创建作用域的数据帧必须定义AzureKeyVaultSecretScopeMetadata。

huangapple go评论75阅读模式
英文:

databricks secrets create-scope backend-type KEYVAULT must have AzureKeyVaultSecretScopeMetadata defined

问题

我想使用CLI在Databricks中创建一个支持KeyVault的秘密作用域。

以下命令:

databricks secrets create-scope "keyvault_nonHR_QUA" --scope-backend-type AZURE_KEYVAULT

给我返回了Error: Scope with Azure KeyVault must have AzureKeyVaultSecretScopeMetadata defined!错误。

而以下命令:

databricks secrets create-scope "myscope" --scope-backend-type AZURE_KEYVAULT --resource-id "<azure-keyvault-resource-id>" --dns-name "<azure-keyvault-dns-name>" --initial-manage-principal users

给我返回了Error: unknown flag: --resource-id错误。

文档似乎是针对旧版CLI的:
https://learn.microsoft.com/en-us/azure/databricks/security/secrets/secret-scopes#--create-an-azure-key-vault-backed-secret-scope-using-the-databricks-cli

任何帮助都受欢迎。

英文:

I want to create a keyvault-backed secret scope in databricks USING THE CLI.

databricks secrets create-scope &quot;keyvault_nonHR_QUA&quot; --scope-backend-type AZURE_KEYVAULT

gives me Error: Scope with Azure KeyVault must have AzureKeyVaultSecretScopeMetadata defined!

while:

databricks secrets create-scope &quot;myscope&quot; --scope-backend-type AZURE_KEYVAULT --resource-id &quot;&lt;azure-keyvault-resource-id&gt;&quot; --dns-name &quot;&lt;azure-keyvault-dns-name&gt;&quot; --initial-manage-principal users

gives Error: unknown flag: --resource-id

The doc seems to refer to the legacy CLI
https://learn.microsoft.com/en-us/azure/databricks/security/secrets/secret-scopes#--create-an-azure-key-vault-backed-secret-scope-using-the-databricks-cli

any help welcome

答案1

得分: 1

我在使用 Databricks CLI v0.204.0 时也遇到了同样的问题。我找到的唯一解决方法是使用 --json 标志。

例如...

databricks secrets create-scope --json "{
  \"scope\": \"kduenke-testing\",
  \"scope_backend_type\": \"AZURE_KEYVAULT\",
  \"backend_azure_keyvault\": {
    \"resource_id\": \"/subscriptions/<--SUBSCRIPTION_GUID-->/resourceGroups/<--RESOURCE_GROUP_NAME-->/providers/Microsoft.KeyVault/vaults/<--KEY_VAULT_NAME-->\",
    \"dns_name\": \"https://<--KEY_VAULT_NAME-->.vault.azure.net/\"
  }
}"
英文:

I faced this same issue using Databricks CLI v0.204.0. The only way I found to remedy this was to use the --json flag.

For example...
databricks secrets create-scope --json &quot;{\&quot;scope\&quot;: \&quot;kduenke-testing\&quot;, \&quot;scope_backend_type\&quot;: \&quot;AZURE_KEYVAULT\&quot;, \&quot;backend_azure_keyvault\&quot;: { \&quot;resource_id\&quot;: \&quot;/subscriptions/&lt;--SUBSCRIPTION_GUID--&gt;/resourceGroups/&lt;--RESOURCE_GROUP_NAME--&gt;/providers/Microsoft.KeyVault/vaults/&lt;--KEY_VAULT_NAME--&gt;\&quot;, \&quot;dns_name\&quot;: \&quot;https://&lt;--KEY_VAULT_NAME--&gt;.vault.azure.net/\&quot; } }&quot;

huangapple
  • 本文由 发表于 2023年7月7日 05:37:56
  • 转载请务必保留本文链接:https://go.coder-hub.com/76632665.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定