oauth2

package
v0.55.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: Apache-2.0 Imports: 7 Imported by: 7

Documentation

Overview

These APIs allow you to manage Account Federation Policy, Custom App Integration, O Auth Published Apps, Published App Integration, Service Principal Federation Policy, Service Principal Secrets, etc.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AccountFederationPolicyAPI added in v0.54.0 

type AccountFederationPolicyAPI struct {
	// contains filtered or unexported fields
}

These APIs manage account federation policies.

Account federation policies allow users and service principals in your Databricks account to securely access Databricks APIs using tokens from your trusted identity providers (IdPs).

With token federation, your users and service principals can exchange tokens from your IdP for Databricks OAuth tokens, which can be used to access Databricks APIs. Token federation eliminates the need to manage Databricks secrets, and allows you to centralize management of token issuance policies in your IdP. Databricks token federation is typically used in combination with SCIM, so users in your IdP are synchronized into your Databricks account.

Token federation is configured in your Databricks account using an account federation policy. An account federation policy specifies: * which IdP, or issuer, your Databricks account should accept tokens from * how to determine which Databricks user, or subject, a token is issued for

To configure a federation policy, you provide the following: * The required token __issuer__, as specified in the “iss” claim of your tokens. The issuer is an https URL that identifies your IdP. * The allowed token __audiences__, as specified in the “aud” claim of your tokens. This identifier is intended to represent the recipient of the token. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If unspecified, the default value is your Databricks account id. * The __subject claim__, which indicates which token claim contains the Databricks username of the user the token was issued for. If unspecified, the default value is “sub”. * Optionally, the public keys used to validate the signature of your tokens, in JWKS format. If unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys.

An example federation policy is: ``` issuer: "https://idp.mycompany.com/oidc" audiences: ["databricks"] subject_claim: "sub" ```

An example JWT token body that matches this policy and could be used to authenticate to Databricks as user `username@mycompany.com` is: ``` { "iss": "https://idp.mycompany.com/oidc", "aud": "databricks", "sub": "username@mycompany.com" } ```

You may also need to configure your IdP to generate tokens for your users to exchange with Databricks, if your users do not already have the ability to generate tokens that are compatible with your federation policy.

You do not need to configure an OAuth application in Databricks to use token federation.

func NewAccountFederationPolicy added in v0.54.0 

func NewAccountFederationPolicy(client *client.DatabricksClient) *AccountFederationPolicyAPI

func (*AccountFederationPolicyAPI) Create added in v0.54.0 

func (a *AccountFederationPolicyAPI) Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error)

func (*AccountFederationPolicyAPI) Delete added in v0.54.0 

func (a *AccountFederationPolicyAPI) Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error

func (*AccountFederationPolicyAPI) DeleteByPolicyId added in v0.54.0 

func (a *AccountFederationPolicyAPI) DeleteByPolicyId(ctx context.Context, policyId string) error

Delete account federation policy.

func (*AccountFederationPolicyAPI) Get added in v0.54.0 

func (a *AccountFederationPolicyAPI) Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error)

func (*AccountFederationPolicyAPI) GetByPolicyId added in v0.54.0 

func (a *AccountFederationPolicyAPI) GetByPolicyId(ctx context.Context, policyId string) (*FederationPolicy, error)

Get account federation policy.

func (*AccountFederationPolicyAPI) List added in v0.54.0 

func (a *AccountFederationPolicyAPI) List(ctx context.Context, request ListAccountFederationPoliciesRequest) listing.Iterator[FederationPolicy]

List account federation policies.

This method is generated by Databricks SDK Code Generator.

func (*AccountFederationPolicyAPI) ListAll added in v0.54.0 

func (a *AccountFederationPolicyAPI) ListAll(ctx context.Context, request ListAccountFederationPoliciesRequest) ([]FederationPolicy, error)

List account federation policies.

This method is generated by Databricks SDK Code Generator.

func (*AccountFederationPolicyAPI) Update added in v0.54.0 

func (a *AccountFederationPolicyAPI) Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error)

type AccountFederationPolicyInterface added in v0.54.0 

type AccountFederationPolicyInterface interface {

	// Create account federation policy.
	Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error)

	// Delete account federation policy.
	Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error

	// Delete account federation policy.
	DeleteByPolicyId(ctx context.Context, policyId string) error

	// Get account federation policy.
	Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error)

	// Get account federation policy.
	GetByPolicyId(ctx context.Context, policyId string) (*FederationPolicy, error)

	// List account federation policies.
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListAccountFederationPoliciesRequest) listing.Iterator[FederationPolicy]

	// List account federation policies.
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListAccountFederationPoliciesRequest) ([]FederationPolicy, error)

	// Update account federation policy.
	Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error)
}

type AccountFederationPolicyService added in v0.54.0 

type AccountFederationPolicyService interface {

	// Create account federation policy.
	Create(ctx context.Context, request CreateAccountFederationPolicyRequest) (*FederationPolicy, error)

	// Delete account federation policy.
	Delete(ctx context.Context, request DeleteAccountFederationPolicyRequest) error

	// Get account federation policy.
	Get(ctx context.Context, request GetAccountFederationPolicyRequest) (*FederationPolicy, error)

	// List account federation policies.
	//
	// Use ListAll() to get all FederationPolicy instances, which will iterate over every result page.
	List(ctx context.Context, request ListAccountFederationPoliciesRequest) (*ListFederationPoliciesResponse, error)

	// Update account federation policy.
	Update(ctx context.Context, request UpdateAccountFederationPolicyRequest) (*FederationPolicy, error)
}

These APIs manage account federation policies.

Account federation policies allow users and service principals in your Databricks account to securely access Databricks APIs using tokens from your trusted identity providers (IdPs).

With token federation, your users and service principals can exchange tokens from your IdP for Databricks OAuth tokens, which can be used to access Databricks APIs. Token federation eliminates the need to manage Databricks secrets, and allows you to centralize management of token issuance policies in your IdP. Databricks token federation is typically used in combination with SCIM, so users in your IdP are synchronized into your Databricks account.

Token federation is configured in your Databricks account using an account federation policy. An account federation policy specifies: * which IdP, or issuer, your Databricks account should accept tokens from * how to determine which Databricks user, or subject, a token is issued for

To configure a federation policy, you provide the following: * The required token __issuer__, as specified in the “iss” claim of your tokens. The issuer is an https URL that identifies your IdP. * The allowed token __audiences__, as specified in the “aud” claim of your tokens. This identifier is intended to represent the recipient of the token. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If unspecified, the default value is your Databricks account id. * The __subject claim__, which indicates which token claim contains the Databricks username of the user the token was issued for. If unspecified, the default value is “sub”. * Optionally, the public keys used to validate the signature of your tokens, in JWKS format. If unspecified (recommended), Databricks automatically fetches the public keys from your issuer’s well known endpoint. Databricks strongly recommends relying on your issuer’s well known endpoint for discovering public keys.

An example federation policy is: ``` issuer: "https://idp.mycompany.com/oidc" audiences: ["databricks"] subject_claim: "sub" ```

An example JWT token body that matches this policy and could be used to authenticate to Databricks as user `username@mycompany.com` is: ``` { "iss": "https://idp.mycompany.com/oidc", "aud": "databricks", "sub": "username@mycompany.com" } ```

You may also need to configure your IdP to generate tokens for your users to exchange with Databricks, if your users do not already have the ability to generate tokens that are compatible with your federation policy.

