From fe0322363413c5fba199c32150001f9db9662c2c Mon Sep 17 00:00:00 2001 From: Parth Bansal Date: Thu, 11 Jun 2026 13:32:32 +0000 Subject: [PATCH] Regenerate SDK for universe naming-audit renames Regenerated output of https://github.com/databricks-eng/universe/pull/2069359: last 20 request DTOs gain Request suffixes, 101 nested Outer_Inner types flatten to top-level names, and stem-symmetry fixes land (deleteProject -> deleteRepo, getCommandStatus, CreateInstallationRequest, ListTransitionRequests, etc.). 68 files across ~30 packages; build, lint, and tests green. Co-authored-by: Isaac --- packages/accessmanagement/src/v1/client.ts | 20 +- packages/accessmanagement/src/v1/index.ts | 4 +- packages/accessmanagement/src/v1/model.ts | 62 +- packages/cleanrooms/src/v1/client.ts | 9 +- packages/commandexecution/src/v2/client.ts | 178 +- packages/genie/src/v1/client.ts | 10 +- packages/genie/src/v1/index.ts | 2 +- packages/genie/src/v1/model.ts | 4 +- packages/jobs/src/v2/client.ts | 4 +- packages/jobs/src/v2/index.ts | 2 +- packages/jobs/src/v2/model.ts | 2 +- packages/marketplaces/src/v1/client.ts | 64 +- packages/marketplaces/src/v1/index.ts | 20 +- packages/marketplaces/src/v1/model.ts | 84 +- packages/modelregistry/src/v1/client.ts | 2 +- packages/modelservingquery/src/v1/client.ts | 8 +- packages/modelservingquery/src/v1/index.ts | 2 +- packages/modelservingquery/src/v1/model.ts | 4 +- packages/networking/src/v1/client.ts | 128 +- packages/networking/src/v1/index.ts | 86 +- packages/networking/src/v1/model.ts | 3970 +++++++++---------- packages/repos/src/v1/client.ts | 16 +- packages/repos/src/v1/index.ts | 4 +- packages/repos/src/v1/model.ts | 6 +- packages/sharing/src/v1/client.ts | 4 +- packages/sharing/src/v1/index.ts | 2 +- packages/sharing/src/v1/model.ts | 2 +- packages/tokenmanagement/src/v1/client.ts | 8 +- packages/tokenmanagement/src/v1/index.ts | 2 +- packages/tokenmanagement/src/v1/model.ts | 4 +- packages/uc/resourcequotas/src/v1/client.ts | 6 +- packages/vectorsearch/src/v1/client.ts | 14 +- packages/vectorsearch/src/v1/index.ts | 2 +- packages/vectorsearch/src/v1/model.ts | 10 +- packages/warehouses/src/v1/model.ts | 4 + 35 files changed, 2258 insertions(+), 2491 deletions(-) diff --git a/packages/accessmanagement/src/v1/client.ts b/packages/accessmanagement/src/v1/client.ts index bcb22457..02649451 100755 --- a/packages/accessmanagement/src/v1/client.ts +++ b/packages/accessmanagement/src/v1/client.ts @@ -23,13 +23,13 @@ import type { DeleteWorkspacePermissionAssignmentRequest, DeleteWorkspacePermissionAssignmentResponse, GetObjectPermissionsRequest, - GetPermissionLevelsResponse, GetRuleSetRequest, - GetWorkspacePermissionAssignmentsResponse, ListAssignableRolesForResourceRequest, ListAssignableRolesForResourceResponse, ListPermissionLevelsRequest, + ListPermissionLevelsResponse, ListWorkspacePermissionAssignmentsRequest, + ListWorkspacePermissionAssignmentsResponse, ListWorkspacePermissionsRequest, ListWorkspacePermissionsResponse, PermissionsResponse, @@ -50,9 +50,9 @@ import { marshalUpdateWorkspacePermissionAssignmentRequestSchema, unmarshalCheckPolicyResponseSchema, unmarshalDeleteWorkspacePermissionAssignmentResponseSchema, - unmarshalGetPermissionLevelsResponseSchema, - unmarshalGetWorkspacePermissionAssignmentsResponseSchema, unmarshalListAssignableRolesForResourceResponseSchema, + unmarshalListPermissionLevelsResponseSchema, + unmarshalListWorkspacePermissionAssignmentsResponseSchema, unmarshalListWorkspacePermissionsResponseSchema, unmarshalPermissionsResponseSchema, unmarshalRuleSetSchema, @@ -125,10 +125,10 @@ export class AccessManagementClient { async listWorkspacePermissionAssignments( req: ListWorkspacePermissionAssignmentsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/workspaces/${String(req.workspaceId ?? '')}/permissionassignments`; - let resp: GetWorkspacePermissionAssignmentsResponse | undefined; + let resp: ListWorkspacePermissionAssignmentsResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -140,7 +140,7 @@ export class AccessManagementClient { }); resp = parseResponse( respBody, - unmarshalGetWorkspacePermissionAssignmentsResponseSchema + unmarshalListWorkspacePermissionAssignmentsResponseSchema ); }; await executeCall(call, options); @@ -457,10 +457,10 @@ export class AccessManagementClient { async listPermissionLevels( req: ListPermissionLevelsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/permissions/${req.requestObjectType ?? ''}/${req.requestObjectId ?? ''}/permissionLevels`; - let resp: GetPermissionLevelsResponse | undefined; + let resp: ListPermissionLevelsResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); if (workspaceId !== undefined) { @@ -475,7 +475,7 @@ export class AccessManagementClient { }); resp = parseResponse( respBody, - unmarshalGetPermissionLevelsResponseSchema + unmarshalListPermissionLevelsResponseSchema ); }; await executeCall(call, options); diff --git a/packages/accessmanagement/src/v1/index.ts b/packages/accessmanagement/src/v1/index.ts index 9667e6d7..dbdedd27 100755 --- a/packages/accessmanagement/src/v1/index.ts +++ b/packages/accessmanagement/src/v1/index.ts @@ -18,14 +18,14 @@ export type { DeleteWorkspacePermissionAssignmentRequest, DeleteWorkspacePermissionAssignmentResponse, GetObjectPermissionsRequest, - GetPermissionLevelsResponse, GetRuleSetRequest, - GetWorkspacePermissionAssignmentsResponse, GrantRule, ListAssignableRolesForResourceRequest, ListAssignableRolesForResourceResponse, ListPermissionLevelsRequest, + ListPermissionLevelsResponse, ListWorkspacePermissionAssignmentsRequest, + ListWorkspacePermissionAssignmentsResponse, ListWorkspacePermissionsRequest, ListWorkspacePermissionsResponse, Permission, diff --git a/packages/accessmanagement/src/v1/model.ts b/packages/accessmanagement/src/v1/model.ts index fe22f98a..7357d490 100755 --- a/packages/accessmanagement/src/v1/model.ts +++ b/packages/accessmanagement/src/v1/model.ts @@ -151,11 +151,6 @@ export interface GetObjectPermissionsRequest { requestObjectId?: string | undefined; } -export interface GetPermissionLevelsResponse { - /** Specific permission levels */ - permissionLevels?: PermissionsDescription[] | undefined; -} - export interface GetRuleSetRequest { /** account ID. */ accountId?: string | undefined; @@ -185,11 +180,6 @@ export interface GetRuleSetRequest { etag?: string | undefined; } -export interface GetWorkspacePermissionAssignmentsResponse { - /** Array of permissions assignments defined for a workspace. */ - permissionAssignments?: WorkspacePermissionAssignmentOutput[] | undefined; -} - export interface GrantRule { /** * Principals this grant rule applies to. @@ -230,6 +220,11 @@ export interface ListPermissionLevelsRequest { requestObjectId?: string | undefined; } +export interface ListPermissionLevelsResponse { + /** Specific permission levels */ + permissionLevels?: PermissionsDescription[] | undefined; +} + /** Gets all the permission assignments for a workspace, given an account and a workspace. */ export interface ListWorkspacePermissionAssignmentsRequest { /** The account ID. */ @@ -238,6 +233,11 @@ export interface ListWorkspacePermissionAssignmentsRequest { workspaceId?: bigint | undefined; } +export interface ListWorkspacePermissionAssignmentsResponse { + /** Array of permissions assignments defined for a workspace. */ + permissionAssignments?: WorkspacePermissionAssignmentOutput[] | undefined; +} + /** List permissions for a workspace, given an account and a workspace. */ export interface ListWorkspacePermissionsRequest { /** The account ID. */ @@ -450,7 +450,26 @@ export const unmarshalConsistencyTokenSchema: z.ZodType = z export const unmarshalDeleteWorkspacePermissionAssignmentResponseSchema: z.ZodType = z.object({}); -export const unmarshalGetPermissionLevelsResponseSchema: z.ZodType = +export const unmarshalGrantRuleSchema: z.ZodType = z + .object({ + principals: z.array(z.string()).optional(), + role: z.string().optional(), + }) + .transform(d => ({ + principals: d.principals, + role: d.role, + })); + +export const unmarshalListAssignableRolesForResourceResponseSchema: z.ZodType = + z + .object({ + roles: z.array(z.lazy(() => unmarshalRoleSchema)).optional(), + }) + .transform(d => ({ + roles: d.roles, + })); + +export const unmarshalListPermissionLevelsResponseSchema: z.ZodType = z .object({ permission_levels: z @@ -461,7 +480,7 @@ export const unmarshalGetPermissionLevelsResponseSchema: z.ZodType = +export const unmarshalListWorkspacePermissionAssignmentsResponseSchema: z.ZodType = z .object({ permission_assignments: z @@ -472,25 +491,6 @@ export const unmarshalGetWorkspacePermissionAssignmentsResponseSchema: z.ZodType permissionAssignments: d.permission_assignments, })); -export const unmarshalGrantRuleSchema: z.ZodType = z - .object({ - principals: z.array(z.string()).optional(), - role: z.string().optional(), - }) - .transform(d => ({ - principals: d.principals, - role: d.role, - })); - -export const unmarshalListAssignableRolesForResourceResponseSchema: z.ZodType = - z - .object({ - roles: z.array(z.lazy(() => unmarshalRoleSchema)).optional(), - }) - .transform(d => ({ - roles: d.roles, - })); - export const unmarshalListWorkspacePermissionsResponseSchema: z.ZodType = z .object({ diff --git a/packages/cleanrooms/src/v1/client.ts b/packages/cleanrooms/src/v1/client.ts index af99d396..5134302b 100644 --- a/packages/cleanrooms/src/v1/client.ts +++ b/packages/cleanrooms/src/v1/client.ts @@ -680,7 +680,7 @@ export class CleanRoomsClient { } /** List all the historical notebook task runs in a clean room. */ - async listCleanRoomNotebookTaskRunsHandler( + async listCleanRoomNotebookTaskRuns( req: ListCleanRoomNotebookTaskRunsRequest, options?: CallOptions ): Promise { @@ -723,16 +723,13 @@ export class CleanRoomsClient { return resp; } - async *listCleanRoomNotebookTaskRunsHandlerIter( + async *listCleanRoomNotebookTaskRunsIter( req: ListCleanRoomNotebookTaskRunsRequest, options?: CallOptions ): AsyncGenerator { const pageReq: ListCleanRoomNotebookTaskRunsRequest = {...req}; for (;;) { - const resp = await this.listCleanRoomNotebookTaskRunsHandler( - pageReq, - options - ); + const resp = await this.listCleanRoomNotebookTaskRuns(pageReq, options); for (const item of resp.runs ?? []) { yield item; } diff --git a/packages/commandexecution/src/v2/client.ts b/packages/commandexecution/src/v2/client.ts index 5d253cca..52d9b227 100644 --- a/packages/commandexecution/src/v2/client.ts +++ b/packages/commandexecution/src/v2/client.ts @@ -141,89 +141,6 @@ export class CommandExecutionClient { return new CancelWaiter(this, req.clusterId, req.contextId, req.commandId); } - /** - * Gets the status of and, if available, the results from a currently executing command. - * - * The command ID is obtained from a prior successful call to __execute__. - */ - async commandStatus( - req: GetCommandStatusRequest, - options?: CallOptions - ): Promise { - const {host, workspaceId, httpClient} = await this.resolveConfig(); - const url = `${host}/api/1.2/commands/status`; - const params = new URLSearchParams(); - if (req.clusterId !== undefined) { - params.append('clusterId', req.clusterId); - } - if (req.contextId !== undefined) { - params.append('contextId', req.contextId); - } - if (req.commandId !== undefined) { - params.append('commandId', req.commandId); - } - const query = params.toString(); - const fullUrl = query !== '' ? `${url}?${query}` : url; - let resp: GetCommandStatusResponse | undefined; - const call = async (callSignal?: AbortSignal): Promise => { - const headers = new Headers(); - if (workspaceId !== undefined) { - headers.set('X-Databricks-Org-Id', workspaceId); - } - headers.set('User-Agent', this.userAgent); - const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal); - const respBody = await executeHttpCall({ - request: httpReq, - httpClient, - logger: this.logger, - }); - resp = parseResponse(respBody, unmarshalGetCommandStatusResponseSchema); - }; - await executeCall(call, options); - if (resp === undefined) { - throw new Error('operation completed without a result.'); - } - return resp; - } - - /** Gets the status for an execution context. */ - async contextStatus( - req: GetContextStatusRequest, - options?: CallOptions - ): Promise { - const {host, workspaceId, httpClient} = await this.resolveConfig(); - const url = `${host}/api/1.2/contexts/status`; - const params = new URLSearchParams(); - if (req.clusterId !== undefined) { - params.append('clusterId', req.clusterId); - } - if (req.contextId !== undefined) { - params.append('contextId', req.contextId); - } - const query = params.toString(); - const fullUrl = query !== '' ? `${url}?${query}` : url; - let resp: GetContextStatusResponse | undefined; - const call = async (callSignal?: AbortSignal): Promise => { - const headers = new Headers(); - if (workspaceId !== undefined) { - headers.set('X-Databricks-Org-Id', workspaceId); - } - headers.set('User-Agent', this.userAgent); - const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal); - const respBody = await executeHttpCall({ - request: httpReq, - httpClient, - logger: this.logger, - }); - resp = parseResponse(respBody, unmarshalGetContextStatusResponseSchema); - }; - await executeCall(call, options); - if (resp === undefined) { - throw new Error('operation completed without a result.'); - } - return resp; - } - /** * Creates an execution context for running cluster commands. * @@ -368,6 +285,89 @@ export class CommandExecutionClient { } return new ExecuteWaiter(this, req.clusterId, req.contextId, resp.id); } + + /** + * Gets the status of and, if available, the results from a currently executing command. + * + * The command ID is obtained from a prior successful call to __execute__. + */ + async getCommandStatus( + req: GetCommandStatusRequest, + options?: CallOptions + ): Promise { + const {host, workspaceId, httpClient} = await this.resolveConfig(); + const url = `${host}/api/1.2/commands/status`; + const params = new URLSearchParams(); + if (req.clusterId !== undefined) { + params.append('clusterId', req.clusterId); + } + if (req.contextId !== undefined) { + params.append('contextId', req.contextId); + } + if (req.commandId !== undefined) { + params.append('commandId', req.commandId); + } + const query = params.toString(); + const fullUrl = query !== '' ? `${url}?${query}` : url; + let resp: GetCommandStatusResponse | undefined; + const call = async (callSignal?: AbortSignal): Promise => { + const headers = new Headers(); + if (workspaceId !== undefined) { + headers.set('X-Databricks-Org-Id', workspaceId); + } + headers.set('User-Agent', this.userAgent); + const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal); + const respBody = await executeHttpCall({ + request: httpReq, + httpClient, + logger: this.logger, + }); + resp = parseResponse(respBody, unmarshalGetCommandStatusResponseSchema); + }; + await executeCall(call, options); + if (resp === undefined) { + throw new Error('operation completed without a result.'); + } + return resp; + } + + /** Gets the status for an execution context. */ + async getContextStatus( + req: GetContextStatusRequest, + options?: CallOptions + ): Promise { + const {host, workspaceId, httpClient} = await this.resolveConfig(); + const url = `${host}/api/1.2/contexts/status`; + const params = new URLSearchParams(); + if (req.clusterId !== undefined) { + params.append('clusterId', req.clusterId); + } + if (req.contextId !== undefined) { + params.append('contextId', req.contextId); + } + const query = params.toString(); + const fullUrl = query !== '' ? `${url}?${query}` : url; + let resp: GetContextStatusResponse | undefined; + const call = async (callSignal?: AbortSignal): Promise => { + const headers = new Headers(); + if (workspaceId !== undefined) { + headers.set('X-Databricks-Org-Id', workspaceId); + } + headers.set('User-Agent', this.userAgent); + const httpReq = buildHttpRequest('GET', fullUrl, headers, callSignal); + const respBody = await executeHttpCall({ + request: httpReq, + httpClient, + logger: this.logger, + }); + resp = parseResponse(respBody, unmarshalGetContextStatusResponseSchema); + }; + await executeCall(call, options); + if (resp === undefined) { + throw new Error('operation completed without a result.'); + } + return resp; + } } export class CancelWaiter { @@ -387,7 +387,7 @@ export class CancelWaiter { let result: GetCommandStatusResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { - const pollResp = await this.client.commandStatus( + const pollResp = await this.client.getCommandStatus( { clusterId: this.clusterId, contextId: this.contextId, @@ -423,7 +423,7 @@ export class CancelWaiter { /** Checks whether the operation has reached a terminal state. */ async done(options?: CallOptions): Promise { - const pollResp = await this.client.commandStatus( + const pollResp = await this.client.getCommandStatus( { clusterId: this.clusterId, contextId: this.contextId, @@ -463,7 +463,7 @@ export class CreateWaiter { let result: GetContextStatusResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { - const pollResp = await this.client.contextStatus( + const pollResp = await this.client.getContextStatus( { clusterId: this.clusterId, contextId: this.contextId, @@ -498,7 +498,7 @@ export class CreateWaiter { /** Checks whether the operation has reached a terminal state. */ async done(options?: CallOptions): Promise { - const pollResp = await this.client.contextStatus( + const pollResp = await this.client.getContextStatus( { clusterId: this.clusterId, contextId: this.contextId, @@ -538,7 +538,7 @@ export class ExecuteWaiter { let result: GetCommandStatusResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { - const pollResp = await this.client.commandStatus( + const pollResp = await this.client.getCommandStatus( { clusterId: this.clusterId, contextId: this.contextId, @@ -576,7 +576,7 @@ export class ExecuteWaiter { /** Checks whether the operation has reached a terminal state. */ async done(options?: CallOptions): Promise { - const pollResp = await this.client.commandStatus( + const pollResp = await this.client.getCommandStatus( { clusterId: this.clusterId, contextId: this.contextId, diff --git a/packages/genie/src/v1/client.ts b/packages/genie/src/v1/client.ts index 9b7d5af9..6b8db479 100644 --- a/packages/genie/src/v1/client.ts +++ b/packages/genie/src/v1/client.ts @@ -60,7 +60,7 @@ import type { GenieMessageComment, GenieSendMessageFeedbackRequest, GenieSpace, - GenieStartConversationMessageRequest, + GenieStartConversationRequest, GenieStartConversationResponse, GenieTrashSpaceRequest, GenieUpdateSpaceRequest, @@ -75,7 +75,7 @@ import { marshalGenieExecuteMessageQueryRequestSchema, marshalGenieGenerateDownloadFullQueryResultRequestSchema, marshalGenieSendMessageFeedbackRequestSchema, - marshalGenieStartConversationMessageRequestSchema, + marshalGenieStartConversationRequestSchema, marshalGenieUpdateSpaceRequestSchema, unmarshalGenieEvalResultDetailsSchema, unmarshalGenieEvalRunResponseSchema, @@ -1064,14 +1064,14 @@ export class GenieClient { /** Start a new conversation. */ private async genieStartConversationBase( - req: GenieStartConversationMessageRequest, + req: GenieStartConversationRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/genie/spaces/${req.spaceId ?? ''}/start-conversation`; const body = marshalRequest( req, - marshalGenieStartConversationMessageRequestSchema + marshalGenieStartConversationRequestSchema ); let resp: GenieStartConversationResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { @@ -1100,7 +1100,7 @@ export class GenieClient { /** Start a new conversation. */ async genieStartConversation( - req: GenieStartConversationMessageRequest, + req: GenieStartConversationRequest, options?: CallOptions ): Promise { const resp = await this.genieStartConversationBase(req, options); diff --git a/packages/genie/src/v1/index.ts b/packages/genie/src/v1/index.ts index 3d9d8241..525cd409 100755 --- a/packages/genie/src/v1/index.ts +++ b/packages/genie/src/v1/index.ts @@ -77,7 +77,7 @@ export type { GenieResultMetadata, GenieSendMessageFeedbackRequest, GenieSpace, - GenieStartConversationMessageRequest, + GenieStartConversationRequest, GenieStartConversationResponse, GenieSuggestedQuestionsAttachment, GenieTrashSpaceRequest, diff --git a/packages/genie/src/v1/model.ts b/packages/genie/src/v1/model.ts index 43278966..3e196369 100755 --- a/packages/genie/src/v1/model.ts +++ b/packages/genie/src/v1/model.ts @@ -1562,7 +1562,7 @@ export interface GenieSpace { etag?: string | undefined; } -export interface GenieStartConversationMessageRequest { +export interface GenieStartConversationRequest { /** The ID associated with the Genie space where you want to start a conversation. */ spaceId?: string | undefined; /** The text of the message that starts the conversation. */ @@ -2789,7 +2789,7 @@ export const marshalGenieSendMessageFeedbackRequestSchema: z.ZodType = z comment: d.comment, })); -export const marshalGenieStartConversationMessageRequestSchema: z.ZodType = z +export const marshalGenieStartConversationRequestSchema: z.ZodType = z .object({ spaceId: z.string().optional(), content: z.string().optional(), diff --git a/packages/jobs/src/v2/client.ts b/packages/jobs/src/v2/client.ts index 930323dd..b53aecb3 100755 --- a/packages/jobs/src/v2/client.ts +++ b/packages/jobs/src/v2/client.ts @@ -38,7 +38,7 @@ import type { ExportRunResponse, GetJobRequest, GetJobResponse, - GetPolicyComplianceForJob, + GetPolicyComplianceForJobRequest, GetPolicyComplianceForJobResponse, GetRunOutputRequest, GetRunOutputResponse, @@ -177,7 +177,7 @@ export class JobsClient { * their updated policies. */ async getPolicyComplianceForJob( - req: GetPolicyComplianceForJob, + req: GetPolicyComplianceForJobRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); diff --git a/packages/jobs/src/v2/index.ts b/packages/jobs/src/v2/index.ts index b54826b0..d53efe5d 100755 --- a/packages/jobs/src/v2/index.ts +++ b/packages/jobs/src/v2/index.ts @@ -119,7 +119,7 @@ export type { GenAiComputeTask, GetJobRequest, GetJobResponse, - GetPolicyComplianceForJob, + GetPolicyComplianceForJobRequest, GetPolicyComplianceForJobResponse, GetRunOutputRequest, GetRunOutputResponse, diff --git a/packages/jobs/src/v2/model.ts b/packages/jobs/src/v2/model.ts index ff1fedca..4f52959e 100755 --- a/packages/jobs/src/v2/model.ts +++ b/packages/jobs/src/v2/model.ts @@ -2118,7 +2118,7 @@ export interface GetJobResponse { effectiveUsagePolicyId?: string | undefined; } -export interface GetPolicyComplianceForJob { +export interface GetPolicyComplianceForJobRequest { /** The ID of the job whose compliance status you are requesting. */ jobId?: bigint | undefined; } diff --git a/packages/marketplaces/src/v1/client.ts b/packages/marketplaces/src/v1/client.ts index ce2185c2..ba563205 100755 --- a/packages/marketplaces/src/v1/client.ts +++ b/packages/marketplaces/src/v1/client.ts @@ -30,6 +30,7 @@ import type { CreateExchangeResponse, CreateFileRequest, CreateFileResponse, + CreateInstallationRequest, CreateInstallationResponse, CreateListingRequest, CreateListingResponse, @@ -45,6 +46,7 @@ import type { DeleteExchangeResponse, DeleteFileRequest, DeleteFileResponse, + DeleteInstallationRequest, DeleteInstallationResponse, DeleteListingRequest, DeleteListingResponse, @@ -59,26 +61,25 @@ import type { GetExchangeResponse, GetFileRequest, GetFileResponse, - GetInstallationDetails, + GetInstallationDetailsRequest, GetLatestVersionProviderAnalyticsDashboardRequest, GetLatestVersionProviderAnalyticsDashboardResponse, - GetListingContent, + GetListingContentMetadataRequest, GetListingContentMetadataResponse, GetListingRequest, GetListingResponse, GetListingsResponse, - GetPersonalizationRequestsForConsumer, + GetPersonalizationRequestsForConsumerRequest, GetPersonalizationRequestsForConsumerResponse, GetPersonalizationRequestsForProviderRequest, GetPersonalizationRequestsForProviderResponse, GetProviderRequest, GetProviderResponse, - GetPublishedListingForConsumer, + GetPublishedListingForConsumerRequest, GetPublishedListingForConsumerResponse, GetPublishedListingsForConsumerResponse, - GetPublishedProviderForConsumer, + GetPublishedProviderForConsumerRequest, GetPublishedProviderForConsumerResponse, - InstallListing, InstallationDetail, ListAllInstallationsResponse, ListExchangeFiltersRequest, @@ -102,7 +103,7 @@ import type { ListProvidersRequest, ListProvidersResponse, ListPublishedListingsForConsumerRequest, - ListPublishedProvidersForConsumer, + ListPublishedProvidersForConsumerRequest, ListPublishedProvidersForConsumerResponse, Listing, ListingFulfillment, @@ -110,15 +111,14 @@ import type { ProviderInfo, RemoveExchangeForListingRequest, RemoveExchangeForListingResponse, - SearchPublishedListingsForConsumer, + SearchPublishedListingsForConsumerRequest, SearchPublishedListingsForConsumerResponse, SharedDataObject, - UninstallListing, UpdateExchangeFilterRequest, UpdateExchangeFilterResponse, UpdateExchangeRequest, UpdateExchangeResponse, - UpdateInstallationDetail, + UpdateInstallationRequest, UpdateInstallationResponse, UpdateListingRequest, UpdateListingResponse, @@ -134,16 +134,16 @@ import { marshalCreateExchangeFilterRequestSchema, marshalCreateExchangeRequestSchema, marshalCreateFileRequestSchema, + marshalCreateInstallationRequestSchema, marshalCreateListingRequestSchema, marshalCreatePersonalizationRequestSchema, marshalCreateProviderAnalyticsDashboardRequestSchema, marshalCreateProviderRequestSchema, marshalFileParentSchema, - marshalInstallListingSchema, marshalListingTagSchema, marshalUpdateExchangeFilterRequestSchema, marshalUpdateExchangeRequestSchema, - marshalUpdateInstallationDetailSchema, + marshalUpdateInstallationRequestSchema, marshalUpdateListingRequestSchema, marshalUpdatePersonalizationRequestStatusRequestSchema, marshalUpdateProviderAnalyticsDashboardRequestSchema, @@ -338,7 +338,7 @@ export class MarketplacesClient { /** List all installations for a particular listing. */ async getInstallationDetails( - req: GetInstallationDetails, + req: GetInstallationDetailsRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -375,10 +375,10 @@ export class MarketplacesClient { } async *getInstallationDetailsIter( - req: GetInstallationDetails, + req: GetInstallationDetailsRequest, options?: CallOptions ): AsyncGenerator { - const pageReq: GetInstallationDetails = {...req}; + const pageReq: GetInstallationDetailsRequest = {...req}; for (;;) { const resp = await this.getInstallationDetails(pageReq, options); for (const item of resp.installations ?? []) { @@ -393,7 +393,7 @@ export class MarketplacesClient { /** Get a high level preview of the metadata of listing installable content. */ async getListingContent( - req: GetListingContent, + req: GetListingContentMetadataRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -433,10 +433,10 @@ export class MarketplacesClient { } async *getListingContentIter( - req: GetListingContent, + req: GetListingContentMetadataRequest, options?: CallOptions ): AsyncGenerator { - const pageReq: GetListingContent = {...req}; + const pageReq: GetListingContentMetadataRequest = {...req}; for (;;) { const resp = await this.getListingContent(pageReq, options); for (const item of resp.sharedDataObjects ?? []) { @@ -451,7 +451,7 @@ export class MarketplacesClient { /** Get the personalization request for a listing. Each consumer can make at *most* one personalization request for a listing. */ async getPersonalizationRequestsForConsumer( - req: GetPersonalizationRequestsForConsumer, + req: GetPersonalizationRequestsForConsumerRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -483,7 +483,7 @@ export class MarketplacesClient { /** Get a published listing in the Databricks Marketplace that the consumer has access to. */ async getPublishedListingForConsumer( - req: GetPublishedListingForConsumer, + req: GetPublishedListingForConsumerRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -515,7 +515,7 @@ export class MarketplacesClient { /** Get a provider in the Databricks Marketplace with at least one visible listing. */ async getPublishedProviderForConsumer( - req: GetPublishedProviderForConsumer, + req: GetPublishedProviderForConsumerRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -547,12 +547,12 @@ export class MarketplacesClient { /** Install payload associated with a Databricks Marketplace listing. */ async installListing( - req: InstallListing, + req: CreateInstallationRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/marketplace-consumer/listings/${req.listingId ?? ''}/installations`; - const body = marshalRequest(req, marshalInstallListingSchema); + const body = marshalRequest(req, marshalCreateInstallationRequestSchema); let resp: CreateInstallationResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); @@ -841,7 +841,7 @@ export class MarketplacesClient { /** List all providers in the Databricks Marketplace with at least one visible listing. */ async listPublishedProvidersForConsumer( - req: ListPublishedProvidersForConsumer, + req: ListPublishedProvidersForConsumerRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -884,10 +884,10 @@ export class MarketplacesClient { } async *listPublishedProvidersForConsumerIter( - req: ListPublishedProvidersForConsumer, + req: ListPublishedProvidersForConsumerRequest, options?: CallOptions ): AsyncGenerator { - const pageReq: ListPublishedProvidersForConsumer = {...req}; + const pageReq: ListPublishedProvidersForConsumerRequest = {...req}; for (;;) { const resp = await this.listPublishedProvidersForConsumer( pageReq, @@ -908,7 +908,7 @@ export class MarketplacesClient { * This query supports a variety of different search parameters and performs fuzzy matching. */ async searchPublishedListingsForConsumer( - req: SearchPublishedListingsForConsumer, + req: SearchPublishedListingsForConsumerRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -966,10 +966,10 @@ export class MarketplacesClient { } async *searchPublishedListingsForConsumerIter( - req: SearchPublishedListingsForConsumer, + req: SearchPublishedListingsForConsumerRequest, options?: CallOptions ): AsyncGenerator { - const pageReq: SearchPublishedListingsForConsumer = {...req}; + const pageReq: SearchPublishedListingsForConsumerRequest = {...req}; for (;;) { const resp = await this.searchPublishedListingsForConsumer( pageReq, @@ -987,7 +987,7 @@ export class MarketplacesClient { /** Uninstall an installation associated with a Databricks Marketplace listing. */ async uninstallListing( - req: UninstallListing, + req: DeleteInstallationRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -1021,12 +1021,12 @@ export class MarketplacesClient { * 2. the token will be forcibly rotate if the rotateToken flag is true and the tokenInfo field is empty */ async updateInstallationDetail( - req: UpdateInstallationDetail, + req: UpdateInstallationRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/marketplace-consumer/listings/${req.listingId ?? ''}/installations/${req.installationId ?? ''}`; - const body = marshalRequest(req, marshalUpdateInstallationDetailSchema); + const body = marshalRequest(req, marshalUpdateInstallationRequestSchema); let resp: UpdateInstallationResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); diff --git a/packages/marketplaces/src/v1/index.ts b/packages/marketplaces/src/v1/index.ts index fd4aa238..d631d89f 100755 --- a/packages/marketplaces/src/v1/index.ts +++ b/packages/marketplaces/src/v1/index.ts @@ -37,6 +37,7 @@ export type { CreateExchangeResponse, CreateFileRequest, CreateFileResponse, + CreateInstallationRequest, CreateInstallationResponse, CreateListingRequest, CreateListingResponse, @@ -53,6 +54,7 @@ export type { DeleteExchangeResponse, DeleteFileRequest, DeleteFileResponse, + DeleteInstallationRequest, DeleteInstallationResponse, DeleteListingRequest, DeleteListingResponse, @@ -68,26 +70,25 @@ export type { GetExchangeResponse, GetFileRequest, GetFileResponse, - GetInstallationDetails, + GetInstallationDetailsRequest, GetLatestVersionProviderAnalyticsDashboardRequest, GetLatestVersionProviderAnalyticsDashboardResponse, - GetListingContent, + GetListingContentMetadataRequest, GetListingContentMetadataResponse, GetListingRequest, GetListingResponse, GetListingsResponse, - GetPersonalizationRequestsForConsumer, + GetPersonalizationRequestsForConsumerRequest, GetPersonalizationRequestsForConsumerResponse, GetPersonalizationRequestsForProviderRequest, GetPersonalizationRequestsForProviderResponse, GetProviderRequest, GetProviderResponse, - GetPublishedListingForConsumer, + GetPublishedListingForConsumerRequest, GetPublishedListingForConsumerResponse, GetPublishedListingsForConsumerResponse, - GetPublishedProviderForConsumer, + GetPublishedProviderForConsumerRequest, GetPublishedProviderForConsumerResponse, - InstallListing, InstallationDetail, ListAllInstallationsResponse, ListExchangeFiltersRequest, @@ -111,7 +112,7 @@ export type { ListProvidersRequest, ListProvidersResponse, ListPublishedListingsForConsumerRequest, - ListPublishedProvidersForConsumer, + ListPublishedProvidersForConsumerRequest, ListPublishedProvidersForConsumerResponse, Listing, ListingDetail, @@ -126,18 +127,17 @@ export type { RemoveExchangeForListingResponse, RepoInfo, RepoInstallation, - SearchPublishedListingsForConsumer, + SearchPublishedListingsForConsumerRequest, SearchPublishedListingsForConsumerResponse, ShareInfo, SharedDataObject, TokenDetail, TokenInfo, - UninstallListing, UpdateExchangeFilterRequest, UpdateExchangeFilterResponse, UpdateExchangeRequest, UpdateExchangeResponse, - UpdateInstallationDetail, + UpdateInstallationRequest, UpdateInstallationResponse, UpdateListingRequest, UpdateListingResponse, diff --git a/packages/marketplaces/src/v1/model.ts b/packages/marketplaces/src/v1/model.ts index 994eb70f..bb33435e 100755 --- a/packages/marketplaces/src/v1/model.ts +++ b/packages/marketplaces/src/v1/model.ts @@ -270,6 +270,16 @@ export interface CreateFileResponse { fileInfo?: FileInfo | undefined; } +export interface CreateInstallationRequest { + listingId?: string | undefined; + shareName?: string | undefined; + catalogName?: string | undefined; + /** for git repo installations */ + repoDetail?: RepoInstallation | undefined; + recipientType?: DeltaSharingRecipientType | undefined; + acceptedConsumerTerms?: ConsumerTerms | undefined; +} + export interface CreateInstallationResponse { installation?: InstallationDetail | undefined; } @@ -343,6 +353,11 @@ export interface DeleteFileRequest { // eslint-disable-next-line @typescript-eslint/no-empty-object-type export interface DeleteFileResponse {} +export interface DeleteInstallationRequest { + listingId?: string | undefined; + installationId?: string | undefined; +} + // eslint-disable-next-line @typescript-eslint/no-empty-object-type export interface DeleteInstallationResponse {} @@ -435,7 +450,7 @@ export interface GetFileResponse { fileInfo?: FileInfo | undefined; } -export interface GetInstallationDetails { +export interface GetInstallationDetailsRequest { listingId?: string | undefined; pageToken?: string | undefined; pageSize?: number | undefined; @@ -453,7 +468,7 @@ export interface GetLatestVersionProviderAnalyticsDashboardResponse { version?: bigint | undefined; } -export interface GetListingContent { +export interface GetListingContentMetadataRequest { listingId?: string | undefined; pageToken?: string | undefined; pageSize?: number | undefined; @@ -477,7 +492,7 @@ export interface GetListingsResponse { nextPageToken?: string | undefined; } -export interface GetPersonalizationRequestsForConsumer { +export interface GetPersonalizationRequestsForConsumerRequest { listingId?: string | undefined; } @@ -503,7 +518,7 @@ export interface GetProviderResponse { provider?: ProviderInfo | undefined; } -export interface GetPublishedListingForConsumer { +export interface GetPublishedListingForConsumerRequest { id?: string | undefined; } @@ -516,7 +531,7 @@ export interface GetPublishedListingsForConsumerResponse { nextPageToken?: string | undefined; } -export interface GetPublishedProviderForConsumer { +export interface GetPublishedProviderForConsumerRequest { id?: string | undefined; } @@ -524,16 +539,6 @@ export interface GetPublishedProviderForConsumerResponse { provider?: ProviderInfo | undefined; } -export interface InstallListing { - listingId?: string | undefined; - shareName?: string | undefined; - catalogName?: string | undefined; - /** for git repo installations */ - repoDetail?: RepoInstallation | undefined; - recipientType?: DeltaSharingRecipientType | undefined; - acceptedConsumerTerms?: ConsumerTerms | undefined; -} - export interface InstallationDetail { id?: string | undefined; listingId?: string | undefined; @@ -680,7 +685,7 @@ export interface ListPublishedListingsForConsumerRequest { providerIds?: string[] | undefined; } -export interface ListPublishedProvidersForConsumer { +export interface ListPublishedProvidersForConsumerRequest { pageToken?: string | undefined; pageSize?: number | undefined; isFeatured?: boolean | undefined; @@ -854,7 +859,7 @@ export interface RepoInstallation { repoPath?: string | undefined; } -export interface SearchPublishedListingsForConsumer { +export interface SearchPublishedListingsForConsumerRequest { /** Fuzzy matches query */ query?: string | undefined; isFree?: boolean | undefined; @@ -917,11 +922,6 @@ export interface TokenInfo { updatedBy?: string | undefined; } -export interface UninstallListing { - listingId?: string | undefined; - installationId?: string | undefined; -} - export interface UpdateExchangeFilterRequest { id?: string | undefined; filter?: ExchangeFilter | undefined; @@ -940,7 +940,7 @@ export interface UpdateExchangeResponse { exchange?: Exchange | undefined; } -export interface UpdateInstallationDetail { +export interface UpdateInstallationRequest { listingId?: string | undefined; installationId?: string | undefined; installation?: InstallationDetail | undefined; @@ -2034,6 +2034,24 @@ export const marshalCreateFileRequestSchema: z.ZodType = z display_name: d.displayName, })); +export const marshalCreateInstallationRequestSchema: z.ZodType = z + .object({ + listingId: z.string().optional(), + shareName: z.string().optional(), + catalogName: z.string().optional(), + repoDetail: z.lazy(() => marshalRepoInstallationSchema).optional(), + recipientType: z.string().optional(), + acceptedConsumerTerms: z.lazy(() => marshalConsumerTermsSchema).optional(), + }) + .transform(d => ({ + listing_id: d.listingId, + share_name: d.shareName, + catalog_name: d.catalogName, + repo_detail: d.repoDetail, + recipient_type: d.recipientType, + accepted_consumer_terms: d.acceptedConsumerTerms, + })); + export const marshalCreateListingRequestSchema: z.ZodType = z .object({ listing: z.lazy(() => marshalListingSchema).optional(), @@ -2193,24 +2211,6 @@ export const marshalFileParentSchema: z.ZodType = z file_parent_type: d.fileParentType, })); -export const marshalInstallListingSchema: z.ZodType = z - .object({ - listingId: z.string().optional(), - shareName: z.string().optional(), - catalogName: z.string().optional(), - repoDetail: z.lazy(() => marshalRepoInstallationSchema).optional(), - recipientType: z.string().optional(), - acceptedConsumerTerms: z.lazy(() => marshalConsumerTermsSchema).optional(), - }) - .transform(d => ({ - listing_id: d.listingId, - share_name: d.shareName, - catalog_name: d.catalogName, - repo_detail: d.repoDetail, - recipient_type: d.recipientType, - accepted_consumer_terms: d.acceptedConsumerTerms, - })); - export const marshalInstallationDetailSchema: z.ZodType = z .object({ id: z.string().optional(), @@ -2491,7 +2491,7 @@ export const marshalUpdateExchangeRequestSchema: z.ZodType = z exchange: d.exchange, })); -export const marshalUpdateInstallationDetailSchema: z.ZodType = z +export const marshalUpdateInstallationRequestSchema: z.ZodType = z .object({ listingId: z.string().optional(), installationId: z.string().optional(), diff --git a/packages/modelregistry/src/v1/client.ts b/packages/modelregistry/src/v1/client.ts index a1adecdf..cf9f317e 100755 --- a/packages/modelregistry/src/v1/client.ts +++ b/packages/modelregistry/src/v1/client.ts @@ -532,7 +532,7 @@ export class ModelRegistryClient { } /** Gets a list of all open stage transition requests for the model version. */ - async listTransitionsRequest( + async listTransitionRequests( req: ListTransitionRequest, options?: CallOptions ): Promise { diff --git a/packages/modelservingquery/src/v1/client.ts b/packages/modelservingquery/src/v1/client.ts index 16ffa221..b5a0942e 100644 --- a/packages/modelservingquery/src/v1/client.ts +++ b/packages/modelservingquery/src/v1/client.ts @@ -16,9 +16,9 @@ import { parseResponse, } from './utils'; import pkgJson from '../../package.json' with {type: 'json'}; -import type {QueryEndpointInputRequest, QueryEndpointResponse} from './model'; +import type {QueryEndpointRequest, QueryEndpointResponse} from './model'; import { - marshalQueryEndpointInputRequestSchema, + marshalQueryEndpointRequestSchema, unmarshalQueryEndpointResponseSchema, } from './model'; @@ -57,12 +57,12 @@ export class ModelServingQueryClient { /** Query a serving endpoint */ async query( - req: QueryEndpointInputRequest, + req: QueryEndpointRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/serving-endpoints/${req.name ?? ''}/invocations`; - const body = marshalRequest(req, marshalQueryEndpointInputRequestSchema); + const body = marshalRequest(req, marshalQueryEndpointRequestSchema); let resp: QueryEndpointResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); diff --git a/packages/modelservingquery/src/v1/index.ts b/packages/modelservingquery/src/v1/index.ts index 0d1a00fa..2f624cbf 100755 --- a/packages/modelservingquery/src/v1/index.ts +++ b/packages/modelservingquery/src/v1/index.ts @@ -13,7 +13,7 @@ export type { DataframeSplitInput, EmbeddingsV1ResponseEmbeddingElement, ExternalModelUsageElement, - QueryEndpointInputRequest, + QueryEndpointRequest, QueryEndpointResponse, V1ResponseChoiceElement, } from './model'; diff --git a/packages/modelservingquery/src/v1/model.ts b/packages/modelservingquery/src/v1/model.ts index fef14df4..b9c6df16 100755 --- a/packages/modelservingquery/src/v1/model.ts +++ b/packages/modelservingquery/src/v1/model.ts @@ -87,7 +87,7 @@ export interface ExternalModelUsageElement { totalTokens?: number | undefined; } -export interface QueryEndpointInputRequest { +export interface QueryEndpointRequest { /** The name of the serving endpoint. This field is required and is provided via the path parameter. */ name?: string | undefined; /** @@ -308,7 +308,7 @@ export const marshalDataframeSplitInputSchema: z.ZodType = z data: d.data, })); -export const marshalQueryEndpointInputRequestSchema: z.ZodType = z +export const marshalQueryEndpointRequestSchema: z.ZodType = z .object({ name: z.string().optional(), prompt: jsonValueSchema.optional(), diff --git a/packages/networking/src/v1/client.ts b/packages/networking/src/v1/client.ts index 77883958..1a01c5d5 100755 --- a/packages/networking/src/v1/client.ts +++ b/packages/networking/src/v1/client.ts @@ -22,7 +22,7 @@ import type { CreateAccountIpAccessListRequest, CreateAccountIpAccessListResponse, CreateEndpointRequest, - CreateIpAccessList, + CreateIpAccessListRequest, CreateIpAccessListResponse, CreateNccPrivateEndpointRuleRequest, CreateNetworkConnectivityConfigRequest, @@ -30,13 +30,10 @@ import type { CreateNetworkRequest, CreatePrivateAccessSettingsRequest, CreateVpcEndpointRequest, - CustomerFacingNetworkConnectivityConfig, - CustomerFacingPrivateAccessSettings, - CustomerFacingVpcEndpoint, DeleteAccountIpAccessListRequest, DeleteAccountIpAccessListResponse, DeleteEndpointRequest, - DeleteIpAccessList, + DeleteIpAccessListRequest, DeleteIpAccessListResponse, DeleteNccPrivateEndpointRuleRequest, DeleteNetworkConnectivityConfigRequest, @@ -48,7 +45,7 @@ import type { GetAccountIpAccessListRequest, GetAccountIpAccessListResponse, GetEndpointRequest, - GetIpAccessList, + GetIpAccessListRequest, GetIpAccessListResponse, GetNccPrivateEndpointRuleRequest, GetNetworkConnectivityConfigRequest, @@ -77,43 +74,43 @@ import type { ListVpcEndpointResponse, NccPrivateEndpointRule, Network, + NetworkConnectivityConfig, + PrivateAccessSettings, ReplaceAccountIpAccessListRequest, ReplaceAccountIpAccessListResponse, - ReplaceIpAccessList, + ReplaceIpAccessListRequest, ReplaceIpAccessListResponse, UpdateAccountIpAccessListRequest, UpdateAccountIpAccessListResponse, - UpdateIpAccessList, + UpdateIpAccessListRequest, UpdateIpAccessListResponse, UpdateNccPrivateEndpointRuleRequest, UpdateNetworkPolicyRequest, UpdatePrivateAccessSettingsRequest, UpdateWorkspaceNetworkOptionRequest, + VpcEndpoint, WorkspaceNetworkOption, } from './model'; import { marshalAccountNetworkPolicySchema, marshalCreateAccountIpAccessListRequestSchema, - marshalCreateIpAccessListSchema, + marshalCreateIpAccessListRequestSchema, marshalCreateNetworkConnectivityConfigurationSchema, marshalCreateNetworkRequestSchema, marshalCreatePrivateAccessSettingsRequestSchema, marshalCreatePrivateEndpointRuleSchema, marshalCreateVpcEndpointRequestSchema, - marshalCustomerFacingPrivateAccessSettingsSchema, marshalEndpointSchema, + marshalPrivateAccessSettingsSchema, marshalReplaceAccountIpAccessListRequestSchema, - marshalReplaceIpAccessListSchema, + marshalReplaceIpAccessListRequestSchema, marshalUpdateAccountIpAccessListRequestSchema, - marshalUpdateIpAccessListSchema, + marshalUpdateIpAccessListRequestSchema, marshalUpdatePrivateEndpointRuleSchema, marshalWorkspaceNetworkOptionSchema, unmarshalAccountNetworkPolicySchema, unmarshalCreateAccountIpAccessListResponseSchema, unmarshalCreateIpAccessListResponseSchema, - unmarshalCustomerFacingNetworkConnectivityConfigSchema, - unmarshalCustomerFacingPrivateAccessSettingsSchema, - unmarshalCustomerFacingVpcEndpointSchema, unmarshalDeleteAccountIpAccessListResponseSchema, unmarshalDeleteIpAccessListResponseSchema, unmarshalEndpointSchema, @@ -126,11 +123,14 @@ import { unmarshalListNetworkConnectivityConfigsResponseSchema, unmarshalListNetworkPoliciesResponseSchema, unmarshalNccPrivateEndpointRuleSchema, + unmarshalNetworkConnectivityConfigSchema, unmarshalNetworkSchema, + unmarshalPrivateAccessSettingsSchema, unmarshalReplaceAccountIpAccessListResponseSchema, unmarshalReplaceIpAccessListResponseSchema, unmarshalUpdateAccountIpAccessListResponseSchema, unmarshalUpdateIpAccessListResponseSchema, + unmarshalVpcEndpointSchema, unmarshalWorkspaceNetworkOptionSchema, } from './model'; @@ -560,12 +560,12 @@ export class NetworkingClient { * It can take a few minutes for the changes to take effect. **Note**: Your new IP access list has no effect until you enable the feature. See :method:workspaceconf/setStatus */ async createIpAccessList( - req: CreateIpAccessList, + req: CreateIpAccessListRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/ip-access-lists`; - const body = marshalRequest(req, marshalCreateIpAccessListSchema); + const body = marshalRequest(req, marshalCreateIpAccessListRequestSchema); let resp: CreateIpAccessListResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); @@ -590,7 +590,7 @@ export class NetworkingClient { /** Deletes an IP access list, specified by its list ID. */ async deleteIpAccessList( - req: DeleteIpAccessList, + req: DeleteIpAccessListRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -619,7 +619,7 @@ export class NetworkingClient { /** Gets an IP access list, specified by its list ID. */ async getIpAccessList( - req: GetIpAccessList, + req: GetIpAccessListRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -690,12 +690,12 @@ export class NetworkingClient { * effect until you enable the feature. See :method:workspaceconf/setStatus. */ async replaceIpAccessList( - req: ReplaceIpAccessList, + req: ReplaceIpAccessListRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/ip-access-lists/${req.listId ?? ''}`; - const body = marshalRequest(req, marshalReplaceIpAccessListSchema); + const body = marshalRequest(req, marshalReplaceIpAccessListRequestSchema); let resp: ReplaceIpAccessListResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); @@ -737,12 +737,12 @@ export class NetworkingClient { * the feature. See :method:workspaceconf/setStatus. */ async updateIpAccessList( - req: UpdateIpAccessList, + req: UpdateIpAccessListRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/ip-access-lists/${req.listId ?? ''}`; - const body = marshalRequest(req, marshalUpdateIpAccessListSchema); + const body = marshalRequest(req, marshalUpdateIpAccessListRequestSchema); let resp: UpdateIpAccessListResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); @@ -779,14 +779,14 @@ export class NetworkingClient { async createNetworkConnectivityConfigPublic( req: CreateNetworkConnectivityConfigRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/network-connectivity-configs`; const body = marshalRequest( req.networkConnectivityConfig, marshalCreateNetworkConnectivityConfigurationSchema ); - let resp: CustomerFacingNetworkConnectivityConfig | undefined; + let resp: NetworkConnectivityConfig | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); headers.set('User-Agent', this.userAgent); @@ -796,10 +796,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingNetworkConnectivityConfigSchema - ); + resp = parseResponse(respBody, unmarshalNetworkConnectivityConfigSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -832,10 +829,10 @@ export class NetworkingClient { async getNetworkConnectivityConfigPublic( req: GetNetworkConnectivityConfigRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/network-connectivity-configs/${req.networkConnectivityConfigId ?? ''}`; - let resp: CustomerFacingNetworkConnectivityConfig | undefined; + let resp: NetworkConnectivityConfig | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -845,10 +842,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingNetworkConnectivityConfigSchema - ); + resp = parseResponse(respBody, unmarshalNetworkConnectivityConfigSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -895,7 +889,7 @@ export class NetworkingClient { async *listNetworkConnectivityConfigsPublicIter( req: ListNetworkConnectivityConfigsRequest, options?: CallOptions - ): AsyncGenerator { + ): AsyncGenerator { const pageReq: ListNetworkConnectivityConfigsRequest = {...req}; for (;;) { const resp = await this.listNetworkConnectivityConfigsPublic( @@ -1299,14 +1293,14 @@ export class NetworkingClient { async createPrivateAccessSettingsPublic( req: CreatePrivateAccessSettingsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/private-access-settings`; const body = marshalRequest( req, marshalCreatePrivateAccessSettingsRequestSchema ); - let resp: CustomerFacingPrivateAccessSettings | undefined; + let resp: PrivateAccessSettings | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); headers.set('User-Agent', this.userAgent); @@ -1316,10 +1310,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingPrivateAccessSettingsSchema - ); + resp = parseResponse(respBody, unmarshalPrivateAccessSettingsSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1344,11 +1335,11 @@ export class NetworkingClient { async createVpcEndpointPublic( req: CreateVpcEndpointRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/vpc-endpoints`; const body = marshalRequest(req, marshalCreateVpcEndpointRequestSchema); - let resp: CustomerFacingVpcEndpoint | undefined; + let resp: VpcEndpoint | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); headers.set('User-Agent', this.userAgent); @@ -1358,7 +1349,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse(respBody, unmarshalCustomerFacingVpcEndpointSchema); + resp = parseResponse(respBody, unmarshalVpcEndpointSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1401,10 +1392,10 @@ export class NetworkingClient { async deletePrivateAccessSettingsPublic( req: DeletePrivateAccessSettingsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/private-access-settings/${req.privateAccessSettingsId ?? ''}`; - let resp: CustomerFacingPrivateAccessSettings | undefined; + let resp: PrivateAccessSettings | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -1414,10 +1405,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingPrivateAccessSettingsSchema - ); + resp = parseResponse(respBody, unmarshalPrivateAccessSettingsSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1430,10 +1418,10 @@ export class NetworkingClient { async deleteVpcEndpointPublic( req: DeleteVpcEndpointRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/vpc-endpoints/${req.vpcEndpointId ?? ''}`; - let resp: CustomerFacingVpcEndpoint | undefined; + let resp: VpcEndpoint | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -1443,7 +1431,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse(respBody, unmarshalCustomerFacingVpcEndpointSchema); + resp = parseResponse(respBody, unmarshalVpcEndpointSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1482,10 +1470,10 @@ export class NetworkingClient { async getPrivateAccessSettingsPublic( req: GetPrivateAccessSettingsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/private-access-settings/${req.privateAccessSettingsId ?? ''}`; - let resp: CustomerFacingPrivateAccessSettings | undefined; + let resp: PrivateAccessSettings | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -1495,10 +1483,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingPrivateAccessSettingsSchema - ); + resp = parseResponse(respBody, unmarshalPrivateAccessSettingsSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1516,10 +1501,10 @@ export class NetworkingClient { async getVpcEndpointPublic( req: GetVpcEndpointRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.accountId ?? accountId ?? ''}/vpc-endpoints/${req.vpcEndpointId ?? ''}`; - let resp: CustomerFacingVpcEndpoint | undefined; + let resp: VpcEndpoint | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); headers.set('User-Agent', this.userAgent); @@ -1529,7 +1514,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse(respBody, unmarshalCustomerFacingVpcEndpointSchema); + resp = parseResponse(respBody, unmarshalVpcEndpointSchema); }; await executeCall(call, options); if (resp === undefined) { @@ -1589,9 +1574,7 @@ export class NetworkingClient { resp = { privateAccessSettings: parseResponse( respBody, - z.array( - z.lazy(() => unmarshalCustomerFacingPrivateAccessSettingsSchema) - ) + z.array(z.lazy(() => unmarshalPrivateAccessSettingsSchema)) ), }; }; @@ -1622,7 +1605,7 @@ export class NetworkingClient { resp = { vpcEndpoints: parseResponse( respBody, - z.array(z.lazy(() => unmarshalCustomerFacingVpcEndpointSchema)) + z.array(z.lazy(() => unmarshalVpcEndpointSchema)) ), }; }; @@ -1642,14 +1625,14 @@ export class NetworkingClient { async updatePrivateAccessSettingsPublic( req: UpdatePrivateAccessSettingsRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, accountId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/accounts/${req.customerFacingPrivateAccessSettings?.accountId ?? accountId ?? ''}/private-access-settings/${req.customerFacingPrivateAccessSettings?.privateAccessSettingsId ?? ''}`; const body = marshalRequest( req.customerFacingPrivateAccessSettings, - marshalCustomerFacingPrivateAccessSettingsSchema + marshalPrivateAccessSettingsSchema ); - let resp: CustomerFacingPrivateAccessSettings | undefined; + let resp: PrivateAccessSettings | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); headers.set('User-Agent', this.userAgent); @@ -1659,10 +1642,7 @@ export class NetworkingClient { httpClient, logger: this.logger, }); - resp = parseResponse( - respBody, - unmarshalCustomerFacingPrivateAccessSettingsSchema - ); + resp = parseResponse(respBody, unmarshalPrivateAccessSettingsSchema); }; await executeCall(call, options); if (resp === undefined) { diff --git a/packages/networking/src/v1/index.ts b/packages/networking/src/v1/index.ts index 6a806d97..e511f3a4 100755 --- a/packages/networking/src/v1/index.ts +++ b/packages/networking/src/v1/index.ts @@ -3,28 +3,28 @@ export {NetworkingClient} from './client'; export { - CustomerFacingVpcEndpointUseCase, EgressResourceType, EndpointState, IpAccessListType, PrivateAccessLevel, + VpcEndpointUseCase, VpcStatus, AccountIpAccessListType_IpAccessListType, - CustomerFacingIngressNetworkPolicy_ApiScopeQualifier, - CustomerFacingIngressNetworkPolicy_Authentication_IdentityType, - CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType, - CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode, - CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode, - CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode, - CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState, - CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState, EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType, EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_DryRunModeProductFilter, EgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcement_EnforcementMode, EgressNetworkPolicy_NetworkAccessPolicy_RestrictionMode, EgressNetworkPolicy_NetworkAccessPolicy_StorageDestination_StorageDestinationType, EndpointUseCase_EndpointUseCase, + IngressNetworkPolicy_ApiScopeQualifier, + IngressNetworkPolicy_Authentication_IdentityType, + IngressNetworkPolicy_AuthenticationIdentity_PrincipalType, + IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode, + IngressNetworkPolicy_PrivateAccess_RestrictionMode, + IngressNetworkPolicy_PublicAccess_RestrictionMode, NccPrivateEndpointRule_PrivateLinkConnectionState, + NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState, + NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState, } from './model'; export type { @@ -35,7 +35,7 @@ export type { CreateAccountIpAccessListRequest, CreateAccountIpAccessListResponse, CreateEndpointRequest, - CreateIpAccessList, + CreateIpAccessListRequest, CreateIpAccessListResponse, CreateNccPrivateEndpointRuleRequest, CreateNetworkConnectivityConfigRequest, @@ -45,41 +45,12 @@ export type { CreatePrivateAccessSettingsRequest, CreatePrivateEndpointRule, CreateVpcEndpointRequest, - CustomerFacingGcpVpcEndpointInfo, - CustomerFacingIngressNetworkPolicy, - CustomerFacingIngressNetworkPolicy_AccountApiDestination, - CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination, - CustomerFacingIngressNetworkPolicy_AccountUiDestination, - CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination, - CustomerFacingIngressNetworkPolicy_Authentication, - CustomerFacingIngressNetworkPolicy_AuthenticationIdentity, - CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess, - CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule, - CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin, - CustomerFacingIngressNetworkPolicy_Endpoints, - CustomerFacingIngressNetworkPolicy_IpRanges, - CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination, - CustomerFacingIngressNetworkPolicy_PrivateAccess, - CustomerFacingIngressNetworkPolicy_PrivateIngressRule, - CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin, - CustomerFacingIngressNetworkPolicy_PublicAccess, - CustomerFacingIngressNetworkPolicy_PublicIngressRule, - CustomerFacingIngressNetworkPolicy_PublicRequestOrigin, - CustomerFacingIngressNetworkPolicy_RequestDestination, - CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination, - CustomerFacingIngressNetworkPolicy_WorkspaceIdList, - CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination, - CustomerFacingNetworkConnectivityConfig, - CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule, - CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule, CustomerFacingNetworkConnectivityConfigEgressConfig, CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule, - CustomerFacingPrivateAccessSettings, - CustomerFacingVpcEndpoint, DeleteAccountIpAccessListRequest, DeleteAccountIpAccessListResponse, DeleteEndpointRequest, - DeleteIpAccessList, + DeleteIpAccessListRequest, DeleteIpAccessListResponse, DeleteNccPrivateEndpointRuleRequest, DeleteNetworkConnectivityConfigRequest, @@ -97,10 +68,11 @@ export type { EndpointUseCase, GcpEndpoint, GcpNetworkInfo, + GcpVpcEndpointInfo, GetAccountIpAccessListRequest, GetAccountIpAccessListResponse, GetEndpointRequest, - GetIpAccessList, + GetIpAccessListRequest, GetIpAccessListResponse, GetNccPrivateEndpointRuleRequest, GetNetworkConnectivityConfigRequest, @@ -109,6 +81,29 @@ export type { GetPrivateAccessSettingsRequest, GetVpcEndpointRequest, GetWorkspaceNetworkOptionRequest, + IngressNetworkPolicy, + IngressNetworkPolicy_AccountApiDestination, + IngressNetworkPolicy_AccountDatabricksOneDestination, + IngressNetworkPolicy_AccountUiDestination, + IngressNetworkPolicy_AppsRuntimeDestination, + IngressNetworkPolicy_Authentication, + IngressNetworkPolicy_AuthenticationIdentity, + IngressNetworkPolicy_CrossWorkspaceAccess, + IngressNetworkPolicy_CrossWorkspaceIngressRule, + IngressNetworkPolicy_CrossWorkspaceRequestOrigin, + IngressNetworkPolicy_Endpoints, + IngressNetworkPolicy_IpRanges, + IngressNetworkPolicy_LakebaseRuntimeDestination, + IngressNetworkPolicy_PrivateAccess, + IngressNetworkPolicy_PrivateIngressRule, + IngressNetworkPolicy_PrivateRequestOrigin, + IngressNetworkPolicy_PublicAccess, + IngressNetworkPolicy_PublicIngressRule, + IngressNetworkPolicy_PublicRequestOrigin, + IngressNetworkPolicy_RequestDestination, + IngressNetworkPolicy_WorkspaceApiDestination, + IngressNetworkPolicy_WorkspaceIdList, + IngressNetworkPolicy_WorkspaceUiDestination, IpAccessList, ListAccountIpAccessListsRequest, ListAccountIpAccessListsResponse, @@ -130,6 +125,9 @@ export type { ListVpcEndpointResponse, NccPrivateEndpointRule, Network, + NetworkConnectivityConfig, + NetworkConnectivityConfigAwsPrivateEndpointRule, + NetworkConnectivityConfigAzurePrivateEndpointRule, NetworkConnectivityConfigEgressConfig, NetworkConnectivityConfigEgressConfig_DefaultRule, NetworkConnectivityConfigEgressConfig_DefaultRule_AwsStableIpRule, @@ -137,19 +135,21 @@ export type { NetworkHealth, NetworkVpcEndpoints, NetworkWarning, + PrivateAccessSettings, ReplaceAccountIpAccessListRequest, ReplaceAccountIpAccessListResponse, - ReplaceIpAccessList, + ReplaceIpAccessListRequest, ReplaceIpAccessListResponse, UpdateAccountIpAccessListRequest, UpdateAccountIpAccessListResponse, - UpdateIpAccessList, + UpdateIpAccessListRequest, UpdateIpAccessListResponse, UpdateNccPrivateEndpointRuleRequest, UpdateNetworkPolicyRequest, UpdatePrivateAccessSettingsRequest, UpdatePrivateEndpointRule, UpdateWorkspaceNetworkOptionRequest, + VpcEndpoint, WorkspaceNetworkOption, } from './model'; diff --git a/packages/networking/src/v1/model.ts b/packages/networking/src/v1/model.ts index bb4c98a0..77a85469 100755 --- a/packages/networking/src/v1/model.ts +++ b/packages/networking/src/v1/model.ts @@ -5,17 +5,6 @@ import {FieldMask} from '@databricks/sdk-core/wkt'; import type {FieldMaskSchema} from '@databricks/sdk-core/wkt'; import {z} from 'zod'; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingVpcEndpointUseCase = { - WORKSPACE_ACCESS: 'WORKSPACE_ACCESS', - DATAPLANE_RELAY_ACCESS: 'DATAPLANE_RELAY_ACCESS', - /** General access, replaces WORKSPACE_ACCESS in customer-facing API. */ - GENERAL_ACCESS: 'GENERAL_ACCESS', -} as const; -export type CustomerFacingVpcEndpointUseCase = - | (typeof CustomerFacingVpcEndpointUseCase)[keyof typeof CustomerFacingVpcEndpointUseCase] - | (string & {}); - /** * The target resources that are supported by Network Connectivity Config. * Note: some egress types can support general types that are not defined in EgressResourceType. @@ -72,6 +61,17 @@ export type PrivateAccessLevel = | (typeof PrivateAccessLevel)[keyof typeof PrivateAccessLevel] | (string & {}); +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const VpcEndpointUseCase = { + WORKSPACE_ACCESS: 'WORKSPACE_ACCESS', + DATAPLANE_RELAY_ACCESS: 'DATAPLANE_RELAY_ACCESS', + /** General access, replaces WORKSPACE_ACCESS in customer-facing API. */ + GENERAL_ACCESS: 'GENERAL_ACCESS', +} as const; +export type VpcEndpointUseCase = + | (typeof VpcEndpointUseCase)[keyof typeof VpcEndpointUseCase] + | (string & {}); + // eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. export const VpcStatus = { VALID: 'VALID', @@ -102,141 +102,6 @@ export type AccountIpAccessListType_IpAccessListType = | (typeof AccountIpAccessListType_IpAccessListType)[keyof typeof AccountIpAccessListType_IpAccessListType] | (string & {}); -/** - * Qualifies the breadth of API access permitted by an ingress network policy rule. - * API_SCOPE_QUALIFIER_READ narrows matching to read-only variants of the listed scopes; - * API_SCOPE_QUALIFIER_ALL matches any scope. When unset, scopes match exactly as listed. - */ -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_ApiScopeQualifier = { - /** Narrows matching to read-only variants of the listed scopes (e.g. GET/HEAD requests). */ - API_SCOPE_QUALIFIER_READ: 'API_SCOPE_QUALIFIER_READ', - /** Matches any scope regardless of access level. */ - API_SCOPE_QUALIFIER_ALL: 'API_SCOPE_QUALIFIER_ALL', -} as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_ApiScopeQualifier = - | (typeof CustomerFacingIngressNetworkPolicy_ApiScopeQualifier)[keyof typeof CustomerFacingIngressNetworkPolicy_ApiScopeQualifier] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_Authentication_IdentityType = { - IDENTITY_TYPE_UNSPECIFIED: 'IDENTITY_TYPE_UNSPECIFIED', - IDENTITY_TYPE_ALL_USERS: 'IDENTITY_TYPE_ALL_USERS', - IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS: 'IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS', - IDENTITY_TYPE_SELECTED_IDENTITIES: 'IDENTITY_TYPE_SELECTED_IDENTITIES', -} as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_Authentication_IdentityType = - | (typeof CustomerFacingIngressNetworkPolicy_Authentication_IdentityType)[keyof typeof CustomerFacingIngressNetworkPolicy_Authentication_IdentityType] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType = - { - PRINCIPAL_TYPE_UNSPECIFIED: 'PRINCIPAL_TYPE_UNSPECIFIED', - PRINCIPAL_TYPE_USER: 'PRINCIPAL_TYPE_USER', - PRINCIPAL_TYPE_SERVICE_PRINCIPAL: 'PRINCIPAL_TYPE_SERVICE_PRINCIPAL', - } as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType = - - | (typeof CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType)[keyof typeof CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode = - { - FULL_ACCESS: 'FULL_ACCESS', - RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', - } as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode = - - | (typeof CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode)[keyof typeof CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode = - { - ALLOW_ALL_REGISTERED_ENDPOINTS: 'ALLOW_ALL_REGISTERED_ENDPOINTS', - RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', - } as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode = - | (typeof CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode)[keyof typeof CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode = { - FULL_ACCESS: 'FULL_ACCESS', - RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', -} as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode = - | (typeof CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode)[keyof typeof CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState = - { - PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED: - 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED', - /** The endpoint has been approved and is ready to use in your serverless compute resources. */ - ESTABLISHED: 'ESTABLISHED', - /** Connection was rejected by the private link resource owner. */ - REJECTED: 'REJECTED', - /** - * Connection was removed by the private link resource owner, the private endpoint becomes informative and should - * be deleted for clean-up. - */ - DISCONNECTED: 'DISCONNECTED', - /** If the endpoint is created but not approved in 14 days, it is EXPIRED. */ - EXPIRED: 'EXPIRED', - /** The endpoint has been created and pending approval. */ - PENDING: 'PENDING', - /** The endpoint creation is in progress. */ - CREATING: 'CREATING', - /** The endpoint creation failed. */ - CREATE_FAILED: 'CREATE_FAILED', - } as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState = - - | (typeof CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState)[keyof typeof CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState] - | (string & {}); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. -export const CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState = - { - PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED: - 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED', - /** The endpoint has been created and pending approval. */ - INIT: 'INIT', - /** The endpoint has been approved and is ready to use in your serverless compute resources. */ - ESTABLISHED: 'ESTABLISHED', - /** Connection was rejected by the private link resource owner. */ - REJECTED: 'REJECTED', - /** - * Connection was removed by the private link resource owner, the private endpoint becomes informative and should - * be deleted for clean-up. - */ - DISCONNECTED: 'DISCONNECTED', - /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */ - EXPIRED: 'EXPIRED', - /** The endpoint has been created and pending approval. */ - PENDING: 'PENDING', - /** The endpoint creation is in progress. */ - CREATING: 'CREATING', - /** The endpoint creation failed. */ - CREATE_FAILED: 'CREATE_FAILED', - } as const; -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. -export type CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState = - - | (typeof CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState)[keyof typeof CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState] - | (string & {}); - // eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. export const EgressNetworkPolicy_NetworkAccessPolicy_InternetDestination_InternetDestinationType = { @@ -329,6 +194,76 @@ export type EndpointUseCase_EndpointUseCase = | (typeof EndpointUseCase_EndpointUseCase)[keyof typeof EndpointUseCase_EndpointUseCase] | (string & {}); +/** + * Qualifies the breadth of API access permitted by an ingress network policy rule. + * API_SCOPE_QUALIFIER_READ narrows matching to read-only variants of the listed scopes; + * API_SCOPE_QUALIFIER_ALL matches any scope. When unset, scopes match exactly as listed. + */ +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_ApiScopeQualifier = { + /** Narrows matching to read-only variants of the listed scopes (e.g. GET/HEAD requests). */ + API_SCOPE_QUALIFIER_READ: 'API_SCOPE_QUALIFIER_READ', + /** Matches any scope regardless of access level. */ + API_SCOPE_QUALIFIER_ALL: 'API_SCOPE_QUALIFIER_ALL', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_ApiScopeQualifier = + | (typeof IngressNetworkPolicy_ApiScopeQualifier)[keyof typeof IngressNetworkPolicy_ApiScopeQualifier] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_Authentication_IdentityType = { + IDENTITY_TYPE_UNSPECIFIED: 'IDENTITY_TYPE_UNSPECIFIED', + IDENTITY_TYPE_ALL_USERS: 'IDENTITY_TYPE_ALL_USERS', + IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS: 'IDENTITY_TYPE_ALL_SERVICE_PRINCIPALS', + IDENTITY_TYPE_SELECTED_IDENTITIES: 'IDENTITY_TYPE_SELECTED_IDENTITIES', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_Authentication_IdentityType = + | (typeof IngressNetworkPolicy_Authentication_IdentityType)[keyof typeof IngressNetworkPolicy_Authentication_IdentityType] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_AuthenticationIdentity_PrincipalType = { + PRINCIPAL_TYPE_UNSPECIFIED: 'PRINCIPAL_TYPE_UNSPECIFIED', + PRINCIPAL_TYPE_USER: 'PRINCIPAL_TYPE_USER', + PRINCIPAL_TYPE_SERVICE_PRINCIPAL: 'PRINCIPAL_TYPE_SERVICE_PRINCIPAL', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_AuthenticationIdentity_PrincipalType = + | (typeof IngressNetworkPolicy_AuthenticationIdentity_PrincipalType)[keyof typeof IngressNetworkPolicy_AuthenticationIdentity_PrincipalType] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode = { + FULL_ACCESS: 'FULL_ACCESS', + RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode = + | (typeof IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode)[keyof typeof IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_PrivateAccess_RestrictionMode = { + ALLOW_ALL_REGISTERED_ENDPOINTS: 'ALLOW_ALL_REGISTERED_ENDPOINTS', + RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_PrivateAccess_RestrictionMode = + | (typeof IngressNetworkPolicy_PrivateAccess_RestrictionMode)[keyof typeof IngressNetworkPolicy_PrivateAccess_RestrictionMode] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const IngressNetworkPolicy_PublicAccess_RestrictionMode = { + FULL_ACCESS: 'FULL_ACCESS', + RESTRICTED_ACCESS: 'RESTRICTED_ACCESS', +} as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type IngressNetworkPolicy_PublicAccess_RestrictionMode = + | (typeof IngressNetworkPolicy_PublicAccess_RestrictionMode)[keyof typeof IngressNetworkPolicy_PublicAccess_RestrictionMode] + | (string & {}); + // eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. export const NccPrivateEndpointRule_PrivateLinkConnectionState = { PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED: @@ -356,6 +291,66 @@ export type NccPrivateEndpointRule_PrivateLinkConnectionState = | (typeof NccPrivateEndpointRule_PrivateLinkConnectionState)[keyof typeof NccPrivateEndpointRule_PrivateLinkConnectionState] | (string & {}); +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState = + { + PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED: + 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED', + /** The endpoint has been approved and is ready to use in your serverless compute resources. */ + ESTABLISHED: 'ESTABLISHED', + /** Connection was rejected by the private link resource owner. */ + REJECTED: 'REJECTED', + /** + * Connection was removed by the private link resource owner, the private endpoint becomes informative and should + * be deleted for clean-up. + */ + DISCONNECTED: 'DISCONNECTED', + /** If the endpoint is created but not approved in 14 days, it is EXPIRED. */ + EXPIRED: 'EXPIRED', + /** The endpoint has been created and pending approval. */ + PENDING: 'PENDING', + /** The endpoint creation is in progress. */ + CREATING: 'CREATING', + /** The endpoint creation failed. */ + CREATE_FAILED: 'CREATE_FAILED', + } as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState = + + | (typeof NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState)[keyof typeof NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState] + | (string & {}); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Enum-style const object. +export const NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState = + { + PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED: + 'PRIVATE_LINK_CONNECTION_STATE_UNSPECIFIED', + /** The endpoint has been created and pending approval. */ + INIT: 'INIT', + /** The endpoint has been approved and is ready to use in your serverless compute resources. */ + ESTABLISHED: 'ESTABLISHED', + /** Connection was rejected by the private link resource owner. */ + REJECTED: 'REJECTED', + /** + * Connection was removed by the private link resource owner, the private endpoint becomes informative and should + * be deleted for clean-up. + */ + DISCONNECTED: 'DISCONNECTED', + /** If the endpoint was created but not approved in 14 days, it will be EXPIRED. */ + EXPIRED: 'EXPIRED', + /** The endpoint has been created and pending approval. */ + PENDING: 'PENDING', + /** The endpoint creation is in progress. */ + CREATING: 'CREATING', + /** The endpoint creation failed. */ + CREATE_FAILED: 'CREATE_FAILED', + } as const; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested enum name. +export type NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState = + + | (typeof NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState)[keyof typeof NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState] + | (string & {}); + /** Definition of an IP Access list */ export interface AccountIpAccessList { /** Universally unique identifier (UUID) of the IP access list. */ @@ -389,13 +384,13 @@ export interface AccountNetworkPolicy { /** The network policies applying for egress traffic. */ egress?: EgressNetworkPolicy | undefined; /** The network policies applying for ingress traffic. */ - ingress?: CustomerFacingIngressNetworkPolicy | undefined; + ingress?: IngressNetworkPolicy | undefined; /** * The ingress policy for dry run mode. Dry run will always run even if the request * is allowed by the ingress policy. When this field is set, the policy will be evaluated * and emit logs only without blocking requests. */ - ingressDryRun?: CustomerFacingIngressNetworkPolicy | undefined; + ingressDryRun?: IngressNetworkPolicy | undefined; } export interface AzurePrivateEndpointInfo { @@ -435,7 +430,7 @@ export interface CreateEndpointRequest { } /** Details required to configure a block list or allow list. */ -export interface CreateIpAccessList { +export interface CreateIpAccessListRequest { /** Label for the IP access list. This **cannot** be empty. */ label?: string | undefined; listType?: IpAccessListType | undefined; @@ -622,517 +617,32 @@ export interface CreateVpcEndpointRequest { | { $case: 'gcpVpcEndpointInfo'; /** The cloud info of this vpc endpoint. */ - gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo; + gcpVpcEndpointInfo: GcpVpcEndpointInfo; } | undefined; } -export interface CustomerFacingGcpVpcEndpointInfo { - pscConnectionId?: string | undefined; - projectId?: string | undefined; - pscEndpointName?: string | undefined; - endpointRegion?: string | undefined; - serviceAttachmentId?: string | undefined; -} - -/** - * This proto is under development. - * The network policies applying for ingress traffic. - * Any changes here should also be synced to estore/namespaces/lakehousenetworkmanager/latest.proto. - */ -export interface CustomerFacingIngressNetworkPolicy { - /** - * The network policy restrictions for public access to the workspace. - * Configures how public internet traffic is allowed or denied access. - */ - publicAccess?: CustomerFacingIngressNetworkPolicy_PublicAccess | undefined; +export interface CustomerFacingNetworkConnectivityConfigEgressConfig { /** - * The network policy restrictions for private access to the workspace. - * Configures how registered private endpoints are allowed or denied access. + * The network connectivity rules that are applied by default without resource specific configurations. + * You can find the stable network information of your serverless compute resources here. */ - privateAccess?: CustomerFacingIngressNetworkPolicy_PrivateAccess | undefined; - crossWorkspaceAccess?: - | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess + defaultRules?: NetworkConnectivityConfigEgressConfig_DefaultRule | undefined; + /** The network connectivity rules that configured for each destinations. These rules override default rules. */ + targetRules?: + | CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule | undefined; } +/** Target rule controls the egress rules that are dedicated to specific resources. */ // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_AccountApiDestination { - scopes?: string[] | undefined; - /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */ - scopeQualifier?: - | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination { - /** Must be set to true. */ - allDestinations?: boolean | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_AccountUiDestination { - /** Must be set to true. */ - allDestinations?: boolean | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination { - /** Must be set to true. */ - allDestinations?: boolean | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_Authentication { - identityType?: - | CustomerFacingIngressNetworkPolicy_Authentication_IdentityType - | undefined; - /** Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES. */ - identities?: - | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity[] - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_AuthenticationIdentity { - principalType?: - | CustomerFacingIngressNetworkPolicy_AuthenticationIdentity_PrincipalType - | undefined; - principalId?: bigint | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess { - restrictionMode?: - | CustomerFacingIngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode - | undefined; - denyRules?: - | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[] - | undefined; - allowRules?: - | CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule[] - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule { - origin?: - | CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin - | undefined; - destination?: - | CustomerFacingIngressNetworkPolicy_RequestDestination - | undefined; - authentication?: - | CustomerFacingIngressNetworkPolicy_Authentication - | undefined; - /** The label for this ingress rule. */ - label?: string | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrigin { - source?: - | { - $case: 'allSourceWorkspaces'; - /** Matches all source workspaces. */ - allSourceWorkspaces: boolean; - } - | { - $case: 'selectedWorkspaces'; - /** Specific source workspace IDs to match. */ - selectedWorkspaces: CustomerFacingIngressNetworkPolicy_WorkspaceIdList; - } - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_Endpoints { - endpointIds?: string[] | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_IpRanges { - /** We only support IPv4 and IPv4 CIDR notation for now. */ - ipRanges?: string[] | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination { - /** Must be set to true. */ - allDestinations?: boolean | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PrivateAccess { - restrictionMode?: - | CustomerFacingIngressNetworkPolicy_PrivateAccess_RestrictionMode - | undefined; - denyRules?: - | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[] - | undefined; - allowRules?: - | CustomerFacingIngressNetworkPolicy_PrivateIngressRule[] - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PrivateIngressRule { - origin?: CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin | undefined; - destination?: - | CustomerFacingIngressNetworkPolicy_RequestDestination - | undefined; - authentication?: - | CustomerFacingIngressNetworkPolicy_Authentication - | undefined; - /** The label for this ingress rule. */ - label?: string | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PrivateRequestOrigin { - source?: - | { - $case: 'endpoints'; - endpoints: CustomerFacingIngressNetworkPolicy_Endpoints; - } - | {$case: 'allRegisteredEndpoints'; allRegisteredEndpoints: boolean} - | {$case: 'azureWorkspacePrivateLink'; azureWorkspacePrivateLink: boolean} - | {$case: 'allPrivateAccess'; allPrivateAccess: boolean} - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PublicAccess { - restrictionMode?: - | CustomerFacingIngressNetworkPolicy_PublicAccess_RestrictionMode - | undefined; - denyRules?: - | CustomerFacingIngressNetworkPolicy_PublicIngressRule[] - | undefined; - allowRules?: - | CustomerFacingIngressNetworkPolicy_PublicIngressRule[] - | undefined; -} - -/** - * An ingress rule is enforced when a request satisfies all - * specified attributes — including request origin, destination, and authentication. - */ -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PublicIngressRule { - origin?: CustomerFacingIngressNetworkPolicy_PublicRequestOrigin | undefined; - destination?: - | CustomerFacingIngressNetworkPolicy_RequestDestination - | undefined; - authentication?: - | CustomerFacingIngressNetworkPolicy_Authentication - | undefined; - /** The label for this ingress rule. */ - label?: string | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_PublicRequestOrigin { - source?: - | { - $case: 'allIpRanges'; - /** Matches all IPv4 and IPv6 ranges (both public and private). */ - allIpRanges: boolean; - } - | { - $case: 'includedIpRanges'; - /** Will not allow IP ranges with private IPs. */ - includedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges; - } - | { - $case: 'excludedIpRanges'; - /** Excluded means: all public IP ranges except this one. */ - excludedIpRanges: CustomerFacingIngressNetworkPolicy_IpRanges; - } - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_RequestDestination { - /** - * When true, match all destinations, no other destination fields can be set. - * When not set or false, at least one specific destination must be provided. - */ - allDestinations?: boolean | undefined; - workspaceUi?: - | CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination - | undefined; - workspaceApi?: - | CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination - | undefined; - appsRuntime?: - | CustomerFacingIngressNetworkPolicy_AppsRuntimeDestination - | undefined; - lakebaseRuntime?: - | CustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestination - | undefined; - accountUi?: - | CustomerFacingIngressNetworkPolicy_AccountUiDestination - | undefined; - accountApi?: - | CustomerFacingIngressNetworkPolicy_AccountApiDestination - | undefined; - /** - * Account DatabricksOne destination is not supported. - * DO NOT change the stage of this destination past PRIVATE_PREVIEW. - */ - accountDatabricksOne?: - | CustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestination - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_WorkspaceApiDestination { - scopes?: string[] | undefined; - /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */ - scopeQualifier?: - | CustomerFacingIngressNetworkPolicy_ApiScopeQualifier - | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_WorkspaceIdList { - workspaceIds?: bigint[] | undefined; -} - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingIngressNetworkPolicy_WorkspaceUiDestination { - /** Must be set to true. */ - allDestinations?: boolean | undefined; -} - -/** Properties of the new network connectivity configuration. */ -export interface CustomerFacingNetworkConnectivityConfig { - /** network connectivity configuration ID. */ - networkConnectivityConfigId?: string | undefined; - /** Your account ID. You can find your account ID in your accounts console. */ - accountId?: string | undefined; - /** - * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens, - * and underscores. The length must be between 3 and 30 characters. The name must match the regular - * expression ^[0-9a-zA-Z-_]{3,30}$ - */ - name?: string | undefined; - /** - * The region for the network connectivity configuration. - * Only workspaces in the same region can be attached to the network connectivity configuration. - */ - region?: string | undefined; - /** The network connectivity rules that apply to network traffic from your serverless compute resources. */ - egressConfig?: - | CustomerFacingNetworkConnectivityConfigEgressConfig - | undefined; - /** Time in epoch milliseconds when this object was updated. */ - updatedTime?: bigint | undefined; - /** Time in epoch milliseconds when this object was created. */ - creationTime?: bigint | undefined; -} - -/** - * Properties of the new private endpoint rule. - * Note that for private endpoints towards a VPC endpoint service behind a customer-managed NLB, - * you must approve the endpoint in AWS console after initialization. - */ -export interface CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule { - /** The ID of a private endpoint rule. */ - ruleId?: string | undefined; - /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */ - networkConnectivityConfigId?: string | undefined; - /** account ID. You can find your account ID from the Accounts Console. */ - accountId?: string | undefined; - /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */ - endpointService?: string | undefined; - /** - * Only used by private endpoints towards a VPC endpoint service for customer-managed VPC endpoint service. - * - * The target AWS resource FQDNs accessible via the VPC endpoint service. - * When updating this field, we perform full update on this field. Please ensure a full list of desired domain_names is provided. - */ - domainNames?: string[] | undefined; - /** - * Only used by private endpoints towards AWS S3 service. - * - * The globally unique S3 bucket names that will be accessed via the VPC endpoint. - * The bucket names must be in the same region as the NCC/endpoint service. - * When updating this field, we perform full update on this field. - * Please ensure a full list of desired resource_names is provided. - */ - resourceNames?: string[] | undefined; - /** The AWS VPC endpoint ID. You can use this ID to identify VPC endpoint created by . */ - vpcEndpointId?: string | undefined; - /** - * The current status of this private endpoint. The private endpoint rules are effective only if the connection state - * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the AWS console - * before they take effect. - * The possible values are: - * - PENDING: The endpoint has been created and pending approval. - * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. - * - REJECTED: Connection was rejected by the private link resource owner. - * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. - * - EXPIRED: If the endpoint is created but not approved in 14 days, it is EXPIRED. - */ - connectionState?: - | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState - | undefined; - /** Time in epoch milliseconds when this object was created. */ - creationTime?: bigint | undefined; - /** Time in epoch milliseconds when this object was updated. */ - updatedTime?: bigint | undefined; - /** Whether this private endpoint is deactivated. */ - deactivated?: boolean | undefined; - /** Time in epoch milliseconds when this object was deactivated. */ - deactivatedAt?: bigint | undefined; - /** - * Only used by private endpoints towards an AWS S3 service. - * - * Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. - */ - enabled?: boolean | undefined; - errorMessage?: string | undefined; -} - -/** - * Properties of the new private endpoint rule. - * Note that you must approve the endpoint in Azure portal after initialization. - */ -export interface CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule { - /** The ID of a private endpoint rule. */ - ruleId?: string | undefined; - /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */ - networkConnectivityConfigId?: string | undefined; - /** The Azure resource ID of the target resource. */ - resourceId?: string | undefined; - /** - * Only used by private endpoints to Azure first-party services. - * - * The sub-resource type (group ID) of the target resource. - * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. - */ - groupId?: string | undefined; - /** The name of the Azure private endpoint resource. */ - endpointName?: string | undefined; - /** - * The current status of this private endpoint. The private endpoint rules are effective only if the connection state - * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal - * before they take effect. - * The possible values are: - * - INIT: (deprecated) The endpoint has been created and pending approval. - * - PENDING: The endpoint has been created and pending approval. - * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. - * - REJECTED: Connection was rejected by the private link resource owner. - * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. - * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. - */ - connectionState?: - | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState - | undefined; - /** Time in epoch milliseconds when this object was created. */ - creationTime?: bigint | undefined; - /** Time in epoch milliseconds when this object was updated. */ - updatedTime?: bigint | undefined; - /** Whether this private endpoint is deactivated. */ - deactivated?: boolean | undefined; - /** Time in epoch milliseconds when this object was deactivated. */ - deactivatedAt?: bigint | undefined; - /** - * Not used by customer-managed private endpoint services. - * - * Domain names of target private link service. - * When updating this field, the full list of target domain_names must be specified. - */ - domainNames?: string[] | undefined; - errorMessage?: string | undefined; -} - -export interface CustomerFacingNetworkConnectivityConfigEgressConfig { - /** - * The network connectivity rules that are applied by default without resource specific configurations. - * You can find the stable network information of your serverless compute resources here. - */ - defaultRules?: NetworkConnectivityConfigEgressConfig_DefaultRule | undefined; - /** The network connectivity rules that configured for each destinations. These rules override default rules. */ - targetRules?: - | CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule - | undefined; -} - -/** Target rule controls the egress rules that are dedicated to specific resources. */ -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export interface CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule { - azurePrivateEndpointRules?: - | CustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRule[] - | undefined; - /** AWS private endpoint rule controls the AWS private endpoint based egress rules. */ - awsPrivateEndpointRules?: - | CustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRule[] - | undefined; -} - -/** * */ -export interface CustomerFacingPrivateAccessSettings { - /** private access settings ID. */ - privateAccessSettingsId?: string | undefined; - /** The account ID that hosts the private access settings. */ - accountId?: string | undefined; - /** The human-readable name of the private access settings object. */ - privateAccessSettingsName?: string | undefined; - /** The AWS region for workspaces attached to this private access settings object. */ - region?: string | undefined; - /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */ - publicAccessEnabled?: boolean | undefined; - /** - * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. - * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your account connect to your workspace. - * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids. - */ - privateAccessLevel?: PrivateAccessLevel | undefined; - /** - * An array of Databricks VPC endpoint IDs. This is the ID that is returned when registering the VPC endpoint configuration in your account. This is not the ID of the VPC endpoint in AWS. - * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink. - * If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists. - */ - allowedVpcEndpointIds?: string[] | undefined; -} - -/** * */ -export interface CustomerFacingVpcEndpoint { - /** Databricks VPC endpoint ID. This is the -specific name of the VPC endpoint. Do not confuse this with the `aws_vpc_endpoint_id`, which is the ID within AWS of the VPC endpoint. */ - vpcEndpointId?: string | undefined; - /** The account ID that hosts the VPC endpoint configuration. */ - accountId?: string | undefined; - /** The human-readable name of the storage configuration. */ - vpcEndpointName?: string | undefined; - /** The ID of the VPC endpoint object in AWS. */ - awsVpcEndpointId?: string | undefined; - /** The ID of the [endpoint service](https://docs.aws.amazon.com/vpc/latest/privatelink/endpoint-service.html) that this VPC endpoint is connected to. For a list of endpoint service IDs for each supported AWS region, see the [Databricks PrivateLink documentation](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html). */ - awsEndpointServiceId?: string | undefined; - /** - * This enumeration represents the type of Databricks VPC endpoint service that was used when creating this VPC endpoint. - * If the VPC endpoint connects to the control plane for either the front-end connection or the back-end REST API connection, the value is GENERAL_ACCESS. - * If the VPC endpoint connects to the workspace for the back-end secure cluster connectivity relay, the value is DATAPLANE_RELAY_ACCESS. - */ - useCase?: CustomerFacingVpcEndpointUseCase | undefined; - /** The AWS region in which this VPC endpoint object exists. */ - region?: string | undefined; - /** The AWS Account in which the VPC endpoint object exists. */ - awsAccountId?: string | undefined; - /** The current state (such as `available` or `rejected`) of the VPC endpoint. Derived from AWS. For the full set of values, see [AWS DescribeVpcEndpoint documentation](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html). */ - state?: string | undefined; - vpcEndpointInfo?: - | { - $case: 'gcpVpcEndpointInfo'; - /** - * The cloud info of this vpc endpoint. - * Info for a GCP vpc endpoint. - */ - gcpVpcEndpointInfo: CustomerFacingGcpVpcEndpointInfo; - } +export interface CustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRule { + azurePrivateEndpointRules?: + | NetworkConnectivityConfigAzurePrivateEndpointRule[] + | undefined; + /** AWS private endpoint rule controls the AWS private endpoint based egress rules. */ + awsPrivateEndpointRules?: + | NetworkConnectivityConfigAwsPrivateEndpointRule[] | undefined; } @@ -1151,7 +661,7 @@ export interface DeleteEndpointRequest { name?: string | undefined; } -export interface DeleteIpAccessList { +export interface DeleteIpAccessListRequest { /** The ID for the corresponding IP access list */ listId?: string | undefined; } @@ -1379,77 +889,306 @@ export interface GcpNetworkInfo { serviceIpRangeName?: string | undefined; } -/** Next Id: 3 */ -export interface GetAccountIpAccessListRequest { - accountId?: string | undefined; - /** The ID for the corresponding IP access list */ - listId?: string | undefined; +export interface GcpVpcEndpointInfo { + pscConnectionId?: string | undefined; + projectId?: string | undefined; + pscEndpointName?: string | undefined; + endpointRegion?: string | undefined; + serviceAttachmentId?: string | undefined; +} + +/** Next Id: 3 */ +export interface GetAccountIpAccessListRequest { + accountId?: string | undefined; + /** The ID for the corresponding IP access list */ + listId?: string | undefined; +} + +export interface GetAccountIpAccessListResponse { + ipAccessList?: AccountIpAccessList | undefined; +} + +export interface GetEndpointRequest { + name?: string | undefined; +} + +export interface GetIpAccessListRequest { + /** The ID for the corresponding IP access list */ + listId?: string | undefined; +} + +/** An IP access list was successfully returned. */ +export interface GetIpAccessListResponse { + ipAccessList?: IpAccessList | undefined; +} + +export interface GetNccPrivateEndpointRuleRequest { + /** Your account ID. You can find your account ID in your accounts console. */ + accountId?: string | undefined; + /** Your Network Connectvity Configuration ID. */ + networkConnectivityConfigId?: string | undefined; + /** Your private endpoint rule ID. */ + privateEndpointRuleId?: string | undefined; +} + +/** ***************************** Public facing RPC requests and responses *****************************\// */ +export interface GetNetworkConnectivityConfigRequest { + /** Your account ID. You can find your account ID in your accounts console. */ + accountId?: string | undefined; + /** Your Network Connectivity Configuration ID. */ + networkConnectivityConfigId?: string | undefined; +} + +export interface GetNetworkPolicyRequest { + /** The unique identifier of the network policy to retrieve. */ + networkPolicyId?: string | undefined; + /** Your account ID. You can find your account ID in your accounts console. */ + accountId?: string | undefined; +} + +export interface GetNetworkRequest { + /** Databricks Account API network configuration ID. */ + networkId?: string | undefined; + accountId?: string | undefined; +} + +export interface GetPrivateAccessSettingsRequest { + privateAccessSettingsId?: string | undefined; + accountId?: string | undefined; +} + +export interface GetVpcEndpointRequest { + /** Databricks VPC endpoint ID. */ + vpcEndpointId?: string | undefined; + accountId?: string | undefined; +} + +export interface GetWorkspaceNetworkOptionRequest { + /** Your account ID. You can find your account ID in your accounts console. */ + accountId?: string | undefined; + /** The workspace ID. */ + workspaceId?: bigint | undefined; +} + +/** + * This proto is under development. + * The network policies applying for ingress traffic. + * Any changes here should also be synced to estore/namespaces/lakehousenetworkmanager/latest.proto. + */ +export interface IngressNetworkPolicy { + /** + * The network policy restrictions for public access to the workspace. + * Configures how public internet traffic is allowed or denied access. + */ + publicAccess?: IngressNetworkPolicy_PublicAccess | undefined; + /** + * The network policy restrictions for private access to the workspace. + * Configures how registered private endpoints are allowed or denied access. + */ + privateAccess?: IngressNetworkPolicy_PrivateAccess | undefined; + crossWorkspaceAccess?: IngressNetworkPolicy_CrossWorkspaceAccess | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_AccountApiDestination { + scopes?: string[] | undefined; + /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */ + scopeQualifier?: IngressNetworkPolicy_ApiScopeQualifier | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_AccountDatabricksOneDestination { + /** Must be set to true. */ + allDestinations?: boolean | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_AccountUiDestination { + /** Must be set to true. */ + allDestinations?: boolean | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_AppsRuntimeDestination { + /** Must be set to true. */ + allDestinations?: boolean | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_Authentication { + identityType?: IngressNetworkPolicy_Authentication_IdentityType | undefined; + /** Valid only when IdentityType is IDENTITY_TYPE_SELECTED_IDENTITIES. */ + identities?: IngressNetworkPolicy_AuthenticationIdentity[] | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_AuthenticationIdentity { + principalType?: + | IngressNetworkPolicy_AuthenticationIdentity_PrincipalType + | undefined; + principalId?: bigint | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_CrossWorkspaceAccess { + restrictionMode?: + | IngressNetworkPolicy_CrossWorkspaceAccess_RestrictionMode + | undefined; + denyRules?: IngressNetworkPolicy_CrossWorkspaceIngressRule[] | undefined; + allowRules?: IngressNetworkPolicy_CrossWorkspaceIngressRule[] | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_CrossWorkspaceIngressRule { + origin?: IngressNetworkPolicy_CrossWorkspaceRequestOrigin | undefined; + destination?: IngressNetworkPolicy_RequestDestination | undefined; + authentication?: IngressNetworkPolicy_Authentication | undefined; + /** The label for this ingress rule. */ + label?: string | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_CrossWorkspaceRequestOrigin { + source?: + | { + $case: 'allSourceWorkspaces'; + /** Matches all source workspaces. */ + allSourceWorkspaces: boolean; + } + | { + $case: 'selectedWorkspaces'; + /** Specific source workspace IDs to match. */ + selectedWorkspaces: IngressNetworkPolicy_WorkspaceIdList; + } + | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_Endpoints { + endpointIds?: string[] | undefined; +} + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_IpRanges { + /** We only support IPv4 and IPv4 CIDR notation for now. */ + ipRanges?: string[] | undefined; } -export interface GetAccountIpAccessListResponse { - ipAccessList?: AccountIpAccessList | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_LakebaseRuntimeDestination { + /** Must be set to true. */ + allDestinations?: boolean | undefined; } -export interface GetEndpointRequest { - name?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PrivateAccess { + restrictionMode?: + | IngressNetworkPolicy_PrivateAccess_RestrictionMode + | undefined; + denyRules?: IngressNetworkPolicy_PrivateIngressRule[] | undefined; + allowRules?: IngressNetworkPolicy_PrivateIngressRule[] | undefined; } -export interface GetIpAccessList { - /** The ID for the corresponding IP access list */ - listId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PrivateIngressRule { + origin?: IngressNetworkPolicy_PrivateRequestOrigin | undefined; + destination?: IngressNetworkPolicy_RequestDestination | undefined; + authentication?: IngressNetworkPolicy_Authentication | undefined; + /** The label for this ingress rule. */ + label?: string | undefined; } -/** An IP access list was successfully returned. */ -export interface GetIpAccessListResponse { - ipAccessList?: IpAccessList | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PrivateRequestOrigin { + source?: + | {$case: 'endpoints'; endpoints: IngressNetworkPolicy_Endpoints} + | {$case: 'allRegisteredEndpoints'; allRegisteredEndpoints: boolean} + | {$case: 'azureWorkspacePrivateLink'; azureWorkspacePrivateLink: boolean} + | {$case: 'allPrivateAccess'; allPrivateAccess: boolean} + | undefined; } -export interface GetNccPrivateEndpointRuleRequest { - /** Your account ID. You can find your account ID in your accounts console. */ - accountId?: string | undefined; - /** Your Network Connectvity Configuration ID. */ - networkConnectivityConfigId?: string | undefined; - /** Your private endpoint rule ID. */ - privateEndpointRuleId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PublicAccess { + restrictionMode?: + | IngressNetworkPolicy_PublicAccess_RestrictionMode + | undefined; + denyRules?: IngressNetworkPolicy_PublicIngressRule[] | undefined; + allowRules?: IngressNetworkPolicy_PublicIngressRule[] | undefined; } -/** ***************************** Public facing RPC requests and responses *****************************\// */ -export interface GetNetworkConnectivityConfigRequest { - /** Your account ID. You can find your account ID in your accounts console. */ - accountId?: string | undefined; - /** Your Network Connectivity Configuration ID. */ - networkConnectivityConfigId?: string | undefined; +/** + * An ingress rule is enforced when a request satisfies all + * specified attributes — including request origin, destination, and authentication. + */ +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PublicIngressRule { + origin?: IngressNetworkPolicy_PublicRequestOrigin | undefined; + destination?: IngressNetworkPolicy_RequestDestination | undefined; + authentication?: IngressNetworkPolicy_Authentication | undefined; + /** The label for this ingress rule. */ + label?: string | undefined; } -export interface GetNetworkPolicyRequest { - /** The unique identifier of the network policy to retrieve. */ - networkPolicyId?: string | undefined; - /** Your account ID. You can find your account ID in your accounts console. */ - accountId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_PublicRequestOrigin { + source?: + | { + $case: 'allIpRanges'; + /** Matches all IPv4 and IPv6 ranges (both public and private). */ + allIpRanges: boolean; + } + | { + $case: 'includedIpRanges'; + /** Will not allow IP ranges with private IPs. */ + includedIpRanges: IngressNetworkPolicy_IpRanges; + } + | { + $case: 'excludedIpRanges'; + /** Excluded means: all public IP ranges except this one. */ + excludedIpRanges: IngressNetworkPolicy_IpRanges; + } + | undefined; } -export interface GetNetworkRequest { - /** Databricks Account API network configuration ID. */ - networkId?: string | undefined; - accountId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_RequestDestination { + /** + * When true, match all destinations, no other destination fields can be set. + * When not set or false, at least one specific destination must be provided. + */ + allDestinations?: boolean | undefined; + workspaceUi?: IngressNetworkPolicy_WorkspaceUiDestination | undefined; + workspaceApi?: IngressNetworkPolicy_WorkspaceApiDestination | undefined; + appsRuntime?: IngressNetworkPolicy_AppsRuntimeDestination | undefined; + lakebaseRuntime?: IngressNetworkPolicy_LakebaseRuntimeDestination | undefined; + accountUi?: IngressNetworkPolicy_AccountUiDestination | undefined; + accountApi?: IngressNetworkPolicy_AccountApiDestination | undefined; + /** + * Account DatabricksOne destination is not supported. + * DO NOT change the stage of this destination past PRIVATE_PREVIEW. + */ + accountDatabricksOne?: + | IngressNetworkPolicy_AccountDatabricksOneDestination + | undefined; } -export interface GetPrivateAccessSettingsRequest { - privateAccessSettingsId?: string | undefined; - accountId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_WorkspaceApiDestination { + scopes?: string[] | undefined; + /** Qualifies the breadth of API access for the listed scopes. See ApiScopeQualifier. */ + scopeQualifier?: IngressNetworkPolicy_ApiScopeQualifier | undefined; } -export interface GetVpcEndpointRequest { - /** Databricks VPC endpoint ID. */ - vpcEndpointId?: string | undefined; - accountId?: string | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_WorkspaceIdList { + workspaceIds?: bigint[] | undefined; } -export interface GetWorkspaceNetworkOptionRequest { - /** Your account ID. You can find your account ID in your accounts console. */ - accountId?: string | undefined; - /** The workspace ID. */ - workspaceId?: bigint | undefined; +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export interface IngressNetworkPolicy_WorkspaceUiDestination { + /** Must be set to true. */ + allDestinations?: boolean | undefined; } /** Definition of an IP Access list */ @@ -1533,7 +1272,7 @@ export interface ListNetworkConnectivityConfigsRequest { /** The network connectivity configuration list was successfully retrieved. */ export interface ListNetworkConnectivityConfigsResponse { - items?: CustomerFacingNetworkConnectivityConfig[] | undefined; + items?: NetworkConnectivityConfig[] | undefined; /** A token that can be used to get the next page of results. If null, there are no more results to show. */ nextPageToken?: string | undefined; } @@ -1565,7 +1304,7 @@ export interface ListPrivateAccessSettingsRequest { } export interface ListPrivateAccessSettingsResponse { - privateAccessSettings?: CustomerFacingPrivateAccessSettings[] | undefined; + privateAccessSettings?: PrivateAccessSettings[] | undefined; } export interface ListVpcEndpointRequest { @@ -1573,7 +1312,7 @@ export interface ListVpcEndpointRequest { } export interface ListVpcEndpointResponse { - vpcEndpoints?: CustomerFacingVpcEndpoint[] | undefined; + vpcEndpoints?: VpcEndpoint[] | undefined; } /** @@ -1587,27 +1326,171 @@ export interface NccPrivateEndpointRule { networkConnectivityConfigId?: string | undefined; /** * The current status of this private endpoint. The private endpoint rules are effective only if the connection state - * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console + * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Cloud console + * before they take effect. + * The possible values are: + * - PENDING: The endpoint has been created and pending approval. + * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. + * - REJECTED: Connection was rejected by the private link resource owner. + * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. + * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. + * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING. + * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details. + */ + connectionState?: + | NccPrivateEndpointRule_PrivateLinkConnectionState + | undefined; + /** + * Only used by private endpoints to customer-managed private endpoint services. + * + * Domain names of target private link service. + * When updating this field, the full list of target domain_names must be specified. + */ + domainNames?: string[] | undefined; + /** Time in epoch milliseconds when this object was created. */ + creationTime?: bigint | undefined; + /** Time in epoch milliseconds when this object was updated. */ + updatedTime?: bigint | undefined; + /** Whether this private endpoint is deactivated. */ + deactivated?: boolean | undefined; + /** Time in epoch milliseconds when this object was deactivated. */ + deactivatedAt?: bigint | undefined; + errorMessage?: string | undefined; + /** The Azure resource ID of the target resource. */ + resourceId?: string | undefined; + /** + * Not used