com.databricks.sdk.service.workspace.SecretsAPI Maven / Gradle / Ivy
// Code generated from OpenAPI specs by Databricks SDK Generator. DO NOT EDIT.
package com.databricks.sdk.service.workspace;
import com.databricks.sdk.core.ApiClient;
import com.databricks.sdk.support.Generated;
import com.databricks.sdk.support.Paginator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* The Secrets API allows you to manage secrets, secret scopes, and access permissions.
*
* Sometimes accessing data requires that you authenticate to external data sources through JDBC.
* Instead of directly entering your credentials into a notebook, use Databricks secrets to store
* your credentials and reference them in notebooks and jobs.
*
*
Administrators, secret creators, and users granted permission can read Databricks secrets.
* While Databricks makes an effort to redact secret values that might be displayed in notebooks, it
* is not possible to prevent such users from reading secrets.
*/
@Generated
public class SecretsAPI {
private static final Logger LOG = LoggerFactory.getLogger(SecretsAPI.class);
private final SecretsService impl;
/** Regular-use constructor */
public SecretsAPI(ApiClient apiClient) {
impl = new SecretsImpl(apiClient);
}
/** Constructor for mocks */
public SecretsAPI(SecretsService mock) {
impl = mock;
}
public void createScope(String scope) {
createScope(new CreateScope().setScope(scope));
}
/**
* Create a new secret scope.
*
*
The scope name must consist of alphanumeric characters, dashes, underscores, and periods,
* and may not exceed 128 characters.
*/
public void createScope(CreateScope request) {
impl.createScope(request);
}
public void deleteAcl(String scope, String principal) {
deleteAcl(new DeleteAcl().setScope(scope).setPrincipal(principal));
}
/**
* Delete an ACL.
*
*
Deletes the given ACL on the given scope.
*
*
Users must have the `MANAGE` permission to invoke this API. Throws `RESOURCE_DOES_NOT_EXIST`
* if no such secret scope, principal, or ACL exists. Throws `PERMISSION_DENIED` if the user does
* not have permission to make this API call.
*/
public void deleteAcl(DeleteAcl request) {
impl.deleteAcl(request);
}
public void deleteScope(String scope) {
deleteScope(new DeleteScope().setScope(scope));
}
/**
* Delete a secret scope.
*
*
Deletes a secret scope.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if the scope does not exist. Throws `PERMISSION_DENIED` if
* the user does not have permission to make this API call.
*/
public void deleteScope(DeleteScope request) {
impl.deleteScope(request);
}
public void deleteSecret(String scope, String key) {
deleteSecret(new DeleteSecret().setScope(scope).setKey(key));
}
/**
* Delete a secret.
*
*
Deletes the secret stored in this secret scope. You must have `WRITE` or `MANAGE` permission
* on the secret scope.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if no such secret scope or secret exists. Throws
* `PERMISSION_DENIED` if the user does not have permission to make this API call.
*/
public void deleteSecret(DeleteSecret request) {
impl.deleteSecret(request);
}
public AclItem getAcl(String scope, String principal) {
return getAcl(new GetAclRequest().setScope(scope).setPrincipal(principal));
}
/**
* Get secret ACL details.
*
*
Gets the details about the given ACL, such as the group and permission. Users must have the
* `MANAGE` permission to invoke this API.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if no such secret scope exists. Throws `PERMISSION_DENIED`
* if the user does not have permission to make this API call.
*/
public AclItem getAcl(GetAclRequest request) {
return impl.getAcl(request);
}
public GetSecretResponse getSecret(String scope, String key) {
return getSecret(new GetSecretRequest().setScope(scope).setKey(key));
}
/**
* Get a secret.
*
*
Gets the bytes representation of a secret value for the specified scope and key.
*
*
Users need the READ permission to make this call.
*
*
Note that the secret value returned is in bytes. The interpretation of the bytes is
* determined by the caller in DBUtils and the type the data is decoded into.
*
*
Throws ``PERMISSION_DENIED`` if the user does not have permission to make this API call.
* Throws ``RESOURCE_DOES_NOT_EXIST`` if no such secret or secret scope exists.
*/
public GetSecretResponse getSecret(GetSecretRequest request) {
return impl.getSecret(request);
}
public Iterable listAcls(String scope) {
return listAcls(new ListAclsRequest().setScope(scope));
}
/**
* Lists ACLs.
