Skip to content

SecretScope

laktory.models.resources.databricks.SecretScope ¤

Bases: BaseModel, PulumiResource, TerraformResource

Databricks secret scope

ATTRIBUTE DESCRIPTION
backend_type

Backend for managing the secrets inside the scope

TYPE: Literal['DATABRICKS', 'AZURE_KEYVAULT']

keyvault_metadata

Keyvault specifications if used as a scope backend

TYPE: SecretScopeKeyvaultMetadata

name

Secret scope name

TYPE: str

permissions

Permissions given to the secret scope

TYPE: list[SecretScopePermission]

secrets

List of secret to add to the scope

TYPE: list[Secret]

Examples:

from laktory import models

ss = models.resources.databricks.SecretScope(
    name="azure",
    secrets=[
        {"key": "keyvault-url", "value": "https://my-secrets.vault.azure.net/"},
        {"key": "client-id", "value": "f461daa2-c281-4166-bc3e-538b90223184"},
    ],
    permissions=[
        {"permission": "READ", "principal": "role-metastore-admins"},
        {"permission": "READ", "principal": "role-workspace-admins"},
    ],
)

Attributes¤

additional_core_resources property ¤

additional_core_resources
  • secret values
  • secret scope permissions (ACL)

laktory.models.resources.databricks.secretscope.SecretScopePermission ¤

Bases: BaseModel

Secret scope permission

ATTRIBUTE DESCRIPTION
permission

Name of the permission to assign

TYPE: Literal['READ', 'WRITE', 'MANAGE']

principal

Name of the service principal to assign the permission to

TYPE: str

laktory.models.resources.databricks.secretscope.SecretScopeKeyvaultMetadata ¤

Bases: BaseModel

Keyvault specifications when used as a secret scope backend

ATTRIBUTE DESCRIPTION
dns_name

TYPE: str

resource_id

Id of the keyvault resource

TYPE: str