You do not need to configure an OAuth application in Databricks to use token federation.

type CreateAccountFederationPolicyRequest added in v0.54.0 

type CreateAccountFederationPolicyRequest struct {
	Policy *FederationPolicy `json:"policy,omitempty"`
	// The identifier for the federation policy. The identifier must contain
	// only lowercase alphanumeric characters, numbers, hyphens, and slashes. If
	// unspecified, the id will be assigned by Databricks.
	PolicyId string `json:"-" url:"policy_id,omitempty"`

	ForceSendFields []string `json:"-"`
}

Create account federation policy

func (CreateAccountFederationPolicyRequest) MarshalJSON added in v0.54.0 

func (s CreateAccountFederationPolicyRequest) MarshalJSON() ([]byte, error)

func (*CreateAccountFederationPolicyRequest) UnmarshalJSON added in v0.54.0 

func (s *CreateAccountFederationPolicyRequest) UnmarshalJSON(b []byte) error

type CreateCustomAppIntegration 

type CreateCustomAppIntegration struct {
	// This field indicates whether an OAuth client secret is required to
	// authenticate this client.
	Confidential bool `json:"confidential,omitempty"`
	// Name of the custom OAuth app
	Name string `json:"name,omitempty"`
	// List of OAuth redirect urls
	RedirectUrls []string `json:"redirect_urls,omitempty"`
	// OAuth scopes granted to the application. Supported scopes: all-apis, sql,
	// offline_access, openid, profile, email.
	Scopes []string `json:"scopes,omitempty"`
	// Token access policy
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (CreateCustomAppIntegration) MarshalJSON added in v0.23.0 

func (s CreateCustomAppIntegration) MarshalJSON() ([]byte, error)

func (*CreateCustomAppIntegration) UnmarshalJSON added in v0.23.0 

func (s *CreateCustomAppIntegration) UnmarshalJSON(b []byte) error

type CreateCustomAppIntegrationOutput 

type CreateCustomAppIntegrationOutput struct {
	// OAuth client-id generated by the Databricks
	ClientId string `json:"client_id,omitempty"`
	// OAuth client-secret generated by the Databricks. If this is a
	// confidential OAuth app client-secret will be generated.
	ClientSecret string `json:"client_secret,omitempty"`
	// Unique integration id for the custom OAuth app
	IntegrationId string `json:"integration_id,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (CreateCustomAppIntegrationOutput) MarshalJSON added in v0.23.0 

func (s CreateCustomAppIntegrationOutput) MarshalJSON() ([]byte, error)

func (*CreateCustomAppIntegrationOutput) UnmarshalJSON added in v0.23.0 

func (s *CreateCustomAppIntegrationOutput) UnmarshalJSON(b []byte) error

type CreatePublishedAppIntegration 

type CreatePublishedAppIntegration struct {
	// App id of the OAuth published app integration. For example power-bi,
	// tableau-deskop
	AppId string `json:"app_id,omitempty"`
	// Token access policy
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (CreatePublishedAppIntegration) MarshalJSON added in v0.23.0 

func (s CreatePublishedAppIntegration) MarshalJSON() ([]byte, error)

func (*CreatePublishedAppIntegration) UnmarshalJSON added in v0.23.0 

func (s *CreatePublishedAppIntegration) UnmarshalJSON(b []byte) error

type CreatePublishedAppIntegrationOutput 

type CreatePublishedAppIntegrationOutput struct {
	// Unique integration id for the published OAuth app
	IntegrationId string `json:"integration_id,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (CreatePublishedAppIntegrationOutput) MarshalJSON added in v0.23.0 

func (s CreatePublishedAppIntegrationOutput) MarshalJSON() ([]byte, error)

func (*CreatePublishedAppIntegrationOutput) UnmarshalJSON added in v0.23.0 

func (s *CreatePublishedAppIntegrationOutput) UnmarshalJSON(b []byte) error

type CreateServicePrincipalFederationPolicyRequest added in v0.54.0 

type CreateServicePrincipalFederationPolicyRequest struct {
	Policy *FederationPolicy `json:"policy,omitempty"`
	// The identifier for the federation policy. The identifier must contain
	// only lowercase alphanumeric characters, numbers, hyphens, and slashes. If
	// unspecified, the id will be assigned by Databricks.
	PolicyId string `json:"-" url:"policy_id,omitempty"`
	// The service principal id for the federation policy.
	ServicePrincipalId int64 `json:"-" url:"-"`

	ForceSendFields []string `json:"-"`
}

Create service principal federation policy

func (CreateServicePrincipalFederationPolicyRequest) MarshalJSON added in v0.54.0 

func (s CreateServicePrincipalFederationPolicyRequest) MarshalJSON() ([]byte, error)

func (*CreateServicePrincipalFederationPolicyRequest) UnmarshalJSON added in v0.54.0 

func (s *CreateServicePrincipalFederationPolicyRequest) UnmarshalJSON(b []byte) error

type CreateServicePrincipalSecretRequest added in v0.9.0 

type CreateServicePrincipalSecretRequest struct {
	// The service principal ID.
	ServicePrincipalId int64 `json:"-" url:"-"`
}

Create service principal secret

type CreateServicePrincipalSecretResponse added in v0.9.0 

type CreateServicePrincipalSecretResponse struct {
	// UTC time when the secret was created
	CreateTime string `json:"create_time,omitempty"`
	// ID of the secret
	Id string `json:"id,omitempty"`
	// Secret Value
	Secret string `json:"secret,omitempty"`
	// Secret Hash
	SecretHash string `json:"secret_hash,omitempty"`
	// Status of the secret
	Status string `json:"status,omitempty"`
	// UTC time when the secret was updated
	UpdateTime string `json:"update_time,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (CreateServicePrincipalSecretResponse) MarshalJSON added in v0.23.0 

func (s CreateServicePrincipalSecretResponse) MarshalJSON() ([]byte, error)

func (*CreateServicePrincipalSecretResponse) UnmarshalJSON added in v0.23.0 

func (s *CreateServicePrincipalSecretResponse) UnmarshalJSON(b []byte) error

type CustomAppIntegrationAPI 

type CustomAppIntegrationAPI struct {
	// contains filtered or unexported fields
}

These APIs enable administrators to manage custom OAuth app integrations, which is required for adding/using Custom OAuth App Integration like Tableau Cloud for Databricks in AWS cloud.

func NewCustomAppIntegration 

func NewCustomAppIntegration(client *client.DatabricksClient) *CustomAppIntegrationAPI

func (*CustomAppIntegrationAPI) Create 

func (a *CustomAppIntegrationAPI) Create(ctx context.Context, request CreateCustomAppIntegration) (*CreateCustomAppIntegrationOutput, error)

func (*CustomAppIntegrationAPI) Delete 

func (a *CustomAppIntegrationAPI) Delete(ctx context.Context, request DeleteCustomAppIntegrationRequest) error

func (*CustomAppIntegrationAPI) DeleteByIntegrationId 

func (a *CustomAppIntegrationAPI) DeleteByIntegrationId(ctx context.Context, integrationId string) error

Delete Custom OAuth App Integration.

Delete an existing Custom OAuth App Integration. You can retrieve the custom OAuth app integration via :method:CustomAppIntegration/get.

func (*CustomAppIntegrationAPI) Get 

func (a *CustomAppIntegrationAPI) Get(ctx context.Context, request GetCustomAppIntegrationRequest) (*GetCustomAppIntegrationOutput, error)

func (*CustomAppIntegrationAPI) GetByIntegrationId 

func (a *CustomAppIntegrationAPI) GetByIntegrationId(ctx context.Context, integrationId string) (*GetCustomAppIntegrationOutput, error)

Get OAuth Custom App Integration.

Gets the Custom OAuth App Integration for the given integration id.

func (*CustomAppIntegrationAPI) List added in v0.24.0 

func (a *CustomAppIntegrationAPI) List(ctx context.Context, request ListCustomAppIntegrationsRequest) listing.Iterator[GetCustomAppIntegrationOutput]

Get custom oauth app integrations.

Get the list of custom OAuth app integrations for the specified Databricks account

This method is generated by Databricks SDK Code Generator.

func (*CustomAppIntegrationAPI) ListAll added in v0.7.0 

func (a *CustomAppIntegrationAPI) ListAll(ctx context.Context, request ListCustomAppIntegrationsRequest) ([]GetCustomAppIntegrationOutput, error)

Get custom oauth app integrations.

