Add secret scopes support in assets bundling (#2744)

## Changes
<!-- Brief summary of your changes that is easy to understand -->
1. Defined `SecretScope` as a new resource
1. Added `SecretScope` into supported resource types
2. Generated docs and schema


## Why
<!-- Why are these changes needed? Provide the context that the reviewer
might be missing.
For example, were there any decisions behind the change that are not
reflected in the code itself? -->

This change allows users to define secret scopes as part of their assets
bundle:

```
...
resources:
  ...
  secret_scopes:
    my_secret_scope:
      name: my_secret_scope
   ...
```

Setting custom ACL is supported via `permissions` field:

```
resources:
  secret_scopes:
    my_secret_scope:
      name: my_secret_scope
      permissions:
        - user_name: admins
          level: WRITE
        - user_name: users
          level: READ
```

## Tests
<!-- How have you tested the changes? -->
1. Added acceptance tests for secret scope deployments and binding
4. Added unit tests

<!-- If your PR needs to be included in the release notes for next
release,
add a separate entry in NEXT_CHANGELOG.md as part of your PR. -->

---------

Co-authored-by: shreyas-goenka <88374338+shreyas-goenka@users.noreply.github.com>

Author: anton-107

NEXT_CHANGELOG.md

@@ -15,5 +15,6 @@
 * Fixed normalising requirements file path in dependencies section ([#2861](https://github.com/databricks/cli/pull/2861))
 * Fix default-python template not to add environments when serverless=yes and include\_python=no ([#2866](https://github.com/databricks/cli/pull/2866))
 * Fixed handling of Unicode characters in Python support ([#2873](https://github.com/databricks/cli/pull/2873))
+* Added support for secret scopes in DABs ([#2744](https://github.com/databricks/cli/pull/2744))
 
 ### API Changes

acceptance/bundle/deploy/secret-scope/backend-type/databricks.yml

@@ -0,0 +1,11 @@
+bundle:
+  name: deploy-secret-scope-azure-backend
+
+resources:
+  secret_scopes:
+    secret_scope_azure:
+      name: test-secrets-azure-backend
+      backend_type: "AZURE_KEYVAULT"
+      keyvault_metadata:
+        resource_id: my_azure_keyvault_id
+        dns_name: my_azure_keyvault_dns_name

acceptance/bundle/deploy/secret-scope/backend-type/output.txt

@@ -0,0 +1,16 @@
+
+>>> [CLI] bundle deploy
+Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/deploy-secret-scope-azure-backend/default/files...
+Deploying resources...
+Updating deployment state...
+Deployment complete!
+
+>>> jq -s .[] | select(.path=="/api/2.0/secrets/scopes/create") | .body out.requests.txt
+{
+  "backend_azure_keyvault": {
+    "dns_name": "my_azure_keyvault_dns_name",
+    "resource_id": "my_azure_keyvault_id"
+  },
+  "scope": "test-secrets-azure-backend",
+  "scope_backend_type": "AZURE_KEYVAULT"
+}

acceptance/bundle/deploy/secret-scope/backend-type/script

@@ -0,0 +1,3 @@
+trace $CLI bundle deploy
+trace jq -s '.[] | select(.path=="/api/2.0/secrets/scopes/create") | .body' out.requests.txt
+rm out.requests.txt

acceptance/bundle/deploy/secret-scope/backend-type/test.toml

@@ -0,0 +1,4 @@
+Local = true
+Cloud = false
+
+RecordRequests = true

acceptance/bundle/deploy/secret-scope/databricks.yml.tmpl

@@ -0,0 +1,13 @@
+bundle:
+  name: deploy-secret-scope-test-$UNIQUE_NAME
+
+resources:
+  secret_scopes:
+    secret_scope1:
+      name: $SECRET_SCOPE_NAME
+      backend_type: "DATABRICKS"
+      permissions:
+        - user_name: admins
+          level: WRITE
+        - user_name: users
+          level: READ

acceptance/bundle/deploy/secret-scope/output.txt

@@ -0,0 +1,53 @@
+
+>>> [CLI] bundle deploy
+Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/deploy-secret-scope-test-[UNIQUE_NAME]/default/files...
+Deploying resources...
+Updating deployment state...
+Deployment complete!
+
+>>> [CLI] bundle summary --output json
+{
+  "backend_type": "DATABRICKS",
+  "modified_status": "created",
+  "name": "my-secrets-[UUID]",
+  "permissions": [
+    {
+      "level": "WRITE",
+      "user_name": "admins"
+    },
+    {
+      "level": "READ",
+      "user_name": "users"
+    }
+  ]
+}
+
+>>> [CLI] secrets list-scopes -o json
+{
+  "backend_type": "DATABRICKS",
+  "name": "my-secrets-[UUID]"
+}
+
+>>> [CLI] secrets list-acls my-secrets-[UUID]
+{"permission":"MANAGE","principal":"[USERNAME]"}
+{"permission":"READ","principal":"users"}
+{"permission":"WRITE","principal":"admins"}
+
+>>> [CLI] secrets put-secret my-secrets-[UUID] my-key --string-value my-secret-value
+
+>>> [CLI] secrets get-secret my-secrets-[UUID] my-key
+{
+  "key":"my-key",
+  "value":"bXktc2VjcmV0LXZhbHVl"
+}
+
+>>> [CLI] bundle destroy --auto-approve
+The following resources will be deleted:
+  delete secret_acl secret_acl_secret_scope1_0
+  delete secret_acl secret_acl_secret_scope1_1
+  delete secret_scope secret_scope1
+
+All files and directories at the following location will be deleted: /Workspace/Users/[USERNAME]/.bundle/deploy-secret-scope-test-[UNIQUE_NAME]/default
+
+Deleting files...
+Destroy complete!

acceptance/bundle/deploy/secret-scope/permissions/databricks.yml.tmpl

@@ -0,0 +1,15 @@
+bundle:
+  name: deploy-secret-scope-with-permissions
+
+resources:
+  secret_scopes:
+    secret_scope_azure:
+      name: test-secrets-permissions
+
+permissions:
+  - user_name: $CURRENT_USER_NAME
+    level: CAN_MANAGE
+  - group_name: users
+    level: CAN_VIEW
+  - group_name: admins
+    level: CAN_MANAGE

acceptance/bundle/deploy/secret-scope/permissions/output.txt

@@ -0,0 +1,10 @@
+
+>>> [CLI] bundle deploy
+Uploading bundle files to /Workspace/Users/[USERNAME]/.bundle/deploy-secret-scope-with-permissions/default/files...
+Deploying resources...
+Updating deployment state...
+Deployment complete!
+
+>>> jq -s -c .[] | select(.path=="/api/2.0/secrets/acls/put") | .body out.requests.txt
+{"permission":"MANAGE","principal":"admins","scope":"test-secrets-permissions"}
+{"permission":"READ","principal":"users","scope":"test-secrets-permissions"}

acceptance/bundle/deploy/secret-scope/permissions/script

@@ -0,0 +1,4 @@
+envsubst < databricks.yml.tmpl > databricks.yml
+trace $CLI bundle deploy #--log-level TRACE
+trace jq -s -c '.[] | select(.path=="/api/2.0/secrets/acls/put") | .body' out.requests.txt | sort
+rm out.requests.txt