*
* List the ACLs for a given secret scope. Users must have the `MANAGE` permission to invoke
* this API.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if no such secret scope exists. Throws `PERMISSION_DENIED`
* if the user does not have permission to make this API call.
*/
public Iterable listAcls(ListAclsRequest request) {
return new Paginator<>(request, impl::listAcls, ListAclsResponse::getItems, response -> null);
}
/**
* List all scopes.
*
* Lists all secret scopes available in the workspace.
*
*
Throws `PERMISSION_DENIED` if the user does not have permission to make this API call.
*/
public Iterable listScopes() {
return new Paginator<>(
null, (Void v) -> impl.listScopes(), ListScopesResponse::getScopes, response -> null);
}
public Iterable listSecrets(String scope) {
return listSecrets(new ListSecretsRequest().setScope(scope));
}
/**
* List secret keys.
*
* Lists the secret keys that are stored at this scope. This is a metadata-only operation;
* secret data cannot be retrieved using this API. Users need the READ permission to make this
* call.
*
*
The lastUpdatedTimestamp returned is in milliseconds since epoch. Throws
* `RESOURCE_DOES_NOT_EXIST` if no such secret scope exists. Throws `PERMISSION_DENIED` if the
* user does not have permission to make this API call.
*/
public Iterable listSecrets(ListSecretsRequest request) {
return new Paginator<>(
request, impl::listSecrets, ListSecretsResponse::getSecrets, response -> null);
}
public void putAcl(String scope, String principal, AclPermission permission) {
putAcl(new PutAcl().setScope(scope).setPrincipal(principal).setPermission(permission));
}
/**
* Create/update an ACL.
*
* Creates or overwrites the Access Control List (ACL) associated with the given principal
* (user or group) on the specified scope point.
*
*
In general, a user or group will use the most powerful permission available to them, and
* permissions are ordered as follows:
*
*
* `MANAGE` - Allowed to change ACLs, and read and write to this secret scope. * `WRITE` -
* Allowed to read and write to this secret scope. * `READ` - Allowed to read this secret scope
* and list what secrets are available.
*
*
Note that in general, secret values can only be read from within a command on a cluster (for
* example, through a notebook). There is no API to read the actual secret value material outside
* of a cluster. However, the user's permission will be applied based on who is executing the
* command, and they must have at least READ permission.
*
*
Users must have the `MANAGE` permission to invoke this API.
*
*
The principal is a user or group name corresponding to an existing Databricks principal to
* be granted or revoked access.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if no such secret scope exists. Throws
* `RESOURCE_ALREADY_EXISTS` if a permission for the principal already exists. Throws
* `INVALID_PARAMETER_VALUE` if the permission or principal is invalid. Throws `PERMISSION_DENIED`
* if the user does not have permission to make this API call.
*/
public void putAcl(PutAcl request) {
impl.putAcl(request);
}
public void putSecret(String scope, String key) {
putSecret(new PutSecret().setScope(scope).setKey(key));
}
/**
* Add a secret.
*
*
Inserts a secret under the provided scope with the given name. If a secret already exists
* with the same name, this command overwrites the existing secret's value. The server encrypts
* the secret using the secret scope's encryption settings before storing it.
*
*
You must have `WRITE` or `MANAGE` permission on the secret scope. The secret key must
* consist of alphanumeric characters, dashes, underscores, and periods, and cannot exceed 128
* characters. The maximum allowed secret value size is 128 KB. The maximum number of secrets in a
* given scope is 1000.
*
*
The input fields "string_value" or "bytes_value" specify the type of the secret, which will
* determine the value returned when the secret value is requested. Exactly one must be specified.
*
*
Throws `RESOURCE_DOES_NOT_EXIST` if no such secret scope exists. Throws
* `RESOURCE_LIMIT_EXCEEDED` if maximum number of secrets in scope is exceeded. Throws
* `INVALID_PARAMETER_VALUE` if the key name or value length is invalid. Throws
* `PERMISSION_DENIED` if the user does not have permission to make this API call.
*/
public void putSecret(PutSecret request) {
impl.putSecret(request);
}
public SecretsService impl() {
return impl;
}
}