olai-uc-common 0.0.2

Shared types, generated Unity Catalog models, and storage/REST abstractions for the Unity Catalog server and client crates.
Documentation
// @generated
// This file is @generated by prost-build.
/// The Azure service principal configuration.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct AzureServicePrincipal {
    /// The directory ID corresponding to the Azure Active Directory (AAD) tenant of the application.
    #[prost(string, tag="1")]
    pub directory_id: ::prost::alloc::string::String,
    /// The application ID of the application registration within the referenced AAD tenant.
    #[prost(string, tag="2")]
    pub application_id: ::prost::alloc::string::String,
    #[prost(oneof="azure_service_principal::Credential", tags="3, 5")]
    pub credential: ::core::option::Option<azure_service_principal::Credential>,
}
/// Nested message and enum types in `AzureServicePrincipal`.
pub mod azure_service_principal {
    #[cfg_attr(feature = "python", ::pyo3::pyclass)]
    #[derive(Clone, PartialEq, Eq, Hash, ::prost::Oneof)]
    pub enum Credential {
        /// The client secret generated for the above app ID in AAD.
        #[prost(string, tag="3")]
        ClientSecret(::prost::alloc::string::String),
        /// Location of the file containing a federated token.
        ///
        /// Specifically useful for workload identity federation.
        #[prost(string, tag="5")]
        FederatedTokenFile(::prost::alloc::string::String),
    }
}
/// The Azure managed identity configuration.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct AzureManagedIdentity {
    /// The Azure resource ID of the Azure Databricks Access Connector.
    /// Use the format /subscriptions/{guid}/resourceGroups/{rg-name}/providers/
    /// Microsoft.Databricks/accessConnectors/{connector-name}.
    #[prost(string, tag="1")]
    pub access_connector_id: ::prost::alloc::string::String,
    /// The Databricks internal ID that represents this managed identity.
    #[prost(string, optional, tag="2")]
    pub credential_id: ::core::option::Option<::prost::alloc::string::String>,
    /// The Azure resource ID of the managed identity.
    /// Use the format /subscriptions/{guid}/resourceGroups/{rg-name}/providers/
    /// Microsoft.ManagedIdentity/userAssignedIdentities/{identity-name}.
    /// This is only available for user-assigned identities. For system-assigned
    /// identities, the access_connector_id is used to identify the identity.
    /// If this field is not provided, then the system-assigned identity of the
    /// Access Connector is used.
    #[prost(string, optional, tag="3")]
    pub managed_identity_id: ::core::option::Option<::prost::alloc::string::String>,
}
/// The Azure storage key configuration.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct AzureStorageKey {
    /// The name of the storage account.
    #[prost(string, tag="1")]
    pub account_name: ::prost::alloc::string::String,
    /// The account key of the storage account.
    #[prost(string, tag="2")]
    pub account_key: ::prost::alloc::string::String,
}
/// The AWS IAM role configuration used server-side to call STS AssumeRole.
///
/// This is an internal configuration type, not exposed in the public API response.
/// It stores the static credentials (or ambient credential fallback) used to
/// authorize the STS:AssumeRole call when vending temporary credentials.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct AwsIamRoleConfig {
    /// The Amazon Resource Name (ARN) of the AWS IAM role used to vend temporary credentials.
    #[prost(string, tag="1")]
    pub role_arn: ::prost::alloc::string::String,
    /// The AWS region where STS calls are made. Defaults to "us-east-1" if absent.
    #[prost(string, optional, tag="2")]
    pub region: ::core::option::Option<::prost::alloc::string::String>,
    /// AWS access key ID used to authorize the STS AssumeRole call.
    ///
    /// When set together with secret_access_key, these static credentials are used
    /// as the base identity to call STS:AssumeRole. When omitted, the server falls
    /// back to ambient credentials (instance profile, ECS task role, WebIdentity, etc.).
    #[prost(string, optional, tag="3")]
    pub access_key_id: ::core::option::Option<::prost::alloc::string::String>,
    /// AWS secret access key paired with access_key_id.
    #[prost(string, optional, tag="4")]
    pub secret_access_key: ::core::option::Option<::prost::alloc::string::String>,
    /// Optional AWS session token for temporary base credentials (e.g. when the
    /// caller itself holds STS-vended credentials as the base identity).
    #[prost(string, optional, tag="5")]
    pub session_token: ::core::option::Option<::prost::alloc::string::String>,
}
/// The AWS IAM role configuration returned in credential responses.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct AwsIamRole {
    /// The external ID used in role assumption to prevent the confused deputy problem.
    #[prost(string, tag="1")]
    pub external_id: ::prost::alloc::string::String,
    /// The Amazon Resource Name (ARN) of the AWS IAM role used to vend temporary credentials.
    #[prost(string, tag="2")]
    pub role_arn: ::prost::alloc::string::String,
    /// The Amazon Resource Name (ARN) of the AWS IAM user managed by Databricks.
    /// This is the identity that is going to assume the AWS IAM role.
