我正在尝试自动为 Azure DataBricks 服务添加 Keyvault 范围。
尝试使用 here 中的示例
代码
$Region = "southindia"
$ResID = "/subscriptions/*******/resourceGroups/******/providers/Microsoft.KeyVault/vaults/testkv123d"
$databricsOrgId = **********
Connect-Databricks -Region $Region -DatabricksOrgId $databricsOrgId `
-ApplicationId ************ `
-Secret ************ -TenantId ************ -Verbose
Connect-Databricks -Region $Region -ApplicationId ************** `
-Secret ****************** `
-ResourceGroupName ******* `
-SubscriptionId ****************************** `
-WorkspaceName *********** `
-TenantId ********** -Verbose
Add-DatabricksSecretScope -ScopeName "kvscope" -Verbose -KeyVaultResourceId $ResID
问题详细信息
VERBOSE: POST https://southindia.azuredatabricks.net/api/2.0/secrets/scopes/create with -1-byte payload
Invoke-RestMethod : {"error_code":"INTERNAL_ERROR","message":"There was an internal error handling request POST to /api/2.0/secrets/scopes/create. Please try again later."}
At C:\Program Files\WindowsPowerShell\Modules\azure.databricks.cicd.tools\2.0.55\Public\Add-DatabricksSecretScope.ps1:73 char:9
+ Invoke-RestMethod -Method Post -Body $BodyText -Uri "$global: ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
最佳答案
根据我的研究,我们无法使用 REST API 创建 Azure Key Vault 支持的范围。我们只需在 Azure Databricks UI 中创建它即可。换句话说,如果我们在调用 REST API 或 CLI 时提供 key 保管库资源 id,则后端服务器无法处理该 api。更多详情请引用document
因此,如果您使用 PowerShell 模块创建 secret 范围,则只需创建 Databricks-backed scopes .
例如 1.Create a new Service Principal 。 此外,请注意,使用 Azure 门户中的访问控制 (IAM) Blade 将服务主体设为 Databricks 工作区的贡献者。*
- 脚本
$region="your workspace region"
Connect-Databricks -Region $region -ApplicationId "<sp app id>" -Secret "<sp client secret>" `
-ResourceGroupName "< resource group name >" `
-SubscriptionId "<subscription id>" `
-WorkspaceName "<workspace name>" `
-TenantId "<your tenant id>"
$token = New-DatabricksBearerToken -LifetimeSeconds 3600 -Comment "Secret Scope Creation"
Add-DatabricksSecretScope -Bearer $token.token_value -Region $region -ScopeName "test11" -AllUserAccess
Get-DatabricksSecretScopes -Region $region -ScopeName "test11"
关于azure - 为有问题的 azure databrick 添加 key 保管库范围,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/59840287/