by customer-managed private endpoint services. + * + * The sub-resource type (group ID) of the target resource. + * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. + */ + groupId?: string | undefined; + /** The name of the Azure private endpoint resource. */ + endpointName?: string | undefined; + /** account ID. You can find your account ID from the Accounts Console. */ + accountId?: string | undefined; + /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */ + endpointService?: string | undefined; + /** + * Only used by private endpoints towards AWS S3 service. + * + * The globally unique S3 bucket names that will be accessed via the VPC endpoint. + * The bucket names must be in the same region as the NCC/endpoint service. + * When updating this field, we perform full update on this field. Please ensure a full list of desired + * resource_names is provided. + */ + resourceNames?: string[] | undefined; + /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by . */ + vpcEndpointId?: string | undefined; + /** + * Update this field to activate/deactivate this private endpoint to allow egress access from + * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3). + */ + enabled?: boolean | undefined; + endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined; +} + +export interface Network { + /** The network configuration ID. */ + networkId?: string | undefined; + /** The account ID associated with this network configuration. */ + accountId?: string | undefined; + /** Workspace ID associated with this network configuration. */ + workspaceId?: bigint | undefined; + /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */ + vpcId?: string | undefined; + /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */ + subnetIds?: string[] | undefined; + /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */ + securityGroupIds?: string[] | undefined; + vpcStatus?: VpcStatus | undefined; + /** Array of error messages about the network configuration. */ + errorMessages?: NetworkHealth[] | undefined; + /** The human-readable name of the network configuration. */ + networkName?: string | undefined; + /** Time in epoch milliseconds when the network was created. */ + creationTime?: bigint | undefined; + /** Array of warning messages about the network configuration. */ + warningMessages?: NetworkWarning[] | undefined; + vpcEndpoints?: NetworkVpcEndpoints | undefined; + networkInfo?: + | {$case: 'gcpNetworkInfo'; gcpNetworkInfo: GcpNetworkInfo} + | undefined; +} + +/** Properties of the new network connectivity configuration. */ +export interface NetworkConnectivityConfig { + /** network connectivity configuration ID. */ + networkConnectivityConfigId?: string | undefined; + /** Your account ID. You can find your account ID in your accounts console. */ + accountId?: string | undefined; + /** + * The name of the network connectivity configuration. The name can contain alphanumeric characters, hyphens, + * and underscores. The length must be between 3 and 30 characters. The name must match the regular + * expression ^[0-9a-zA-Z-_]{3,30}$ + */ + name?: string | undefined; + /** + * The region for the network connectivity configuration. + * Only workspaces in the same region can be attached to the network connectivity configuration. + */ + region?: string | undefined; + /** The network connectivity rules that apply to network traffic from your serverless compute resources. */ + egressConfig?: + | CustomerFacingNetworkConnectivityConfigEgressConfig + | undefined; + /** Time in epoch milliseconds when this object was updated. */ + updatedTime?: bigint | undefined; + /** Time in epoch milliseconds when this object was created. */ + creationTime?: bigint | undefined; +} + +/** + * Properties of the new private endpoint rule. + * Note that for private endpoints towards a VPC endpoint service behind a customer-managed NLB, + * you must approve the endpoint in AWS console after initialization. + */ +export interface NetworkConnectivityConfigAwsPrivateEndpointRule { + /** The ID of a private endpoint rule. */ + ruleId?: string | undefined; + /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */ + networkConnectivityConfigId?: string | undefined; + /** account ID. You can find your account ID from the Accounts Console. */ + accountId?: string | undefined; + /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */ + endpointService?: string | undefined; + /** + * Only used by private endpoints towards a VPC endpoint service for customer-managed VPC endpoint service. + * + * The target AWS resource FQDNs accessible via the VPC endpoint service. + * When updating this field, we perform full update on this field. Please ensure a full list of desired domain_names is provided. + */ + domainNames?: string[] | undefined; + /** + * Only used by private endpoints towards AWS S3 service. + * + * The globally unique S3 bucket names that will be accessed via the VPC endpoint. + * The bucket names must be in the same region as the NCC/endpoint service. + * When updating this field, we perform full update on this field. + * Please ensure a full list of desired resource_names is provided. + */ + resourceNames?: string[] | undefined; + /** The AWS VPC endpoint ID. You can use this ID to identify VPC endpoint created by . */ + vpcEndpointId?: string | undefined; + /** + * The current status of this private endpoint. The private endpoint rules are effective only if the connection state + * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the AWS console * before they take effect. * The possible values are: * - PENDING: The endpoint has been created and pending approval. * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. * - REJECTED: Connection was rejected by the private link resource owner. * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. - * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. - * - CREATING: The endpoint creation is in progress. Once successfully created, the state will transition to PENDING. - * - CREATE_FAILED: The endpoint creation failed. You can check the error_message field for more details. + * - EXPIRED: If the endpoint is created but not approved in 14 days, it is EXPIRED. */ connectionState?: - | NccPrivateEndpointRule_PrivateLinkConnectionState + | NetworkConnectivityConfigAwsPrivateEndpointRule_PrivateLinkConnectionState | undefined; - /** - * Only used by private endpoints to customer-managed private endpoint services. - * - * Domain names of target private link service. - * When updating this field, the full list of target domain_names must be specified. - */ - domainNames?: string[] | undefined; /** Time in epoch milliseconds when this object was created. */ creationTime?: bigint | undefined; /** Time in epoch milliseconds when this object was updated. */ @@ -1616,11 +1499,28 @@ export interface NccPrivateEndpointRule { deactivated?: boolean | undefined; /** Time in epoch milliseconds when this object was deactivated. */ deactivatedAt?: bigint | undefined; + /** + * Only used by private endpoints towards an AWS S3 service. + * + * Update this field to activate/deactivate this private endpoint to allow egress access from serverless compute resources. + */ + enabled?: boolean | undefined; errorMessage?: string | undefined; +} + +/** + * Properties of the new private endpoint rule. + * Note that you must approve the endpoint in Azure portal after initialization. + */ +export interface NetworkConnectivityConfigAzurePrivateEndpointRule { + /** The ID of a private endpoint rule. */ + ruleId?: string | undefined; + /** The ID of a network connectivity configuration, which is the parent resource of this private endpoint rule object. */ + networkConnectivityConfigId?: string | undefined; /** The Azure resource ID of the target resource. */ resourceId?: string | undefined; /** - * Not used by customer-managed private endpoint services. + * Only used by private endpoints to Azure first-party services. * * The sub-resource type (group ID) of the target resource. * Note that to connect to workspace root storage (root DBFS), you need two endpoints, one for blob and one for dfs. @@ -1628,55 +1528,37 @@ export interface NccPrivateEndpointRule { groupId?: string | undefined; /** The name of the Azure private endpoint resource. */ endpointName?: string | undefined; - /** account ID. You can find your account ID from the Accounts Console. */ - accountId?: string | undefined; - /** The full target AWS endpoint service name that connects to the destination resources of the private endpoint. */ - endpointService?: string | undefined; /** - * Only used by private endpoints towards AWS S3 service. - * - * The globally unique S3 bucket names that will be accessed via the VPC endpoint. - * The bucket names must be in the same region as the NCC/endpoint service. - * When updating this field, we perform full update on this field. Please ensure a full list of desired - * resource_names is provided. + * The current status of this private endpoint. The private endpoint rules are effective only if the connection state + * is ESTABLISHED. Remember that you must approve new endpoints on your resources in the Azure portal + * before they take effect. + * The possible values are: + * - INIT: (deprecated) The endpoint has been created and pending approval. + * - PENDING: The endpoint has been created and pending approval. + * - ESTABLISHED: The endpoint has been approved and is ready to use in your serverless compute resources. + * - REJECTED: Connection was rejected by the private link resource owner. + * - DISCONNECTED: Connection was removed by the private link resource owner, the private endpoint becomes informative and should be deleted for clean-up. + * - EXPIRED: If the endpoint was created but not approved in 14 days, it will be EXPIRED. */ - resourceNames?: string[] | undefined; - /** The AWS VPC endpoint ID. You can use this ID to identify the VPC endpoint created by . */ - vpcEndpointId?: string | undefined; + connectionState?: + | NetworkConnectivityConfigAzurePrivateEndpointRule_PrivateLinkConnectionState + | undefined; + /** Time in epoch milliseconds when this object was created. */ + creationTime?: bigint | undefined; + /** Time in epoch milliseconds when this object was updated. */ + updatedTime?: bigint | undefined; + /** Whether this private endpoint is deactivated. */ + deactivated?: boolean | undefined; + /** Time in epoch milliseconds when this object was deactivated. */ + deactivatedAt?: bigint | undefined; /** - * Update this field to activate/deactivate this private endpoint to allow egress access from - * serverless compute resources. Only honored for first-party services on each cloud (e.g. AWS S3). + * Not used by customer-managed private endpoint services. + * + * Domain names of target private link service. + * When updating this field, the full list of target domain_names must be specified. */ - enabled?: boolean | undefined; - endpoint?: {$case: 'gcpEndpoint'; gcpEndpoint: GcpEndpoint} | undefined; -} - -export interface Network { - /** The network configuration ID. */ - networkId?: string | undefined; - /** The account ID associated with this network configuration. */ - accountId?: string | undefined; - /** Workspace ID associated with this network configuration. */ - workspaceId?: bigint | undefined; - /** The ID of the VPC associated with this network configuration. VPC IDs can be used in multiple networks. */ - vpcId?: string | undefined; - /** IDs of at least two subnets associated with this network. Subnet IDs **cannot** be used in multiple network configurations. */ - subnetIds?: string[] | undefined; - /** IDs of one to five security groups associated with this network. Security group IDs **cannot** be used in multiple network configurations. */ - securityGroupIds?: string[] | undefined; - vpcStatus?: VpcStatus | undefined; - /** Array of error messages about the network configuration. */ - errorMessages?: NetworkHealth[] | undefined; - /** The human-readable name of the network configuration. */ - networkName?: string | undefined; - /** Time in epoch milliseconds when the network was created. */ - creationTime?: bigint | undefined; - /** Array of warning messages about the network configuration. */ - warningMessages?: NetworkWarning[] | undefined; - vpcEndpoints?: NetworkVpcEndpoints | undefined; - networkInfo?: - | {$case: 'gcpNetworkInfo'; gcpNetworkInfo: GcpNetworkInfo} - | undefined; + domainNames?: string[] | undefined; + errorMessage?: string | undefined; } /** @@ -1737,6 +1619,32 @@ export interface NetworkWarning { warningMessage?: string | undefined; } +/** * */ +export interface PrivateAccessSettings { + /** private access settings ID. */ + privateAccessSettingsId?: string | undefined; + /** The account ID that hosts the private access settings. */ + accountId?: string | undefined; + /** The human-readable name of the private access settings object. */ + privateAccessSettingsName?: string | undefined; + /** The AWS region for workspaces attached to this private access settings object. */ + region?: string | undefined; + /** Determines if the workspace can be accessed over public internet. For fully private workspaces, you can optionally specify false, but only if you implement both the front-end and the back-end PrivateLink connections. Otherwise, specify true, which means that public access is enabled. */ + publicAccessEnabled?: boolean | undefined; + /** + * The private access level controls which VPC endpoints can connect to the UI or API of any workspace that attaches this private access settings object. + * `ACCOUNT` level access (the default) allows only VPC endpoints that are registered in your account connect to your workspace. + * `ENDPOINT` level access allows only specified VPC endpoints connect to your workspace. For details, see allowed_vpc_endpoint_ids. + */ + privateAccessLevel?: PrivateAccessLevel | undefined; + /** + * An array of Databricks VPC endpoint IDs. This is the ID that is returned when registering the VPC endpoint configuration in your account. This is not the ID of the VPC endpoint in AWS. + * Only used when private_access_level is set to ENDPOINT. This is an allow list of VPC endpoints that in your account that can connect to your workspace over AWS PrivateLink. + * If hybrid access to your workspace is enabled by setting public_access_enabled to true, this control only works for PrivateLink connections. To control how your workspace is accessed via public internet, see IP access lists. + */ + allowedVpcEndpointIds?: string[] | undefined; +} + /** Details required to replace an IP access list. */ export interface ReplaceAccountIpAccessListRequest { accountId?: string | undefined; @@ -1756,7 +1664,7 @@ export interface ReplaceAccountIpAccessListResponse { } /** Details required to replace an IP access list. */ -export interface ReplaceIpAccessList { +export interface ReplaceIpAccessListRequest { /** The ID for the corresponding IP access list */ listId?: string | undefined; /** Label for the IP access list. This **cannot** be empty. */ @@ -1791,7 +1699,7 @@ export interface UpdateAccountIpAccessListResponse { } /** Details required to update an IP access list. */ -export interface UpdateIpAccessList { +export interface UpdateIpAccessListRequest { /** The ID for the corresponding IP access list */ listId?: string | undefined; /** Label for the IP access list. This **cannot** be empty. */ @@ -1830,9 +1738,7 @@ export interface UpdateNetworkPolicyRequest { export interface UpdatePrivateAccessSettingsRequest { /** Properties of the new private access settings object. */ - customerFacingPrivateAccessSettings?: - | CustomerFacingPrivateAccessSettings - | undefined; + customerFacingPrivateAccessSettings?: PrivateAccessSettings | undefined; } /** @@ -1919,6 +1825,42 @@ export interface UpdateWorkspaceNetworkOptionRequest { workspaceNetworkOption?: WorkspaceNetworkOption | undefined; } +/** * */ +export interface VpcEndpoint { + /** Databricks VPC endpoint ID. This is the -specific name of the VPC endpoint. Do not confuse this with the `aws_vpc_endpoint_id`, which is the ID within AWS of the VPC endpoint. */ + vpcEndpointId?: string | undefined; + /** The account ID that hosts the VPC endpoint configuration. */ + accountId?: string | undefined; + /** The human-readable name of the storage configuration. */ + vpcEndpointName?: string | undefined; + /** The ID of the VPC endpoint object in AWS. */ + awsVpcEndpointId?: string | undefined; + /** The ID of the [endpoint service](https://docs.aws.amazon.com/vpc/latest/privatelink/endpoint-service.html) that this VPC endpoint is connected to. For a list of endpoint service IDs for each supported AWS region, see the [Databricks PrivateLink documentation](https://docs.databricks.com/administration-guide/cloud-configurations/aws/privatelink.html). */ + awsEndpointServiceId?: string | undefined; + /** + * This enumeration represents the type of Databricks VPC endpoint service that was used when creating this VPC endpoint. + * If the VPC endpoint connects to the control plane for either the front-end connection or the back-end REST API connection, the value is GENERAL_ACCESS. + * If the VPC endpoint connects to the workspace for the back-end secure cluster connectivity relay, the value is DATAPLANE_RELAY_ACCESS. + */ + useCase?: VpcEndpointUseCase | undefined; + /** The AWS region in which this VPC endpoint object exists. */ + region?: string | undefined; + /** The AWS Account in which the VPC endpoint object exists. */ + awsAccountId?: string | undefined; + /** The current state (such as `available` or `rejected`) of the VPC endpoint. Derived from AWS. For the full set of values, see [AWS DescribeVpcEndpoint documentation](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html). */ + state?: string | undefined; + vpcEndpointInfo?: + | { + $case: 'gcpVpcEndpointInfo'; + /** + * The cloud info of this vpc endpoint. + * Info for a GCP vpc endpoint. + */ + gcpVpcEndpointInfo: GcpVpcEndpointInfo; + } + | undefined; +} + export interface WorkspaceNetworkOption { /** * The network policy ID to apply to the workspace. This controls the network access rules @@ -1976,11 +1918,9 @@ export const unmarshalAccountNetworkPolicySchema: z.ZodType unmarshalEgressNetworkPolicySchema).optional(), - ingress: z - .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema) - .optional(), + ingress: z.lazy(() => unmarshalIngressNetworkPolicySchema).optional(), ingress_dry_run: z - .lazy(() => unmarshalCustomerFacingIngressNetworkPolicySchema) + .lazy(() => unmarshalIngressNetworkPolicySchema) .optional(), }) .transform(d => ({ @@ -2026,479 +1966,302 @@ export const unmarshalCreateIpAccessListResponseSchema: z.ZodType = - z - .object({ - psc_connection_id: z.string().optional(), - project_id: z.string().optional(), - psc_endpoint_name: z.string().optional(), - endpoint_region: z.string().optional(), - service_attachment_id: z.string().optional(), - }) - .transform(d => ({ - pscConnectionId: d.psc_connection_id, - projectId: d.project_id, - pscEndpointName: d.psc_endpoint_name, - endpointRegion: d.endpoint_region, - serviceAttachmentId: d.service_attachment_id, - })); - -export const unmarshalCustomerFacingIngressNetworkPolicySchema: z.ZodType = +export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType = z .object({ - public_access: z - .lazy( - () => unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema - ) - .optional(), - private_access: z + default_rules: z .lazy( - () => unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema + () => unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema ) .optional(), - cross_workspace_access: z + target_rules: z .lazy( () => - unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema + unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema ) .optional(), }) .transform(d => ({ - publicAccess: d.public_access, - privateAccess: d.private_access, - crossWorkspaceAccess: d.cross_workspace_access, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType = - z - .object({ - scopes: z.array(z.string()).optional(), - scope_qualifier: z.string().optional(), - }) - .transform(d => ({ - scopes: d.scopes, - scopeQualifier: d.scope_qualifier, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType = - z - .object({ - all_destinations: z.boolean().optional(), - }) - .transform(d => ({ - allDestinations: d.all_destinations, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType = - z - .object({ - all_destinations: z.boolean().optional(), - }) - .transform(d => ({ - allDestinations: d.all_destinations, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType = - z - .object({ - all_destinations: z.boolean().optional(), - }) - .transform(d => ({ - allDestinations: d.all_destinations, + defaultRules: d.default_rules, + targetRules: d.target_rules, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType = +export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType = z .object({ - identity_type: z.string().optional(), - identities: z + azure_private_endpoint_rules: z .array( z.lazy( () => - unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema + unmarshalNetworkConnectivityConfigAzurePrivateEndpointRuleSchema + ) + ) + .optional(), + aws_private_endpoint_rules: z + .array( + z.lazy( + () => unmarshalNetworkConnectivityConfigAwsPrivateEndpointRuleSchema ) ) .optional(), }) .transform(d => ({ - identityType: d.identity_type, - identities: d.identities, + azurePrivateEndpointRules: d.azure_private_endpoint_rules, + awsPrivateEndpointRules: d.aws_private_endpoint_rules, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType = +export const unmarshalDeleteAccountIpAccessListResponseSchema: z.ZodType = + z.object({}); + +export const unmarshalDeleteIpAccessListResponseSchema: z.ZodType = + z.object({}); + +export const unmarshalEgressNetworkPolicySchema: z.ZodType = z .object({ - principal_type: z.string().optional(), - principal_id: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) + network_access: z + .lazy(() => unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema) .optional(), }) .transform(d => ({ - principalType: d.principal_type, - principalId: d.principal_id, + networkAccess: d.network_access, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType = +export const unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = z .object({ restriction_mode: z.string().optional(), - deny_rules: z + allowed_internet_destinations: z .array( z.lazy( () => - unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema + unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema ) ) .optional(), - allow_rules: z + allowed_storage_destinations: z .array( z.lazy( () => - unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema + unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema ) ) .optional(), - }) - .transform(d => ({ - restrictionMode: d.restriction_mode, - denyRules: d.deny_rules, - allowRules: d.allow_rules, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType = - z - .object({ - origin: z + policy_enforcement: z .lazy( () => - unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema + unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema ) .optional(), - destination: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema + blocked_internet_destinations: z + .array( + z.lazy( + () => + unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema + ) ) .optional(), - authentication: z - .lazy( - () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema + allowed_databricks_destinations: z + .array( + z.lazy( + () => + unmarshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema + ) ) .optional(), - label: z.string().optional(), }) .transform(d => ({ - origin: d.origin, - destination: d.destination, - authentication: d.authentication, - label: d.label, + restrictionMode: d.restriction_mode, + allowedInternetDestinations: d.allowed_internet_destinations, + allowedStorageDestinations: d.allowed_storage_destinations, + policyEnforcement: d.policy_enforcement, + blockedInternetDestinations: d.blocked_internet_destinations, + allowedDatabricksDestinations: d.allowed_databricks_destinations, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType = +export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema: z.ZodType = z .object({ - all_source_workspaces: z.boolean().optional(), - selected_workspaces: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema - ) + workspace_ids: z + .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v))) .optional(), }) .transform(d => ({ - source: - d.all_source_workspaces !== undefined - ? { - $case: 'allSourceWorkspaces' as const, - allSourceWorkspaces: d.all_source_workspaces, - } - : d.selected_workspaces !== undefined - ? { - $case: 'selectedWorkspaces' as const, - selectedWorkspaces: d.selected_workspaces, - } - : undefined, + workspaceIds: d.workspace_ids, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType = +export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType = z .object({ - endpoint_ids: z.array(z.string()).optional(), + destination: z.string().optional(), + internet_destination_type: z.string().optional(), }) .transform(d => ({ - endpointIds: d.endpoint_ids, + destination: d.destination, + internetDestinationType: d.internet_destination_type, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType = +export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType = z .object({ - ip_ranges: z.array(z.string()).optional(), + enforcement_mode: z.string().optional(), + dry_run_mode_product_filter: z.array(z.string()).optional(), }) .transform(d => ({ - ipRanges: d.ip_ranges, + enforcementMode: d.enforcement_mode, + dryRunModeProductFilter: d.dry_run_mode_product_filter, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType = +export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType = z .object({ - all_destinations: z.boolean().optional(), + bucket_name: z.string().optional(), + region: z.string().optional(), + storage_destination_type: z.string().optional(), + azure_storage_account: z.string().optional(), + azure_storage_service: z.string().optional(), }) .transform(d => ({ - allDestinations: d.all_destinations, + bucketName: d.bucket_name, + region: d.region, + storageDestinationType: d.storage_destination_type, + azureStorageAccount: d.azure_storage_account, + azureStorageService: d.azure_storage_service, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType = - z - .object({ - restriction_mode: z.string().optional(), - deny_rules: z - .array( - z.lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema - ) - ) - .optional(), - allow_rules: z - .array( - z.lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema - ) - ) - .optional(), - }) - .transform(d => ({ - restrictionMode: d.restriction_mode, - denyRules: d.deny_rules, - allowRules: d.allow_rules, - })); +export const unmarshalEndpointSchema: z.ZodType = z + .object({ + name: z.string().optional(), + endpoint_id: z.string().optional(), + account_id: z.string().optional(), + display_name: z.string().optional(), + use_case: z.string().optional(), + region: z.string().optional(), + state: z.string().optional(), + azure_private_endpoint_info: z + .lazy(() => unmarshalAzurePrivateEndpointInfoSchema) + .optional(), + create_time: z + .string() + .transform(s => Temporal.Instant.from(s)) + .optional(), + }) + .transform(d => ({ + name: d.name, + endpointId: d.endpoint_id, + accountId: d.account_id, + displayName: d.display_name, + useCase: d.use_case, + region: d.region, + state: d.state, + endpointInfo: + d.azure_private_endpoint_info !