Get the list of custom OAuth app integrations for the specified Databricks account

This method is generated by Databricks SDK Code Generator.

func (*CustomAppIntegrationAPI) Update 

func (a *CustomAppIntegrationAPI) Update(ctx context.Context, request UpdateCustomAppIntegration) error

type CustomAppIntegrationInterface added in v0.29.0 

type CustomAppIntegrationInterface interface {

	// Create Custom OAuth App Integration.
	//
	// Create Custom OAuth App Integration.
	//
	// You can retrieve the custom OAuth app integration via
	// :method:CustomAppIntegration/get.
	Create(ctx context.Context, request CreateCustomAppIntegration) (*CreateCustomAppIntegrationOutput, error)

	// Delete Custom OAuth App Integration.
	//
	// Delete an existing Custom OAuth App Integration. You can retrieve the custom
	// OAuth app integration via :method:CustomAppIntegration/get.
	Delete(ctx context.Context, request DeleteCustomAppIntegrationRequest) error

	// Delete Custom OAuth App Integration.
	//
	// Delete an existing Custom OAuth App Integration. You can retrieve the custom
	// OAuth app integration via :method:CustomAppIntegration/get.
	DeleteByIntegrationId(ctx context.Context, integrationId string) error

	// Get OAuth Custom App Integration.
	//
	// Gets the Custom OAuth App Integration for the given integration id.
	Get(ctx context.Context, request GetCustomAppIntegrationRequest) (*GetCustomAppIntegrationOutput, error)

	// Get OAuth Custom App Integration.
	//
	// Gets the Custom OAuth App Integration for the given integration id.
	GetByIntegrationId(ctx context.Context, integrationId string) (*GetCustomAppIntegrationOutput, error)

	// Get custom oauth app integrations.
	//
	// Get the list of custom OAuth app integrations for the specified Databricks
	// account
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListCustomAppIntegrationsRequest) listing.Iterator[GetCustomAppIntegrationOutput]

	// Get custom oauth app integrations.
	//
	// Get the list of custom OAuth app integrations for the specified Databricks
	// account
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListCustomAppIntegrationsRequest) ([]GetCustomAppIntegrationOutput, error)

	// Updates Custom OAuth App Integration.
	//
	// Updates an existing custom OAuth App Integration. You can retrieve the custom
	// OAuth app integration via :method:CustomAppIntegration/get.
	Update(ctx context.Context, request UpdateCustomAppIntegration) error
}

type CustomAppIntegrationService 

type CustomAppIntegrationService interface {

	// Create Custom OAuth App Integration.
	//
	// Create Custom OAuth App Integration.
	//
	// You can retrieve the custom OAuth app integration via
	// :method:CustomAppIntegration/get.
	Create(ctx context.Context, request CreateCustomAppIntegration) (*CreateCustomAppIntegrationOutput, error)

	// Delete Custom OAuth App Integration.
	//
	// Delete an existing Custom OAuth App Integration. You can retrieve the
	// custom OAuth app integration via :method:CustomAppIntegration/get.
	Delete(ctx context.Context, request DeleteCustomAppIntegrationRequest) error

	// Get OAuth Custom App Integration.
	//
	// Gets the Custom OAuth App Integration for the given integration id.
	Get(ctx context.Context, request GetCustomAppIntegrationRequest) (*GetCustomAppIntegrationOutput, error)

	// Get custom oauth app integrations.
	//
	// Get the list of custom OAuth app integrations for the specified
	// Databricks account
	//
	// Use ListAll() to get all GetCustomAppIntegrationOutput instances, which will iterate over every result page.
	List(ctx context.Context, request ListCustomAppIntegrationsRequest) (*GetCustomAppIntegrationsOutput, error)

	// Updates Custom OAuth App Integration.
	//
	// Updates an existing custom OAuth App Integration. You can retrieve the
	// custom OAuth app integration via :method:CustomAppIntegration/get.
	Update(ctx context.Context, request UpdateCustomAppIntegration) error
}

These APIs enable administrators to manage custom OAuth app integrations, which is required for adding/using Custom OAuth App Integration like Tableau Cloud for Databricks in AWS cloud.

type DeleteAccountFederationPolicyRequest added in v0.54.0 

type DeleteAccountFederationPolicyRequest struct {
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
}

Delete account federation policy

type DeleteCustomAppIntegrationOutput added in v0.34.0 

type DeleteCustomAppIntegrationOutput struct {
}

type DeleteCustomAppIntegrationRequest 

type DeleteCustomAppIntegrationRequest struct {
	IntegrationId string `json:"-" url:"-"`
}

Delete Custom OAuth App Integration

type DeletePublishedAppIntegrationOutput added in v0.34.0 

type DeletePublishedAppIntegrationOutput struct {
}

type DeletePublishedAppIntegrationRequest 

type DeletePublishedAppIntegrationRequest struct {
	IntegrationId string `json:"-" url:"-"`
}

Delete Published OAuth App Integration

type DeleteResponse added in v0.34.0 

type DeleteResponse struct {
}

type DeleteServicePrincipalFederationPolicyRequest added in v0.54.0 

type DeleteServicePrincipalFederationPolicyRequest struct {
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
	// The service principal id for the federation policy.
	ServicePrincipalId int64 `json:"-" url:"-"`
}

Delete service principal federation policy

type DeleteServicePrincipalSecretRequest added in v0.9.0 

type DeleteServicePrincipalSecretRequest struct {
	// The secret ID.
	SecretId string `json:"-" url:"-"`
	// The service principal ID.
	ServicePrincipalId int64 `json:"-" url:"-"`
}

Delete service principal secret

type FederationPolicy added in v0.54.0 

type FederationPolicy struct {
	// Creation time of the federation policy.
	CreateTime string `json:"create_time,omitempty"`
	// Description of the federation policy.
	Description string `json:"description,omitempty"`
	// Resource name for the federation policy. Example values include
	// `accounts/<account-id>/federationPolicies/my-federation-policy` for
	// Account Federation Policies, and
	// `accounts/<account-id>/servicePrincipals/<service-principal-id>/federationPolicies/my-federation-policy`
	// for Service Principal Federation Policies. Typically an output parameter,
	// which does not need to be specified in create or update requests. If
	// specified in a request, must match the value in the request URL.
	Name string `json:"name,omitempty"`
	// Specifies the policy to use for validating OIDC claims in your federated
	// tokens.
	OidcPolicy *OidcFederationPolicy `json:"oidc_policy,omitempty"`
	// Unique, immutable id of the federation policy.
	Uid string `json:"uid,omitempty"`
	// Last update time of the federation policy.
	UpdateTime string `json:"update_time,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (FederationPolicy) MarshalJSON added in v0.54.0 

func (s FederationPolicy) MarshalJSON() ([]byte, error)

func (*FederationPolicy) UnmarshalJSON added in v0.54.0 

func (s *FederationPolicy) UnmarshalJSON(b []byte) error

type GetAccountFederationPolicyRequest added in v0.54.0 

type GetAccountFederationPolicyRequest struct {
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
}

Get account federation policy

type GetCustomAppIntegrationOutput 

type GetCustomAppIntegrationOutput struct {
	// The client id of the custom OAuth app
	ClientId string `json:"client_id,omitempty"`
	// This field indicates whether an OAuth client secret is required to
	// authenticate this client.
	Confidential bool `json:"confidential,omitempty"`

	CreateTime string `json:"create_time,omitempty"`

	CreatedBy int64 `json:"created_by,omitempty"`

	CreatorUsername string `json:"creator_username,omitempty"`
	// ID of this custom app
	IntegrationId string `json:"integration_id,omitempty"`
	// The display name of the custom OAuth app
	Name string `json:"name,omitempty"`
	// List of OAuth redirect urls
	RedirectUrls []string `json:"redirect_urls,omitempty"`

