Rebase (#2)

* chore: enviornments variables adjustment

* chore: schema update

* fix: add SP version on job variable

* chore: force powershell version

* chore: change task order to publish DB secrets

* chore: Adjustments on Databricks Secrets deploy

* chore: adjust variables info on parameter

* chore: adjustment on Databricks scripts

* chore: dataLakeName variable adjustment

* chore: dataComputeRS variable change

* chore: documentation adjustment att image

* chore: change keyvalt set permissions on SP

* chore: Databricks task order

* chore: databricks adjustments

* chore: var output display removal

* chore: databricks adjustments

* chore: documentation adjustment

* chore: documentation change

* chore: script adjustment

* chore: add command to list scope content

* chore: add SP into Admin role

* chore: adjust Administrator Role SP

* chore: add connect to AD first

* chore: Remove connection do Azure AD

* chore: documentation adjustment

* chore: fix uppercase extensions on some images (#42)

* chore: fix uppercase extensions on some images

* chore: directory changes

* chore: directory rename

* Issue 43 - Templates Changes (#44)

* chore: fix uppercase extensions on some images

* chore: directory changes

* chore: directory rename

* chore: Service Principal secrets first adjustments

* fix: adjustment of SP

* chore: save secret on output

* chore: syntax fix

* chore: token adjustment

* chore: store secret inside output hol file

* chore: put SP inside parameters

* chore: template adjustment

* chore: lower parameter for fix

* chore: syntax adjustment

* chore: Add logs

* chore: add log info

* chore: log info

* Issue #43 - Adjust the pipeline run to use first time SP secret (#45)

* chore: fix uppercase extensions on some images

* chore: directory changes

* chore: directory rename

* chore: Service Principal secrets first adjustments

* fix: adjustment of SP

* chore: save secret on output

* chore: syntax fix

* chore: token adjustment

* chore: store secret inside output hol file

* chore: put SP inside parameters

* chore: template adjustment

* chore: lower parameter for fix

* chore: syntax adjustment

* chore: Add logs

* chore: add log info

* chore: log info

* chore: pipeline execution change

* chore: documentation adjustments

hands-on-lab/HOL step-by-step - DevSquad in a Day.md

@@ -452,13 +452,16 @@ When you have the resources created in the environment, it is time to configure
 You should to change `Key Valt Name` with your information and execute this script, and how the resources in development environment were created then we can create the scope in databricks dev.
 
 ```
-./DatabricksScopeCreation.ps1 `
+./infrastructure-as-code/scripts/DatabricksScopeCreation.ps1 `
     -KeyVaultName "<keyvault_name>",
     -ComputeResourceGroup "<compute_resource_group>",
     -DatabricksName "<databricks_name>" `
 ```
 