    #[prost(string, tag="3")]
    pub unity_catalog_iam_arn: ::prost::alloc::string::String,
}
/// The Databricks managed GCP service account configuration.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct DatabricksGcpServiceAccount {
    /// The Databricks internal ID that represents this managed identity.
    #[prost(string, optional, tag="1")]
    pub credential_id: ::core::option::Option<::prost::alloc::string::String>,
    /// The email of the service account.
    #[prost(string, optional, tag="2")]
    pub email: ::core::option::Option<::prost::alloc::string::String>,
    /// The ID that represents the private key for this Service Account.
    #[prost(string, optional, tag="3")]
    pub private_key_id: ::core::option::Option<::prost::alloc::string::String>,
}
/// A credential used to access external data sources or services.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct Credential {
    /// The credential name.
    ///
    /// The name must be unique among storage and service credentials within the metastore.
    #[prost(string, tag="1")]
    pub name: ::prost::alloc::string::String,
    /// The unique identifier of the credential.
    #[prost(string, optional, tag="2")]
    pub id: ::core::option::Option<::prost::alloc::string::String>,
    /// Indicates the purpose of the credential.
    #[prost(enumeration="Purpose", tag="3")]
    pub purpose: i32,
    /// Whether the credential is usable only for read operations.
    ///
    /// Only applicable when purpose is STORAGE.
    #[prost(bool, tag="4")]
    pub read_only: bool,
    /// Comment associated with the credential.
    #[prost(string, optional, tag="5")]
    pub comment: ::core::option::Option<::prost::alloc::string::String>,
    /// Username of current owner of credential.
    #[prost(string, optional, tag="6")]
    pub owner: ::core::option::Option<::prost::alloc::string::String>,
    /// Time at which this credential was created, in epoch milliseconds.
    #[prost(int64, optional, tag="7")]
    pub created_at: ::core::option::Option<i64>,
    /// Username of credential creator.
    #[prost(string, optional, tag="8")]
    pub created_by: ::core::option::Option<::prost::alloc::string::String>,
    /// Time at which this credential was last modified, in epoch milliseconds.
    #[prost(int64, optional, tag="9")]
    pub updated_at: ::core::option::Option<i64>,
    /// Username of user who last modified the credential.
    #[prost(string, optional, tag="10")]
    pub updated_by: ::core::option::Option<::prost::alloc::string::String>,
    /// Whether this credential is the current metastore's root storage credential.
    ///
    /// Only applicable when purpose is STORAGE.
    #[prost(bool, tag="11")]
    pub used_for_managed_storage: bool,
    /// The full name of the credential.
    #[prost(string, optional, tag="12")]
    pub full_name: ::core::option::Option<::prost::alloc::string::String>,
    /// The Azure service principal configuration.
    ///
    /// Sealed into the object's inline sensitive blob (envelope-encrypted, redacted
    /// from ordinary reads) rather than stored in the searchable properties.
    #[prost(message, optional, tag="100")]
    pub azure_service_principal: ::core::option::Option<AzureServicePrincipal>,
    /// The Azure managed identity configuration.
    #[prost(message, optional, tag="101")]
    pub azure_managed_identity: ::core::option::Option<AzureManagedIdentity>,
    /// The Azure storage key configuration.
    #[prost(message, optional, tag="102")]
    pub azure_storage_key: ::core::option::Option<AzureStorageKey>,
    /// The AWS IAM role configuration.
    #[prost(message, optional, tag="103")]
    pub aws_iam_role: ::core::option::Option<AwsIamRoleConfig>,
    /// The Databricks managed GCP service account configuration.
    #[prost(message, optional, tag="104")]
    pub databricks_gcp_service_account: ::core::option::Option<DatabricksGcpServiceAccount>,
}
/// The purpose of a credential.
#[cfg_attr(feature = "python", ::pyo3::pyclass)]
#[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
#[repr(i32)]
pub enum Purpose {
    Unspecified = 0,
    /// The credential is used to access external storage locations.
    Storage = 1,
    /// The credential is used to access external services.
    Service = 2,
}
impl Purpose {
    /// String value of the enum field names used in the ProtoBuf definition.
    ///
    /// The values are not transformed in any way and thus are considered stable
    /// (if the ProtoBuf definition does not change) and safe for programmatic use.
    pub fn as_str_name(&self) -> &'static str {
        match self {
            Self::Unspecified => "PURPOSE_UNSPECIFIED",
            Self::Storage => "STORAGE",
            Self::Service => "SERVICE",
        }
    }
    /// Creates an enum from field names used in the ProtoBuf definition.
    pub fn from_str_name(value: &str) -> ::core::option::Option<Self> {
        match value {
            "PURPOSE_UNSPECIFIED" => Some(Self::Unspecified),
            "STORAGE" => Some(Self::Storage),
            "SERVICE" => Some(Self::Service),
            _ => None,
        }
    }
}
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct ListCredentialsRequest {
    /// Return only credentials for the specified purpose.
    #[prost(enumeration="Purpose", optional, tag="1")]
    pub purpose: ::core::option::Option<i32>,
    /// The maximum number of results per page that should be returned.
