From 676703790e719b90916e211443d6a412a0895912 Mon Sep 17 00:00:00 2001 From: longcj Date: Tue, 26 May 2026 11:28:15 +1000 Subject: [PATCH] bundle: fix genie_space permissions URL prefix The genie_space permissions prefix was registered as "/genie/spaces/", which parsePermissionsID interprets as 4 segments and routes to PUT /api/2.0/permissions/genie/spaces/. That endpoint does not exist; the workspace API returns 404 ENDPOINT_NOT_FOUND, which is what motivated the earlier rejection mutator. The actual permissions path is /api/2.0/permissions/genie/ (3 segments, RequestObjectType="genie"). This matches: - the SDK iam path builder at service/iam/impl.go (uses "/api/2.0/permissions/%v/%v") - the CLI's own "databricks permissions get/set genie " command, which lists "genie" as a valid REQUEST_OBJECT_TYPE (cmd/workspace/permissions/permissions.go) Fix the bundle prefix and the matching testserver whitelist entry, which both had the same wrong path and therefore masked the bug in acceptance tests. Regenerate the affected acceptance fixtures. Co-Authored-By: Claude Opus 4.7 (1M context) --- .../genie_spaces/current_can_manage/out.plan.direct.json | 2 +- .../current_can_manage/out.requests.deploy.direct.json | 2 +- bundle/direct/dresources/all_test.go | 2 +- bundle/direct/dresources/permissions.go | 2 +- libs/testserver/permissions.go | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.plan.direct.json b/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.plan.direct.json index dba8cde6d9..5e1e8dd17b 100644 --- a/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.plan.direct.json +++ b/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.plan.direct.json @@ -44,7 +44,7 @@ ] }, "vars": { - "object_id": "/genie/spaces/${resources.genie_spaces.foo.id}" + "object_id": "/genie/${resources.genie_spaces.foo.id}" } } } diff --git a/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.requests.deploy.direct.json b/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.requests.deploy.direct.json index c112ccb7e7..abcba718ab 100644 --- a/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.requests.deploy.direct.json +++ b/acceptance/bundle/resources/permissions/genie_spaces/current_can_manage/out.requests.deploy.direct.json @@ -1,6 +1,6 @@ { "method": "PUT", - "path": "/api/2.0/permissions/genie/spaces/[FOO_ID]", + "path": "/api/2.0/permissions/genie/[FOO_ID]", "body": { "access_control_list": [ { diff --git a/bundle/direct/dresources/all_test.go b/bundle/direct/dresources/all_test.go index a9eafa8594..7c4162c662 100644 --- a/bundle/direct/dresources/all_test.go +++ b/bundle/direct/dresources/all_test.go @@ -481,7 +481,7 @@ var testDeps = map[string]prepareWorkspace{ } return &PermissionsState{ - ObjectID: "/genie/spaces/" + resp.SpaceId, + ObjectID: "/genie/" + resp.SpaceId, EmbeddedSlice: []StatePermission{{ Level: "CAN_MANAGE", UserName: "user@example.com", diff --git a/bundle/direct/dresources/permissions.go b/bundle/direct/dresources/permissions.go index 0c436eb249..146a7c1a50 100644 --- a/bundle/direct/dresources/permissions.go +++ b/bundle/direct/dresources/permissions.go @@ -18,7 +18,7 @@ var permissionResourceToObjectType = map[string]string{ "apps": "/apps/", "clusters": "/clusters/", "dashboards": "/dashboards/", - "genie_spaces": "/genie/spaces/", + "genie_spaces": "/genie/", "database_instances": "/database-instances/", "postgres_projects": "/database-projects/", "jobs": "/jobs/", diff --git a/libs/testserver/permissions.go b/libs/testserver/permissions.go index 962825dd03..312c88e902 100644 --- a/libs/testserver/permissions.go +++ b/libs/testserver/permissions.go @@ -25,7 +25,7 @@ var requestObjectTypeToObjectType = map[string]string{ "sql/alerts": "alert", "sql/queries": "query", "dashboards": "dashboard", - "genie/spaces": "genie-space", + "genie": "genie-space", "experiments": "mlflowExperiment", "registered-models": "registered-model", "serving-endpoints": "serving-endpoint",