[FEATURE]: Create/Amend mapping between storage prefixes and cloud principals #910
Description
Is there an existing issue for this?
- I have searched the existing issues
Problem statement
In the process of creating storage credentials we have to map storage credentials to intended cloud principals so we can create these principals.
Proposed Solution
The mapping will detect the existing storage credentials and will surface the missing principal/roles that needs to be created for the missing storage credntials.
We should allow the user to select between few options of mapping:
- Create a single principal/role for all prefixes
- Create a principal/role based on the existing principals/roles
- Create a principal/role for each prefix.
The principal can be an AWS Role an Azure SPN or an Azure MI
The process will generate a mapping CSV and upload it to the workspace.
The mapping document will have the following format:
| Principal | Prefix |
|---|---|
| {"role_id":"arn:aws:iam::1234567890:role/DBAdmin"} | s3://container-name/ |
| {"connector_id":"/subscriptions/1234567890/resourceGroups/ucx/providers/Microsoft.Databricks/accessConnectors/ucx-mi"} | abfss://[email protected]/folder_a |
| {"subscription_id":"1234", "directory_id":"5678"} | abfss://[email protected]/folder_b |
Checklist
- do we have the CSV file?
- is it the same name for Azure and AWS?
- Is the name of it visible in docs?
- is there a command to open that file easily?