Merge pull request #36 from ciaran28/main

Major Updates + Functionality

Author: ciaran28

.azureDevOps/MLOps_Engineer/Utilities/Bash/utilsAzureLogin.sh

@@ -4,9 +4,12 @@ az upgrade
 echo $ARM_CLIENT_ID
 echo $ARM_CLIENT_SECRET
 echo $ARM_TENANT_ID
+echo $AuthenticationType
 
 az config set extension.use_dynamic_install=yes_without_prompt
 
+
+echo "Service Principal Authentication"
 az login --service-principal -u $ARM_CLIENT_ID -p $ARM_CLIENT_SECRET --tenant $ARM_TENANT_ID
+az account list
 
-az account list

.azureDevOps/MLOps_Engineer/Utilities/Bash/utilsCreateSecretScopes.sh

@@ -1,4 +1,9 @@
+az config set extension.use_dynamic_install=yes_without_promp
+az extension add --name application-insights
+
 echo $RESOURCE_GROUP_NAME
+echo $DATABRICKS_INSTANCE
+echo $WORKSPACE_ID
 
 APP_INSIGHT_NAME=$(az resource list \
                 -g $RESOURCE_GROUP_NAME \
@@ -13,9 +18,8 @@ APP_INSIGHT_INSTRUMENT_KEY=$( az monitor app-insights component show \
 
 echo "Test"
 
-echo $ARM_CLIENT_ID
-echo $ARM_TENANT_ID
-echo $ARM_CLIENT_SECRET
+echo $APP_INSIGHT_NAME
+echo $APP_INSIGHT_INSTRUMENT_KEY
 
 echo "Creating Secret Scopes...."
 

.azureDevOps/MLOps_Engineer/Utilities/Bash/utilsMIAuthentication.sh

@@ -0,0 +1,31 @@
+
+AAD_TOKEN=$( az account get-access-token \
+            --resource 2ff814a6-3304-4ab8-85cb-cd0e6f879c1d \
+            --query "accessToken" \
+            --output tsv )
+
+echo $AAD_TOKEN
+
+CREATE_REPO_RESPONSE=$(curl -X POST -H "Authorization: Bearer $AAD_TOKEN" \
+            -H "X-Databricks-Azure-Workspace-Resource-Id: $WORKSPACE_ID" \
+            -H 'Content-Type: application/scim+json' \
+            -d $JSON_STRING \
+            '{
+                "displayName": "My Service Principal",
+                "applicationId": "12a34b56-789c-0d12-e3fa-b456789c0123",
+                "entitlements": [
+                    {
+                    "value": "allow-cluster-create"
+                    }
+                ],
+                "schemas": [
+                    "urn:ietf:params:scim:schemas:core:2.0:ServicePrincipal"
+                ],
+                "active": true
+            }' https://$DATABRICKS_INSTANCE/api/2.0/preview/scim/v2/ServicePrincipals )
+
+
+
+
+
+

.azureDevOps/MLOps_Engineer/Utilities/Bash/utilsSetEnvVariables.sh

@@ -1,3 +1,5 @@
+az config set extension.use_dynamic_install=yes_without_prompt
+az extension add --name databricks
 
 ### Lets Retrieve Important Variables That Are Important For Later Steps
 

.azureDevOps/MLOps_Engineer/Utilities/Python/utilsGitConfiguration.py

@@ -9,7 +9,7 @@
 import json
 
 
-def configureGit(gitConfig, workspaceId, databricksInstance, bearerToken, managementToken, githubToken, environment):
+def configureGit(gitConfig, workspaceId, databricksInstance, bearerToken, managementToken, SYSTEM_ACCESSTOKEN ):
 
     DBRKS_REQ_HEADERS  = {
         'Authorization': f'Bearer {bearerToken}',
@@ -19,7 +19,7 @@ def configureGit(gitConfig, workspaceId, databricksInstance, bearerToken, manage
     }
 
     newData = {
-        "personal_access_token": githubToken
+        "personal_access_token": SYSTEM_ACCESSTOKEN
         }
 
     gitConfig.update(newData)
@@ -41,5 +41,4 @@ def configureGit(gitConfig, workspaceId, databricksInstance, bearerToken, manage
                                 databricksInstance=os.environ['DATABRICKS_INSTANCE'], 
                                 bearerToken=os.environ['DBRKS_BEARER_TOKEN'], 
                                 managementToken=os.environ['DBRKS_MANAGEMENT_TOKEN'], 
-                                githubToken=os.environ['PAT_GITHUB'], 
-                                environment=os.environ['ENVIRONMENT'])       
+                                SYSTEM_ACCESSTOKEN=os.environ['SYSTEM_ACCESSTOKEN'] )       