== undefined + ? { + $case: 'azurePrivateEndpointInfo' as const, + azurePrivateEndpointInfo: d.azure_private_endpoint_info, + } + : undefined, + createTime: d.create_time, + })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType = - z - .object({ - origin: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema - ) - .optional(), - destination: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema - ) - .optional(), - authentication: z - .lazy( - () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema - ) - .optional(), - label: z.string().optional(), - }) - .transform(d => ({ - origin: d.origin, - destination: d.destination, - authentication: d.authentication, - label: d.label, - })); +export const unmarshalGcpEndpointSchema: z.ZodType = z + .object({ + psc_endpoint_uri: z.string().optional(), + service_attachment: z.string().optional(), + }) + .transform(d => ({ + pscEndpointUri: d.psc_endpoint_uri, + targetServices: + d.service_attachment !== undefined + ? { + $case: 'serviceAttachment' as const, + serviceAttachment: d.service_attachment, + } + : undefined, + })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType = - z - .object({ - endpoints: z - .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_EndpointsSchema) - .optional(), - all_registered_endpoints: z.boolean().optional(), - azure_workspace_private_link: z.boolean().optional(), - all_private_access: z.boolean().optional(), - }) - .transform(d => ({ - source: - d.endpoints !== undefined - ? {$case: 'endpoints' as const, endpoints: d.endpoints} - : d.all_registered_endpoints !== undefined - ? { - $case: 'allRegisteredEndpoints' as const, - allRegisteredEndpoints: d.all_registered_endpoints, - } - : d.azure_workspace_private_link !== undefined - ? { - $case: 'azureWorkspacePrivateLink' as const, - azureWorkspacePrivateLink: d.azure_workspace_private_link, - } - : d.all_private_access !== undefined - ? { - $case: 'allPrivateAccess' as const, - allPrivateAccess: d.all_private_access, - } - : undefined, - })); +export const unmarshalGcpNetworkInfoSchema: z.ZodType = z + .object({ + network_project_id: z.string().optional(), + vpc_id: z.string().optional(), + subnet_id: z.string().optional(), + subnet_region: z.string().optional(), + pod_ip_range_name: z.string().optional(), + service_ip_range_name: z.string().optional(), + }) + .transform(d => ({ + networkProjectId: d.network_project_id, + vpcId: d.vpc_id, + subnetId: d.subnet_id, + subnetRegion: d.subnet_region, + podIpRangeName: d.pod_ip_range_name, + serviceIpRangeName: d.service_ip_range_name, + })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType = +export const unmarshalGcpVpcEndpointInfoSchema: z.ZodType = z .object({ - restriction_mode: z.string().optional(), - deny_rules: z - .array( - z.lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema - ) - ) - .optional(), - allow_rules: z - .array( - z.lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema - ) - ) - .optional(), + psc_connection_id: z.string().optional(), + project_id: z.string().optional(), + psc_endpoint_name: z.string().optional(), + endpoint_region: z.string().optional(), + service_attachment_id: z.string().optional(), }) .transform(d => ({ - restrictionMode: d.restriction_mode, - denyRules: d.deny_rules, - allowRules: d.allow_rules, + pscConnectionId: d.psc_connection_id, + projectId: d.project_id, + pscEndpointName: d.psc_endpoint_name, + endpointRegion: d.endpoint_region, + serviceAttachmentId: d.service_attachment_id, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType = +export const unmarshalGetAccountIpAccessListResponseSchema: z.ZodType = z .object({ - origin: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema - ) - .optional(), - destination: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema - ) - .optional(), - authentication: z - .lazy( - () => unmarshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema - ) + ip_access_list: z + .lazy(() => unmarshalAccountIpAccessListSchema) .optional(), - label: z.string().optional(), }) .transform(d => ({ - origin: d.origin, - destination: d.destination, - authentication: d.authentication, - label: d.label, + ipAccessList: d.ip_access_list, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType = +export const unmarshalGetIpAccessListResponseSchema: z.ZodType = z .object({ - all_ip_ranges: z.boolean().optional(), - included_ip_ranges: z - .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema) - .optional(), - excluded_ip_ranges: z - .lazy(() => unmarshalCustomerFacingIngressNetworkPolicy_IpRangesSchema) - .optional(), + ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(), }) .transform(d => ({ - source: - d.all_ip_ranges !== undefined - ? {$case: 'allIpRanges' as const, allIpRanges: d.all_ip_ranges} - : d.included_ip_ranges !== undefined - ? { - $case: 'includedIpRanges' as const, - includedIpRanges: d.included_ip_ranges, - } - : d.excluded_ip_ranges !== undefined - ? { - $case: 'excludedIpRanges' as const, - excludedIpRanges: d.excluded_ip_ranges, - } - : undefined, + ipAccessList: d.ip_access_list, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicySchema: z.ZodType = z .object({ - all_destinations: z.boolean().optional(), - workspace_ui: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema - ) - .optional(), - workspace_api: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema - ) - .optional(), - apps_runtime: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema - ) - .optional(), - lakebase_runtime: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema - ) - .optional(), - account_ui: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema - ) + public_access: z + .lazy(() => unmarshalIngressNetworkPolicy_PublicAccessSchema) .optional(), - account_api: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema - ) + private_access: z + .lazy(() => unmarshalIngressNetworkPolicy_PrivateAccessSchema) .optional(), - account_databricks_one: z - .lazy( - () => - unmarshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema - ) + cross_workspace_access: z + .lazy(() => unmarshalIngressNetworkPolicy_CrossWorkspaceAccessSchema) .optional(), }) .transform(d => ({ - allDestinations: d.all_destinations, - workspaceUi: d.workspace_ui, - workspaceApi: d.workspace_api, - appsRuntime: d.apps_runtime, - lakebaseRuntime: d.lakebase_runtime, - accountUi: d.account_ui, - accountApi: d.account_api, - accountDatabricksOne: d.account_databricks_one, + publicAccess: d.public_access, + privateAccess: d.private_access, + crossWorkspaceAccess: d.cross_workspace_access, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType = z .object({ scopes: z.array(z.string()).optional(), @@ -2510,19 +2273,17 @@ export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestination })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType = z .object({ - workspace_ids: z - .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v))) - .optional(), + all_destinations: z.boolean().optional(), }) .transform(d => ({ - workspaceIds: d.workspace_ids, + allDestinations: d.all_destinations, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType = z .object({ all_destinations: z.boolean().optional(), @@ -2531,435 +2292,378 @@ export const unmarshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationS allDestinations: d.all_destinations, })); -export const unmarshalCustomerFacingNetworkConnectivityConfigSchema: z.ZodType = - z - .object({ - network_connectivity_config_id: z.string().optional(), - account_id: z.string().optional(), - name: z.string().optional(), - region: z.string().optional(), - egress_config: z - .lazy( - () => - unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema - ) - .optional(), - updated_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - creation_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - }) - .transform(d => ({ - networkConnectivityConfigId: d.network_connectivity_config_id, - accountId: d.account_id, - name: d.name, - region: d.region, - egressConfig: d.egress_config, - updatedTime: d.updated_time, - creationTime: d.creation_time, - })); - -export const unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType = z .object({ - rule_id: z.string().optional(), - network_connectivity_config_id: z.string().optional(), - account_id: z.string().optional(), - endpoint_service: z.string().optional(), - domain_names: z.array(z.string()).optional(), - resource_names: z.array(z.string()).optional(), - vpc_endpoint_id: z.string().optional(), - connection_state: z.string().optional(), - creation_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - updated_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - deactivated: z.boolean().optional(), - deactivated_at: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - enabled: z.boolean().optional(), - error_message: z.string().optional(), + all_destinations: z.boolean().optional(), }) .transform(d => ({ - ruleId: d.rule_id, - networkConnectivityConfigId: d.network_connectivity_config_id, - accountId: d.account_id, - endpointService: d.endpoint_service, - domainNames: d.domain_names, - resourceNames: d.resource_names, - vpcEndpointId: d.vpc_endpoint_id, - connectionState: d.connection_state, - creationTime: d.creation_time, - updatedTime: d.updated_time, - deactivated: d.deactivated, - deactivatedAt: d.deactivated_at, - enabled: d.enabled, - errorMessage: d.error_message, + allDestinations: d.all_destinations, })); -export const unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_AuthenticationSchema: z.ZodType = z .object({ - rule_id: z.string().optional(), - network_connectivity_config_id: z.string().optional(), - resource_id: z.string().optional(), - group_id: z.string().optional(), - endpoint_name: z.string().optional(), - connection_state: z.string().optional(), - creation_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - updated_time: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) - .optional(), - deactivated: z.boolean().optional(), - deactivated_at: z - .union([z.number(), z.bigint()]) - .transform(v => BigInt(v)) + identity_type: z.string().optional(), + identities: z + .array( + z.lazy( + () => unmarshalIngressNetworkPolicy_AuthenticationIdentitySchema + ) + ) .optional(), - domain_names: z.array(z.string()).optional(), - error_message: z.string().optional(), }) .transform(d => ({ - ruleId: d.rule_id, - networkConnectivityConfigId: d.network_connectivity_config_id, - resourceId: d.resource_id, - groupId: d.group_id, - endpointName: d.endpoint_name, - connectionState: d.connection_state, - creationTime: d.creation_time, - updatedTime: d.updated_time, - deactivated: d.deactivated, - deactivatedAt: d.deactivated_at, - domainNames: d.domain_names, - errorMessage: d.error_message, + identityType: d.identity_type, + identities: d.identities, })); -export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType = - z - .object({ - default_rules: z - .lazy( - () => unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema - ) - .optional(), - target_rules: z - .lazy( - () => - unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema - ) +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType = + z + .object({ + principal_type: z.string().optional(), + principal_id: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) .optional(), }) .transform(d => ({ - defaultRules: d.default_rules, - targetRules: d.target_rules, + principalType: d.principal_type, + principalId: d.principal_id, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType = z .object({ - azure_private_endpoint_rules: z + restriction_mode: z.string().optional(), + deny_rules: z .array( z.lazy( - () => - unmarshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema + () => unmarshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema ) ) .optional(), - aws_private_endpoint_rules: z + allow_rules: z .array( z.lazy( - () => - unmarshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema + () => unmarshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema ) ) .optional(), }) .transform(d => ({ - azurePrivateEndpointRules: d.azure_private_endpoint_rules, - awsPrivateEndpointRules: d.aws_private_endpoint_rules, + restrictionMode: d.restriction_mode, + denyRules: d.deny_rules, + allowRules: d.allow_rules, })); -export const unmarshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType = z .object({ - private_access_settings_id: z.string().optional(), - account_id: z.string().optional(), - private_access_settings_name: z.string().optional(), - region: z.string().optional(), - public_access_enabled: z.boolean().optional(), - private_access_level: z.string().optional(), - allowed_vpc_endpoint_ids: z.array(z.string()).optional(), + origin: z + .lazy( + () => unmarshalIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema + ) + .optional(), + destination: z + .lazy(() => unmarshalIngressNetworkPolicy_RequestDestinationSchema) + .optional(), + authentication: z + .lazy(() => unmarshalIngressNetworkPolicy_AuthenticationSchema) + .optional(), + label: z.string().optional(), }) .transform(d => ({ - privateAccessSettingsId: d.private_access_settings_id, - accountId: d.account_id, - privateAccessSettingsName: d.private_access_settings_name, - region: d.region, - publicAccessEnabled: d.public_access_enabled, - privateAccessLevel: d.private_access_level, - allowedVpcEndpointIds: d.allowed_vpc_endpoint_ids, + origin: d.origin, + destination: d.destination, + authentication: d.authentication, + label: d.label, })); -export const unmarshalCustomerFacingVpcEndpointSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType = z .object({ - vpc_endpoint_id: z.string().optional(), - account_id: z.string().optional(), - vpc_endpoint_name: z.string().optional(), - aws_vpc_endpoint_id: z.string().optional(), - aws_endpoint_service_id: z.string().optional(), - use_case: z.string().optional(), - region: z.string().optional(), - aws_account_id: z.string().optional(), - state: z.string().optional(), - gcp_vpc_endpoint_info: z - .lazy(() => unmarshalCustomerFacingGcpVpcEndpointInfoSchema) + all_source_workspaces: z.boolean().optional(), + selected_workspaces: z + .lazy(() => unmarshalIngressNetworkPolicy_WorkspaceIdListSchema) .optional(), }) .transform(d => ({ - vpcEndpointId: d.vpc_endpoint_id, - accountId: d.account_id, - vpcEndpointName: d.vpc_endpoint_name, - awsVpcEndpointId: d.aws_vpc_endpoint_id, - awsEndpointServiceId: d.aws_endpoint_service_id, - useCase: d.use_case, - region: d.region, - awsAccountId: d.aws_account_id, - state: d.state, - vpcEndpointInfo: - d.gcp_vpc_endpoint_info !== undefined + source: + d.all_source_workspaces !== undefined ? { - $case: 'gcpVpcEndpointInfo' as const, - gcpVpcEndpointInfo: d.gcp_vpc_endpoint_info, + $case: 'allSourceWorkspaces' as const, + allSourceWorkspaces: d.all_source_workspaces, } - : undefined, + : d.selected_workspaces !== undefined + ? { + $case: 'selectedWorkspaces' as const, + selectedWorkspaces: d.selected_workspaces, + } + : undefined, })); -export const unmarshalDeleteAccountIpAccessListResponseSchema: z.ZodType = - z.object({}); +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_EndpointsSchema: z.ZodType = + z + .object({ + endpoint_ids: z.array(z.string()).optional(), + }) + .transform(d => ({ + endpointIds: d.endpoint_ids, + })); -export const unmarshalDeleteIpAccessListResponseSchema: z.ZodType = - z.object({}); +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_IpRangesSchema: z.ZodType = + z + .object({ + ip_ranges: z.array(z.string()).optional(), + }) + .transform(d => ({ + ipRanges: d.ip_ranges, + })); -export const unmarshalEgressNetworkPolicySchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType = z .object({ - network_access: z - .lazy(() => unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema) - .optional(), + all_destinations: z.boolean().optional(), }) .transform(d => ({ - networkAccess: d.network_access, + allDestinations: d.all_destinations, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_PrivateAccessSchema: z.ZodType = z .object({ restriction_mode: z.string().optional(), - allowed_internet_destinations: z + deny_rules: z .array( - z.lazy( - () => - unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema - ) + z.lazy(() => unmarshalIngressNetworkPolicy_PrivateIngressRuleSchema) ) .optional(), - allowed_storage_destinations: z + allow_rules: z .array( - z.lazy( - () => - unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema - ) + z.lazy(() => unmarshalIngressNetworkPolicy_PrivateIngressRuleSchema) ) .optional(), - policy_enforcement: z - .lazy( - () => - unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema - ) + }) + .transform(d => ({ + restrictionMode: d.restriction_mode, + denyRules: d.deny_rules, + allowRules: d.allow_rules, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType = + z + .object({ + origin: z + .lazy(() => unmarshalIngressNetworkPolicy_PrivateRequestOriginSchema) .optional(), - blocked_internet_destinations: z + destination: z + .lazy(() => unmarshalIngressNetworkPolicy_RequestDestinationSchema) + .optional(), + authentication: z + .lazy(() => unmarshalIngressNetworkPolicy_AuthenticationSchema) + .optional(), + label: z.string().optional(), + }) + .transform(d => ({ + origin: d.origin, + destination: d.destination, + authentication: d.authentication, + label: d.label, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType = + z + .object({ + endpoints: z + .lazy(() => unmarshalIngressNetworkPolicy_EndpointsSchema) + .optional(), + all_registered_endpoints: z.boolean().optional(), + azure_workspace_private_link: z.boolean().optional(), + all_private_access: z.boolean().optional(), + }) + .transform(d => ({ + source: + d.endpoints !== undefined + ? {$case: 'endpoints' as const, endpoints: d.endpoints} + : d.all_registered_endpoints !== undefined + ? { + $case: 'allRegisteredEndpoints' as const, + allRegisteredEndpoints: d.all_registered_endpoints, + } + : d.azure_workspace_private_link !== undefined + ? { + $case: 'azureWorkspacePrivateLink' as const, + azureWorkspacePrivateLink: d.azure_workspace_private_link, + } + : d.all_private_access !== undefined + ? { + $case: 'allPrivateAccess' as const, + allPrivateAccess: d.all_private_access, + } + : undefined, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_PublicAccessSchema: z.ZodType = + z + .object({ + restriction_mode: z.string().optional(), + deny_rules: z .array( - z.lazy( - () => - unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema - ) + z.lazy(() => unmarshalIngressNetworkPolicy_PublicIngressRuleSchema) ) .optional(), - allowed_databricks_destinations: z + allow_rules: z .array( - z.lazy( - () => - unmarshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema - ) + z.lazy(() => unmarshalIngressNetworkPolicy_PublicIngressRuleSchema) ) .optional(), }) .transform(d => ({ restrictionMode: d.restriction_mode, - allowedInternetDestinations: d.allowed_internet_destinations, - allowedStorageDestinations: d.allowed_storage_destinations, - policyEnforcement: d.policy_enforcement, - blockedInternetDestinations: d.blocked_internet_destinations, - allowedDatabricksDestinations: d.allowed_databricks_destinations, + denyRules: d.deny_rules, + allowRules: d.allow_rules, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType = z .object({ - workspace_ids: z - .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v))) + origin: z + .lazy(() => unmarshalIngressNetworkPolicy_PublicRequestOriginSchema) .optional(), + destination: z + .lazy(() => unmarshalIngressNetworkPolicy_RequestDestinationSchema) + .optional(), + authentication: z + .lazy(() => unmarshalIngressNetworkPolicy_AuthenticationSchema) + .optional(), + label: z.string().optional(), }) .transform(d => ({ - workspaceIds: d.workspace_ids, + origin: d.origin, + destination: d.destination, + authentication: d.authentication, + label: d.label, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType = z .object({ - destination: z.string().optional(), - internet_destination_type: z.string().optional(), + all_ip_ranges: z.boolean().optional(), + included_ip_ranges: z + .lazy(() => unmarshalIngressNetworkPolicy_IpRangesSchema) + .optional(), + excluded_ip_ranges: z + .lazy(() => unmarshalIngressNetworkPolicy_IpRangesSchema) + .optional(), }) .transform(d => ({ - destination: d.destination, - internetDestinationType: d.internet_destination_type, + source: + d.all_ip_ranges !== undefined + ? {$case: 'allIpRanges' as const, allIpRanges: d.all_ip_ranges} + : d.included_ip_ranges !== undefined + ? { + $case: 'includedIpRanges' as const, + includedIpRanges: d.included_ip_ranges, + } + : d.excluded_ip_ranges !== undefined + ? { + $case: 'excludedIpRanges' as const, + excludedIpRanges: d.excluded_ip_ranges, + } + : undefined, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_RequestDestinationSchema: z.ZodType = z .object({ - enforcement_mode: z.string().optional(), - dry_run_mode_product_filter: z.array(z.string()).optional(), + all_destinations: z.boolean().optional(), + workspace_ui: z + .lazy(() => unmarshalIngressNetworkPolicy_WorkspaceUiDestinationSchema) + .optional(), + workspace_api: z + .lazy(() => unmarshalIngressNetworkPolicy_WorkspaceApiDestinationSchema) + .optional(), + apps_runtime: z + .lazy(() => unmarshalIngressNetworkPolicy_AppsRuntimeDestinationSchema) + .optional(), + lakebase_runtime: z + .lazy( + () => unmarshalIngressNetworkPolicy_LakebaseRuntimeDestinationSchema + ) + .optional(), + account_ui: z + .lazy(() => unmarshalIngressNetworkPolicy_AccountUiDestinationSchema) + .optional(), + account_api: z + .lazy(() => unmarshalIngressNetworkPolicy_AccountApiDestinationSchema) + .optional(), + account_databricks_one: z + .lazy( + () => + unmarshalIngressNetworkPolicy_AccountDatabricksOneDestinationSchema + ) + .optional(), }) .transform(d => ({ - enforcementMode: d.enforcement_mode, - dryRunModeProductFilter: d.dry_run_mode_product_filter, + allDestinations: d.all_destinations, + workspaceUi: d.workspace_ui, + workspaceApi: d.workspace_api, + appsRuntime: d.apps_runtime, + lakebaseRuntime: d.lakebase_runtime, + accountUi: d.account_ui, + accountApi: d.account_api, + accountDatabricksOne: d.account_databricks_one, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const unmarshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType = +export const unmarshalIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType = z .object({ - bucket_name: z.string().optional(), - region: z.string().optional(), - storage_destination_type: z.string().optional(), - azure_storage_account: z.string().optional(), - azure_storage_service: z.string().optional(), + scopes: z.array(z.string()).optional(), + scope_qualifier: z.string().optional(), }) .transform(d => ({ - bucketName: d.bucket_name, - region: d.region, - storageDestinationType: d.storage_destination_type, - azureStorageAccount: d.azure_storage_account, - azureStorageService: d.azure_storage_service, + scopes: d.scopes, + scopeQualifier: d.scope_qualifier, })); -export const unmarshalEndpointSchema: z.ZodType = z - .object({ - name: z.string().optional(), - endpoint_id: z.string().optional(), - account_id: z.string().optional(), - display_name: z.string().optional(), - use_case: z.string().optional(), - region: z.string().optional(), - state: z.string().optional(), - azure_private_endpoint_info: z - .lazy(() => unmarshalAzurePrivateEndpointInfoSchema) - .optional(), - create_time: z - .string() - .transform(s => Temporal.Instant.from(s)) - .optional(), - }) - .transform(d => ({ - name: d.name, - endpointId: d.endpoint_id, - accountId: d.account_id, - displayName: d.display_name, - useCase: d.use_case, - region: d.region, - state: d.state, - endpointInfo: - d.azure_private_endpoint_info !== undefined - ? { - $case: 'azurePrivateEndpointInfo' as const, - azurePrivateEndpointInfo: d.azure_private_endpoint_info, - } - : undefined, - createTime: d.create_time, - })); - -export const unmarshalGcpEndpointSchema: z.ZodType = z - .object({ - psc_endpoint_uri: z.string().optional(), - service_attachment: z.string().optional(), - }) - .transform(d => ({ - pscEndpointUri: d.psc_endpoint_uri, - targetServices: - d.service_attachment !== undefined - ? { - $case: 'serviceAttachment' as const, - serviceAttachment: d.service_attachment, - } - : undefined, - })); - -export const unmarshalGcpNetworkInfoSchema: z.ZodType = z - .object({ - network_project_id: z.string().optional(), - vpc_id: z.string().optional(), - subnet_id: z.string().optional(), - subnet_region: z.string().optional(), - pod_ip_range_name: z.string().optional(), - service_ip_range_name: z.string().optional(), - }) - .transform(d => ({ - networkProjectId: d.network_project_id, - vpcId: d.vpc_id, - subnetId: d.subnet_id, - subnetRegion: d.subnet_region, - podIpRangeName: d.pod_ip_range_name, - serviceIpRangeName: d.service_ip_range_name, - })); - -export const unmarshalGetAccountIpAccessListResponseSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType = z .object({ - ip_access_list: z - .lazy(() => unmarshalAccountIpAccessListSchema) + workspace_ids: z + .array(z.union([z.number(), z.bigint()]).transform(v => BigInt(v))) .optional(), }) .transform(d => ({ - ipAccessList: d.ip_access_list, + workspaceIds: d.workspace_ids, })); -export const unmarshalGetIpAccessListResponseSchema: z.ZodType = +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const unmarshalIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType = z .object({ - ip_access_list: z.lazy(() => unmarshalIpAccessListSchema).optional(), + all_destinations: z.boolean().optional(), }) .transform(d => ({ - ipAccessList: d.ip_access_list, + allDestinations: d.all_destinations, })); export const unmarshalIpAccessListSchema: z.ZodType = z @@ -3050,9 +2754,7 @@ export const unmarshalListNetworkConnectivityConfigsResponseSchema: z.ZodType
