Skip to content

Instantly share code, notes, and snippets.

@ivangeorgiev

ivangeorgiev/Databricks-SecretScope.ps1

Last active January 9, 2020 15:26
Show Gist options
  • Save ivangeorgiev/7a86c1c80c458a9283d5a321bdf52e0a to your computer and use it in GitHub Desktop.
Save ivangeorgiev/7a86c1c80c458a9283d5a321bdf52e0a to your computer and use it in GitHub Desktop.
Download ZIP
Databricks Secrets and PowerShell
Raw
Databricks-SecretScope.ps1
# https://docs.databricks.com/dev-tools/api/latest/secrets.html
# https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod?view=powershell-6
if ( ! $DBConfig ) {
$DBConfig = @{
BaseUri = "https://westeurope.azuredatabricks.net/api"
Token = "XXXXXXXXXXXXXXXXXXXXXXXXX"
}
}
function Get-DBDefaultHeaders {
$headers = @{ "Authorization" = "Bearer $($DBConfig.Token)" }
return $headers
}
function Get-DBEndpointUri {
param( $Endpoint )
return "$($DBConfig.BaseUri)/$($Endpoint)"
}
function Set-DBConfig {
param( $Token, $BaseUri )
if ( $Token ) {
$DBConfig.Token = $Token
}
if ( $BaseUri ) {
$DBConfig.BaseUri = $BaseUri
}
}
function Get-DBSecretsScope {
param( $ScopeName )
$uri = "$($DBConfig.BaseUri)/2.0/secrets/scopes/list"
$headers = Get-DBDefaultHeaders
$response = Invoke-RestMethod -Method GET -Uri $uri -Headers $headers
$scopesList = $response.scopes
if ( $ScopeName ) {
foreach ( $scope in $scopesList ) {
if ( $scope.name -eq $ScopeName ) {
return $scope
}
}
return $false
} else {
return $scopesList
}
}
function New-DBSecretsScope {
param( $ScopeName )
$uri = "$($DBConfig.BaseUri)/2.0/secrets/scopes/create"
$headers = Get-DBDefaultHeaders
$params = @{
"scope" = $ScopeName
}
$body = $params|ConvertTo-Json
try {
Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -Body $body -ContentType "application/json"
return $True
} catch [ System.Net.WebException ] {
$ex = ConvertFrom-Json $PSItem.toString()
if ( $ex.error_code -eq "RESOURCE_ALREADY_EXISTS" ) {
Write-Debug "RESOURCE_ALREADY_EXISTS"
return $False
} else {
throw $PSItem
}
}
}
function Get-DBSecretsScopeSecretList {
param( $ScopeName )
$uri = "$($DBConfig.BaseUri)/2.0/secrets/list"
$headers = Get-DBDefaultHeaders
$body = @{ "scope"= $ScopeName }
$response = Invoke-RestMethod -Method GET -Uri $uri -Headers $headers -Body $body
return $response.secrets
}
function Get-DBSecretsScopeSecret {
<#
.SYNOPSIS
Get a secret from Databricks secret scope.
.EXAMPLE
Get-DBSecretsScopeSecret -ScopeName my-secrets -SecretKey hello
.OUTPUTS
If Secret key exists, the output is an object with "key" and "last_updated_timestamp" properties.
Otherwise outputs $false.
#>
param(
# Databricks secret scope name.
[Parameter(Mandatory = $true)]
[String]$ScopeName
,
# Secret key
[Parameter(Mandatory = $true)]
[String]$SecretKey )
$secrets = Get-DBSecretsScopeSecretList -ScopeName $ScopeName
foreach ( $secret in $secrets ) {
if ( $secret.key -eq $SecretKey ) {
return $secret
}
}
return $False
}
function Set-DBSecretsScopeSecret {
param( $ScopeName, $SecretKey, $SecretValue )
$uri = "$($DBConfig.BaseUri)/2.0/secrets/put"
$headers = Get-DBDefaultHeaders
$params = @{
"scope" = $ScopeName
"key" = $SecretKey
"string_value" = $SecretValue
}
$body = $params|ConvertTo-Json
Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -Body $body -ContentType "application/json"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment