConnectionResponse'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: The user connection or account can not be found. This error is only expected to be returned if is_connection_established is true
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error. This status should be returned when error occurs on the partner side.
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'/test-connection':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
post:
tags:
- connection
operationId: testConnection
description:
"Test the connection created by calling connect endpoint. This api is currently only used in automated tests. In the future it may be included in the partner connect experience."
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/ConnectionInfo'
responses:
'200':
$ref: '#/components/responses/TestConnectionResponse'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'/delete-connection':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
post:
tags:
- connection
operationId: deleteConnection
description:
"Delete the connection created by partner. This API is used for automated tests and is required in the Partner Connect experience.
In the Partner Connect experience, Databricks calls this API to notify partners about connection deletion from Databricks's side."
requestBody:
description: The delete connection payload.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/DeleteConnectionRequest'
responses:
'200':
$ref: '#/components/responses/DeleteConnectionResponse'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'/delete-account':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
delete:
tags:
- account
operationId: deleteAccount
description:
"**Test Only** Delete the account related to a given domain. This API should remove all users and connections associated with all users under this domain.
This API is only used for automated tests. Partners should only allow this API call on Databricks related test domain names (databricks-test.com and databricks-demo.com). If any other domain is used, api call should fail with 400 Bad Request"
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AccountInfo'
responses:
'200':
description: Successfully delete the account
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'/expire-account':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
put:
tags:
- account
operationId: expireAccount
description:
"**Test Only** Expire account api is used to expire a user trial. After this api is called,
the partner is expected to return the redirect uri for handling expired users.
The account_status should be set to expired. This api is only used for automated verification of the
partner connect flow for expired accounts. This api needs to be limited to databricks test
domain names (databricks-test.com and databricks-demo.com). Partners should return 400 bad request if it's called for any other domain name."
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/AccountUserInfo'
responses:
'200':
description: Successfully expired the account
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'/connectors':
parameters:
- $ref: '#/components/parameters/user_agent'
- $ref: '#/components/parameters/accept_language'
- $ref: '#/components/parameters/content_type'
- $ref: '#/components/parameters/pagination_token'
get:
tags:
- datasource
operationId: getConnectors
description:
"Returns list of connectors supported by the partner. This is only applicable to Data ingestion partners."
responses:
'200':
$ref: '#/components/responses/ConnectorResponse'
'400':
description: Bad Request
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'401':
description: Bad Credentials
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'404':
description: Resource not found
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
'500':
description: Internal server error
content:
application/json:
schema:
$ref: '#/components/schemas/ErrorResponse'
components:
parameters:
user_agent:
name: User-Agent
in: header
description: The user agent making the call. This will be set to databricks.
required: true
schema:
type: string
default: databricks
enum:
- databricks
accept_language:
name: Accept-Language
in: header
description: Preferred language
schema:
type: string
default: en-US
content_type:
name: Content-Type
in: header
description: Content type
schema:
type: string
default: application/json; charset=utf-8
pagination_token:
name: pagination_token
in: query
schema:
type: string
description: Optional pagination token to get more results.
required: false
schemas:
Auth:
type: object
required:
- personal_access_token
properties:
personal_access_token:
type: string
description: |
Personal Access Token created for the Service Principal or the users.
It will be null if the auth_options in PartnerConfig is not null and does not contain the value AUTH_PAT.
example: "token"
oauth_token:
type: string
description: Oauth token. For future use.
oauth_scope:
type: string
description: Oauth scope. For future use.
UserInfo:
type: object
required:
- email
- first_name
- last_name
- databricks_user_id
- databricks_organization_id
- is_connection_established
properties:
auth:
description: This field is present when is_connection_established is false.
