Skip to content

SecretScope

laktory.models.resources.databricks.SecretScope ¤

Bases: SecretScopeBase

Databricks secret scope

Examples:

import io

from laktory import models

scope_yaml = '''
name: azure
secrets:
- key: keyvault-url
  string_value: https://my-secrets.vault.azure.net/
- key: client-id
  string_value: f461daa2-c281-4166-bc3e-538b90223184
permissions:
- permission: READ
  principal: role-metastore-admins
- permission: READ
  principal: role-workspace-admins
'''
scope = models.resources.databricks.SecretScope.model_validate_yaml(
    io.StringIO(scope_yaml)
)
References
BASE DESCRIPTION
backend_type

Either DATABRICKS or AZURE_KEYVAULT

TYPE: str | None | VariableType DEFAULT: None

initial_manage_principal

The principal with the only possible value users that is initially granted MANAGE permission to the created scope. If it's omitted, then the databricks_secret_acl with MANAGE permission applied to the scope is assigned to the API request issuer's user identity (see documentation). This part of the state cannot be imported

TYPE: str | None | VariableType DEFAULT: None

keyvault_metadata

TYPE: SecretScopeKeyvaultMetadata | None | VariableType DEFAULT: None

name

Scope name requested by the user. Must be unique within a workspace. Must consist of alphanumeric characters, dashes, underscores, and periods, and may not exceed 128 characters

TYPE: str | VariableType

LAKTORY DESCRIPTION
permissions

Permissions given to the secret scope

TYPE: list[SecretScopePermission | VariableType] | VariableType DEFAULT: []

secrets

List of secret to add to the scope

TYPE: list[Secret | VariableType] | VariableType DEFAULT: []

ATTRIBUTE DESCRIPTION
additional_core_resources
  • secret values

TYPE: list

additional_core_resources property ¤

  • secret values
  • secret scope permissions (ACL)

laktory.models.resources.databricks.secretscope.SecretScopeKeyvaultMetadata ¤

Bases: BaseModel

PARAMETER DESCRIPTION
dns_name

TYPE: str | VariableType

resource_id

TYPE: str | VariableType

laktory.models.resources.databricks.secretscope.SecretScopePermission ¤

Bases: BaseModel

PARAMETER DESCRIPTION
permission

Name of the permission to assign

TYPE: Literal['READ', 'WRITE', 'MANAGE'] | VariableType DEFAULT: None

principal

Name of the service principal to assign the permission to

TYPE: str | VariableType DEFAULT: None