Framework for creating and using the Unity Catalog connections API (#647

) * First changes to create a connections CLI * Fixed create commands and added for all other connection types, added get, list, and delete commands as well * Added oauth CLI flow * addition of oauth connectors and documentation for use
databricks · Aug 8, 2023 · 716f762 · 716f762
1 parent 112c887
commit 716f762
Show file tree

Hide file tree

Showing 8 changed files with 834 additions and 0 deletions.
diff --git a/databricks_cli/unity_catalog/README.md b/databricks_cli/unity_catalog/README.md
@@ -0,0 +1,29 @@
+## READ BEFORE USING THE CONNECTIONS API FOR OAUTH 2.0 CONNECTIONS
+
+### Requirements
+Install and use a cert utility like `mkcert` in order to establish self-signed local certificates to allow the local server to recieve authorization codes from authorization servers via TLS/SSL. 
+
+For example:
+
+```
+brew install mkcert
+mkcert localhost
+```
+Ensure these certificates are in the directory of wherever you are running the databricks-cli from. For example if you are calling databricks-cli from `~`, then you should have your `.pem` keys in `~`
+
+### Before Using the CLI for OAuth
+* You must first create an OAuth connection object in the provider that you wish to use Lakehouse Federation with. For example in Snowflake you need to create a security integration by running a command like the one below:
+![Snowflake login image](./snowflake_oauth_creation.png)
+
+You can then show the client id and client secret using the command:
+```
+SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('SNOWFLAKE_DEMO')
+```
+* You can read more about the OAuth settings for security integrations in Snowflake [here](https://docs.snowflake.com/en/sql-reference/sql/create-security-integration-oauth-snowflake)
+
+
+* You can perform a similar operation in Salesforce by going to the App Manager dashboard and creating a Connected Application and enabling OAuth settings with the redirect URL of `https://localhost:8331`. You can read more about using OAuth in salesforce [here](https://help.salesforce.com/s/articleView?id=sf.connected_app_create_api_integration.htm&type=5).
+
+### When using the CLI you MUST set your redirect URL to `https://localhost:8331`
+
+* After this configuration you should be able to use the connection as normal, using the `--help` flag on commands to see which arguments are available. 
diff --git a/databricks_cli/unity_catalog/api.py b/databricks_cli/unity_catalog/api.py
@@ -83,6 +83,23 @@ def delete_external_location(self, name, force):
     def validate_external_location(self, validation_spec):
         return self.client.validate_external_location(validation_spec)
 
+    # Connections APIs
+
+    def create_connection(self, con_spec):
+        return self.client.create_connection(con_spec)
+
+    def list_connections(self):
+        return self.client.list_connections()
+
+    def get_connection(self, name):
+        return self.client.get_connection(name)
+
+    def update_connnection(self, name, con_spec):
+        return self.client.update_connection(name, con_spec)
+
+    def delete_connection(self, name):
+        return self.client.delete_connection(name)
+
     # Data Access Configuration APIs
 
     def create_dac(self, metastore_id, dac_spec, skip_validation):

diff --git a/databricks_cli/unity_catalog/cli.py b/databricks_cli/unity_catalog/cli.py
@@ -35,6 +35,7 @@
 from databricks_cli.unity_catalog.delta_sharing_cli import register_delta_sharing_commands
 from databricks_cli.unity_catalog.perms_cli import register_perms_commands
 from databricks_cli.unity_catalog.lineage_cli import register_lineage_commands
+from databricks_cli.unity_catalog.connection_cli import register_connection_commands
 
 
 @click.group(context_settings=CONTEXT_SETTINGS)
@@ -56,3 +57,4 @@ def unity_catalog_group():  # pragma: no cover
 register_delta_sharing_commands(unity_catalog_group)
 register_perms_commands(unity_catalog_group)
 register_lineage_commands(unity_catalog_group)
+register_connection_commands(unity_catalog_group)