$ref: "#/components/schemas/Auth"
email:
type: string
description: Valid email address.
example: "[email protected]"
first_name:
type: string
description: First name. Non-null String, may be empty string
example: "John"
last_name:
type: string
description: Last name. Non-null String, may be empty string
example: "Doe"
databricks_user_id:
type: integer
format: int64
description: Databricks user id.
example: 1234567890
databricks_organization_id:
type: integer
format: int64
description: Databricks organization id. This is the same as workspace_id.
example: 1234567890
is_connection_established:
type: boolean
description: Flag to indicate if connection is established on databricks side.
example: true
ConnectRequest:
type: object
required:
- user_info
- hostname
- port
- workspace_id
- workspace_url
- demo
- cloud_provider
- is_free_trial
properties:
user_info:
$ref: '#/components/schemas/UserInfo'
connection_id:
type: string
description: The partner connection id returned on initial connection. This will only be set when is_connection_established is true
example: "fb28a8e8-8946-11ec-a8a3-0242ac120002"
hostname:
type: string
description: Hostname for the Databricks connection.
example: "organization.cloud.databricks.com"
port:
type: integer
format: int32
description: Port for the Databricks connection.
example: 443
workspace_url:
type: string
description: Workspace Url to access the Databricks connection.
example: "https://[organization/prefix-workspace_id/string].cloud.databricks.com/?o=12345677890"
http_path:
type: string
description: Http path for the Databricks connection. Only present if is_sql_endpoint is true.
example: "sql/protocol/o/0/0222-185802-deny427"
jdbc_url:
type: string
description: Legacy Spark JDBC connection url
example: "jdbc:spark://organization.cloud.databricks.com:443/..."
databricks_jdbc_url:
type: string
description: New Databricks JDBC driver connection url
example: "jdbc:databricks://organization.cloud.databricks.com:443/..."
workspace_id:
type: integer
format: int64
description: Workspace id for the Databricks connection. Same as the user_info.databricks_organization_id
example: 1234567890
demo:
type: boolean
description: True if this is a demo experience.
example: false
cloud_provider:
type: string
description: The cloud provider for the Databricks workspace.
enum:
- aws
- azure
- gpc
example: aws
cloud_provider_region:
type: string
description: The cloud provider region for the Databricks workspace. You can find list of supported regions [here.](https://docs.databricks.com/resources/supported-regions.html#supported-regions-list)
example: "us-west-2"
is_free_trial:
type: boolean
description: Flag to indicate if this is a Databricks free trial.
example: false
destination_location:
type: string
description: Optional destination location URI
example: "<cloud>://<location_2>"
catalog_name:
type: string
description: Optional catalog name. It could be a custom name if using Unity Catalog, or "hive_metastore" if not. Note that Databricks APIs often require identifiers like this to be escaped with backticks if there are special characters in it.
example: "my_catalog"
database_name:
type: string
description: Optional Database name. Unused today.
example: "my_db"
cluster_id:
type: string
description: Sql endpoint id if is_sql_endpoint is true otherwise cluster id.
example: "0222-185802-deny427"
is_sql_endpoint:
type: boolean
description: This is using legacy name. SQL endpoint is now SQL warehouse. This field should be the same as is_sql_warehouse.
example: true
is_sql_warehouse:
type: boolean
description: Determines whether cluster_id refers to Interactive Cluster or SQL warehouse.
example: true
data_source_connector:
type: string
description: For data connector tools, the name of the data source that the user should be referred to in their tool. Unused today.
example: "Oracle"
service_principal_id:
type: string
description: The UUID (username) of the service principal identity that a partner product can use to call Databricks APIs. Note the format is different from the databricks_user_id field in user_info. If empty, no service principal was created
example: "a2a25a05-3d59-4515-a73b-b8bc5ab79e31"
service_principal_oauth_secret:
type: string
description: |
The secret of the service principal identity that a partner product can use to call Databricks APIs.
It will be set only when the auth_options in PartnerConfig contains the value AUTH_OAUTH_M2M.
example: "secret"
oauth_u2m_app_id:
type: string
description: |
The client ID of OAuth U2M app connection (created by Partner Connect) that a partner product can use to initiate Databricks OAuth U2M flow.