  • unmarshalCustomerFacingNetworkConnectivityConfigSchema) - ) + .array(z.lazy(() => unmarshalNetworkConnectivityConfigSchema)) .optional(), next_page_token: z.string().optional(), }) @@ -3174,6 +2876,122 @@ export const unmarshalNetworkSchema: z.ZodType = z : undefined, })); +export const unmarshalNetworkConnectivityConfigSchema: z.ZodType = + z + .object({ + network_connectivity_config_id: z.string().optional(), + account_id: z.string().optional(), + name: z.string().optional(), + region: z.string().optional(), + egress_config: z + .lazy( + () => + unmarshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema + ) + .optional(), + updated_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + creation_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + }) + .transform(d => ({ + networkConnectivityConfigId: d.network_connectivity_config_id, + accountId: d.account_id, + name: d.name, + region: d.region, + egressConfig: d.egress_config, + updatedTime: d.updated_time, + creationTime: d.creation_time, + })); + +export const unmarshalNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType = + z + .object({ + rule_id: z.string().optional(), + network_connectivity_config_id: z.string().optional(), + account_id: z.string().optional(), + endpoint_service: z.string().optional(), + domain_names: z.array(z.string()).optional(), + resource_names: z.array(z.string()).optional(), + vpc_endpoint_id: z.string().optional(), + connection_state: z.string().optional(), + creation_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + updated_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + deactivated: z.boolean().optional(), + deactivated_at: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + enabled: z.boolean().optional(), + error_message: z.string().optional(), + }) + .transform(d => ({ + ruleId: d.rule_id, + networkConnectivityConfigId: d.network_connectivity_config_id, + accountId: d.account_id, + endpointService: d.endpoint_service, + domainNames: d.domain_names, + resourceNames: d.resource_names, + vpcEndpointId: d.vpc_endpoint_id, + connectionState: d.connection_state, + creationTime: d.creation_time, + updatedTime: d.updated_time, + deactivated: d.deactivated, + deactivatedAt: d.deactivated_at, + enabled: d.enabled, + errorMessage: d.error_message, + })); + +export const unmarshalNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType = + z + .object({ + rule_id: z.string().optional(), + network_connectivity_config_id: z.string().optional(), + resource_id: z.string().optional(), + group_id: z.string().optional(), + endpoint_name: z.string().optional(), + connection_state: z.string().optional(), + creation_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + updated_time: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + deactivated: z.boolean().optional(), + deactivated_at: z + .union([z.number(), z.bigint()]) + .transform(v => BigInt(v)) + .optional(), + domain_names: z.array(z.string()).optional(), + error_message: z.string().optional(), + }) + .transform(d => ({ + ruleId: d.rule_id, + networkConnectivityConfigId: d.network_connectivity_config_id, + resourceId: d.resource_id, + groupId: d.group_id, + endpointName: d.endpoint_name, + connectionState: d.connection_state, + creationTime: d.creation_time, + updatedTime: d.updated_time, + deactivated: d.deactivated, + deactivatedAt: d.deactivated_at, + domainNames: d.domain_names, + errorMessage: d.error_message, + })); + // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. export const unmarshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType = z @@ -3251,6 +3069,27 @@ export const unmarshalNetworkWarningSchema: z.ZodType = z warningMessage: d.warning_message, })); +export const unmarshalPrivateAccessSettingsSchema: z.ZodType = + z + .object({ + private_access_settings_id: z.string().optional(), + account_id: z.string().optional(), + private_access_settings_name: z.string().optional(), + region: z.string().optional(), + public_access_enabled: z.boolean().optional(), + private_access_level: z.string().optional(), + allowed_vpc_endpoint_ids: z.array(z.string()).optional(), + }) + .transform(d => ({ + privateAccessSettingsId: d.private_access_settings_id, + accountId: d.account_id, + privateAccessSettingsName: d.private_access_settings_name, + region: d.region, + publicAccessEnabled: d.public_access_enabled, + privateAccessLevel: d.private_access_level, + allowedVpcEndpointIds: d.allowed_vpc_endpoint_ids, + })); + export const unmarshalReplaceAccountIpAccessListResponseSchema: z.ZodType = z .object({ @@ -3291,6 +3130,40 @@ export const unmarshalUpdateIpAccessListResponseSchema: z.ZodType = z + .object({ + vpc_endpoint_id: z.string().optional(), + account_id: z.string().optional(), + vpc_endpoint_name: z.string().optional(), + aws_vpc_endpoint_id: z.string().optional(), + aws_endpoint_service_id: z.string().optional(), + use_case: z.string().optional(), + region: z.string().optional(), + aws_account_id: z.string().optional(), + state: z.string().optional(), + gcp_vpc_endpoint_info: z + .lazy(() => unmarshalGcpVpcEndpointInfoSchema) + .optional(), + }) + .transform(d => ({ + vpcEndpointId: d.vpc_endpoint_id, + accountId: d.account_id, + vpcEndpointName: d.vpc_endpoint_name, + awsVpcEndpointId: d.aws_vpc_endpoint_id, + awsEndpointServiceId: d.aws_endpoint_service_id, + useCase: d.use_case, + region: d.region, + awsAccountId: d.aws_account_id, + state: d.state, + vpcEndpointInfo: + d.gcp_vpc_endpoint_info !== undefined + ? { + $case: 'gcpVpcEndpointInfo' as const, + gcpVpcEndpointInfo: d.gcp_vpc_endpoint_info, + } + : undefined, + })); + export const unmarshalWorkspaceNetworkOptionSchema: z.ZodType = z .object({ @@ -3310,12 +3183,8 @@ export const marshalAccountNetworkPolicySchema: z.ZodType = z networkPolicyId: z.string().optional(), accountId: z.string().optional(), egress: z.lazy(() => marshalEgressNetworkPolicySchema).optional(), - ingress: z - .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema) - .optional(), - ingressDryRun: z - .lazy(() => marshalCustomerFacingIngressNetworkPolicySchema) - .optional(), + ingress: z.lazy(() => marshalIngressNetworkPolicySchema).optional(), + ingressDryRun: z.lazy(() => marshalIngressNetworkPolicySchema).optional(), }) .transform(d => ({ network_policy_id: d.networkPolicyId, @@ -3353,7 +3222,7 @@ export const marshalCreateAccountIpAccessListRequestSchema: z.ZodType = z ip_addresses: d.ipAddresses, })); -export const marshalCreateIpAccessListSchema: z.ZodType = z +export const marshalCreateIpAccessListRequestSchema: z.ZodType = z .object({ label: z.string().optional(), listType: z.string().optional(), @@ -3389,123 +3258,354 @@ export const marshalCreateNetworkConnectivityConfigurationSchema: z.ZodType = z creation_time: d.creationTime, })); -export const marshalCreateNetworkRequestSchema: z.ZodType = z - .object({ - accountId: z.string().optional(), - networkName: z.string().optional(), - vpcId: z.string().optional(), - subnetIds: z.array(z.string()).optional(), - securityGroupIds: z.array(z.string()).optional(), - vpcEndpoints: z.lazy(() => marshalNetworkVpcEndpointsSchema).optional(), - gcpNetworkInfo: z.lazy(() => marshalGcpNetworkInfoSchema).optional(), - }) - .transform(d => ({ - account_id: d.accountId, - network_name: d.networkName, - vpc_id: d.vpcId, - subnet_ids: d.subnetIds, - security_group_ids: d.securityGroupIds, - vpc_endpoints: d.vpcEndpoints, - gcp_network_info: d.gcpNetworkInfo, - })); +export const marshalCreateNetworkRequestSchema: z.ZodType = z + .object({ + accountId: z.string().optional(), + networkName: z.string().optional(), + vpcId: z.string().optional(), + subnetIds: z.array(z.string()).optional(), + securityGroupIds: z.array(z.string()).optional(), + vpcEndpoints: z.lazy(() => marshalNetworkVpcEndpointsSchema).optional(), + gcpNetworkInfo: z.lazy(() => marshalGcpNetworkInfoSchema).optional(), + }) + .transform(d => ({ + account_id: d.accountId, + network_name: d.networkName, + vpc_id: d.vpcId, + subnet_ids: d.subnetIds, + security_group_ids: d.securityGroupIds, + vpc_endpoints: d.vpcEndpoints, + gcp_network_info: d.gcpNetworkInfo, + })); + +export const marshalCreatePrivateAccessSettingsRequestSchema: z.ZodType = z + .object({ + accountId: z.string().optional(), + privateAccessSettingsName: z.string().optional(), + region: z.string().optional(), + publicAccessEnabled: z.boolean().optional(), + privateAccessLevel: z.string().optional(), + allowedVpcEndpointIds: z.array(z.string()).optional(), + }) + .transform(d => ({ + account_id: d.accountId, + private_access_settings_name: d.privateAccessSettingsName, + region: d.region, + public_access_enabled: d.publicAccessEnabled, + private_access_level: d.privateAccessLevel, + allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds, + })); + +export const marshalCreatePrivateEndpointRuleSchema: z.ZodType = z + .object({ + ruleId: z.string().optional(), + networkConnectivityConfigId: z.string().optional(), + connectionState: z.string().optional(), + domainNames: z.array(z.string()).optional(), + creationTime: z.bigint().optional(), + updatedTime: z.bigint().optional(), + deactivated: z.boolean().optional(), + deactivatedAt: z.bigint().optional(), + errorMessage: z.string().optional(), + resourceId: z.string().optional(), + groupId: z.string().optional(), + endpointName: z.string().optional(), + accountId: z.string().optional(), + endpointService: z.string().optional(), + resourceNames: z.array(z.string()).optional(), + vpcEndpointId: z.string().optional(), + enabled: z.boolean().optional(), + endpoint: z + .discriminatedUnion('$case', [ + z.object({ + $case: z.literal('gcpEndpoint'), + gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema), + }), + ]) + .optional(), + }) + .transform(d => ({ + rule_id: d.ruleId, + network_connectivity_config_id: d.networkConnectivityConfigId, + connection_state: d.connectionState, + domain_names: d.domainNames, + creation_time: d.creationTime, + updated_time: d.updatedTime, + deactivated: d.deactivated, + deactivated_at: d.deactivatedAt, + error_message: d.errorMessage, + resource_id: d.resourceId, + group_id: d.groupId, + endpoint_name: d.endpointName, + account_id: d.accountId, + endpoint_service: d.endpointService, + resource_names: d.resourceNames, + vpc_endpoint_id: d.vpcEndpointId, + enabled: d.enabled, + ...(d.endpoint?.$case === 'gcpEndpoint' && { + gcp_endpoint: d.endpoint.gcpEndpoint, + }), + })); + +export const marshalCreateVpcEndpointRequestSchema: z.ZodType = z + .object({ + accountId: z.string().optional(), + vpcEndpointName: z.string().optional(), + region: z.string().optional(), + awsVpcEndpointId: z.string().optional(), + vpcEndpointInfo: z + .discriminatedUnion('$case', [ + z.object({ + $case: z.literal('gcpVpcEndpointInfo'), + gcpVpcEndpointInfo: z.lazy(() => marshalGcpVpcEndpointInfoSchema), + }), + ]) + .optional(), + }) + .transform(d => ({ + account_id: d.accountId, + vpc_endpoint_name: d.vpcEndpointName, + region: d.region, + aws_vpc_endpoint_id: d.awsVpcEndpointId, + ...(d.vpcEndpointInfo?.$case === 'gcpVpcEndpointInfo' && { + gcp_vpc_endpoint_info: d.vpcEndpointInfo.gcpVpcEndpointInfo, + }), + })); + +export const marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType = + z + .object({ + defaultRules: z + .lazy( + () => marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema + ) + .optional(), + targetRules: z + .lazy( + () => + marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema + ) + .optional(), + }) + .transform(d => ({ + default_rules: d.defaultRules, + target_rules: d.targetRules, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType = + z + .object({ + azurePrivateEndpointRules: z + .array( + z.lazy( + () => marshalNetworkConnectivityConfigAzurePrivateEndpointRuleSchema + ) + ) + .optional(), + awsPrivateEndpointRules: z + .array( + z.lazy( + () => marshalNetworkConnectivityConfigAwsPrivateEndpointRuleSchema + ) + ) + .optional(), + }) + .transform(d => ({ + azure_private_endpoint_rules: d.azurePrivateEndpointRules, + aws_private_endpoint_rules: d.awsPrivateEndpointRules, + })); + +export const marshalEgressNetworkPolicySchema: z.ZodType = z + .object({ + networkAccess: z + .lazy(() => marshalEgressNetworkPolicy_NetworkAccessPolicySchema) + .optional(), + }) + .transform(d => ({ + network_access: d.networkAccess, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = z + .object({ + restrictionMode: z.string().optional(), + allowedInternetDestinations: z + .array( + z.lazy( + () => + marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema + ) + ) + .optional(), + allowedStorageDestinations: z + .array( + z.lazy( + () => + marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema + ) + ) + .optional(), + policyEnforcement: z + .lazy( + () => + marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema + ) + .optional(), + blockedInternetDestinations: z + .array( + z.lazy( + () => + marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema + ) + ) + .optional(), + allowedDatabricksDestinations: z + .array( + z.lazy( + () => + marshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema + ) + ) + .optional(), + }) + .transform(d => ({ + restriction_mode: d.restrictionMode, + allowed_internet_destinations: d.allowedInternetDestinations, + allowed_storage_destinations: d.allowedStorageDestinations, + policy_enforcement: d.policyEnforcement, + blocked_internet_destinations: d.blockedInternetDestinations, + allowed_databricks_destinations: d.allowedDatabricksDestinations, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema: z.ZodType = + z + .object({ + workspaceIds: z.array(z.bigint()).optional(), + }) + .transform(d => ({ + workspace_ids: d.workspaceIds, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType = + z + .object({ + destination: z.string().optional(), + internetDestinationType: z.string().optional(), + }) + .transform(d => ({ + destination: d.destination, + internet_destination_type: d.internetDestinationType, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType = + z + .object({ + enforcementMode: z.string().optional(), + dryRunModeProductFilter: z.array(z.string()).optional(), + }) + .transform(d => ({ + enforcement_mode: d.enforcementMode, + dry_run_mode_product_filter: d.dryRunModeProductFilter, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType = + z + .object({ + bucketName: z.string().optional(), + region: z.string().optional(), + storageDestinationType: z.string().optional(), + azureStorageAccount: z.string().optional(), + azureStorageService: z.string().optional(), + }) + .transform(d => ({ + bucket_name: d.bucketName, + region: d.region, + storage_destination_type: d.storageDestinationType, + azure_storage_account: d.azureStorageAccount, + azure_storage_service: d.azureStorageService, + })); -export const marshalCreatePrivateAccessSettingsRequestSchema: z.ZodType = z +export const marshalEndpointSchema: z.ZodType = z .object({ + name: z.string().optional(), + endpointId: z.string().optional(), accountId: z.string().optional(), - privateAccessSettingsName: z.string().optional(), + displayName: z.string().optional(), + useCase: z.string().optional(), region: z.string().optional(), - publicAccessEnabled: z.boolean().optional(), - privateAccessLevel: z.string().optional(), - allowedVpcEndpointIds: z.array(z.string()).optional(), - }) - .transform(d => ({ - account_id: d.accountId, - private_access_settings_name: d.privateAccessSettingsName, - region: d.region, - public_access_enabled: d.publicAccessEnabled, - private_access_level: d.privateAccessLevel, - allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds, - })); - -export const marshalCreatePrivateEndpointRuleSchema: z.ZodType = z - .object({ - ruleId: z.string().optional(), - networkConnectivityConfigId: z.string().optional(), - connectionState: z.string().optional(), - domainNames: z.array(z.string()).optional(), - creationTime: z.bigint().optional(), - updatedTime: z.bigint().optional(), - deactivated: z.boolean().optional(), - deactivatedAt: z.bigint().optional(), - errorMessage: z.string().optional(), - resourceId: z.string().optional(), - groupId: z.string().optional(), - endpointName: z.string().optional(), - accountId: z.string().optional(), - endpointService: z.string().optional(), - resourceNames: z.array(z.string()).optional(), - vpcEndpointId: z.string().optional(), - enabled: z.boolean().optional(), - endpoint: z + state: z.string().optional(), + endpointInfo: z .discriminatedUnion('$case', [ z.object({ - $case: z.literal('gcpEndpoint'), - gcpEndpoint: z.lazy(() => marshalGcpEndpointSchema), + $case: z.literal('azurePrivateEndpointInfo'), + azurePrivateEndpointInfo: z.lazy( + () => marshalAzurePrivateEndpointInfoSchema + ), }), ]) .optional(), + createTime: z + .any() + .transform((d: Temporal.Instant) => d.toString()) + .optional(), }) .transform(d => ({ - rule_id: d.ruleId, - network_connectivity_config_id: d.networkConnectivityConfigId, - connection_state: d.connectionState, - domain_names: d.domainNames, - creation_time: d.creationTime, - updated_time: d.updatedTime, - deactivated: d.deactivated, - deactivated_at: d.deactivatedAt, - error_message: d.errorMessage, - resource_id: d.resourceId, - group_id: d.groupId, - endpoint_name: d.endpointName, + name: d.name, + endpoint_id: d.endpointId, account_id: d.accountId, - endpoint_service: d.endpointService, - resource_names: d.resourceNames, - vpc_endpoint_id: d.vpcEndpointId, - enabled: d.enabled, - ...(d.endpoint?.$case === 'gcpEndpoint' && { - gcp_endpoint: d.endpoint.gcpEndpoint, + display_name: d.displayName, + use_case: d.useCase, + region: d.region, + state: d.state, + ...(d.endpointInfo?.$case === 'azurePrivateEndpointInfo' && { + azure_private_endpoint_info: d.endpointInfo.azurePrivateEndpointInfo, }), + create_time: d.createTime, })); -export const marshalCreateVpcEndpointRequestSchema: z.ZodType = z +export const marshalGcpEndpointSchema: z.ZodType = z .object({ - accountId: z.string().optional(), - vpcEndpointName: z.string().optional(), - region: z.string().optional(), - awsVpcEndpointId: z.string().optional(), - vpcEndpointInfo: z + pscEndpointUri: z.string().optional(), + targetServices: z .discriminatedUnion('$case', [ z.object({ - $case: z.literal('gcpVpcEndpointInfo'), - gcpVpcEndpointInfo: z.lazy( - () => marshalCustomerFacingGcpVpcEndpointInfoSchema - ), + $case: z.literal('serviceAttachment'), + serviceAttachment: z.string(), }), ]) .optional(), }) .transform(d => ({ - account_id: d.accountId, - vpc_endpoint_name: d.vpcEndpointName, - region: d.region, - aws_vpc_endpoint_id: d.awsVpcEndpointId, - ...(d.vpcEndpointInfo?.$case === 'gcpVpcEndpointInfo' && { - gcp_vpc_endpoint_info: d.vpcEndpointInfo.gcpVpcEndpointInfo, + psc_endpoint_uri: d.pscEndpointUri, + ...(d.targetServices?.$case === 'serviceAttachment' && { + service_attachment: d.targetServices.serviceAttachment, }), })); -export const marshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType = z +export const marshalGcpNetworkInfoSchema: z.ZodType = z + .object({ + networkProjectId: z.string().optional(), + vpcId: z.string().optional(), + subnetId: z.string().optional(), + subnetRegion: z.string().optional(), + podIpRangeName: z.string().optional(), + serviceIpRangeName: z.string().optional(), + }) + .transform(d => ({ + network_project_id: d.networkProjectId, + vpc_id: d.vpcId, + subnet_id: d.subnetId, + subnet_region: d.subnetRegion, + pod_ip_range_name: d.podIpRangeName, + service_ip_range_name: d.serviceIpRangeName, + })); + +export const marshalGcpVpcEndpointInfoSchema: z.ZodType = z .object({ pscConnectionId: z.string().optional(), projectId: z.string().optional(), @@ -3521,19 +3621,16 @@ export const marshalCustomerFacingGcpVpcEndpointInfoSchema: z.ZodType = z service_attachment_id: d.serviceAttachmentId, })); -export const marshalCustomerFacingIngressNetworkPolicySchema: z.ZodType = z +export const marshalIngressNetworkPolicySchema: z.ZodType = z .object({ publicAccess: z - .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema) + .lazy(() => marshalIngressNetworkPolicy_PublicAccessSchema) .optional(), privateAccess: z - .lazy(() => marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema) + .lazy(() => marshalIngressNetworkPolicy_PrivateAccessSchema) .optional(), crossWorkspaceAccess: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema - ) + .lazy(() => marshalIngressNetworkPolicy_CrossWorkspaceAccessSchema) .optional(), }) .transform(d => ({ @@ -3543,7 +3640,7 @@ export const marshalCustomerFacingIngressNetworkPolicySchema: z.ZodType = z })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_AccountApiDestinationSchema: z.ZodType = z .object({ scopes: z.array(z.string()).optional(), @@ -3555,7 +3652,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSche })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_AccountDatabricksOneDestinationSchema: z.ZodType = z .object({ allDestinations: z.boolean().optional(), @@ -3565,7 +3662,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDesti })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_AccountUiDestinationSchema: z.ZodType = z .object({ allDestinations: z.boolean().optional(), @@ -3575,7 +3672,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchem })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_AppsRuntimeDestinationSchema: z.ZodType = z .object({ allDestinations: z.boolean().optional(), @@ -3585,26 +3682,22 @@ export const marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSch })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema: z.ZodType = - z - .object({ - identityType: z.string().optional(), - identities: z - .array( - z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema - ) - ) - .optional(), - }) - .transform(d => ({ - identity_type: d.identityType, - identities: d.identities, - })); +export const marshalIngressNetworkPolicy_AuthenticationSchema: z.ZodType = z + .object({ + identityType: z.string().optional(), + identities: z + .array( + z.lazy(() => marshalIngressNetworkPolicy_AuthenticationIdentitySchema) + ) + .optional(), + }) + .transform(d => ({ + identity_type: d.identityType, + identities: d.identities, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType = +export const marshalIngressNetworkPolicy_AuthenticationIdentitySchema: z.ZodType = z .object({ principalType: z.string().optional(), @@ -3616,23 +3709,21 @@ export const marshalCustomerFacingIngressNetworkPolicy_AuthenticationIdentitySch })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType = +export const marshalIngressNetworkPolicy_CrossWorkspaceAccessSchema: z.ZodType = z .object({ restrictionMode: z.string().optional(), denyRules: z .array( z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema + () => marshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema ) ) .optional(), allowRules: z .array( z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema + () => marshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema ) ) .optional(), @@ -3644,25 +3735,19 @@ export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceAccessSchem })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType = +export const marshalIngressNetworkPolicy_CrossWorkspaceIngressRuleSchema: z.ZodType = z .object({ origin: z .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema + () => marshalIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema ) .optional(), destination: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema - ) + .lazy(() => marshalIngressNetworkPolicy_RequestDestinationSchema) .optional(), authentication: z - .lazy( - () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema - ) + .lazy(() => marshalIngressNetworkPolicy_AuthenticationSchema) .optional(), label: z.string().optional(), }) @@ -3674,7 +3759,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceIngressRule })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType = +export const marshalIngressNetworkPolicy_CrossWorkspaceRequestOriginSchema: z.ZodType = z .object({ source: z @@ -3686,8 +3771,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrig z.object({ $case: z.literal('selectedWorkspaces'), selectedWorkspaces: z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema + () => marshalIngressNetworkPolicy_WorkspaceIdListSchema ), }), ]) @@ -3703,27 +3787,25 @@ export const marshalCustomerFacingIngressNetworkPolicy_CrossWorkspaceRequestOrig })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema: z.ZodType = - z - .object({ - endpointIds: z.array(z.string()).optional(), - }) - .transform(d => ({ - endpoint_ids: d.endpointIds, - })); +export const marshalIngressNetworkPolicy_EndpointsSchema: z.ZodType = z + .object({ + endpointIds: z.array(z.string()).optional(), + }) + .transform(d => ({ + endpoint_ids: d.endpointIds, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema: z.ZodType = - z - .object({ - ipRanges: z.array(z.string()).optional(), - }) - .transform(d => ({ - ip_ranges: d.ipRanges, - })); +export const marshalIngressNetworkPolicy_IpRangesSchema: z.ZodType = z + .object({ + ipRanges: z.array(z.string()).optional(), + }) + .transform(d => ({ + ip_ranges: d.ipRanges, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_LakebaseRuntimeDestinationSchema: z.ZodType = z .object({ allDestinations: z.boolean().optional(), @@ -3733,65 +3815,45 @@ export const marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinatio })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PrivateAccessSchema: z.ZodType = - z - .object({ - restrictionMode: z.string().optional(), - denyRules: z - .array( - z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema - ) - ) - .optional(), - allowRules: z - .array( - z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema - ) - ) - .optional(), - }) - .transform(d => ({ - restriction_mode: d.restrictionMode, - deny_rules: d.denyRules, - allow_rules: d.allowRules, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType = - z - .object({ - origin: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema - ) - .optional(), - destination: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema - ) - .optional(), - authentication: z - .lazy( - () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema - ) - .optional(), - label: z.string().optional(), - }) - .transform(d => ({ - origin: d.origin, - destination: d.destination, - authentication: d.authentication, - label: d.label, - })); +export const marshalIngressNetworkPolicy_PrivateAccessSchema: z.ZodType = z + .object({ + restrictionMode: z.string().optional(), + denyRules: z + .array(z.lazy(() => marshalIngressNetworkPolicy_PrivateIngressRuleSchema)) + .optional(), + allowRules: z + .array(z.lazy(() => marshalIngressNetworkPolicy_PrivateIngressRuleSchema)) + .optional(), + }) + .transform(d => ({ + restriction_mode: d.restrictionMode, + deny_rules: d.denyRules, + allow_rules: d.allowRules, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalIngressNetworkPolicy_PrivateIngressRuleSchema: z.ZodType = z + .object({ + origin: z + .lazy(() => marshalIngressNetworkPolicy_PrivateRequestOriginSchema) + .optional(), + destination: z + .lazy(() => marshalIngressNetworkPolicy_RequestDestinationSchema) + .optional(), + authentication: z + .lazy(() => marshalIngressNetworkPolicy_AuthenticationSchema) + .optional(), + label: z.string().optional(), + }) + .transform(d => ({ + origin: d.origin, + destination: d.destination, + authentication: d.authentication, + label: d.label, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType = +export const marshalIngressNetworkPolicy_PrivateRequestOriginSchema: z.ZodType = z .object({ source: z @@ -3799,7 +3861,7 @@ export const marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchem z.object({ $case: z.literal('endpoints'), endpoints: z.lazy( - () => marshalCustomerFacingIngressNetworkPolicy_EndpointsSchema + () => marshalIngressNetworkPolicy_EndpointsSchema ), }), z.object({ @@ -3831,65 +3893,45 @@ export const marshalCustomerFacingIngressNetworkPolicy_PrivateRequestOriginSchem })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PublicAccessSchema: z.ZodType = - z - .object({ - restrictionMode: z.string().optional(), - denyRules: z - .array( - z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema - ) - ) - .optional(), - allowRules: z - .array( - z.lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema - ) - ) - .optional(), - }) - .transform(d => ({ - restriction_mode: d.restrictionMode, - deny_rules: d.denyRules, - allow_rules: d.allowRules, - })); +export const marshalIngressNetworkPolicy_PublicAccessSchema: z.ZodType = z + .object({ + restrictionMode: z.string().optional(), + denyRules: z + .array(z.lazy(() => marshalIngressNetworkPolicy_PublicIngressRuleSchema)) + .optional(), + allowRules: z + .array(z.lazy(() => marshalIngressNetworkPolicy_PublicIngressRuleSchema)) + .optional(), + }) + .transform(d => ({ + restriction_mode: d.restrictionMode, + deny_rules: d.denyRules, + allow_rules: d.allowRules, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType = - z - .object({ - origin: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema - ) - .optional(), - destination: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema - ) - .optional(), - authentication: z - .lazy( - () => marshalCustomerFacingIngressNetworkPolicy_AuthenticationSchema - ) - .optional(), - label: z.string().optional(), - }) - .transform(d => ({ - origin: d.origin, - destination: d.destination, - authentication: d.authentication, - label: d.label, - })); +export const marshalIngressNetworkPolicy_PublicIngressRuleSchema: z.ZodType = z + .object({ + origin: z + .lazy(() => marshalIngressNetworkPolicy_PublicRequestOriginSchema) + .optional(), + destination: z + .lazy(() => marshalIngressNetworkPolicy_RequestDestinationSchema) + .optional(), + authentication: z + .lazy(() => marshalIngressNetworkPolicy_AuthenticationSchema) + .optional(), + label: z.string().optional(), + }) + .transform(d => ({ + origin: d.origin, + destination: d.destination, + authentication: d.authentication, + label: d.label, + })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType = +export const marshalIngressNetworkPolicy_PublicRequestOriginSchema: z.ZodType = z .object({ source: z @@ -3898,13 +3940,13 @@ export const marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema z.object({ $case: z.literal('includedIpRanges'), includedIpRanges: z.lazy( - () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema + () => marshalIngressNetworkPolicy_IpRangesSchema ), }), z.object({ $case: z.literal('excludedIpRanges'), excludedIpRanges: z.lazy( - () => marshalCustomerFacingIngressNetworkPolicy_IpRangesSchema + () => marshalIngressNetworkPolicy_IpRangesSchema ), }), ]) @@ -3923,417 +3965,141 @@ export const