	Scopes []string `json:"scopes,omitempty"`
	// Token access policy
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (GetCustomAppIntegrationOutput) MarshalJSON added in v0.23.0 

func (s GetCustomAppIntegrationOutput) MarshalJSON() ([]byte, error)

func (*GetCustomAppIntegrationOutput) UnmarshalJSON added in v0.23.0 

func (s *GetCustomAppIntegrationOutput) UnmarshalJSON(b []byte) error

type GetCustomAppIntegrationRequest 

type GetCustomAppIntegrationRequest struct {
	// The OAuth app integration ID.
	IntegrationId string `json:"-" url:"-"`
}

Get OAuth Custom App Integration

type GetCustomAppIntegrationsOutput added in v0.7.0 

type GetCustomAppIntegrationsOutput struct {
	// List of Custom OAuth App Integrations defined for the account.
	Apps []GetCustomAppIntegrationOutput `json:"apps,omitempty"`

	NextPageToken string `json:"next_page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (GetCustomAppIntegrationsOutput) MarshalJSON added in v0.44.0 

func (s GetCustomAppIntegrationsOutput) MarshalJSON() ([]byte, error)

func (*GetCustomAppIntegrationsOutput) UnmarshalJSON added in v0.44.0 

func (s *GetCustomAppIntegrationsOutput) UnmarshalJSON(b []byte) error

type GetPublishedAppIntegrationOutput 

type GetPublishedAppIntegrationOutput struct {
	// App-id of the published app integration
	AppId string `json:"app_id,omitempty"`

	CreateTime string `json:"create_time,omitempty"`

	CreatedBy int64 `json:"created_by,omitempty"`
	// Unique integration id for the published OAuth app
	IntegrationId string `json:"integration_id,omitempty"`
	// Display name of the published OAuth app
	Name string `json:"name,omitempty"`
	// Token access policy
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (GetPublishedAppIntegrationOutput) MarshalJSON added in v0.23.0 

func (s GetPublishedAppIntegrationOutput) MarshalJSON() ([]byte, error)

func (*GetPublishedAppIntegrationOutput) UnmarshalJSON added in v0.23.0 

func (s *GetPublishedAppIntegrationOutput) UnmarshalJSON(b []byte) error

type GetPublishedAppIntegrationRequest 

type GetPublishedAppIntegrationRequest struct {
	IntegrationId string `json:"-" url:"-"`
}

Get OAuth Published App Integration

type GetPublishedAppIntegrationsOutput added in v0.7.0 

type GetPublishedAppIntegrationsOutput struct {
	// List of Published OAuth App Integrations defined for the account.
	Apps []GetPublishedAppIntegrationOutput `json:"apps,omitempty"`

	NextPageToken string `json:"next_page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (GetPublishedAppIntegrationsOutput) MarshalJSON added in v0.44.0 

func (s GetPublishedAppIntegrationsOutput) MarshalJSON() ([]byte, error)

func (*GetPublishedAppIntegrationsOutput) UnmarshalJSON added in v0.44.0 

func (s *GetPublishedAppIntegrationsOutput) UnmarshalJSON(b []byte) error

type GetPublishedAppsOutput added in v0.20.0 

type GetPublishedAppsOutput struct {
	// List of Published OAuth Apps.
	Apps []PublishedAppOutput `json:"apps,omitempty"`
	// A token that can be used to get the next page of results. If not present,
	// there are no more results to show.
	NextPageToken string `json:"next_page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (GetPublishedAppsOutput) MarshalJSON added in v0.23.0 

func (s GetPublishedAppsOutput) MarshalJSON() ([]byte, error)

func (*GetPublishedAppsOutput) UnmarshalJSON added in v0.23.0 

func (s *GetPublishedAppsOutput) UnmarshalJSON(b []byte) error

type GetServicePrincipalFederationPolicyRequest added in v0.54.0 

type GetServicePrincipalFederationPolicyRequest struct {
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
	// The service principal id for the federation policy.
	ServicePrincipalId int64 `json:"-" url:"-"`
}

Get service principal federation policy

type ListAccountFederationPoliciesRequest added in v0.54.0 

type ListAccountFederationPoliciesRequest struct {
	PageSize int `json:"-" url:"page_size,omitempty"`

	PageToken string `json:"-" url:"page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

List account federation policies

func (ListAccountFederationPoliciesRequest) MarshalJSON added in v0.54.0 

func (s ListAccountFederationPoliciesRequest) MarshalJSON() ([]byte, error)

func (*ListAccountFederationPoliciesRequest) UnmarshalJSON added in v0.54.0 

func (s *ListAccountFederationPoliciesRequest) UnmarshalJSON(b []byte) error

type ListCustomAppIntegrationsRequest added in v0.44.0 

type ListCustomAppIntegrationsRequest struct {
	IncludeCreatorUsername bool `json:"-" url:"include_creator_username,omitempty"`

	PageSize int `json:"-" url:"page_size,omitempty"`

	PageToken string `json:"-" url:"page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

Get custom oauth app integrations

func (ListCustomAppIntegrationsRequest) MarshalJSON added in v0.44.0 

func (s ListCustomAppIntegrationsRequest) MarshalJSON() ([]byte, error)

func (*ListCustomAppIntegrationsRequest) UnmarshalJSON added in v0.44.0 

func (s *ListCustomAppIntegrationsRequest) UnmarshalJSON(b []byte) error

type ListFederationPoliciesResponse added in v0.54.0 

type ListFederationPoliciesResponse struct {
	NextPageToken string `json:"next_page_token,omitempty"`

	Policies []FederationPolicy `json:"policies,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (ListFederationPoliciesResponse) MarshalJSON added in v0.54.0 

func (s ListFederationPoliciesResponse) MarshalJSON() ([]byte, error)

func (*ListFederationPoliciesResponse) UnmarshalJSON added in v0.54.0 

func (s *ListFederationPoliciesResponse) UnmarshalJSON(b []byte) error

type ListOAuthPublishedAppsRequest added in v0.20.0 

type ListOAuthPublishedAppsRequest struct {
	// The max number of OAuth published apps to return in one page.
	PageSize int `json:"-" url:"page_size,omitempty"`
	// A token that can be used to get the next page of results.
	PageToken string `json:"-" url:"page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

Get all the published OAuth apps

func (ListOAuthPublishedAppsRequest) MarshalJSON added in v0.23.0 

func (s ListOAuthPublishedAppsRequest) MarshalJSON() ([]byte, error)

func (*ListOAuthPublishedAppsRequest) UnmarshalJSON added in v0.23.0 

func (s *ListOAuthPublishedAppsRequest) UnmarshalJSON(b []byte) error

type ListPublishedAppIntegrationsRequest added in v0.44.0 

type ListPublishedAppIntegrationsRequest struct {
	PageSize int `json:"-" url:"page_size,omitempty"`

	PageToken string `json:"-" url:"page_token,omitempty"`

	ForceSendFields []string `json:"-"`
}

Get published oauth app integrations

func (ListPublishedAppIntegrationsRequest) MarshalJSON added in v0.44.0 

func (s ListPublishedAppIntegrationsRequest) MarshalJSON() ([]byte, error)

func (*ListPublishedAppIntegrationsRequest) UnmarshalJSON added in v0.44.0 

func (s *ListPublishedAppIntegrationsRequest) UnmarshalJSON(b []byte) error

type ListServicePrincipalFederationPoliciesRequest added in v0.54.0 

type ListServicePrincipalFederationPoliciesRequest struct {
	PageSize int `json:"-" url:"page_size,omitempty"`

	PageToken string `json:"-" url:"page_token,omitempty"`
	// The service principal id for the federation policy.
	ServicePrincipalId int64 `json:"-" url:"-"`