It will be set only when the auth_options in the PartnerConfig contains the value AUTH_OAUTH_U2M.
example: "22c42f74-1dec-43d2-b649-3643f2e1e927"
connection_scope:
type: string
description: The scope of users that can use this connection. Workspace means all users in the same workspace. User means only the user creating it.
enum:
- workspace
- user
example: workspace
Connection:
type: object
required:
- redirect_uri
- redirect_value
- account_status
- configured_resources
- user_status
properties:
redirect_uri:
type: string
description: The URL to launch in a new browser tab. This is required on 200/201 OK response.
example: "https://..."
redirect_value:
type: string
description: An enum that identifies the redirect_uri scenario. This will be used to verify correct behavior in automated testing.
enum:
- create_trial
- purchase_product
- sign_in
- contact_admin
- not_applicable
example: create_trial
connection_id:
type: string
description: Connection id representing the resource the partner provisioned. This field is required when configured_resources is true.
example: "7f2e4c43-9714-47cf-9011-d8148eaa27a2"
user_status:
type: string
description: Enum that represents whether the partner has seen the user before.
enum:
- new
- existing
- not_applicable
example: new
account_status:
type: string
description: Enum that represents whether the partner has seen the account (i.e. the company or email domain) before.
enum:
- new
- active
- expired
- not_applicable
example: active
configured_resources:
type: boolean
description: A boolean that represents whether the partner configured/persisted the Databricks resources on this Connect API request. If the value is false and is_connection_established is false, Databricks will clean up the resources it provisioned
example: true
oauth_redirect_uri:
type: string
description: |
The partner application's URL that handles Databricks OAuth redirect request in the OAuth U2M flow (Authorization code flow).
It should be set only when the partner is configured with OAuth U2M as auth option and does not have a pre-registered Databricks published OAuth app connection.
example: https://www.partner.com/oauth/callback
ErrorResponse:
type: object
required:
- error_reason
properties:
error_reason:
type: string
description: Enum to classify the error from the partner.
enum:
- unauthorized
- bad_request
- account_not_found
- connection_not_found
- general_error
example: account_not_found
display_message:
type: string
description: An error message to be displayed to the user on what kind of action the user needs to take on the partner product. Only for 404 and 500 response.
example: Please contact your admin with Ticket xyz
debugging_message:
type: string
description: Debugging message that will NOT be shown to the user but will be logged by Databricks to track errors.
example: Unknown error. Status code 123
ConnectionInfo:
type: object
required:
- connection_id
properties:
connection_id:
type: string
description: The connection id to use for the test.
example: "7f2e4c43-9714-47cf-9011-d8148eaa27a2"
DeleteConnectionRequest:
type: object
required:
- connection_id
- cloud_provider
- databricks_organization_id
properties:
connection_id:
type: string
description: The partner connection id from initial connection.
example: "7f2e4c43-9714-47cf-9011-d8148eaa27a2"
cloud_provider:
type: string
description: The cloud provider for the Databricks workspace. Valid values are aws, azure, gcp.
databricks_organization_id:
type: integer
format: int64
description: Databricks organization id. This is the same as workspace_id.
example: 1234567890
DeleteConnectionResponse:
type: object
required:
- resource_status
properties:
resource_status:
type: string
description: Enum to classify the action taken by the partner.
enum:
- resources_deleted
- resources_pending_deletion
- deletion_acknowledged
example: resources_deleted
TestResult:
type: object
required:
- test_name
- status
properties:
test_name:
type: string
description: Name of the test
example: "Connection Test"
status:
type: string
description: Test Status
example: PASS
enum:
- PASS
- FAIL
- UNKNOWN
message:
type: string
description: Detail about the test result
example: "Successfully connected to host"
ConnectionTestResult:
type: object
required:
- test_results
properties:
test_results:
type: array
description: Test connection results.
items:
$ref: '#/components/schemas/TestResult'
AccountInfo:
type: object
required:
- domain
- cloud_provider
- databricks_organization_id
properties:
domain:
type: string
description: Domain name
example: "abc123.databricks-test.com"
cloud_provider:
# TODO: Make this enum after code gen bug is fixed.
type: string
description: The cloud provider for the Databricks workspace. Valid values are aws, azure, gcp.
databricks_organization_id:
type: integer
format: int64
description: Databricks organization id. This is the same as workspace_id.
example: 1234567890
AccountUserInfo:
type: object
required:
- email
- databricks_user_id
- cloud_provider
- databricks_organization_id
properties:
email:
type: string
description: User email
example: "[email protected]"
databricks_user_id:
type: integer
format: int64
description: Databricks user id.
