ucx icon indicating copy to clipboard operation
ucx copied to clipboard
verified publisher icon databrickslabs

[FEATURE]: Create spn secret if it does not exist

Open nkvuong opened this issue 2 years ago • 3 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

Problem statement

When migrating Azure SPNs to UC storage credentials, SPNs without client secrets are not migrated

Related issues:

  • https://github.com/databrickslabs/ucx/issues/875
  • https://github.com/databrickslabs/ucx/issues/339
  • https://github.com/databrickslabs/ucx/pull/874
  • https://github.com/databrickslabs/ucx/issues/339

Proposed Solution

Attempt to create a short-lived secret for SPNs without client secrets. Log any that errors

Relevant issue: https://github.com/databrickslabs/ucx/issues/339

Additional Context

No response

nkvuong avatar Feb 05 '24 16:02 nkvuong

@nkvuong shouldn't we just create Managed Identity with access connector instead?

nfx avatar Feb 09 '24 09:02 nfx

Agree, we should create access connector in this case.

qziyuan avatar Apr 09 '24 05:04 qziyuan

@nfx : I think we can close this issue and resolve it as follows:

Create a small (0.1 pw) new issue to warn users if we find SP without secrets to:

  1. Rerun SP migration and chose to use access connectors instead
  2. Add SP secrets in a place where ucx can find them.

See discussion in #1770

JCZuurmond avatar Jul 16 '24 11:07 JCZuurmond