.azureDevOps/MLOps_Engineer/Variables/Development/RBAC.json

@@ -4,18 +4,17 @@
                                  "roles":  [
                                                "Key Vault Administrator"
                                            ],
-                                 "roleBeneficiaryObjID":  "3fb6e2d3-7734-43fc-be9e-af8671acf605",
+                                 "roleBeneficiaryObjID":  "888a0304-df2d-4e40-b0e8-48ea893539ef",
                                  "Description":  "Your Object ID",
                                  "principalType":  "User"
                              },
                              {
                                  "roles":  [
                                                "Contributor",
-                                               "DBX_Custom_Role_DSToolkit",
                                                "Key Vault Administrator",
                                                "Storage Blob Data Contributor"
                                            ],
-                                 "roleBeneficiaryObjID":  "4f305dd8-567a-4db8-aaf6-cf8b3bdd9337",
+                                 "roleBeneficiaryObjID":  "587604dd-f10d-450b-8238-8d6a0a75371d",
                                  "Description":  "Databricks SPN",
                                  "principalType":  "ServicePrincipal"
                              }

.azureDevOps/MLOps_Engineer/Variables/Production/RBAC.json

@@ -4,18 +4,17 @@
                                  "roles":  [
                                                "Key Vault Administrator"
                                            ],
-                                 "roleBeneficiaryObjID":  "3fb6e2d3-7734-43fc-be9e-af8671acf605",
+                                 "roleBeneficiaryObjID":  "888a0304-df2d-4e40-b0e8-48ea893539ef",
                                  "Description":  "Your Object ID",
                                  "principalType":  "User"
                              },
                              {
                                  "roles":  [
                                                "Contributor",
-                                               "DBX_Custom_Role_DSToolkit",
                                                "Key Vault Administrator",
                                                "Storage Blob Data Contributor"
                                            ],
-                                 "roleBeneficiaryObjID":  "4f305dd8-567a-4db8-aaf6-cf8b3bdd9337",
+                                 "roleBeneficiaryObjID":  "587604dd-f10d-450b-8238-8d6a0a75371d",
                                  "Description":  "Databricks SPN",
                                  "principalType":  "ServicePrincipal"
                              }

.azureDevOps/MLOps_Engineer/Variables/Sandbox/RBAC.json

@@ -4,18 +4,17 @@
                                  "roles":  [
                                                "Key Vault Administrator"
                                            ],
-                                 "roleBeneficiaryObjID":  "3fb6e2d3-7734-43fc-be9e-af8671acf605",
+                                 "roleBeneficiaryObjID":  "888a0304-df2d-4e40-b0e8-48ea893539ef",
                                  "Description":  "Your Object ID",
                                  "principalType":  "User"
                              },
                              {
                                  "roles":  [
                                                "Contributor",
-                                               "DBX_Custom_Role_DSToolkit",
                                                "Key Vault Administrator",
                                                "Storage Blob Data Contributor"
                                            ],
-                                 "roleBeneficiaryObjID":  "4f305dd8-567a-4db8-aaf6-cf8b3bdd9337",
+                                 "roleBeneficiaryObjID":  "587604dd-f10d-450b-8238-8d6a0a75371d",
                                  "Description":  "Databricks SPN",
                                  "principalType":  "ServicePrincipal"
                              }