    #[prost(int32, optional, tag="2")]
    pub max_results: ::core::option::Option<i32>,
    /// Opaque pagination token to go to next page based on previous query.
    #[prost(string, optional, tag="3")]
    pub page_token: ::core::option::Option<::prost::alloc::string::String>,
}
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, ::prost::Message)]
pub struct ListCredentialsResponse {
    /// The credentials returned.
    #[prost(message, repeated, tag="1")]
    pub credentials: ::prost::alloc::vec::Vec<Credential>,
    /// The next_page_token value to include in the next List request.
    #[prost(string, optional, tag="2")]
    pub next_page_token: ::core::option::Option<::prost::alloc::string::String>,
}
/// Create a new credential.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct CreateCredentialRequest {
    /// The credential name. The name must be unique among storage and service credentials within the metastore.
    #[prost(string, tag="1")]
    pub name: ::prost::alloc::string::String,
    /// Indicates the purpose of the credential.
    #[prost(enumeration="Purpose", tag="2")]
    pub purpose: i32,
    /// Comment associated with the credential.
    #[prost(string, optional, tag="3")]
    pub comment: ::core::option::Option<::prost::alloc::string::String>,
    /// Whether the credential is usable only for read operations. Only applicable when purpose is STORAGE.
    #[prost(bool, optional, tag="4")]
    pub read_only: ::core::option::Option<bool>,
    /// Optional. Supplying true to this argument skips validation of the created set of credentials.
    #[prost(bool, optional, tag="5")]
    pub skip_validation: ::core::option::Option<bool>,
    /// The Azure service principal configuration.
    #[prost(message, optional, tag="100")]
    pub azure_service_principal: ::core::option::Option<AzureServicePrincipal>,
    /// The Azure managed identity configuration.
    #[prost(message, optional, tag="101")]
    pub azure_managed_identity: ::core::option::Option<AzureManagedIdentity>,
    /// The Azure storage key configuration.
    #[prost(message, optional, tag="102")]
    pub azure_storage_key: ::core::option::Option<AzureStorageKey>,
    /// The AWS IAM role configuration.
    #[prost(message, optional, tag="103")]
    pub aws_iam_role: ::core::option::Option<AwsIamRoleConfig>,
    /// The Databricks managed GCP service account configuration.
    #[prost(message, optional, tag="104")]
    pub databricks_gcp_service_account: ::core::option::Option<DatabricksGcpServiceAccount>,
}
/// Get a credential.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct GetCredentialRequest {
    /// Name of credential.
    #[prost(string, tag="1")]
    pub name: ::prost::alloc::string::String,
}
/// Update a credential.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct UpdateCredentialRequest {
    /// Name of credential.
    #[prost(string, tag="1")]
    pub name: ::prost::alloc::string::String,
    /// New name of the credential.
    #[prost(string, optional, tag="2")]
    pub new_name: ::core::option::Option<::prost::alloc::string::String>,
    /// Comment associated with the credential.
    #[prost(string, optional, tag="3")]
    pub comment: ::core::option::Option<::prost::alloc::string::String>,
    /// Whether the credential is usable only for read operations. Only applicable when purpose is STORAGE.
    #[prost(bool, optional, tag="4")]
    pub read_only: ::core::option::Option<bool>,
    /// Username of current owner of credential.
    #[prost(string, optional, tag="5")]
    pub owner: ::core::option::Option<::prost::alloc::string::String>,
    /// Supply true to this argument to skip validation of the updated credential.
    #[prost(bool, optional, tag="6")]
    pub skip_validation: ::core::option::Option<bool>,
    /// Force an update even if there are dependent services (when purpose is SERVICE)
    /// or dependent external locations and external tables (when purpose is STORAGE).
    #[prost(bool, optional, tag="7")]
    pub force: ::core::option::Option<bool>,
    /// The Azure service principal configuration.
    #[prost(message, optional, tag="100")]
    pub azure_service_principal: ::core::option::Option<AzureServicePrincipal>,
    /// The Azure managed identity configuration.
    #[prost(message, optional, tag="101")]
    pub azure_managed_identity: ::core::option::Option<AzureManagedIdentity>,
    /// The Azure storage key configuration.
    #[prost(message, optional, tag="102")]
    pub azure_storage_key: ::core::option::Option<AzureStorageKey>,
    /// The AWS IAM role configuration.
    #[prost(message, optional, tag="103")]
    pub aws_iam_role: ::core::option::Option<AwsIamRoleConfig>,
    /// The Databricks managed GCP service account configuration.
    #[prost(message, optional, tag="104")]
    pub databricks_gcp_service_account: ::core::option::Option<DatabricksGcpServiceAccount>,
}
/// Delete a credential.
#[cfg_attr(feature = "python", ::pyo3::pyclass(get_all, set_all))]
#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
pub struct DeleteCredentialRequest {
    /// Name of credential.
    #[prost(string, tag="1")]
    pub name: ::prost::alloc::string::String,
}
include!("unitycatalog.credentials.v1.serde.rs");
// @@protoc_insertion_point(module)