	ForceSendFields []string `json:"-"`
}

List service principal federation policies

func (ListServicePrincipalFederationPoliciesRequest) MarshalJSON added in v0.54.0 

func (s ListServicePrincipalFederationPoliciesRequest) MarshalJSON() ([]byte, error)

func (*ListServicePrincipalFederationPoliciesRequest) UnmarshalJSON added in v0.54.0 

func (s *ListServicePrincipalFederationPoliciesRequest) UnmarshalJSON(b []byte) error

type ListServicePrincipalSecretsRequest added in v0.9.0 

type ListServicePrincipalSecretsRequest struct {
	// An opaque page token which was the `next_page_token` in the response of
	// the previous request to list the secrets for this service principal.
	// Provide this token to retrieve the next page of secret entries. When
	// providing a `page_token`, all other parameters provided to the request
	// must match the previous request. To list all of the secrets for a service
	// principal, it is necessary to continue requesting pages of entries until
	// the response contains no `next_page_token`. Note that the number of
	// entries returned must not be used to determine when the listing is
	// complete.
	PageToken string `json:"-" url:"page_token,omitempty"`
	// The service principal ID.
	ServicePrincipalId int64 `json:"-" url:"-"`

	ForceSendFields []string `json:"-"`
}

List service principal secrets

func (ListServicePrincipalSecretsRequest) MarshalJSON added in v0.50.0 

func (s ListServicePrincipalSecretsRequest) MarshalJSON() ([]byte, error)

func (*ListServicePrincipalSecretsRequest) UnmarshalJSON added in v0.50.0 

func (s *ListServicePrincipalSecretsRequest) UnmarshalJSON(b []byte) error

type ListServicePrincipalSecretsResponse added in v0.9.0 

type ListServicePrincipalSecretsResponse struct {
	// A token, which can be sent as `page_token` to retrieve the next page.
	NextPageToken string `json:"next_page_token,omitempty"`
	// List of the secrets
	Secrets []SecretInfo `json:"secrets,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (ListServicePrincipalSecretsResponse) MarshalJSON added in v0.50.0 

func (s ListServicePrincipalSecretsResponse) MarshalJSON() ([]byte, error)

func (*ListServicePrincipalSecretsResponse) UnmarshalJSON added in v0.50.0 

func (s *ListServicePrincipalSecretsResponse) UnmarshalJSON(b []byte) error

type OAuthPublishedAppsAPI added in v0.20.0 

type OAuthPublishedAppsAPI struct {
	// contains filtered or unexported fields
}

These APIs enable administrators to view all the available published OAuth applications in Databricks. Administrators can add the published OAuth applications to their account through the OAuth Published App Integration APIs.

func NewOAuthPublishedApps added in v0.20.0 

func NewOAuthPublishedApps(client *client.DatabricksClient) *OAuthPublishedAppsAPI

func (*OAuthPublishedAppsAPI) List added in v0.24.0 

func (a *OAuthPublishedAppsAPI) List(ctx context.Context, request ListOAuthPublishedAppsRequest) listing.Iterator[PublishedAppOutput]

Get all the published OAuth apps.

Get all the available published OAuth apps in Databricks.

This method is generated by Databricks SDK Code Generator.

func (*OAuthPublishedAppsAPI) ListAll added in v0.20.0 

func (a *OAuthPublishedAppsAPI) ListAll(ctx context.Context, request ListOAuthPublishedAppsRequest) ([]PublishedAppOutput, error)

Get all the published OAuth apps.

Get all the available published OAuth apps in Databricks.

This method is generated by Databricks SDK Code Generator.

type OAuthPublishedAppsInterface added in v0.29.0 

type OAuthPublishedAppsInterface interface {

	// Get all the published OAuth apps.
	//
	// Get all the available published OAuth apps in Databricks.
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListOAuthPublishedAppsRequest) listing.Iterator[PublishedAppOutput]

	// Get all the published OAuth apps.
	//
	// Get all the available published OAuth apps in Databricks.
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListOAuthPublishedAppsRequest) ([]PublishedAppOutput, error)
}

type OAuthPublishedAppsService added in v0.20.0 

type OAuthPublishedAppsService interface {

	// Get all the published OAuth apps.
	//
	// Get all the available published OAuth apps in Databricks.
	//
	// Use ListAll() to get all PublishedAppOutput instances, which will iterate over every result page.
	List(ctx context.Context, request ListOAuthPublishedAppsRequest) (*GetPublishedAppsOutput, error)
}

These APIs enable administrators to view all the available published OAuth applications in Databricks. Administrators can add the published OAuth applications to their account through the OAuth Published App Integration APIs.

type OidcFederationPolicy added in v0.54.0 

type OidcFederationPolicy struct {
	// The allowed token audiences, as specified in the 'aud' claim of federated
	// tokens. The audience identifier is intended to represent the recipient of
	// the token. Can be any non-empty string value. As long as the audience in
	// the token matches at least one audience in the policy, the token is
	// considered a match. If audiences is unspecified, defaults to your
	// Databricks account id.
	Audiences []string `json:"audiences,omitempty"`
	// The required token issuer, as specified in the 'iss' claim of federated
	// tokens.
	Issuer string `json:"issuer,omitempty"`
	// The public keys used to validate the signature of federated tokens, in
	// JWKS format. If unspecified (recommended), Databricks automatically
	// fetches the public keys from your issuer’s well known endpoint.
	// Databricks strongly recommends relying on your issuer’s well known
	// endpoint for discovering public keys.
	JwksJson string `json:"jwks_json,omitempty"`
	// The required token subject, as specified in the subject claim of
	// federated tokens. Must be specified for service principal federation
	// policies. Must not be specified for account federation policies.
	Subject string `json:"subject,omitempty"`
	// The claim that contains the subject of the token. If unspecified, the
	// default value is 'sub'.
	SubjectClaim string `json:"subject_claim,omitempty"`

	ForceSendFields []string `json:"-"`
}

Specifies the policy to use for validating OIDC claims in your federated tokens.

func (OidcFederationPolicy) MarshalJSON added in v0.54.0 

func (s OidcFederationPolicy) MarshalJSON() ([]byte, error)

func (*OidcFederationPolicy) UnmarshalJSON added in v0.54.0 

func (s *OidcFederationPolicy) UnmarshalJSON(b []byte) error

type PublishedAppIntegrationAPI 

type PublishedAppIntegrationAPI struct {
	// contains filtered or unexported fields
}

These APIs enable administrators to manage published OAuth app integrations, which is required for adding/using Published OAuth App Integration like Tableau Desktop for Databricks in AWS cloud.

func NewPublishedAppIntegration 

func NewPublishedAppIntegration(client *client.DatabricksClient) *PublishedAppIntegrationAPI

func (*PublishedAppIntegrationAPI) Create 

func (a *PublishedAppIntegrationAPI) Create(ctx context.Context, request CreatePublishedAppIntegration) (*CreatePublishedAppIntegrationOutput, error)

func (*PublishedAppIntegrationAPI) Delete 

func (a *PublishedAppIntegrationAPI) Delete(ctx context.Context, request DeletePublishedAppIntegrationRequest) error

func (*PublishedAppIntegrationAPI) DeleteByIntegrationId 

func (a *PublishedAppIntegrationAPI) DeleteByIntegrationId(ctx context.Context, integrationId string) error

Delete Published OAuth App Integration.

Delete an existing Published OAuth App Integration. You can retrieve the published OAuth app integration via :method:PublishedAppIntegration/get.

func (*PublishedAppIntegrationAPI) Get 

func (a *PublishedAppIntegrationAPI) Get(ctx context.Context, request GetPublishedAppIntegrationRequest) (*GetPublishedAppIntegrationOutput, error)

func (*PublishedAppIntegrationAPI) GetByIntegrationId 

func (a *PublishedAppIntegrationAPI) GetByIntegrationId(ctx context.Context, integrationId string) (*GetPublishedAppIntegrationOutput, error)

Get OAuth Published App Integration.

Gets the Published OAuth App Integration for the given integration id.

func (*PublishedAppIntegrationAPI) List added in v0.24.0 

func (a *PublishedAppIntegrationAPI) List(ctx context.Context, request ListPublishedAppIntegrationsRequest) listing.Iterator[GetPublishedAppIntegrationOutput]

Get published oauth app integrations.

Get the list of published OAuth app integrations for the specified Databricks account

This method is generated by Databricks SDK Code Generator.

func (*PublishedAppIntegrationAPI) ListAll added in v0.7.0 

func (a *PublishedAppIntegrationAPI) ListAll(ctx context.Context, request ListPublishedAppIntegrationsRequest) ([]GetPublishedAppIntegrationOutput, error)

Get published oauth app integrations.

Get the list of published OAuth app integrations for the specified Databricks account

This method is generated by Databricks SDK Code Generator.

func (*PublishedAppIntegrationAPI) Update 

func (a *PublishedAppIntegrationAPI) Update(ctx context.Context, request UpdatePublishedAppIntegration) error

type PublishedAppIntegrationInterface added in v0.29.0 

type PublishedAppIntegrationInterface interface {

	// Create Published OAuth App Integration.
	//
	// Create Published OAuth App Integration.
	//
	// You can retrieve the published OAuth app integration via
	// :method:PublishedAppIntegration/get.
	Create(ctx context.Context, request CreatePublishedAppIntegration) (*CreatePublishedAppIntegrationOutput, error)

	// Delete Published OAuth App Integration.
	//
	// Delete an existing Published OAuth App Integration. You can retrieve the
	// published OAuth app integration via :method:PublishedAppIntegration/get.
	Delete(ctx context.Context, request DeletePublishedAppIntegrationRequest) error

	// Delete Published OAuth App Integration.
	//
	// Delete an existing Published OAuth App Integration. You can retrieve the
	// published OAuth app integration via :method:PublishedAppIntegration/get.
	DeleteByIntegrationId(ctx context.Context, integrationId string) error

	// Get OAuth Published App Integration.
	//
	// Gets the Published OAuth App Integration for the given integration id.
	Get(ctx context.Context, request GetPublishedAppIntegrationRequest) (*GetPublishedAppIntegrationOutput, error)

	// Get OAuth Published App Integration.
	//
	// Gets the Published OAuth App Integration for the given integration id.
	GetByIntegrationId(ctx context.Context, integrationId string) (*GetPublishedAppIntegrationOutput, error)

	// Get published oauth app integrations.
	//
	// Get the list of published OAuth app integrations for the specified Databricks
	// account
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListPublishedAppIntegrationsRequest) listing.Iterator[GetPublishedAppIntegrationOutput]

	// Get published oauth app integrations.
	//
	// Get the list of published OAuth app integrations for the specified Databricks
	// account
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListPublishedAppIntegrationsRequest) ([]GetPublishedAppIntegrationOutput, error)

	// Updates Published OAuth App Integration.
	//
	// Updates an existing published OAuth App Integration. You can retrieve the
	// published OAuth app integration via :method:PublishedAppIntegration/get.
	Update(ctx context.Context, request UpdatePublishedAppIntegration) error
}

type PublishedAppIntegrationService 

type PublishedAppIntegrationService interface {

	// Create Published OAuth App Integration.
	//
	// Create Published OAuth App Integration.
	//
	// You can retrieve the published OAuth app integration via
	// :method:PublishedAppIntegration/get.
	Create(ctx context.Context, request CreatePublishedAppIntegration) (*CreatePublishedAppIntegrationOutput, error)

	// Delete Published OAuth App Integration.
	//
	// Delete an existing Published OAuth App Integration. You can retrieve the
	// published OAuth app integration via :method:PublishedAppIntegration/get.
	Delete(ctx context.Context, request DeletePublishedAppIntegrationRequest) error

	// Get OAuth Published App Integration.
	//
	// Gets the Published OAuth App Integration for the given integration id.
	Get(ctx context.Context, request GetPublishedAppIntegrationRequest) (*GetPublishedAppIntegrationOutput, error)

	// Get published oauth app integrations.
	//
	// Get the list of published OAuth app integrations for the specified
	// Databricks account
	//
	// Use ListAll() to get all GetPublishedAppIntegrationOutput instances, which will iterate over every result page.
	List(ctx context.Context, request ListPublishedAppIntegrationsRequest) (*GetPublishedAppIntegrationsOutput, error)

	// Updates Published OAuth App Integration.
	//
	// Updates an existing published OAuth App Integration. You can retrieve the
	// published OAuth app integration via :method:PublishedAppIntegration/get.
	Update(ctx context.Context, request UpdatePublishedAppIntegration) error
}

These APIs enable administrators to manage published OAuth app integrations, which is required for adding/using Published OAuth App Integration like Tableau Desktop for Databricks in AWS cloud.

type PublishedAppOutput added in v0.20.0 

type PublishedAppOutput struct {
	// Unique ID of the published OAuth app.
	AppId string `json:"app_id,omitempty"`
	// Client ID of the published OAuth app. It is the client_id in the OAuth
	// flow
	ClientId string `json:"client_id,omitempty"`
	// Description of the published OAuth app.
	Description string `json:"description,omitempty"`
	// Whether the published OAuth app is a confidential client. It is always
	// false for published OAuth apps.
	IsConfidentialClient bool `json:"is_confidential_client,omitempty"`
	// The display name of the published OAuth app.
	Name string `json:"name,omitempty"`
	// Redirect URLs of the published OAuth app.
	RedirectUrls []string `json:"redirect_urls,omitempty"`
	// Required scopes for the published OAuth app.
	Scopes []string `json:"scopes,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (PublishedAppOutput) MarshalJSON added in v0.23.0 

func (s PublishedAppOutput) MarshalJSON() ([]byte, error)

func (*PublishedAppOutput) UnmarshalJSON added in v0.23.0 

func (s *PublishedAppOutput) UnmarshalJSON(b []byte) error

type SecretInfo added in v0.9.0 

type SecretInfo struct {
	// UTC time when the secret was created
	CreateTime string `json:"create_time,omitempty"`
	// ID of the secret
	Id string `json:"id,omitempty"`
	// Secret Hash
	SecretHash string `json:"secret_hash,omitempty"`
	// Status of the secret
	Status string `json:"status,omitempty"`
	// UTC time when the secret was updated
	UpdateTime string `json:"update_time,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (SecretInfo) MarshalJSON added in v0.23.0 

func (s SecretInfo) MarshalJSON() ([]byte, error)

func (*SecretInfo) UnmarshalJSON added in v0.23.0 

func (s *SecretInfo) UnmarshalJSON(b []byte) error

type ServicePrincipalFederationPolicyAPI added in v0.54.0 

type ServicePrincipalFederationPolicyAPI struct {
	// contains filtered or unexported fields
}

These APIs manage service principal federation policies.

Service principal federation, also known as Workload Identity Federation, allows your automated workloads running outside of Databricks to securely access Databricks APIs without the need for Databricks secrets. With Workload Identity Federation, your application (or workload) authenticates to Databricks as a Databricks service principal, using tokens provided by the workload runtime.

Databricks strongly recommends using Workload Identity Federation to authenticate to Databricks from automated workloads, over alternatives such as OAuth client secrets or Personal Access Tokens, whenever possible. Workload Identity Federation is supported by many popular services, including Github Actions, Azure DevOps, GitLab, Terraform Cloud, and Kubernetes clusters, among others.

Workload identity federation is configured in your Databricks account using a service principal federation policy. A service principal federation policy specifies: * which IdP, or issuer, the service principal is allowed to authenticate from * which workload identity, or subject, is allowed to authenticate as the Databricks service principal

To configure a federation policy, you provide the following: * The required token __issuer__, as specified in the “iss” claim of workload identity tokens. The issuer is an https URL that identifies the workload identity provider. * The required token __subject__, as specified in the “sub” claim of workload identity tokens. The subject uniquely identifies the workload in the workload runtime environment. * The allowed token __audiences__, as specified in the “aud” claim of workload identity tokens. The audience is intended to represent the recipient of the token. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If unspecified, the default value is your Databricks account id. * Optionally, the public keys used to validate the signature of the workload identity tokens, in JWKS format. If unspecified (recommended), Databricks automatically fetches the public keys from the issuer’s well known endpoint. Databricks strongly recommends relying on the issuer’s well known endpoint for discovering public keys.