->**Note**: To see Key names in secret scope dataops execute the follow command.
+
+>**Note 1**: If you get the error msg about `Error 403 User not authorized` open the Databricks Workspace page using the same user due first access and then just run the script again.
+
+>**Note 2**: To see Key names in secret scope dataops execute the follow command.
 
 ```
 databricks secrets list --scope dataops

infrastructure-as-code/scripts/DatabricksSecrets.ps1

@@ -10,9 +10,6 @@ param(
 $ErrorActionPreference = "Stop"
 
 Write-Host "Getting variables from Library file..." -ForegroundColor Green
-#Write-Host "DataLake: " $DataLakeName 
-#Write-Host "DataBricks: " $DatabricksName 
-#Write-Host "Key Valt: " $KeyVaultName
 
 Write-Host "Getting variables from $SolutionParametersFile file..." -ForegroundColor Green
 $ParameterContent = Get-Content -Path $SolutionParametersFile | ConvertFrom-Json
@@ -29,14 +26,29 @@ $servicePrincipal = Get-AzADServicePrincipal -DisplayName $ServicePrincipalName
 
 if ($servicePrincipal) {
     
-    Write-Host "Generating new client secret..." -ForegroundColor Green
-    $startDate = Get-Date
-    $endDate = $startDate.AddMonths(6)
+    [securestring]$servicePrincipalSecret
 
-    $clientSecret = New-AzADSpCredential -ObjectId $servicePrincipal.Id -StartDate $startDate -EndDate $endDate
-    $UnsecureSecret = ConvertFrom-SecureString -SecureString $clientSecret.Secret -AsPlainText
+    try {
 
-    Write-Host "New Secret was generated for Service Principal " $UnsecureSecret -ForegroundColor Yellow
+        Write-Host "Trying generate new client secret..." -ForegroundColor Green
+        $startDate = Get-Date
+        $endDate = $startDate.AddMonths(6)
+
+        $clientSecret = New-AzADSpCredential -ObjectId $servicePrincipal.Id -StartDate $startDate -EndDate $endDate
+        $UnsecureSecret = ConvertFrom-SecureString -SecureString $clientSecret.Secret -AsPlainText
+
+        $servicePrincipalSecret = $clientSecret.Secret
+
+        Write-Host "New Secret was generated for Service Principal " $UnsecureSecret -ForegroundColor Yellow
+
+    } 
+    catch {
+        Write-Host "Fail to generate a new secret for the Service Principal. Maybe without AAD permission on Application administrators Role" -ForegroundColor Green
+        Write-Host "Use the first secret created..." -ForegroundColor Green
+
+        $servicePrincipalSecret =  ConvertTo-SecureString (($ParameterContent).PSObject.Properties["parameters"].Value.servicePrincipalSecret.Value) -AsPlainText -Force
+
+    }
 
     Write-Host "Getting Azure resources..." -ForegroundColor Green
     $kv = Get-AzKeyVault -VaultName $KeyVaultName
@@ -53,7 +65,8 @@ if ($servicePrincipal) {
     Write-Host "Setting service principal secrets on Key Vault..." -ForegroundColor Green
     Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name "tenantId" -SecretValue $(ConvertTo-SecureString $context.Tenant.Id -AsPlainText -Force)
     Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name "clientId" -SecretValue $(ConvertTo-SecureString $servicePrincipal.Id -AsPlainText -Force)
-    Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name "clientSecret" -SecretValue $clientSecret.Secret
+
+    Set-AzKeyVaultSecret -VaultName $KeyVaultName -Name "clientSecret" -SecretValue $servicePrincipalSecret
 
     Write-Host "Assigning roles to the service principal on the data lake..." -ForegroundColor Green
     $assigment = Get-AzRoleAssignment -ObjectId $servicePrincipal.Id -Scope $lake.Id | Where-Object { $_.RoleDefinitionName -eq "Storage Blob Data Contributor" }
@@ -61,20 +74,6 @@ if ($servicePrincipal) {
         New-AzRoleAssignment -ObjectId $servicePrincipal.Id -Scope $lake.Id -RoleDefinitionName "Storage Blob Data Contributor" 
     }
 
-    #Write-Host "Creating the Key Vault secret scope on Databricks..." -ForegroundColor Green
-    #$accessToken = Get-AzAccessToken -ResourceUrl 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d
-    #$env:DATABRICKS_TOKEN = $accessToken.Token
-    #$env:DATABRICKS_HOST = "https://$($dbw.Url)"
-    #$env:DATABRICKS_TOKEN = $DATABRICKS_TOKEN
-    #Write-Host "URL DBW https://$($dbw.Url)"
-    #Write-Host "Databricks Token " $DATABRICKS_TOKEN
-    #Write-Host "Databricks Token (env) " $env:DATABRICKS_TOKEN
-    
-    # $scopesList = databricks secrets list-scopes --output json | ConvertFrom-Json
-    # Write-Host "List of scopes: " $scopesList
-    # if (! $scopesList.scopes.name -contains "dataops") {
-    #     databricks secrets create-scope --scope 'dataops' --scope-backend-type AZURE_KEYVAULT --resource-id $kv.ResourceId --dns-name $kv.VaultUri
-    # }
 }
 else {
     Write-Host "No Service Principal founded" -ForegroundColor Red

quickstart/scripts/modules/RepoOperations.psm1

@@ -122,8 +122,6 @@ function ReplaceTemplateTokens {
 
 		foreach ($token in $tokens) {
 
-			Write-Host "Token '$token'"
-
 			[string]$configPropertyName = $token -replace "$($StartTokenPattern)|$($EndTokenPattern)", ''
 
 			if ( $configPropertyName -eq "serviceprincipal.secret") {