marshalCustomerFacingIngressNetworkPolicy_PublicRequestOriginSchema })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_RequestDestinationSchema: z.ZodType = - z - .object({ - allDestinations: z.boolean().optional(), - workspaceUi: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema - ) - .optional(), - workspaceApi: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema - ) - .optional(), - appsRuntime: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_AppsRuntimeDestinationSchema - ) - .optional(), - lakebaseRuntime: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_LakebaseRuntimeDestinationSchema - ) - .optional(), - accountUi: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_AccountUiDestinationSchema - ) - .optional(), - accountApi: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_AccountApiDestinationSchema - ) - .optional(), - accountDatabricksOne: z - .lazy( - () => - marshalCustomerFacingIngressNetworkPolicy_AccountDatabricksOneDestinationSchema - ) - .optional(), - }) - .transform(d => ({ - all_destinations: d.allDestinations, - workspace_ui: d.workspaceUi, - workspace_api: d.workspaceApi, - apps_runtime: d.appsRuntime, - lakebase_runtime: d.lakebaseRuntime, - account_ui: d.accountUi, - account_api: d.accountApi, - account_databricks_one: d.accountDatabricksOne, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType = - z - .object({ - scopes: z.array(z.string()).optional(), - scopeQualifier: z.string().optional(), - }) - .transform(d => ({ - scopes: d.scopes, - scope_qualifier: d.scopeQualifier, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType = - z - .object({ - workspaceIds: z.array(z.bigint()).optional(), - }) - .transform(d => ({ - workspace_ids: d.workspaceIds, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType = - z - .object({ - allDestinations: z.boolean().optional(), - }) - .transform(d => ({ - all_destinations: d.allDestinations, - })); - -export const marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType = - z - .object({ - ruleId: z.string().optional(), - networkConnectivityConfigId: z.string().optional(), - accountId: z.string().optional(), - endpointService: z.string().optional(), - domainNames: z.array(z.string()).optional(), - resourceNames: z.array(z.string()).optional(), - vpcEndpointId: z.string().optional(), - connectionState: z.string().optional(), - creationTime: z.bigint().optional(), - updatedTime: z.bigint().optional(), - deactivated: z.boolean().optional(), - deactivatedAt: z.bigint().optional(), - enabled: z.boolean().optional(), - errorMessage: z.string().optional(), - }) - .transform(d => ({ - rule_id: d.ruleId, - network_connectivity_config_id: d.networkConnectivityConfigId, - account_id: d.accountId, - endpoint_service: d.endpointService, - domain_names: d.domainNames, - resource_names: d.resourceNames, - vpc_endpoint_id: d.vpcEndpointId, - connection_state: d.connectionState, - creation_time: d.creationTime, - updated_time: d.updatedTime, - deactivated: d.deactivated, - deactivated_at: d.deactivatedAt, - enabled: d.enabled, - error_message: d.errorMessage, - })); - -export const marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType = - z - .object({ - ruleId: z.string().optional(), - networkConnectivityConfigId: z.string().optional(), - resourceId: z.string().optional(), - groupId: z.string().optional(), - endpointName: z.string().optional(), - connectionState: z.string().optional(), - creationTime: z.bigint().optional(), - updatedTime: z.bigint().optional(), - deactivated: z.boolean().optional(), - deactivatedAt: z.bigint().optional(), - domainNames: z.array(z.string()).optional(), - errorMessage: z.string().optional(), - }) - .transform(d => ({ - rule_id: d.ruleId, - network_connectivity_config_id: d.networkConnectivityConfigId, - resource_id: d.resourceId, - group_id: d.groupId, - endpoint_name: d.endpointName, - connection_state: d.connectionState, - creation_time: d.creationTime, - updated_time: d.updatedTime, - deactivated: d.deactivated, - deactivated_at: d.deactivatedAt, - domain_names: d.domainNames, - error_message: d.errorMessage, - })); - -export const marshalCustomerFacingNetworkConnectivityConfigEgressConfigSchema: z.ZodType = - z - .object({ - defaultRules: z - .lazy( - () => marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema - ) - .optional(), - targetRules: z - .lazy( - () => - marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema - ) - .optional(), - }) - .transform(d => ({ - default_rules: d.defaultRules, - target_rules: d.targetRules, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalCustomerFacingNetworkConnectivityConfigEgressConfig_CustomerFacingTargetRuleSchema: z.ZodType = - z - .object({ - azurePrivateEndpointRules: z - .array( - z.lazy( - () => - marshalCustomerFacingNetworkConnectivityConfigAzurePrivateEndpointRuleSchema - ) - ) - .optional(), - awsPrivateEndpointRules: z - .array( - z.lazy( - () => - marshalCustomerFacingNetworkConnectivityConfigAwsPrivateEndpointRuleSchema - ) - ) - .optional(), - }) - .transform(d => ({ - azure_private_endpoint_rules: d.azurePrivateEndpointRules, - aws_private_endpoint_rules: d.awsPrivateEndpointRules, - })); - -export const marshalCustomerFacingPrivateAccessSettingsSchema: z.ZodType = z - .object({ - privateAccessSettingsId: z.string().optional(), - accountId: z.string().optional(), - privateAccessSettingsName: z.string().optional(), - region: z.string().optional(), - publicAccessEnabled: z.boolean().optional(), - privateAccessLevel: z.string().optional(), - allowedVpcEndpointIds: z.array(z.string()).optional(), - }) - .transform(d => ({ - private_access_settings_id: d.privateAccessSettingsId, - account_id: d.accountId, - private_access_settings_name: d.privateAccessSettingsName, - region: d.region, - public_access_enabled: d.publicAccessEnabled, - private_access_level: d.privateAccessLevel, - allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds, - })); - -export const marshalEgressNetworkPolicySchema: z.ZodType = z - .object({ - networkAccess: z - .lazy(() => marshalEgressNetworkPolicy_NetworkAccessPolicySchema) - .optional(), - }) - .transform(d => ({ - network_access: d.networkAccess, - })); - -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalEgressNetworkPolicy_NetworkAccessPolicySchema: z.ZodType = z +export const marshalIngressNetworkPolicy_RequestDestinationSchema: z.ZodType = z .object({ - restrictionMode: z.string().optional(), - allowedInternetDestinations: z - .array( - z.lazy( - () => - marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema - ) - ) + allDestinations: z.boolean().optional(), + workspaceUi: z + .lazy(() => marshalIngressNetworkPolicy_WorkspaceUiDestinationSchema) .optional(), - allowedStorageDestinations: z - .array( - z.lazy( - () => - marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema - ) - ) + workspaceApi: z + .lazy(() => marshalIngressNetworkPolicy_WorkspaceApiDestinationSchema) .optional(), - policyEnforcement: z - .lazy( - () => - marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema - ) + appsRuntime: z + .lazy(() => marshalIngressNetworkPolicy_AppsRuntimeDestinationSchema) .optional(), - blockedInternetDestinations: z - .array( - z.lazy( - () => - marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema - ) - ) + lakebaseRuntime: z + .lazy(() => marshalIngressNetworkPolicy_LakebaseRuntimeDestinationSchema) .optional(), - allowedDatabricksDestinations: z - .array( - z.lazy( - () => - marshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema - ) + accountUi: z + .lazy(() => marshalIngressNetworkPolicy_AccountUiDestinationSchema) + .optional(), + accountApi: z + .lazy(() => marshalIngressNetworkPolicy_AccountApiDestinationSchema) + .optional(), + accountDatabricksOne: z + .lazy( + () => marshalIngressNetworkPolicy_AccountDatabricksOneDestinationSchema ) .optional(), }) .transform(d => ({ - restriction_mode: d.restrictionMode, - allowed_internet_destinations: d.allowedInternetDestinations, - allowed_storage_destinations: d.allowedStorageDestinations, - policy_enforcement: d.policyEnforcement, - blocked_internet_destinations: d.blockedInternetDestinations, - allowed_databricks_destinations: d.allowedDatabricksDestinations, + all_destinations: d.allDestinations, + workspace_ui: d.workspaceUi, + workspace_api: d.workspaceApi, + apps_runtime: d.appsRuntime, + lakebase_runtime: d.lakebaseRuntime, + account_ui: d.accountUi, + account_api: d.accountApi, + account_databricks_one: d.accountDatabricksOne, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalEgressNetworkPolicy_NetworkAccessPolicy_DatabricksDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_WorkspaceApiDestinationSchema: z.ZodType = z .object({ - workspaceIds: z.array(z.bigint()).optional(), + scopes: z.array(z.string()).optional(), + scopeQualifier: z.string().optional(), }) .transform(d => ({ - workspace_ids: d.workspaceIds, + scopes: d.scopes, + scope_qualifier: d.scopeQualifier, })); // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalEgressNetworkPolicy_NetworkAccessPolicy_InternetDestinationSchema: z.ZodType = +export const marshalIngressNetworkPolicy_WorkspaceIdListSchema: z.ZodType = z + .object({ + workspaceIds: z.array(z.bigint()).optional(), + }) + .transform(d => ({ + workspace_ids: d.workspaceIds, + })); + +// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. +export const marshalIngressNetworkPolicy_WorkspaceUiDestinationSchema: z.ZodType = z .object({ - destination: z.string().optional(), - internetDestinationType: z.string().optional(), + allDestinations: z.boolean().optional(), }) .transform(d => ({ - destination: d.destination, - internet_destination_type: d.internetDestinationType, + all_destinations: d.allDestinations, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalEgressNetworkPolicy_NetworkAccessPolicy_PolicyEnforcementSchema: z.ZodType = +export const marshalNetworkConnectivityConfigAwsPrivateEndpointRuleSchema: z.ZodType = z .object({ - enforcementMode: z.string().optional(), - dryRunModeProductFilter: z.array(z.string()).optional(), + ruleId: z.string().optional(), + networkConnectivityConfigId: z.string().optional(), + accountId: z.string().optional(), + endpointService: z.string().optional(), + domainNames: z.array(z.string()).optional(), + resourceNames: z.array(z.string()).optional(), + vpcEndpointId: z.string().optional(), + connectionState: z.string().optional(), + creationTime: z.bigint().optional(), + updatedTime: z.bigint().optional(), + deactivated: z.boolean().optional(), + deactivatedAt: z.bigint().optional(), + enabled: z.boolean().optional(), + errorMessage: z.string().optional(), }) .transform(d => ({ - enforcement_mode: d.enforcementMode, - dry_run_mode_product_filter: d.dryRunModeProductFilter, + rule_id: d.ruleId, + network_connectivity_config_id: d.networkConnectivityConfigId, + account_id: d.accountId, + endpoint_service: d.endpointService, + domain_names: d.domainNames, + resource_names: d.resourceNames, + vpc_endpoint_id: d.vpcEndpointId, + connection_state: d.connectionState, + creation_time: d.creationTime, + updated_time: d.updatedTime, + deactivated: d.deactivated, + deactivated_at: d.deactivatedAt, + enabled: d.enabled, + error_message: d.errorMessage, })); -// eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. -export const marshalEgressNetworkPolicy_NetworkAccessPolicy_StorageDestinationSchema: z.ZodType = +export const marshalNetworkConnectivityConfigAzurePrivateEndpointRuleSchema: z.ZodType = z .object({ - bucketName: z.string().optional(), - region: z.string().optional(), - storageDestinationType: z.string().optional(), - azureStorageAccount: z.string().optional(), - azureStorageService: z.string().optional(), + ruleId: z.string().optional(), + networkConnectivityConfigId: z.string().optional(), + resourceId: z.string().optional(), + groupId: z.string().optional(), + endpointName: z.string().optional(), + connectionState: z.string().optional(), + creationTime: z.bigint().optional(), + updatedTime: z.bigint().optional(), + deactivated: z.boolean().optional(), + deactivatedAt: z.bigint().optional(), + domainNames: z.array(z.string()).optional(), + errorMessage: z.string().optional(), }) .transform(d => ({ - bucket_name: d.bucketName, - region: d.region, - storage_destination_type: d.storageDestinationType, - azure_storage_account: d.azureStorageAccount, - azure_storage_service: d.azureStorageService, + rule_id: d.ruleId, + network_connectivity_config_id: d.networkConnectivityConfigId, + resource_id: d.resourceId, + group_id: d.groupId, + endpoint_name: d.endpointName, + connection_state: d.connectionState, + creation_time: d.creationTime, + updated_time: d.updatedTime, + deactivated: d.deactivated, + deactivated_at: d.deactivatedAt, + domain_names: d.domainNames, + error_message: d.errorMessage, })); -export const marshalEndpointSchema: z.ZodType = z - .object({ - name: z.string().optional(), - endpointId: z.string().optional(), - accountId: z.string().optional(), - displayName: z.string().optional(), - useCase: z.string().optional(), - region: z.string().optional(), - state: z.string().optional(), - endpointInfo: z - .discriminatedUnion('$case', [ - z.object({ - $case: z.literal('azurePrivateEndpointInfo'), - azurePrivateEndpointInfo: z.lazy( - () => marshalAzurePrivateEndpointInfoSchema - ), - }), - ]) - .optional(), - createTime: z - .any() - .transform((d: Temporal.Instant) => d.toString()) - .optional(), - }) - .transform(d => ({ - name: d.name, - endpoint_id: d.endpointId, - account_id: d.accountId, - display_name: d.displayName, - use_case: d.useCase, - region: d.region, - state: d.state, - ...(d.endpointInfo?.$case === 'azurePrivateEndpointInfo' && { - azure_private_endpoint_info: d.endpointInfo.azurePrivateEndpointInfo, - }), - create_time: d.createTime, - })); - -export const marshalGcpEndpointSchema: z.ZodType = z - .object({ - pscEndpointUri: z.string().optional(), - targetServices: z - .discriminatedUnion('$case', [ - z.object({ - $case: z.literal('serviceAttachment'), - serviceAttachment: z.string(), - }), - ]) - .optional(), - }) - .transform(d => ({ - psc_endpoint_uri: d.pscEndpointUri, - ...(d.targetServices?.$case === 'serviceAttachment' && { - service_attachment: d.targetServices.serviceAttachment, - }), - })); - -export const marshalGcpNetworkInfoSchema: z.ZodType = z - .object({ - networkProjectId: z.string().optional(), - vpcId: z.string().optional(), - subnetId: z.string().optional(), - subnetRegion: z.string().optional(), - podIpRangeName: z.string().optional(), - serviceIpRangeName: z.string().optional(), - }) - .transform(d => ({ - network_project_id: d.networkProjectId, - vpc_id: d.vpcId, - subnet_id: d.subnetId, - subnet_region: d.subnetRegion, - pod_ip_range_name: d.podIpRangeName, - service_ip_range_name: d.serviceIpRangeName, - })); - // eslint-disable-next-line @typescript-eslint/naming-convention -- Proto-style nested message name. export const marshalNetworkConnectivityConfigEgressConfig_DefaultRuleSchema: z.ZodType = z @@ -4390,6 +4156,26 @@ export const marshalNetworkVpcEndpointsSchema: z.ZodType = z dataplane_relay: d.dataplaneRelay, })); +export const marshalPrivateAccessSettingsSchema: z.ZodType = z + .object({ + privateAccessSettingsId: z.string().optional(), + accountId: z.string().optional(), + privateAccessSettingsName: z.string().optional(), + region: z.string().optional(), + publicAccessEnabled: z.boolean().optional(), + privateAccessLevel: z.string().optional(), + allowedVpcEndpointIds: z.array(z.string()).optional(), + }) + .transform(d => ({ + private_access_settings_id: d.privateAccessSettingsId, + account_id: d.accountId, + private_access_settings_name: d.privateAccessSettingsName, + region: d.region, + public_access_enabled: d.publicAccessEnabled, + private_access_level: d.privateAccessLevel, + allowed_vpc_endpoint_ids: d.allowedVpcEndpointIds, + })); + export const marshalReplaceAccountIpAccessListRequestSchema: z.ZodType = z .object({ accountId: z.string().optional(), @@ -4408,7 +4194,7 @@ export const marshalReplaceAccountIpAccessListRequestSchema: z.ZodType = z enabled: d.enabled, })); -export const marshalReplaceIpAccessListSchema: z.ZodType = z +export const marshalReplaceIpAccessListRequestSchema: z.ZodType = z .object({ listId: z.string().optional(), label: z.string().optional(), @@ -4442,7 +4228,7 @@ export const marshalUpdateAccountIpAccessListRequestSchema: z.ZodType = z enabled: d.enabled, })); -export const marshalUpdateIpAccessListSchema: z.ZodType = z +export const marshalUpdateIpAccessListRequestSchema: z.ZodType = z .object({ listId: z.string().optional(), label: z.string().optional(), diff --git a/packages/repos/src/v1/client.ts b/packages/repos/src/v1/client.ts index 2d746b56..c5a56e39 100755 --- a/packages/repos/src/v1/client.ts +++ b/packages/repos/src/v1/client.ts @@ -19,8 +19,8 @@ import pkgJson from '../../package.json' with {type: 'json'}; import type { CreateRepoRequest, CreateRepoResponse, - DeleteProjectRequest, - DeleteProjectResponse, + DeleteRepoRequest, + DeleteRepoResponse, GetRepoRequest, GetRepoResponse, ListReposRequest, @@ -33,7 +33,7 @@ import { marshalCreateRepoRequestSchema, marshalUpdateRepoRequestSchema, unmarshalCreateRepoResponseSchema, - unmarshalDeleteProjectResponseSchema, + unmarshalDeleteRepoResponseSchema, unmarshalGetRepoResponseSchema, unmarshalListReposResponseSchema, unmarshalUpdateRepoResponseSchema, @@ -107,13 +107,13 @@ export class ReposClient { } /** Deletes the specified repo. */ - async deleteProject( - req: DeleteProjectRequest, + async deleteRepo( + req: DeleteRepoRequest, options?: CallOptions - ): Promise { + ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/repos/${String(req.id ?? '')}`; - let resp: DeleteProjectResponse | undefined; + let resp: DeleteRepoResponse | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers(); if (workspaceId !== undefined) { @@ -126,7 +126,7 @@ export class ReposClient { httpClient, logger: this.logger, }); - resp = parseResponse(respBody, unmarshalDeleteProjectResponseSchema); + resp = parseResponse(respBody, unmarshalDeleteRepoResponseSchema); }; await executeCall(call, options); if (resp === undefined) { diff --git a/packages/repos/src/v1/index.ts b/packages/repos/src/v1/index.ts index 082e5c80..0137c9bf 100755 --- a/packages/repos/src/v1/index.ts +++ b/packages/repos/src/v1/index.ts @@ -5,8 +5,8 @@ export {ReposClient} from './client'; export type { CreateRepoRequest, CreateRepoResponse, - DeleteProjectRequest, - DeleteProjectResponse, + DeleteRepoRequest, + DeleteRepoResponse, GetRepoRequest, GetRepoResponse, ListReposRequest, diff --git a/packages/repos/src/v1/model.ts b/packages/repos/src/v1/model.ts index 513c86df..cd7a55c1 100755 --- a/packages/repos/src/v1/model.ts +++ b/packages/repos/src/v1/model.ts @@ -46,13 +46,13 @@ export interface CreateRepoResponse { sparseCheckout?: SparseCheckout | undefined; } -export interface DeleteProjectRequest { +export interface DeleteRepoRequest { /** The ID for the corresponding repo to delete. */ id?: bigint | undefined; } // eslint-disable-next-line @typescript-eslint/no-empty-object-type -export interface DeleteProjectResponse {} +export interface DeleteRepoResponse {} export interface GetRepoRequest { /** ID of the Git folder (repo) object in the workspace. */ @@ -204,7 +204,7 @@ export const unmarshalCreateRepoResponseSchema: z.ZodType = sparseCheckout: d.sparse_checkout, })); -export const unmarshalDeleteProjectResponseSchema: z.ZodType = +export const unmarshalDeleteRepoResponseSchema: z.ZodType = z.object({}); export const unmarshalGetRepoResponseSchema: z.ZodType = z diff --git a/packages/sharing/src/v1/client.ts b/packages/sharing/src/v1/client.ts index d34eb7e2..4d60769c 100755 --- a/packages/sharing/src/v1/client.ts +++ b/packages/sharing/src/v1/client.ts @@ -54,7 +54,7 @@ import type { ProviderInfo, ProviderShare, RecipientInfo, - RetrieveToken, + RetrieveTokenRequest, RetrieveTokenResponse, RotateRecipientTokenRequest, ShareInfo, @@ -1007,7 +1007,7 @@ export class SharingClient { * This is a public API without any authentication. */ async retrieveAccessToken( - req: RetrieveToken, + req: RetrieveTokenRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); diff --git a/packages/sharing/src/v1/index.ts b/packages/sharing/src/v1/index.ts index c28e5cf2..7964d6e1 100755 --- a/packages/sharing/src/v1/index.ts +++ b/packages/sharing/src/v1/index.ts @@ -70,7 +70,7 @@ export type { RecipientProfile, RecipientTokenInfo, RegisteredModelAlias, - RetrieveToken, + RetrieveTokenRequest, RetrieveTokenResponse, RotateRecipientTokenRequest, Share, diff --git a/packages/sharing/src/v1/model.ts b/packages/sharing/src/v1/model.ts index b2797e99..d63f239a 100755 --- a/packages/sharing/src/v1/model.ts +++ b/packages/sharing/src/v1/model.ts @@ -891,7 +891,7 @@ export interface RegisteredModelAlias { versionNum?: bigint | undefined; } -export interface RetrieveToken { +export interface RetrieveTokenRequest { /** The one time activation url. It also accepts activation token. */ activationUrl?: string | undefined; } diff --git a/packages/tokenmanagement/src/v1/client.ts b/packages/tokenmanagement/src/v1/client.ts index 63cdda50..e3764b9b 100755 --- a/packages/tokenmanagement/src/v1/client.ts +++ b/packages/tokenmanagement/src/v1/client.ts @@ -26,11 +26,11 @@ import type { ListTokensResponse, RevokeTokenRequest, RevokeTokenResponse, - UpdateToken, + UpdateTokenRequest, } from './model'; import { marshalCreateOnBehalfOfTokenRequestSchema, - marshalUpdateTokenSchema, + marshalUpdateTokenRequestSchema, unmarshalAdminTokenInfoSchema, unmarshalCreateOnBehalfOfTokenResponseSchema, unmarshalGetTokenResponseSchema, @@ -202,12 +202,12 @@ export class TokenManagementClient { /** Updates a token, specified by its ID. */ async updateToken( - req: UpdateToken, + req: UpdateTokenRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); const url = `${host}/api/2.0/token-management/tokens/${req.token?.tokenId ?? ''}`; - const body = marshalRequest(req, marshalUpdateTokenSchema); + const body = marshalRequest(req, marshalUpdateTokenRequestSchema); let resp: AdminTokenInfo | undefined; const call = async (callSignal?: AbortSignal): Promise => { const headers = new Headers({'Content-Type': 'application/json'}); diff --git a/packages/tokenmanagement/src/v1/index.ts b/packages/tokenmanagement/src/v1/index.ts index a33abb86..ac0e4707 100755 --- a/packages/tokenmanagement/src/v1/index.ts +++ b/packages/tokenmanagement/src/v1/index.ts @@ -14,7 +14,7 @@ export type { ListTokensResponse, RevokeTokenRequest, RevokeTokenResponse, - UpdateToken, + UpdateTokenRequest, } from './model'; export {adminTokenInfoFieldMask} from './model'; diff --git a/packages/tokenmanagement/src/v1/model.ts b/packages/tokenmanagement/src/v1/model.ts index cf10d350..3813d486 100755 --- a/packages/tokenmanagement/src/v1/model.ts +++ b/packages/tokenmanagement/src/v1/model.ts @@ -124,7 +124,7 @@ export interface RevokeTokenResponse {} * For the list of supported token scopes, see * https://docs.databricks.com/api/workspace/api/scopes. */ -export interface UpdateToken { +export interface UpdateTokenRequest { token?: AdminTokenInfo | undefined; /** A list of field name under token, For example, {"update_mask": "comment,scopes"} */ updateMask?: FieldMask | undefined; @@ -261,7 +261,7 @@ export const marshalCreateOnBehalfOfTokenRequestSchema: z.ZodType = z autoscope_enabled: d.autoscopeEnabled, })); -export const marshalUpdateTokenSchema: z.ZodType = z +export const marshalUpdateTokenRequestSchema: z.ZodType = z .object({ token: z.lazy(() => marshalAdminTokenInfoSchema).optional(), updateMask: z diff --git a/packages/uc/resourcequotas/src/v1/client.ts b/packages/uc/resourcequotas/src/v1/client.ts index 183513fb..374455ea 100755 --- a/packages/uc/resourcequotas/src/v1/client.ts +++ b/packages/uc/resourcequotas/src/v1/client.ts @@ -100,7 +100,7 @@ export class ResourceQuotasClient { * PAGINATION BEHAVIOR: The API is by default paginated, a page may contain zero results while still providing a next_page_token. * Clients must continue reading pages until next_page_token is absent, which is the only indication that the end of results has been reached. */ - async listQuota( + async listQuotas( req: ListQuotasRequest, options?: CallOptions ): Promise { @@ -137,13 +137,13 @@ export class ResourceQuotasClient { return resp; } - async *listQuotaIter( + async *listQuotasIter( req: ListQuotasRequest, options?: CallOptions ): AsyncGenerator { const pageReq: ListQuotasRequest = {...req}; for (;;) { - const resp = await this.listQuota(pageReq, options); + const resp = await this.listQuotas(pageReq, options); for (const item of resp.quotas ?? []) { yield item; } diff --git a/packages/vectorsearch/src/v1/client.ts b/packages/vectorsearch/src/v1/client.ts index 268e1a3d..8320c020 100644 --- a/packages/vectorsearch/src/v1/client.ts +++ b/packages/vectorsearch/src/v1/client.ts @@ -31,8 +31,8 @@ import type { Endpoint, GetEndpointRequest, GetVectorIndexRequest, - ListEndpointRequest, ListEndpointResponse, + ListEndpointsRequest, ListVectorIndexRequest, ListVectorIndexResponse, MiniVectorIndex, @@ -352,8 +352,8 @@ export class VectorSearchClient { } /** List all AI Search endpoints in the workspace. */ - async listEndpoint( - req: ListEndpointRequest, + async listEndpoints( + req: ListEndpointsRequest, options?: CallOptions ): Promise { const {host, workspaceId, httpClient} = await this.resolveConfig(); @@ -386,13 +386,13 @@ export class VectorSearchClient { return resp; } - async *listEndpointIter( - req: ListEndpointRequest, + async *listEndpointsIter( + req: ListEndpointsRequest, options?: CallOptions ): AsyncGenerator { - const pageReq: ListEndpointRequest = {...req}; + const pageReq: ListEndpointsRequest = {...req}; for (;;) { - const resp = await this.listEndpoint(pageReq, options); + const resp = await this.listEndpoints(pageReq, options); for (const item of resp.endpoints ?? []) { yield item; } diff --git a/packages/vectorsearch/src/v1/index.ts b/packages/vectorsearch/src/v1/index.ts index cddc0aeb..7f443ba4 100755 --- a/packages/vectorsearch/src/v1/index.ts +++ b/packages/vectorsearch/src/v1/index.ts @@ -34,8 +34,8 @@ export type { FacetResultData, GetEndpointRequest, GetVectorIndexRequest, - ListEndpointRequest, ListEndpointResponse, + ListEndpointsRequest, ListValue, ListVectorIndexRequest, ListVectorIndexResponse, diff --git a/packages/vectorsearch/src/v1/model.ts b/packages/vectorsearch/src/v1/model.ts index f03087dd..ff582f5b 100755 --- a/packages/vectorsearch/src/v1/model.ts +++ b/packages/vectorsearch/src/v1/model.ts @@ -372,11 +372,6 @@ export interface GetVectorIndexRequest { ensureRerankerCompatible?: boolean | undefined; } -export interface ListEndpointRequest { - /** Token for pagination */ - pageToken?: string | undefined; -} - export interface ListEndpointResponse { /** An array of Endpoint objects */ endpoints?: Endpoint[] | undefined; @@ -384,6 +379,11 @@ export interface ListEndpointResponse { nextPageToken?: string | undefined; } +export interface ListEndpointsRequest { + /** Token for pagination */ + pageToken?: string | undefined; +} + export interface ListValue { /** Repeated field of dynamically typed values. */ values?: Value[] | undefined; diff --git a/packages/warehouses/src/v1/model.ts b/packages/warehouses/src/v1/model.ts index 3b1412e1..98ec9e69 100755 --- a/packages/warehouses/src/v1/model.ts +++ b/packages/warehouses/src/v1/model.ts @@ -804,6 +804,7 @@ export interface CreateWarehouseRequest { * - 3X-Large * - 4X-Large * - 5X-Large + * - Auto */ clusterSize?: string | undefined; /** @@ -950,6 +951,7 @@ export interface EditWarehouseRequest { * - 3X-Large * - 4X-Large * - 5X-Large + * - Auto */ clusterSize?: string | undefined; /** @@ -1068,6 +1070,7 @@ export interface EndpointInfo { * - 3X-Large * - 4X-Large * - 5X-Large + * - Auto */ clusterSize?: string | undefined; /** @@ -1202,6 +1205,7 @@ export interface GetWarehouseResponse { * - 3X-Large * - 4X-Large * - 5X-Large + * - Auto */ clusterSize?: string | undefined; /**