An example service principal federation policy, for a Github Actions workload, is: ``` issuer: "https://token.actions.githubusercontent.com" audiences: ["https://github.com/my-github-org"] subject: "repo:my-github-org/my-repo:environment:prod" ```

An example JWT token body that matches this policy and could be used to authenticate to Databricks is: ``` { "iss": "https://token.actions.githubusercontent.com", "aud": "https://github.com/my-github-org", "sub": "repo:my-github-org/my-repo:environment:prod" } ```

You may also need to configure the workload runtime to generate tokens for your workloads.

You do not need to configure an OAuth application in Databricks to use token federation.

func NewServicePrincipalFederationPolicy added in v0.54.0 

func NewServicePrincipalFederationPolicy(client *client.DatabricksClient) *ServicePrincipalFederationPolicyAPI

func (*ServicePrincipalFederationPolicyAPI) Create added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

func (*ServicePrincipalFederationPolicyAPI) Delete added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error

func (*ServicePrincipalFederationPolicyAPI) DeleteByServicePrincipalIdAndPolicyId added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) DeleteByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) error

Delete service principal federation policy.

func (*ServicePrincipalFederationPolicyAPI) Get added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

func (*ServicePrincipalFederationPolicyAPI) GetByServicePrincipalIdAndPolicyId added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) GetByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) (*FederationPolicy, error)

Get service principal federation policy.

func (*ServicePrincipalFederationPolicyAPI) List added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) listing.Iterator[FederationPolicy]

List service principal federation policies.

This method is generated by Databricks SDK Code Generator.

func (*ServicePrincipalFederationPolicyAPI) ListAll added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) ListAll(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) ([]FederationPolicy, error)

List service principal federation policies.

This method is generated by Databricks SDK Code Generator.

func (*ServicePrincipalFederationPolicyAPI) ListByServicePrincipalId added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListFederationPoliciesResponse, error)

List service principal federation policies.

func (*ServicePrincipalFederationPolicyAPI) Update added in v0.54.0 

func (a *ServicePrincipalFederationPolicyAPI) Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

type ServicePrincipalFederationPolicyInterface added in v0.54.0 

type ServicePrincipalFederationPolicyInterface interface {

	// Create service principal federation policy.
	Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

	// Delete service principal federation policy.
	Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error

	// Delete service principal federation policy.
	DeleteByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) error

	// Get service principal federation policy.
	Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

	// Get service principal federation policy.
	GetByServicePrincipalIdAndPolicyId(ctx context.Context, servicePrincipalId int64, policyId string) (*FederationPolicy, error)

	// List service principal federation policies.
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) listing.Iterator[FederationPolicy]

	// List service principal federation policies.
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) ([]FederationPolicy, error)

	// List service principal federation policies.
	ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListFederationPoliciesResponse, error)

	// Update service principal federation policy.
	Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)
}

type ServicePrincipalFederationPolicyService added in v0.54.0 

type ServicePrincipalFederationPolicyService interface {

	// Create service principal federation policy.
	Create(ctx context.Context, request CreateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

	// Delete service principal federation policy.
	Delete(ctx context.Context, request DeleteServicePrincipalFederationPolicyRequest) error

	// Get service principal federation policy.
	Get(ctx context.Context, request GetServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)

	// List service principal federation policies.
	//
	// Use ListAll() to get all FederationPolicy instances, which will iterate over every result page.
	List(ctx context.Context, request ListServicePrincipalFederationPoliciesRequest) (*ListFederationPoliciesResponse, error)

	// Update service principal federation policy.
	Update(ctx context.Context, request UpdateServicePrincipalFederationPolicyRequest) (*FederationPolicy, error)
}

These APIs manage service principal federation policies.

Service principal federation, also known as Workload Identity Federation, allows your automated workloads running outside of Databricks to securely access Databricks APIs without the need for Databricks secrets. With Workload Identity Federation, your application (or workload) authenticates to Databricks as a Databricks service principal, using tokens provided by the workload runtime.

Databricks strongly recommends using Workload Identity Federation to authenticate to Databricks from automated workloads, over alternatives such as OAuth client secrets or Personal Access Tokens, whenever possible. Workload Identity Federation is supported by many popular services, including Github Actions, Azure DevOps, GitLab, Terraform Cloud, and Kubernetes clusters, among others.

Workload identity federation is configured in your Databricks account using a service principal federation policy. A service principal federation policy specifies: * which IdP, or issuer, the service principal is allowed to authenticate from * which workload identity, or subject, is allowed to authenticate as the Databricks service principal

To configure a federation policy, you provide the following: * The required token __issuer__, as specified in the “iss” claim of workload identity tokens. The issuer is an https URL that identifies the workload identity provider. * The required token __subject__, as specified in the “sub” claim of workload identity tokens. The subject uniquely identifies the workload in the workload runtime environment. * The allowed token __audiences__, as specified in the “aud” claim of workload identity tokens. The audience is intended to represent the recipient of the token. As long as the audience in the token matches at least one audience in the policy, the token is considered a match. If unspecified, the default value is your Databricks account id. * Optionally, the public keys used to validate the signature of the workload identity tokens, in JWKS format. If unspecified (recommended), Databricks automatically fetches the public keys from the issuer’s well known endpoint. Databricks strongly recommends relying on the issuer’s well known endpoint for discovering public keys.

An example service principal federation policy, for a Github Actions workload, is: ``` issuer: "https://token.actions.githubusercontent.com" audiences: ["https://github.com/my-github-org"] subject: "repo:my-github-org/my-repo:environment:prod" ```

An example JWT token body that matches this policy and could be used to authenticate to Databricks is: ``` { "iss": "https://token.actions.githubusercontent.com", "aud": "https://github.com/my-github-org", "sub": "repo:my-github-org/my-repo:environment:prod" } ```

You may also need to configure the workload runtime to generate tokens for your workloads.

You do not need to configure an OAuth application in Databricks to use token federation.

type ServicePrincipalSecretsAPI added in v0.9.0 

type ServicePrincipalSecretsAPI struct {
	// contains filtered or unexported fields
}

These APIs enable administrators to manage service principal secrets.

You can use the generated secrets to obtain OAuth access tokens for a service principal, which can then be used to access Databricks Accounts and Workspace APIs. For more information, see Authentication using OAuth tokens for service principals,

In addition, the generated secrets can be used to configure the Databricks Terraform Provider to authenticate with the service principal. For more information, see Databricks Terraform Provider.

func NewServicePrincipalSecrets added in v0.9.0 

func NewServicePrincipalSecrets(client *client.DatabricksClient) *ServicePrincipalSecretsAPI

func (*ServicePrincipalSecretsAPI) Create added in v0.9.0 

func (a *ServicePrincipalSecretsAPI) Create(ctx context.Context, request CreateServicePrincipalSecretRequest) (*CreateServicePrincipalSecretResponse, error)

func (*ServicePrincipalSecretsAPI) Delete added in v0.9.0 

func (a *ServicePrincipalSecretsAPI) Delete(ctx context.Context, request DeleteServicePrincipalSecretRequest) error

func (*ServicePrincipalSecretsAPI) DeleteByServicePrincipalIdAndSecretId added in v0.9.0 

func (a *ServicePrincipalSecretsAPI) DeleteByServicePrincipalIdAndSecretId(ctx context.Context, servicePrincipalId int64, secretId string) error

Delete service principal secret.