example: 1234567890
cloud_provider:
type: string
description: The cloud provider for the Databricks workspace. Valid values are aws, azure, gcp.
databricks_organization_id:
type: integer
format: int64
description: Databricks organization id. This is the same as workspace_id.
example: 1234567890
Connector:
type: object
required:
- identifier
- name
- type
properties:
identifier:
type: string
description: Databricks defined identifier for the connector. List of valid identifiers can be found in openapi/connectors.csv file.
name:
type: string
description: Name of the connector
type:
type: string
description: Type of the connector
enum:
- source
- target
description:
type: string
description: Description of the connector
ConnectorResponse:
type: object
required:
- connectors
properties:
connectors:
type: array
description: List of supported connectors
items:
$ref: '#/components/schemas/Connector'
pagination_token:
type: string
description: A token to continue listing.
PartnerConfig:
type: object
required:
- api_version
- name
- description_blurb
- category
- base_url
- endpoints
- sign_up_page
- privacy_policy
- terms_of_service
- logo_file
- icon_file
- allow_editable_email
- resources_to_provision
- supported_clouds
- hostnames
- new_user_action
properties:
api_version:
type: string
description: The partner api version supported by the partner. Format major.minor.patch
example: 2.1.0
name:
type: string
description: Name of the partner
description_blurb:
type: string
description: Description text to show in the UI.
category:
type: string
description: The partner category.
enum:
- INGEST
- DATA_PREP_AND_TRANSFORM
- SECURITY_AND_GOVERNANCE
- BI_AND_VIZ
- ML
- DATA_QUALITY
- REVERSE_ETL
- SEMANTIC_LAYER
- DATA_GOVERNANCE
base_url:
type: string
description: Base URL for the partner service
endpoints:
type: object
description: Endpoints supported by the partner
required:
- connect_path
properties:
connect_path:
type: string
description: Connect api path
get_connectors_path:
type: string
description: Get Connectors api path
test_connection_path:
type: string
description: Test connection api path
delete_account_path:
type: string
description: Delete account api path
expire_account_path:
type: string
description: Expire the user account api path
delete_connection_path:
type: string
description: Delete connection api path
sign_up_page:
type: string
description: Sign up web page
privacy_policy:
type: string
description: Link to privacy policy
terms_of_service:
type: string
description: Terms of service
logo_file:
type: string
description: "Logo file (Format: .png or .svg; Dimensions: W px * H px where W=~4.4*H.
The multiplier is roughly 4.4, but 4.0~4.5 should be acceptable as some of the partner
names may be long and require more horizontal space.)"
icon_file:
type: string
description: "Square icon file (Format: .png or .svg; Dimensions: N px* N px where N>=128)"
resources_to_provision:
type: array
description: List of resources to provision
items:
# Using object due to code gen bug not supporting array of enums.
$ref: '#/components/schemas/ResourceToProvision'
data_permissions:
type: array
description: Required list of Data ACLs
items:
$ref: '#/components/schemas/DataPermission'
object_permissions:
type: array
description: Required list of Object ACLs
items:
$ref: '#/components/schemas/ObjectPermission'
supported_clouds:
type: array
description: Supported clouds.
items:
type: string
hostnames:
type: array
description: Redirect URL allow-list hostnames.
items:
type: string
new_user_action:
type: string
description: Action taken by partner when a new user tries to join an existing account. Options are auto_add, invite, not_found, error. auto_add and invite should return 200 OK with redirect url. not_found should return 404 and error should return 500
enum:
- auto_add
- invite
- not_found
- error
example: auto_add
require_manual_signup:
type: boolean
description: True if the partner requires a manual signup after connect api is called. When set to true,
connect api call with is_connection_established (sign in) is expected to return 404 account_not_found or connection_not_found until the user completes the manual signup step.
trial_type:
type: string
description: Enum describing the type of trials the partner support. Partners can chose to support trial account expiration at the individual user or account level. If trial level is user, expiring one user connection should not expire another user in the same account.
enum:
- user
- account
example: auto_add
supports_demo:
type: boolean
description: True if partner supports the demo flag in the connect api call.