.azureDevOps/MLOps_Engineer/Variables/UAT/RBAC.json

@@ -4,18 +4,17 @@
                                  "roles":  [
                                                "Key Vault Administrator"
                                            ],
-                                 "roleBeneficiaryObjID":  "3fb6e2d3-7734-43fc-be9e-af8671acf605",
+                                 "roleBeneficiaryObjID":  "888a0304-df2d-4e40-b0e8-48ea893539ef",
                                  "Description":  "Your Object ID",
                                  "principalType":  "User"
                              },
                              {
                                  "roles":  [
                                                "Contributor",
-                                               "DBX_Custom_Role_DSToolkit",
                                                "Key Vault Administrator",
                                                "Storage Blob Data Contributor"
                                            ],
-                                 "roleBeneficiaryObjID":  "4f305dd8-567a-4db8-aaf6-cf8b3bdd9337",
+                                 "roleBeneficiaryObjID":  "587604dd-f10d-450b-8238-8d6a0a75371d",
                                  "Description":  "Databricks SPN",
                                  "principalType":  "ServicePrincipal"
                              }

.azureDevOps/Pipelines/Managed_Identity_Auth/1-Master/onDeploy.yaml

@@ -0,0 +1,95 @@
+
+name:                                     Managed Identity MLOps Databricks Deployment
+
+trigger:                                  none
+pr:                                       none
+
+
+
+# TO DO : Retrofit This Code So You Can Choose The Environments You Want To Deploy. This Will be
+# Helpfull if a Release Pipeline Fails And We Need To Rewind The Commit And Redeploy
+
+# Create A Condition That This Will Not Run When A Pull Request Is Launched. Presumably a CI only Condition
+# After The First Environment Deployment, This YAML Pipeline is Triggering Alongside onRealease. I have Set
+# pr == none For Now To Prevent This Behaviour 
+
+
+pool:
+  name:                                'vmss-linux-pool'
+
+
+parameters:
+
+- name:         ENVIRONMENT
+  displayName:  Choose Environment 
+  default:      GenesisDeployment
+  type:         string 
+  values:
+  - Sandbox
+  - Development
+  - UAT
+  - Production
+  - GenesisDeployment
+
+
+- name:         MI_VMSS_NAME
+  displayName:  Enter name of Virtual Machine Scale Set With Managed Identity On Sub Enabled
+  default:      vmsslinux
+  type:         string 
+
+
+- name:         azureSubscription
+  displayName:  Enter Service Connection Name
+  default:      mi-vmss-spn
+  type:         string 
+
+
+- name:         PULL_BRANCH
+  displayName:  Branch For DBX Repo Folders
+  default:      ciarand/dbx_pipeline
+  type:         string 
+
+
+stages:
+  
+  - stage:                                SandboxDeploy
+    condition:                            or(eq('${{ parameters.ENVIRONMENT }}', 'GenesisDeployment'), eq('${{ parameters.ENVIRONMENT }}', 'Sandbox'))                      
+    displayName:                          SandboxDeploy
+    jobs:
+      - template:                         ..\2-Jobs\jobDatabricks.yaml
+        parameters:
+          Environment:                    Sandbox
+          azureSubscription:              ${{ parameters.azureSubscription }}
+          enableRepoPull:                 false
+          branchName:                     main      
+          MI_VMSS_NAME:                   ${{ parameters.MI_VMSS_NAME }}
+  
+  - stage:                                DevelopmentDeploy   
+    condition:                            or(eq('${{ parameters.ENVIRONMENT }}', 'GenesisDeployment'), eq('${{ parameters.ENVIRONMENT }}', 'Development'))                                
+    displayName:                          DevelopmentDeploy
+    dependsOn: [] 
+    jobs:
+      - template:                         ..\2-Jobs\jobDatabricks.yaml
+        parameters:
+          Environment:                    Development
+          azureSubscription:              ${{ parameters.azureSubscription }}
+          enableRepoPull:                 false
+          branchName:                     main
+          updateFolder:                   None
+          MI_VMSS_NAME:                   ${{ parameters.MI_VMSS_NAME }}
+
+  - stage:                                UATDeploy 
+    condition:                            or(eq('${{ parameters.ENVIRONMENT }}', 'GenesisDeployment'), eq('${{ parameters.ENVIRONMENT }}', 'UAT'))                                    
+    displayName:                          UATDeploy
+    dependsOn: [] 
+    jobs:
+      - template:                         ..\2-Jobs\jobDatabricks.yaml
+        parameters:
+          Environment:                    UAT
+          azureSubscription:              ${{ parameters.azureSubscription }}
+          enableRepoPull:                 false
+          branchName:                     main
+          releaseBranch:                  'release/1'
+          MI_VMSS_NAME:                   ${{ parameters.MI_VMSS_NAME }}
+
+