Delete a secret from the given service principal.

func (*ServicePrincipalSecretsAPI) List added in v0.24.0 

func (a *ServicePrincipalSecretsAPI) List(ctx context.Context, request ListServicePrincipalSecretsRequest) listing.Iterator[SecretInfo]

List service principal secrets.

List all secrets associated with the given service principal. This operation only returns information about the secrets themselves and does not include the secret values.

This method is generated by Databricks SDK Code Generator.

func (*ServicePrincipalSecretsAPI) ListAll added in v0.9.0 

func (a *ServicePrincipalSecretsAPI) ListAll(ctx context.Context, request ListServicePrincipalSecretsRequest) ([]SecretInfo, error)

List service principal secrets.

List all secrets associated with the given service principal. This operation only returns information about the secrets themselves and does not include the secret values.

This method is generated by Databricks SDK Code Generator.

func (*ServicePrincipalSecretsAPI) ListByServicePrincipalId added in v0.9.0 

func (a *ServicePrincipalSecretsAPI) ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListServicePrincipalSecretsResponse, error)

List service principal secrets.

List all secrets associated with the given service principal. This operation only returns information about the secrets themselves and does not include the secret values.

type ServicePrincipalSecretsInterface added in v0.29.0 

type ServicePrincipalSecretsInterface interface {

	// Create service principal secret.
	//
	// Create a secret for the given service principal.
	Create(ctx context.Context, request CreateServicePrincipalSecretRequest) (*CreateServicePrincipalSecretResponse, error)

	// Delete service principal secret.
	//
	// Delete a secret from the given service principal.
	Delete(ctx context.Context, request DeleteServicePrincipalSecretRequest) error

	// Delete service principal secret.
	//
	// Delete a secret from the given service principal.
	DeleteByServicePrincipalIdAndSecretId(ctx context.Context, servicePrincipalId int64, secretId string) error

	// List service principal secrets.
	//
	// List all secrets associated with the given service principal. This operation
	// only returns information about the secrets themselves and does not include
	// the secret values.
	//
	// This method is generated by Databricks SDK Code Generator.
	List(ctx context.Context, request ListServicePrincipalSecretsRequest) listing.Iterator[SecretInfo]

	// List service principal secrets.
	//
	// List all secrets associated with the given service principal. This operation
	// only returns information about the secrets themselves and does not include
	// the secret values.
	//
	// This method is generated by Databricks SDK Code Generator.
	ListAll(ctx context.Context, request ListServicePrincipalSecretsRequest) ([]SecretInfo, error)

	// List service principal secrets.
	//
	// List all secrets associated with the given service principal. This operation
	// only returns information about the secrets themselves and does not include
	// the secret values.
	ListByServicePrincipalId(ctx context.Context, servicePrincipalId int64) (*ListServicePrincipalSecretsResponse, error)
}

type ServicePrincipalSecretsService added in v0.9.0 

type ServicePrincipalSecretsService interface {

	// Create service principal secret.
	//
	// Create a secret for the given service principal.
	Create(ctx context.Context, request CreateServicePrincipalSecretRequest) (*CreateServicePrincipalSecretResponse, error)

	// Delete service principal secret.
	//
	// Delete a secret from the given service principal.
	Delete(ctx context.Context, request DeleteServicePrincipalSecretRequest) error

	// List service principal secrets.
	//
	// List all secrets associated with the given service principal. This
	// operation only returns information about the secrets themselves and does
	// not include the secret values.
	//
	// Use ListAll() to get all SecretInfo instances, which will iterate over every result page.
	List(ctx context.Context, request ListServicePrincipalSecretsRequest) (*ListServicePrincipalSecretsResponse, error)
}

These APIs enable administrators to manage service principal secrets.

You can use the generated secrets to obtain OAuth access tokens for a service principal, which can then be used to access Databricks Accounts and Workspace APIs. For more information, see Authentication using OAuth tokens for service principals,

In addition, the generated secrets can be used to configure the Databricks Terraform Provider to authenticate with the service principal. For more information, see Databricks Terraform Provider.

type TokenAccessPolicy 

type TokenAccessPolicy struct {
	// access token time to live in minutes
	AccessTokenTtlInMinutes int `json:"access_token_ttl_in_minutes,omitempty"`
	// refresh token time to live in minutes
	RefreshTokenTtlInMinutes int `json:"refresh_token_ttl_in_minutes,omitempty"`

	ForceSendFields []string `json:"-"`
}

func (TokenAccessPolicy) MarshalJSON added in v0.23.0 

func (s TokenAccessPolicy) MarshalJSON() ([]byte, error)

func (*TokenAccessPolicy) UnmarshalJSON added in v0.23.0 

func (s *TokenAccessPolicy) UnmarshalJSON(b []byte) error

type UpdateAccountFederationPolicyRequest added in v0.54.0 

type UpdateAccountFederationPolicyRequest struct {
	Policy *FederationPolicy `json:"policy,omitempty"`
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
	// The field mask specifies which fields of the policy to update. To specify
	// multiple fields in the field mask, use comma as the separator (no space).
	// The special value '*' indicates that all fields should be updated (full
	// replacement). If unspecified, all fields that are set in the policy
	// provided in the update request will overwrite the corresponding fields in
	// the existing policy. Example value: 'description,oidc_policy.audiences'.
	UpdateMask string `json:"-" url:"update_mask,omitempty"`

	ForceSendFields []string `json:"-"`
}

Update account federation policy

func (UpdateAccountFederationPolicyRequest) MarshalJSON added in v0.55.0 

func (s UpdateAccountFederationPolicyRequest) MarshalJSON() ([]byte, error)

func (*UpdateAccountFederationPolicyRequest) UnmarshalJSON added in v0.55.0 

func (s *UpdateAccountFederationPolicyRequest) UnmarshalJSON(b []byte) error

type UpdateCustomAppIntegration 

type UpdateCustomAppIntegration struct {
	IntegrationId string `json:"-" url:"-"`
	// List of OAuth redirect urls to be updated in the custom OAuth app
	// integration
	RedirectUrls []string `json:"redirect_urls,omitempty"`
	// Token access policy to be updated in the custom OAuth app integration
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`
}

type UpdateCustomAppIntegrationOutput added in v0.34.0 

type UpdateCustomAppIntegrationOutput struct {
}

type UpdatePublishedAppIntegration 

type UpdatePublishedAppIntegration struct {
	IntegrationId string `json:"-" url:"-"`
	// Token access policy to be updated in the published OAuth app integration
	TokenAccessPolicy *TokenAccessPolicy `json:"token_access_policy,omitempty"`
}

type UpdatePublishedAppIntegrationOutput added in v0.34.0 

type UpdatePublishedAppIntegrationOutput struct {
}

type UpdateServicePrincipalFederationPolicyRequest added in v0.54.0 

type UpdateServicePrincipalFederationPolicyRequest struct {
	Policy *FederationPolicy `json:"policy,omitempty"`
	// The identifier for the federation policy.
	PolicyId string `json:"-" url:"-"`
	// The service principal id for the federation policy.
	ServicePrincipalId int64 `json:"-" url:"-"`
	// The field mask specifies which fields of the policy to update. To specify
	// multiple fields in the field mask, use comma as the separator (no space).
	// The special value '*' indicates that all fields should be updated (full
	// replacement). If unspecified, all fields that are set in the policy
	// provided in the update request will overwrite the corresponding fields in
	// the existing policy. Example value: 'description,oidc_policy.audiences'.
	UpdateMask string `json:"-" url:"update_mask,omitempty"`

	ForceSendFields []string `json:"-"`
}

Update service principal federation policy

func (UpdateServicePrincipalFederationPolicyRequest) MarshalJSON added in v0.55.0 

func (s UpdateServicePrincipalFederationPolicyRequest) MarshalJSON() ([]byte, error)

func (*UpdateServicePrincipalFederationPolicyRequest) UnmarshalJSON added in v0.55.0 

func (s *UpdateServicePrincipalFederationPolicyRequest) UnmarshalJSON(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.