test_workspace_detail:
type: object
description: Optional field to specify the workspace detail tests should use when calling partners. This field need to be set for partners that require a valid JDBC/ODBC endpoint in the connect api.
required:
- hostname
- port
- jdbc_url
- databricks_jdbc_url
- http_path
- cluster_id
properties:
hostname:
type: string
description: Name of the host to connect
port:
type: integer
description: Port number to connect to.
jdbc_url:
type: string
description: Legacy Spark JDBC driver connection string
databricks_jdbc_url:
type: string
description: New Databricks JDBC driver connection string
http_path:
type: string
description: Http path to use for sql endpoint
cluster_id:
type: string
description: Cluster Id for either SQL endpoint or interactive cluster.
ResourceToProvision:
type: object
required:
- resource_type
properties:
resource_type:
type: string
enum:
- PAT
- SqlEndpoint
- DestLocation
- InteractiveCluster
DataPermission:
type: object
required:
- permission
properties:
permission:
type: string
description: |
- Unity Catalog data permissions (privileges)
- USE_CATALOG: does not give any abilities, but is an additional requirement to perform any action on a catalog object.
- USE_SCHEMA: does not give any abilities, but is an additional requirement to perform any action on a schema object.
- SELECT: gives read access to table or all tables in object
- CREATE_SCHEMA: gives ability to create table in object
- CREATE_TABLE: gives ability to create table in object
- Hive Metastore data permission https://docs.databricks.com/security/access-control/table-acls/object-privileges.html#privileges
- SELECT: gives read access to an object.
- CREATE: gives ability to create an object (for example, a table in a schema).
- MODIFY: gives ability to add, delete, and modify data to or from an object.
- USAGE: does not give any abilities, but is an additional requirement to perform any action on a schema object.
- READ_METADATA: gives ability to view an object and its metadata.
- CREATE_NAMED_FUNCTION: gives ability to create a named UDF in an existing catalog or schema.
- MODIFY_CLASSPATH: gives ability to add files to the Spark class path.
- ALL PRIVILEGES: gives all privileges (is translated into all the above privileges)."
enum:
- SELECT
- CREATE
- MODIFY
- USAGE
- READ_METADATA
- CREATE_NAMED_FUNCTION
- MODIFY_CLASSPATH
- ALL PRIVILEGES
- USE_CATALOG
- USE_SCHEMA
- CREATE_SCHEMA
- CREATE_TABLE
ObjectPermission:
type: object
required:
- name
- level
properties:
name:
type: string
description: |
Databricks object and endpoint permission https://docs.databricks.com/dev-tools/api/latest/permissions.html
* Token — Manage which users can create or use tokens.
* Password — Manage which users can use password login when SSO is enabled.
* Cluster — Manage which users can manage, restart, or attach to clusters.
* Pool — Manage which users can manage or attach to pools. Some APIs and documentation refer to pools as instance pools.
* Job — Manage which users can view, manage, trigger, cancel, or own a job.
* DLT_Pipeline — Manage which users can view, manage, run, cancel, or own a Delta Live Tables pipeline.
* Notebook — Manage which users can read, run, edit or manage a notebook.
* Directory — Manage which users can read, run, edit, or manage all notebooks in a directory.
* MLflow_Experiment — Manage which users can read, edit, or manage MLflow experiments.
* MLflow_Registered_Model — Manage which users can read, edit, or manage MLflow registered models.
* SQL_Endpoint — Manage which users can use or manage SQL endpoints.
* Repo — Manage which users can read, run, edit, or manage a repo.
enum:
- Token
- Password
- Cluster
- Pool
- Job
- DLT_Pipeline
- Notebook
- Directory
- MLflow_Experiment
- MLflow_Registered_Model
- SQL_Endpoint
- Repo
level:
type: string
description: Permission level
enum:
- CAN_MANAGE
- CAN_RESTART
- CAN_ATTACH_TO
- IS_OWNER
- CAN_MANAGE_RUN
- CAN_VIEW
- CAN_READ
- CAN_RUN
- CAN_EDIT
- CAN_USE
- CAN_MANAGE_STAGING_VERSIONS
- CAN_MANAGE_PRODUCTION_VERSIONS
- CAN_EDIT_METADATA
- CAN_VIEW_METADATA