Functions/Set-DataBricksSecrets.ps1
|
<#
.SYNOPSIS Sets Databricks Secrets. .DESCRIPTION Takes Secret Scopes from config, finds correspinding $env:vars and set Secrets on the Workspace. .PARAMETER config config passed in that includes secret scopes .EXAMPLE Set-DatabricksSecrets -BearerToken $bearerToken -config $config .NOTES Author: Sabin IO #> Function Set-DatabricksSecrets { [cmdletbinding()] Param( [parameter(Mandatory = $true)][psobject]$config, [parameter(Mandatory = $false)][switch]$servicePrincipal ) if ($PSBoundParameters.ContainsKey('servicePrincipal') -eq $true) { #need to get bearertoken in order to add secret and scope #ten minute lifetime on token $bearerToken = New-DatabricksBearerToken 600 } Write-Host "Setting secrets..." foreach ($secretScope in $config.secretScopes) { Write-Verbose "Finding all environment vars with prefix $secretScope" $databricksSecrets = Get-EnvironmentVariablesBySecretScope -secretScope $secretScope if ($databricksSecrets.count -eq 0) { Write-Warning "No secrets found with prefix of $secretScope" } else { Write-Verbose "$($databricksSecrets.count) secrets found. Setting on Workspace." foreach ($databricksSecret in $databricksSecrets) { if ($PSBoundParameters.ContainsKey('servicePrincipal') -eq $false) { Set-DatabricksSecret -ScopeName $secretScope -SecretName $databricksSecret.Name -SecretValue $databricksSecret.Value -AllUserAccess } else { #using bearertoken with service principal as personal acces token is required when adding secret Set-DatabricksSecret -BearerToken $bearerToken.token_value -Region $config.region ` -ScopeName $secretScope -SecretName $databricksSecret.Name ` -SecretValue $databricksSecret.Value -AllUserAccess } } } } } |